From f1fdfe5403bb58305dddd3061a5d3ba70eeb972a Mon Sep 17 00:00:00 2001 From: SMYALTAMASH Date: Fri, 22 Jan 2021 12:24:14 +0530 Subject: [PATCH 001/434] Playing with nginx routing --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 45426bc2a0..3ec2be3663 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -117,6 +117,9 @@ proxyconfig: |- proxy_set_header X-Forwarded-Proto $scheme; ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. resolver {{ kube_dns_ip }} valid=30s; + location ~* .*\/\.\..*$ { + return 401 "InvalidRoute Called."; + } # Mobile Devices Refresh token Endpoints location ~* ^/auth/v1/refresh/token { rewrite ^/auth/(.*) /auth/$1 break; From cbd67faffadd7b4732a2540c5474831adc31fe6c Mon Sep 17 00:00:00 2001 From: SMYALTAMASH Date: Wed, 27 Jan 2021 18:07:33 +0530 Subject: [PATCH 002/434] adding debugging text --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 3ec2be3663..41baaa67a4 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -1143,7 +1143,12 @@ keycloakconf: | proxy_http_version 1.1; proxy_pass http://keycloak; } + location /mirror { + proxy_set_header Requestdebugger_url https://dev.sunbirded.org; + proxy_pass http://requestdebugger-service.dev.svc.cluster.local:80$request_uri; + } location / { + mirror /mirror; rewrite ^/(.*) /$1 break; proxy_set_header Host $host; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; From 00ca6e69f77f4f6896f758404a072ff555c681e0 Mon Sep 17 00:00:00 2001 From: SMYALTAMASH Date: Fri, 5 Feb 2021 13:20:21 +0530 Subject: [PATCH 003/434] Cassandra query retriever --- kubernetes/ansible/cassandrainfo.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 kubernetes/ansible/cassandrainfo.yaml diff --git a/kubernetes/ansible/cassandrainfo.yaml b/kubernetes/ansible/cassandrainfo.yaml new file mode 100644 index 0000000000..72ca57866d --- /dev/null +++ b/kubernetes/ansible/cassandrainfo.yaml @@ -0,0 +1,17 @@ +--- +# Retrieve information from cassandra + +- hosts: "{{server_group}}" + gather_facts: false + vars_files: + - "{{inventory_dir}}/secrets.yml" + tasks: + - name: validate the cassandra query + shell: "echo {{cassandra_query}} | grep -iE 'drop|delete|truncate|alter|update|insert'" + register: validator_output + run_once: true + + - name: execute the query on succesful validation + shell: "cqlsh --request-timeout=3600 \"{{cassandra_query}}\"" + when: validator_output.rc == 1 + run_once: true From 6189c867e0ccaaaf94d76d39dc116c9491384538 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Wed, 24 Mar 2021 15:32:18 +0530 Subject: [PATCH 004/434] fix: updated PR template --- .github/pull_request_template.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index f4baf57b55..645f246f66 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,7 +1,5 @@ Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. -Fixes # (project-sunbird jira issue link which starts with https://project-sunbird.atlassian.net/) - ### Type of change Please choose appropriate options. From f14abf0aea00d60223369fe4de4d70c2f2e6b45e Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Wed, 24 Mar 2021 15:44:37 +0530 Subject: [PATCH 005/434] Delete pull_request_template.md --- .github/pull_request_template.md | 32 -------------------------------- 1 file changed, 32 deletions(-) delete mode 100644 .github/pull_request_template.md diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md deleted file mode 100644 index 645f246f66..0000000000 --- a/.github/pull_request_template.md +++ /dev/null @@ -1,32 +0,0 @@ -Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. - -### Type of change - -Please choose appropriate options. - -- [ ] Bug fix (non-breaking change which fixes an issue) -- [ ] New feature (non-breaking change which adds functionality) -- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) -- [ ] This change requires a documentation update - -### How Has This Been Tested? - -Please describe the tests that you ran to verify your changes in the below checkboxes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration - -- [ ] Ran Test A -- [ ] Ran Test B - -**Test Configuration**: -* Software versions: -* Hardware versions: - -### Checklist: - -- [ ] My code follows the style guidelines of this project -- [ ] I have performed a self-review of my own code -- [ ] I have commented my code, particularly in hard-to-understand areas -- [ ] I have made corresponding changes to the documentation -- [ ] My changes generate no new warnings -- [ ] I have added tests that prove my fix is effective or that my feature works -- [ ] New and existing unit tests pass locally with my changes -- [ ] Any dependent changes have been merged and published in downstream modules From 6bdc71016125855e1d718d573b5246098e74c335 Mon Sep 17 00:00:00 2001 From: keshavprasadms Date: Wed, 24 Mar 2021 16:32:02 +0530 Subject: [PATCH 006/434] Revert "Delete pull_request_template.md" This reverts commit f14abf0aea00d60223369fe4de4d70c2f2e6b45e. --- .github/pull_request_template.md | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/pull_request_template.md diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000000..645f246f66 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,32 @@ +Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. + +### Type of change + +Please choose appropriate options. + +- [ ] Bug fix (non-breaking change which fixes an issue) +- [ ] New feature (non-breaking change which adds functionality) +- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) +- [ ] This change requires a documentation update + +### How Has This Been Tested? + +Please describe the tests that you ran to verify your changes in the below checkboxes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration + +- [ ] Ran Test A +- [ ] Ran Test B + +**Test Configuration**: +* Software versions: +* Hardware versions: + +### Checklist: + +- [ ] My code follows the style guidelines of this project +- [ ] I have performed a self-review of my own code +- [ ] I have commented my code, particularly in hard-to-understand areas +- [ ] I have made corresponding changes to the documentation +- [ ] My changes generate no new warnings +- [ ] I have added tests that prove my fix is effective or that my feature works +- [ ] New and existing unit tests pass locally with my changes +- [ ] Any dependent changes have been merged and published in downstream modules From 0f725abbe90b9e09ca775777dc0022565e5daa0c Mon Sep 17 00:00:00 2001 From: keshavprasadms Date: Wed, 24 Mar 2021 16:32:41 +0530 Subject: [PATCH 007/434] fix: don't run workflow on PR edit --- .github/workflows/jira-description-action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/jira-description-action.yml b/.github/workflows/jira-description-action.yml index 3dc34ae8f6..76d3fa7714 100644 --- a/.github/workflows/jira-description-action.yml +++ b/.github/workflows/jira-description-action.yml @@ -1,7 +1,7 @@ name: jira-description-action on: pull_request_target: - types: [opened, edited] + types: [opened, labeled] jobs: add-jira-description: runs-on: ubuntu-latest From 9fd0fe71dba2c19858994a5f6cf95538a3fadd75 Mon Sep 17 00:00:00 2001 From: Hirawat Date: Thu, 25 Mar 2021 01:18:56 +0530 Subject: [PATCH 008/434] Updated link for Installation wiki (#2340) previous link was redirecting to page 404 --- Installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Installation.md b/Installation.md index fc82e6dc3c..192cfc2a1a 100644 --- a/Installation.md +++ b/Installation.md @@ -1 +1 @@ -### Installation wiki moved to [here.](http://www.sunbird.org/developer-docs/installation) +### Installation wiki moved to [here.](http://docs.sunbird.org/latest/developer-docs/server-installation/prerequisites/) From 2a4e846d99e7e36532a4e397abd0441919a9734a Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Fri, 30 Jul 2021 16:41:10 +0530 Subject: [PATCH 009/434] fix: merge 4.1.0 to master (#2761) * merge release 4.1.0 to master --- .../sunbird/login/resources/css/login.css | 12 +- .../login/resources/js/telemetry_service.js | 2 +- ansible/desktop-faq-upload.yml | 1 + ansible/inventory/env/group_vars/all.yml | 67 +- ansible/provision.yml | 5 + .../cassandra/templates/cassandra-env.sh | 5 +- .../templates/event_definitions.json | 1 + .../templates/event_notifications.json | 1 + .../templates/grants.json | 4 + .../templates/grok_patterns.json | 3 + .../templates/inputs.json | 2 + .../templates/scheduler_job_definitions.json | 2 + .../templates/scheduler_triggers.json | 1 + .../templates/searches.json | 1 + .../templates/views.json | 1 + .../roles/keycloak-deploy/tasks/deploy.yml | 8 +- ansible/roles/kong-api/defaults/main.yml | 635 ++++++++++- ansible/roles/kong-consumer/defaults/main.yml | 11 + .../ml-analytics-service/defaults/main.yml | 3 +- .../roles/ml-analytics-service/tasks/main.yml | 11 +- .../files/sunbird_programs/V4.1.0.sql | 5 + .../defaults/main.yml | 113 ++ .../tasks/main.yml | 24 +- .../postgresql-data-update/defaults/main.yml | 95 ++ .../postgresql-data-update/tasks/main.yml | 26 + .../templates/uci_odk_postgres.sql | 2 + .../templates/uci_transformer_postgres.sql | 2 + ansible/roles/setup-kafka/defaults/main.yml | 25 +- ansible/roles/setup-kafka/tasks/main.yml | 8 + ansible/roles/stack-sunbird/defaults/main.yml | 134 ++- ansible/roles/stack-sunbird/templates/gql.env | 18 + .../roles/stack-sunbird/templates/inbound.env | 38 + .../templates/ml-core-service.env | 2 +- .../templates/ml-projects-service.env | 2 +- .../templates/ml-survey-service.env | 2 +- ansible/roles/stack-sunbird/templates/odk.env | 7 + .../stack-sunbird/templates/orchestrator.env | 28 + .../stack-sunbird/templates/outbound.env | 31 + .../templates/outbound_logback.xml | 47 + .../templates/sunbird_player.env | 2 + .../stack-sunbird/templates/transformer.env | 38 + .../transformer_industry_feedback.xml | 640 +++++++++++ .../roles/stack-sunbird/templates/uci_api.env | 18 + deploy/azure-provision.yaml | 380 +++++++ deploy/jenkins/jenkins-server-setup.sh | 7 +- deploy/jenkins/jenkins.yaml | 71 ++ .../DataPipeline/jobs/Monitoring/config.xml | 8 +- .../Upload_CollectionHierarchy_CSV/config.xml | 163 +++ .../Core/jobs/PostInstallScript/config.xml | 2 +- .../dev/jobs/Core/jobs/Keycloak/config.xml | 4 +- deploy/post-install-script.sh | 47 +- kubernetes/helm_charts/core/content/values.j2 | 2 +- .../helm_charts/core/fusionauth/.helmignore | 22 + .../helm_charts/core/fusionauth/Chart.yaml | 6 + .../core/fusionauth/templates/_helpers.tpl | 71 ++ .../core/fusionauth/templates/configmap.yaml | 18 + .../core/fusionauth/templates/deployment.yaml | 157 +++ .../templates/poddisruptionbudget.yaml | 11 + .../core/fusionauth/templates/secret.yaml | 17 + .../core/fusionauth/templates/service.yaml | 26 + .../helm_charts/core/fusionauth/values.j2 | 220 ++++ .../core/fusionauth/values.schema.json | 992 ++++++++++++++++++ kubernetes/helm_charts/core/gql/Chart.yaml | 22 + .../core/gql/templates/deployment.yaml | 62 ++ .../helm_charts/core/gql/templates/hpa.yaml | 27 + kubernetes/helm_charts/core/gql/values.j2 | 33 + .../helm_charts/core/inbound/Chart.yaml | 5 + .../core/inbound/templates/deployment.yaml | 62 ++ .../core/inbound/templates/hpa.yaml | 27 + kubernetes/helm_charts/core/inbound/values.j2 | 35 + .../templates/configmap.yaml | 40 + kubernetes/helm_charts/core/odk/Chart.yaml | 5 + .../core/odk/templates/deployment.yaml | 62 ++ .../helm_charts/core/odk/templates/hpa.yaml | 27 + kubernetes/helm_charts/core/odk/values.j2 | 35 + .../helm_charts/core/orchestrator/Chart.yaml | 5 + .../orchestrator/templates/deployment.yaml | 62 ++ .../core/orchestrator/templates/hpa.yaml | 27 + .../helm_charts/core/orchestrator/values.j2 | 35 + .../helm_charts/core/outbound/Chart.yaml | 5 + .../core/outbound/templates/deployment.yaml | 62 ++ .../core/outbound/templates/hpa.yaml | 27 + .../helm_charts/core/outbound/values.j2 | 35 + .../helm_charts/core/transformer/Chart.yaml | 5 + .../transformer/templates/deployment.yaml | 62 ++ .../core/transformer/templates/hpa.yaml | 27 + .../helm_charts/core/transformer/values.j2 | 35 + kubernetes/helm_charts/core/uci/Chart.yaml | 5 + .../core/uci/templates/deployment.yaml | 62 ++ .../helm_charts/core/uci/templates/hpa.yaml | 27 + kubernetes/helm_charts/core/uci/values.j2 | 35 + .../kp-flink-jobs-metrics-dashboard.json | 771 +++++++++++--- kubernetes/pipelines/deploy_uci/Jenkinsfile | 51 + pipelines/deploy/mobile/Jenkinfile | 61 ++ pipelines/upload/discussion-UI/Jenkinsfile | 54 + pipelines/upload/portal-csv/Jenkinsfile | 49 + .../ansible/inventory/dev/Core/common.yml | 82 +- private_repo/ansible/inventory/dev/Core/hosts | 51 +- .../ansible/inventory/dev/Core/secrets.yml | 36 +- .../inventory/dev/DataPipeline/common.yml | 34 +- .../ansible/inventory/dev/DataPipeline/hosts | 55 +- .../inventory/dev/DataPipeline/secrets.yml | 26 +- .../dev/KnowledgePlatform/common.yml | 32 +- .../inventory/dev/KnowledgePlatform/hosts | 33 +- .../dev/KnowledgePlatform/secrets.yml | 16 +- 105 files changed, 6176 insertions(+), 440 deletions(-) create mode 100644 ansible/roles/postgres-migration/files/sunbird_programs/V4.1.0.sql create mode 100644 ansible/roles/postgresql-data-update/templates/uci_odk_postgres.sql create mode 100644 ansible/roles/postgresql-data-update/templates/uci_transformer_postgres.sql create mode 100644 ansible/roles/stack-sunbird/templates/gql.env create mode 100644 ansible/roles/stack-sunbird/templates/inbound.env create mode 100644 ansible/roles/stack-sunbird/templates/odk.env create mode 100644 ansible/roles/stack-sunbird/templates/orchestrator.env create mode 100644 ansible/roles/stack-sunbird/templates/outbound.env create mode 100644 ansible/roles/stack-sunbird/templates/outbound_logback.xml create mode 100644 ansible/roles/stack-sunbird/templates/transformer.env create mode 100644 ansible/roles/stack-sunbird/templates/transformer_industry_feedback.xml create mode 100644 ansible/roles/stack-sunbird/templates/uci_api.env create mode 100644 deploy/azure-provision.yaml create mode 100644 deploy/jenkins/jenkins.yaml create mode 100644 deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Upload_CollectionHierarchy_CSV/config.xml create mode 100644 kubernetes/helm_charts/core/fusionauth/.helmignore create mode 100644 kubernetes/helm_charts/core/fusionauth/Chart.yaml create mode 100644 kubernetes/helm_charts/core/fusionauth/templates/_helpers.tpl create mode 100644 kubernetes/helm_charts/core/fusionauth/templates/configmap.yaml create mode 100644 kubernetes/helm_charts/core/fusionauth/templates/deployment.yaml create mode 100644 kubernetes/helm_charts/core/fusionauth/templates/poddisruptionbudget.yaml create mode 100644 kubernetes/helm_charts/core/fusionauth/templates/secret.yaml create mode 100644 kubernetes/helm_charts/core/fusionauth/templates/service.yaml create mode 100644 kubernetes/helm_charts/core/fusionauth/values.j2 create mode 100644 kubernetes/helm_charts/core/fusionauth/values.schema.json create mode 100644 kubernetes/helm_charts/core/gql/Chart.yaml create mode 100644 kubernetes/helm_charts/core/gql/templates/deployment.yaml create mode 100644 kubernetes/helm_charts/core/gql/templates/hpa.yaml create mode 100644 kubernetes/helm_charts/core/gql/values.j2 create mode 100644 kubernetes/helm_charts/core/inbound/Chart.yaml create mode 100644 kubernetes/helm_charts/core/inbound/templates/deployment.yaml create mode 100644 kubernetes/helm_charts/core/inbound/templates/hpa.yaml create mode 100644 kubernetes/helm_charts/core/inbound/values.j2 create mode 100644 kubernetes/helm_charts/core/odk/Chart.yaml create mode 100644 kubernetes/helm_charts/core/odk/templates/deployment.yaml create mode 100644 kubernetes/helm_charts/core/odk/templates/hpa.yaml create mode 100644 kubernetes/helm_charts/core/odk/values.j2 create mode 100644 kubernetes/helm_charts/core/orchestrator/Chart.yaml create mode 100644 kubernetes/helm_charts/core/orchestrator/templates/deployment.yaml create mode 100644 kubernetes/helm_charts/core/orchestrator/templates/hpa.yaml create mode 100644 kubernetes/helm_charts/core/orchestrator/values.j2 create mode 100644 kubernetes/helm_charts/core/outbound/Chart.yaml create mode 100644 kubernetes/helm_charts/core/outbound/templates/deployment.yaml create mode 100644 kubernetes/helm_charts/core/outbound/templates/hpa.yaml create mode 100644 kubernetes/helm_charts/core/outbound/values.j2 create mode 100644 kubernetes/helm_charts/core/transformer/Chart.yaml create mode 100644 kubernetes/helm_charts/core/transformer/templates/deployment.yaml create mode 100644 kubernetes/helm_charts/core/transformer/templates/hpa.yaml create mode 100644 kubernetes/helm_charts/core/transformer/values.j2 create mode 100644 kubernetes/helm_charts/core/uci/Chart.yaml create mode 100644 kubernetes/helm_charts/core/uci/templates/deployment.yaml create mode 100644 kubernetes/helm_charts/core/uci/templates/hpa.yaml create mode 100644 kubernetes/helm_charts/core/uci/values.j2 create mode 100644 kubernetes/pipelines/deploy_uci/Jenkinsfile create mode 100644 pipelines/deploy/mobile/Jenkinfile create mode 100644 pipelines/upload/discussion-UI/Jenkinsfile create mode 100644 pipelines/upload/portal-csv/Jenkinsfile diff --git a/ansible/artifacts/sunbird/login/resources/css/login.css b/ansible/artifacts/sunbird/login/resources/css/login.css index a100a92ebd..b8d89d0966 100644 --- a/ansible/artifacts/sunbird/login/resources/css/login.css +++ b/ansible/artifacts/sunbird/login/resources/css/login.css @@ -627,4 +627,14 @@ h1, h2, h3, h4, h5, .btn-signInWithGoogle { background: #0b51c1; border: #4285F4; -} \ No newline at end of file +} +/* tab accessibility css fix */ +*:focus-visible{ + border: 1px #fe0000 solid !important; + border-radius: 5px; + outline: none; + } + input:focus-visible{ + outline: 1px #fe0000 solid !important; + border-radius: 5px; + } \ No newline at end of file diff --git a/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js b/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js index 1d56bfdeca..2047760633 100644 --- a/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js +++ b/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js @@ -2506,7 +2506,7 @@ if(client_id.toLowerCase() === 'android'){ "telemetry": { "pdata": { "id": pdataId, - "ver": "4.0.0", + "ver": "4.1.0", "pid": "sunbird-portal" } } diff --git a/ansible/desktop-faq-upload.yml b/ansible/desktop-faq-upload.yml index 12b2ad3d49..9dbeddd1c0 100644 --- a/ansible/desktop-faq-upload.yml +++ b/ansible/desktop-faq-upload.yml @@ -46,3 +46,4 @@ - upload-batch tags: - upload-chatbot-config + - upload-batch diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 14779de6ef..de5d30a056 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -58,6 +58,8 @@ keycloak_postgres_password: "{{core_vault_postgres_password}}" kong_postgres_user: "{{core_vault_postgres_username}}" kong_postgres_password: "{{core_vault_postgres_password}}" enc_postgres_user: "{{core_vault_postgres_username}}" +uci_postgres_user: "{{core_vault_postgres_username}}" +uci_postgres_password: "{{core_vault_postgres_password}}" user_org_service_postgres_user: "{{core_vault_postgres_username}}" ansible_vault_password: "{{ core_vault_ansible_vault_password }}" jenkins_admin_username: "{{core_vault_jenkins_admin_username}}" @@ -82,6 +84,7 @@ enc_postgres_host: "{{groups['postgres'][0]}}" #Private IP of Postgres server user_org_service_postgres_host: "{{groups['postgres'][0]}}" #Private IP of Postgres server keycloak_postgres_host: "{{groups['postgres'][0]}}" #Private IP of Postgres server kong_postgres_host: "{{groups['postgres'][0]}}" #Private IP of Postgres server +uci_postgres_host: "{{groups['postgres'][0]}}" #Private IP of Postgres server sunbird_cassandra_host: "{{groups['cassandra']|join(',')}}" #Private IP of Cassandra server sunbird_es_host: "{{groups['es']| join(',')}}" @@ -246,6 +249,13 @@ monitor_alerts_mail_server_password: "{{ core_vault_mail_server_password }}" #enc-service enc_postgres_database: "{{env}}-keys" +#uci service variables +# postgres dbs +uci_bot_postgres_database: "uci-botdb" +uci_forms_postgres_database: "uci-formsdb" +uci_odk_postgres_database: "uci-odk-aggregate" +uci_fusionauth_postgres_database: "uci-fusionauth" + #kafka vars zk_hosts: "127.0.0.1:2181" kafka_conf_dir: /etc/kafka @@ -324,63 +334,6 @@ grafana_dashboards_git_repo_url_with_credentails: "{{core_vault_grafana_dashboar monitor_alerts_slack_url: "{{core_vault_monitor_alerts_slack_url}}" kong__test_jwt: "{{ core_vault_sunbird_api_auth_token }}" -############# Postgres users and databases ############### -postgresql_users: - - name: "{{kong_postgres_user}}" - login_password: "{{kong_postgres_password}}" - password: "{{postgres_password}}" - db: "{{kong_postgres_database}}" - login_user: "{{kong_postgres_user}}" - priv: "ALL" - - name: "{{keycloak_postgres_user}}" - login_password: "{{keycloak_postgres_password}}" - password: "{{postgres_password}}" - db: "{{keycloak_postgres_database}}" - login_user: "{{keycloak_postgres_user}}" - priv: "ALL" - - name: "{{application_postgres_user}}" - login_password: "{{application_postgres_password}}" - password: "{{postgres_password}}" - db: "{{application_postgres_database}}" - login_user: "{{application_postgres_user}}" - priv: "ALL" - - name: "{{user_org_service_postgres_user}}" - login_password: "{{user_org_service_postgres_password}}" - password: "{{user_org_service_postgres_password}}" - db: "{{user_org_service_postgres_database}}" - login_user: "{{user_org_service_postgres_user}}" - priv: "ALL" - - name: "{{enc_postgres_user}}" - login_password: "{{enc_postgres_password}}" - password: "{{enc_postgres_password}}" - db: "{{enc_postgres_database}}" - login_user: "{{enc_postgres_user}}" - priv: "ALL" - -postgresql_databases: - - name: "{{kong_postgres_database}}" - login_password: "{{kong_postgres_password}}" - owner: "{{kong_postgres_user}}" - login_user: "{{kong_postgres_user}}" - - name: "{{keycloak_postgres_database}}" - login_password: "{{keycloak_postgres_password}}" - owner: "{{keycloak_postgres_user}}" - login_user: "{{keycloak_postgres_user}}" - - name: "{{application_postgres_database}}" - login_password: "{{application_postgres_password}}" - owner: "{{application_postgres_user}}" - login_user: "{{application_postgres_user}}" - - name: "{{user_org_service_postgres_database}}" - login_password: "{{user_org_service_postgres_password}}" - owner: "{{user_org_service_postgres_user}}" - login_user: "{{user_org_service_postgres_user}}" - - name: "{{enc_postgres_database}}" - login_password: "{{enc_postgres_password}}" - owner: "{{enc_postgres_user}}" - login_user: "{{enc_postgres_user}}" - -########################################################## - ####### App ES ######## app_es_etc_cluster_name: "{{env}}" app_es_etc_discovery_zen_minimum_master_nodes: "{{groups['es']| length | int}}" diff --git a/ansible/provision.yml b/ansible/provision.yml index 04b5e4846d..80b12aae2b 100644 --- a/ansible/provision.yml +++ b/ansible/provision.yml @@ -38,6 +38,11 @@ - hosts: postgresql-master become: yes + vars: + # Ref: https://github.com/geerlingguy/ansible-role-postgresql/issues/136 + postgresql_global_config_options: + - option: listen_addresses + value: "{{ ansible_default_ipv4.address }}" vars_files: - ['{{inventory_dir}}/secrets.yml', 'secrets/{{env}}.yml'] pre_tasks: diff --git a/ansible/roles/cassandra/templates/cassandra-env.sh b/ansible/roles/cassandra/templates/cassandra-env.sh index 46b6e1b95f..a35ddc422d 100644 --- a/ansible/roles/cassandra/templates/cassandra-env.sh +++ b/ansible/roles/cassandra/templates/cassandra-env.sh @@ -234,7 +234,7 @@ fi # jmx: metrics and administration interface # # add this if you're having trouble connecting: -# JVM_OPTS="$JVM_OPTS -Djava.rmi.server.hostname=" +JVM_OPTS="$JVM_OPTS -Djava.rmi.server.hostname={{hostvars[inventory_hostname]['ansible_hostname']}}" # # see # https://blogs.oracle.com/jmxetc/entry/troubleshooting_connection_problems_in_jconsole @@ -248,13 +248,14 @@ fi #if [ "x$LOCAL_JMX" = "x" ]; then # LOCAL_JMX=yes #fi -LOCAL_JMX=no # Specifies the default port over which Cassandra will be available for # JMX connections. # For security reasons, you should not expose this port to the internet. Firewall it if needed. JMX_PORT="7199" +LOCAL_JMX=no + if [ "$LOCAL_JMX" = "yes" ]; then JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.local.port=$JMX_PORT" JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=false" diff --git a/ansible/roles/graylog-mongodb-import/templates/event_definitions.json b/ansible/roles/graylog-mongodb-import/templates/event_definitions.json index ec8e8d1fca..3505173b92 100644 --- a/ansible/roles/graylog-mongodb-import/templates/event_definitions.json +++ b/ansible/roles/graylog-mongodb-import/templates/event_definitions.json @@ -2,3 +2,4 @@ {"_id":{"$oid":"60c99405dc039a5b3f0135bc"},"title":"Functional Alert | Bucket \u003e1% and \u003c=2%","description":"Functional alert for errors which are greater than 1% and less than or equal to 2%","priority":3,"alert":true,"config":{"type":"aggregation-v1","query":"metric_value: \u003e1 AND metric_value: \u003c=2 AND NOT dimensions_id: content_mimetype AND NOT dimensions_id: collection_type","query_parameters":[],"streams":["000000000000000000000001"],"group_by":["dimensions_id","dimensions_value","metric_id","metric_value"],"series":[{"id":"min-metric_value","function":"min","field":"metric_value"},{"id":"max-metric_value","function":"max","field":"metric_value"}],"conditions":{"expression":{"expr":"\u0026\u0026","left":{"expr":"\u003e","left":{"expr":"number-ref","ref":"min-metric_value"},"right":{"expr":"number","value":1.0}},"right":{"expr":"\u003c=","left":{"expr":"number-ref","ref":"max-metric_value"},"right":{"expr":"number","value":2.0}}}},"search_within_ms":{"$numberLong":"3600000"},"execute_every_ms":{"$numberLong":"3600000"}},"field_spec":{"dimensions_id":{"data_type":"string","providers":[{"type":"template-v1","template":"${source.dimensions_id}","require_values":true}]},"dimensions_value":{"data_type":"string","providers":[{"type":"template-v1","template":"${source.dimensions_value}","require_values":true}]},"metric_id":{"data_type":"string","providers":[{"type":"template-v1","template":"${source.metric_id}","require_values":true}]},"metric_value":{"data_type":"string","providers":[{"type":"template-v1","template":"${source.metric_value}","require_values":true}]}},"key_spec":["dimensions_id","dimensions_value","metric_id","metric_value"],"notification_settings":{"grace_period_ms":{"$numberLong":"0"},"backlog_size":{"$numberLong":"0"}},"notifications":[{"notification_id":"60af7dfaa650154320a12aa9","notification_parameters":null}],"storage":[{"type":"persist-to-streams-v1","streams":["000000000000000000000002"]}]} {"_id":{"$oid":"60c994ccdc039a5b3f0136a4"},"title":"Functional Alert | Bucket \u003e2% and \u003c=5%","description":"Functional alert for errors which are greater than 2% and less than or equal to 5%","priority":3,"alert":true,"config":{"type":"aggregation-v1","query":"metric_value: \u003e2 AND metric_value: \u003c=5","query_parameters":[],"streams":["000000000000000000000001"],"group_by":["dimensions_id","dimensions_value","metric_id","metric_value"],"series":[{"id":"min-metric_value","function":"min","field":"metric_value"},{"id":"max-metric_value","function":"max","field":"metric_value"}],"conditions":{"expression":{"expr":"\u0026\u0026","left":{"expr":"\u003e","left":{"expr":"number-ref","ref":"min-metric_value"},"right":{"expr":"number","value":2.0}},"right":{"expr":"\u003c=","left":{"expr":"number-ref","ref":"max-metric_value"},"right":{"expr":"number","value":5.0}}}},"search_within_ms":{"$numberLong":"3600000"},"execute_every_ms":{"$numberLong":"3600000"}},"field_spec":{"dimensions_id":{"data_type":"string","providers":[{"type":"template-v1","template":"${source.dimensions_id}","require_values":true}]},"dimensions_value":{"data_type":"string","providers":[{"type":"template-v1","template":"${source.dimensions_value}","require_values":true}]},"metric_id":{"data_type":"string","providers":[{"type":"template-v1","template":"${source.metric_id}","require_values":true}]},"metric_value":{"data_type":"string","providers":[{"type":"template-v1","template":"${source.metric_value}","require_values":true}]}},"key_spec":["dimensions_id","dimensions_value","metric_id","metric_value"],"notification_settings":{"grace_period_ms":{"$numberLong":"0"},"backlog_size":{"$numberLong":"0"}},"notifications":[{"notification_id":"60af7dfaa650154320a12aa9","notification_parameters":null}],"storage":[{"type":"persist-to-streams-v1","streams":["000000000000000000000002"]}]} {"_id":{"$oid":"60c998bfdc039a5b3f013b12"},"title":"Functional Alert | Bucket \u003e5%","description":"Functional alert for errors which are greater than 5%","priority":3,"alert":true,"config":{"type":"aggregation-v1","query":"metric_value: \u003e5","query_parameters":[],"streams":["000000000000000000000001"],"group_by":["dimensions_id","dimensions_value","metric_id","metric_value","full_message"],"series":[{"id":"max-metric_value","function":"max","field":"metric_value"}],"conditions":{"expression":{"expr":"\u003e","left":{"expr":"number-ref","ref":"max-metric_value"},"right":{"expr":"number","value":5.0}}},"search_within_ms":{"$numberLong":"3600000"},"execute_every_ms":{"$numberLong":"3600000"}},"field_spec":{"dimensions_id":{"data_type":"string","providers":[{"type":"template-v1","template":"${source.dimensions_id}","require_values":true}]},"dimensions_value":{"data_type":"string","providers":[{"type":"template-v1","template":"${source.dimensions_value}","require_values":true}]},"metric_id":{"data_type":"string","providers":[{"type":"template-v1","template":"${source.metric_id}","require_values":true}]},"metric_value":{"data_type":"string","providers":[{"type":"template-v1","template":"${source.metric_value}","require_values":true}]}},"key_spec":["dimensions_id","dimensions_value","metric_id","metric_value"],"notification_settings":{"grace_period_ms":{"$numberLong":"0"},"backlog_size":{"$numberLong":"0"}},"notifications":[{"notification_id":"60af7dfaa650154320a12aa9","notification_parameters":null}],"storage":[{"type":"persist-to-streams-v1","streams":["000000000000000000000002"]}]} +{"_id":{"$oid":"60e82efc25aa97080bea89dd"},"title":"DataProducts Status","description":"DataProducts execution status","priority":3,"alert":true,"config":{"type":"aggregation-v1","query":"status: \"FAILED\"","query_parameters":[],"streams":["000000000000000000000001"],"group_by":["system","subsystem","status","id-report-date"],"series":[{"id":"count-system","function":"count","field":"system"}],"conditions":{"expression":{"expr":"==","left":{"expr":"number-ref","ref":"count-system"},"right":{"expr":"number","value":1.0}}},"search_within_ms":{"$numberLong":"3600000"},"execute_every_ms":{"$numberLong":"3600000"}},"field_spec":{"DP_name":{"data_type":"string","providers":[{"type":"template-v1","template":"${source.subsystem}","require_values":true}]},"DP_status":{"data_type":"string","providers":[{"type":"template-v1","template":"${source.status}","require_values":true}]},"DP_report_date":{"data_type":"string","providers":[{"type":"template-v1","template":"${source.id-report-date}","require_values":true}]}},"key_spec":["DP_name","DP_status","DP_report_date"],"notification_settings":{"grace_period_ms":{"$numberLong":"0"},"backlog_size":{"$numberLong":"0"}},"notifications":[{"notification_id":"60e8311025aa97080bea8c8b","notification_parameters":null}],"storage":[{"type":"persist-to-streams-v1","streams":["000000000000000000000002"]}]} diff --git a/ansible/roles/graylog-mongodb-import/templates/event_notifications.json b/ansible/roles/graylog-mongodb-import/templates/event_notifications.json index f3abe4371c..3d0bbf34ba 100644 --- a/ansible/roles/graylog-mongodb-import/templates/event_notifications.json +++ b/ansible/roles/graylog-mongodb-import/templates/event_notifications.json @@ -1 +1,2 @@ {"_id":{"$oid":"60af7dfaa650154320a12aa9"},"title":"Functional Alert","description":"Functional Alert","config":{"type":"email-notification-v1","sender":"{{ sunbird_mail_server_from_email }}","subject":"{{ env }} | ${event.fields.dimensions_id} | ${event.fields.dimensions_value}","body_template":"[Event]\n----------------------------------------\nTimestamp: ${event.timestamp}\nMessage: ${event.message}\nKey: ${event.key}\nSource: ${event.source}\nPriority: ${event.priority}\nAlert: ${event.alert}\nTimerange Start: ${event.timerange_start}\nTimerange End: ${event.timerange_end}\n\n${if backlog}\n[Backlog]\n----------------------------------------\nLast messages accounting for this alert:\n${foreach backlog message}\n${message}\n${end}\n${end}","email_recipients":{{ (graylog_alerts_mailing_list|default(alerts_mailing_list)).split(',') | map('trim') | list }},"user_recipients":[]}} +{"_id":{"$oid":"60e8311025aa97080bea8c8b"},"title":"DataProducts Notification","description":"DP Notification","config":{"type":"email-notification-v1","sender":"{{ sunbird_mail_server_from_email }}","subject":"{{ env }} | DataProduct notification: ${event.fields.DP_name} | ${event.fields.DP_status}","body_template":"--- [Event] --------------------------------------\nTimestamp: ${event.timestamp}\nMessage: ${event.message}\nSource: ${event.source}\nKey: ${event.key}\nPriority: ${event.priority}\nAlert: ${event.alert}\nFields:\n${foreach event.fields field} ${field.key}: ${field.value}\n${end}\n${if backlog}\n--- [Backlog] ------------------------------------\nLast messages accounting for this alert:\n${foreach backlog message}\n${message}\n${end}\n${end}\n","email_recipients":{{ (graylog_alerts_mailing_list|default(alerts_mailing_list)).split(',') | map('trim') | list }},"user_recipients":[]}} diff --git a/ansible/roles/graylog-mongodb-import/templates/grants.json b/ansible/roles/graylog-mongodb-import/templates/grants.json index d57d8c89b5..772e2df88c 100644 --- a/ansible/roles/graylog-mongodb-import/templates/grants.json +++ b/ansible/roles/graylog-mongodb-import/templates/grants.json @@ -12,3 +12,7 @@ {"_id":{"$oid":"60c99c59dc039a5b3f013f03"},"grantee":"grn::::builtin-team:everyone","capability":"view","target":"grn::::event_definition:60c998bfdc039a5b3f013b12","created_by":"admin","created_at":{"$date":"2021-06-16T06:38:17.148Z"},"updated_by":"admin","updated_at":{"$date":"2021-06-16T06:38:17.148Z"},"expires_at":null} {"_id":{"$oid":"60c99c5edc039a5b3f013f09"},"grantee":"grn::::builtin-team:everyone","capability":"view","target":"grn::::event_definition:60c994ccdc039a5b3f0136a4","created_by":"admin","created_at":{"$date":"2021-06-16T06:38:22.385Z"},"updated_by":"admin","updated_at":{"$date":"2021-06-16T06:38:22.385Z"},"expires_at":null} {"_id":{"$oid":"60c99c63dc039a5b3f013f11"},"grantee":"grn::::builtin-team:everyone","capability":"view","target":"grn::::event_definition:60c99405dc039a5b3f0135bc","created_by":"admin","created_at":{"$date":"2021-06-16T06:38:27.410Z"},"updated_by":"admin","updated_at":{"$date":"2021-06-16T06:38:27.410Z"},"expires_at":null} +{"_id":{"$oid":"60f0114025aa97080bf40435"},"grantee":"grn::::builtin-team:everyone","capability":"view","target":"grn::::dashboard:60ed949db96722aa70a93421","created_by":"admin","created_at":{"$date":"2021-07-15T10:43:12.986Z"},"updated_by":"admin","updated_at":{"$date":"2021-07-15T10:43:12.986Z"},"expires_at":null} +{"_id":{"$oid":"60f0149125aa97080bf40e7b"},"grantee":"grn::::builtin-team:everyone","capability":"view","target":"grn::::event_definition:60e82efc25aa97080bea89dd","created_by":"admin","created_at":{"$date":"2021-07-15T10:57:21.398Z"},"updated_by":"admin","updated_at":{"$date":"2021-07-15T10:57:21.398Z"},"expires_at":null} +{"_id":{"$oid":"60f0149d25aa97080bf40eb8"},"grantee":"grn::::builtin-team:everyone","capability":"view","target":"grn::::notification:60e8311025aa97080bea8c8b","created_by":"admin","created_at":{"$date":"2021-07-15T10:57:33.369Z"},"updated_by":"admin","updated_at":{"$date":"2021-07-15T10:57:33.369Z"},"expires_at":null} + diff --git a/ansible/roles/graylog-mongodb-import/templates/grok_patterns.json b/ansible/roles/graylog-mongodb-import/templates/grok_patterns.json index d36a7d7d04..458ea4391f 100644 --- a/ansible/roles/graylog-mongodb-import/templates/grok_patterns.json +++ b/ansible/roles/graylog-mongodb-import/templates/grok_patterns.json @@ -76,3 +76,6 @@ {"_id":{"$oid":"6087f91707a3b704f579323c"},"name":"DATESTAMP","pattern":"%{DATE}[- ]%{TIME}"} {"_id":{"$oid":"6087f91707a3b704f579323e"},"name":"BASE16NUM","pattern":"(?\u003c![0-9A-Fa-f])(?:[+-]?(?:0x)?(?:[0-9A-Fa-f]+))"} {"_id":{"$oid":"6087f91707a3b704f5793240"},"name":"PATH","pattern":"(?:%{UNIXPATH}|%{WINPATH})"} +{"_id":{"$oid":"60e82c0625aa97080bea8633"},"name":"DP_DIMENSION_PARSE","pattern":"^\\W+\\w+\\W(?\u003cid\u003e\\w+\\W+\\w+)\\W+\\s+\\w+\\W+(?\u003cid-report-date\u003e[0-9]{4}-[0-9]{2}-[0-9]{2})\\S+\\s+\\W+\\w+\\W(?\u003cid-status\u003e\\w+)\\W+\\w+\\W+(?\u003cstatus\u003e\\w+)\\W+"} +{"_id":{"$oid":"60ee7ba225aa97080bf1d9df"},"name":"DP_METRIC_PARSE_1","pattern":"^\\W+\\w+\\W(?\u003cinput\u003e\\w+\\W+\\w+)\\W+\\s+\\w+\\W+(?\u003cinput-events\u003e\\w+)\\S+\\s+\\W+\\w+\\W(?\u003coutput\u003e\\w+\\W+\\w+)\\W+\\s+\\w+\\W+(?\u003coutput-events\u003e\\w+)\\S+\\s+\\W+\\w+\\W(?\u003ctime-taken\u003e\\w+\\W+\\w+\\W+\\w+)\\W+\\s+\\w+\\W+(?\u003ctime-taken-secs\u003e\\w+\\.+\\w+)}"} +{"_id":{"$oid":"60ee7c2b25aa97080bf1da7c"},"name":"DP_METRIC_PARSE_2","pattern":"^\\W+\\w+\\W(?\u003ctotal\u003e\\w+\\W+\\w+)\\W+\\s+\\w+\\W+(?\u003ctotal-requests\u003e\\w+)\\S+\\s+\\W+\\w+\\W(?\u003csuccess\u003e\\w+\\W+\\w+)\\W+\\s+\\w+\\W+(?\u003csuccess-requests\u003e\\w+)\\S+\\s+\\W+\\w+\\W(?\u003cfailed\u003e\\w+\\W+\\w+)\\W+\\s+\\w+\\W+(?\u003cfailed-requests\u003e\\w+)\\S+\\s+\\W+\\w+\\W(?\u003ctime-taken\u003e\\w+\\W+\\w+\\W+\\w+)\\W+\\s+\\w+\\W+(?\u003ctime-taken-secs\u003e\\w+\\.+\\w+)}"} diff --git a/ansible/roles/graylog-mongodb-import/templates/inputs.json b/ansible/roles/graylog-mongodb-import/templates/inputs.json index a4e2a31ce4..9447067e52 100644 --- a/ansible/roles/graylog-mongodb-import/templates/inputs.json +++ b/ansible/roles/graylog-mongodb-import/templates/inputs.json @@ -1,3 +1,5 @@ {"_id":{"$oid":"606d4adecc575336d5ef0c5f"},"creator_user_id":"admin","configuration":{"recv_buffer_size":1048576,"tcp_keepalive":true,"number_worker_threads":16,"tls_client_auth_cert_file":"","bind_address":"0.0.0.0","tls_cert_file":"","port":5044,"tls_key_file":"","tls_enable":false,"tls_key_password":"","tls_client_auth":"disabled","override_source":null,"no_beats_prefix":true},"name":"Beats","created_at":{"$date":"2021-04-07T09:09:23.771Z"},"global":true,"type":"org.graylog.plugins.beats.Beats2Input","title":"beats","content_pack":null} {"_id":{"$oid":"608fa8f9feca855051cffa19"},"creator_user_id":"admin","extractors":[{"creator_user_id":"admin","source_field":"message","condition_type":"none","title":"JSON_EXTRACTOR","type":"json","cursor_strategy":"cut","target_field":"","extractor_config":{"flatten":false,"list_separator":", ","kv_separator":"=","key_prefix":"","key_separator":"_","replace_key_whitespace":true,"key_whitespace_replacement":"_"},"condition_value":"","converters":[],"id":"2cf74d70-abe4-11eb-8d7f-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"source","condition_type":"none","title":"SET_SOURCE","type":"regex_replace","cursor_strategy":"cut","target_field":"source","extractor_config":{"regex":"^unknown$","replacement":"druid.events.log","replace_all":true},"condition_value":"","converters":[],"id":"e728f490-abea-11eb-8d7f-002248d48142","order":{"$numberLong":"1"}}],"configuration":{"topic_filter":"^.*.druid.events.log$","fetch_wait_max":100,"offset_reset":"largest","zookeeper":"","threads":1,"custom_properties":"","group_id":"graylog2","throttling_allowed":false,"fetch_min_bytes":5,"legacy_mode":false,"override_source":null,"bootstrap_server":"{{ sunbird_processing_kafka_host }}"},"name":"Raw/Plaintext Kafka","created_at":{"$date":"2021-05-03T13:42:16.955Z"},"global":true,"type":"org.graylog2.inputs.raw.kafka.RawKafkaInput","title":"druid.events.log","content_pack":null} {"_id":{"$oid":"608fb5affeca855051d007ee"},"creator_user_id":"admin","extractors":[{"creator_user_id":"admin","source_field":"message","condition_type":"none","title":"JSON_EXTRACTOR","type":"json","cursor_strategy":"cut","target_field":"","extractor_config":{"flatten":false,"list_separator":", ","kv_separator":"=","key_prefix":"","key_separator":"_","replace_key_whitespace":true,"key_whitespace_replacement":"_"},"condition_value":"","converters":[],"id":"7b87be50-abeb-11eb-8d7f-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"source","condition_type":"none","title":"SET_SOURCE","type":"regex_replace","cursor_strategy":"cut","target_field":"source","extractor_config":{"regex":"^unknown$","replacement":"druid.events.error","replace_all":true},"condition_value":"","converters":[],"id":"9e4ddfa0-abeb-11eb-8d7f-002248d48142","order":{"$numberLong":"0"}}],"configuration":{"topic_filter":"^.*.druid.events.error$","fetch_wait_max":100,"offset_reset":"largest","zookeeper":"","threads":1,"custom_properties":"","group_id":"graylog2","throttling_allowed":false,"fetch_min_bytes":5,"legacy_mode":false,"override_source":null,"bootstrap_server":"{{ sunbird_processing_kafka_host }}"},"name":"Raw/Plaintext Kafka","created_at":{"$date":"2021-05-03T13:42:05.635Z"},"global":true,"type":"org.graylog2.inputs.raw.kafka.RawKafkaInput","title":"druid.events.error","content_pack":null} +{"_id":{"$oid":"60e58a23dc039a5b3f22ab06"},"creator_user_id":"admin","extractors":[{"creator_user_id":"admin","source_field":"message","condition_type":"none","title":"JSON EXTRACTOR","type":"json","cursor_strategy":"copy","target_field":"","extractor_config":{"flatten":false,"list_separator":", ","kv_separator":"=","key_prefix":"","key_separator":"_","replace_key_whitespace":false,"key_whitespace_replacement":"_"},"condition_value":"","converters":[],"id":"3411a150-df15-11eb-a1a4-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"source","condition_type":"none","title":"SET SOURCE","type":"regex_replace","cursor_strategy":"copy","target_field":"source","extractor_config":{"regex":"^unknown$","replacement":"dataproducts.metrics","replace_all":true},"condition_value":"","converters":[],"id":"2cdd1e70-df18-11eb-a1a4-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"dimensions","condition_type":"none","title":"DIMENSION EXTRACTOR","type":"grok","cursor_strategy":"copy","target_field":"","extractor_config":{"grok_pattern":"%{DP_DIMENSION_PARSE}"},"condition_value":"","converters":[],"id":"e1c0f630-e0a4-11eb-8a7a-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"metrics","condition_type":"none","title":"EXHAUST METRICS EXTRACTOR","type":"grok","cursor_strategy":"copy","target_field":"","extractor_config":{"grok_pattern":"%{DP_METRIC_PARSE_2}"},"condition_value":"","converters":[],"id":"45ecf160-e468-11eb-8a7a-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"metrics","condition_type":"none","title":"METRICS EXTRACTOR","type":"grok","cursor_strategy":"copy","target_field":"","extractor_config":{"grok_pattern":"%{DP_METRIC_PARSE_1}"},"condition_value":"","converters":[],"id":"05259460-e469-11eb-8a7a-002248d48142","order":{"$numberLong":"0"}}],"configuration":{"topic_filter":"^.*.prom.monitoring.metrics$","fetch_wait_max":100,"offset_reset":"largest","zookeeper":"","threads":2,"custom_properties":"","group_id":"graylog2","throttling_allowed":false,"fetch_min_bytes":5,"legacy_mode":false,"override_source":null,"bootstrap_server":"{{ sunbird_processing_kafka_host }}"},"name":"Raw/Plaintext Kafka","created_at":{"$date":"2021-07-15T10:36:58.024Z"},"global":true,"type":"org.graylog2.inputs.raw.kafka.RawKafkaInput","title":"DataProducts","content_pack":null,"node_id":"a02291b8-a5df-409b-8c6e-8e70d8280ffa"} + diff --git a/ansible/roles/graylog-mongodb-import/templates/scheduler_job_definitions.json b/ansible/roles/graylog-mongodb-import/templates/scheduler_job_definitions.json index e0bcc3207c..ed4760be9f 100644 --- a/ansible/roles/graylog-mongodb-import/templates/scheduler_job_definitions.json +++ b/ansible/roles/graylog-mongodb-import/templates/scheduler_job_definitions.json @@ -3,3 +3,5 @@ {"_id":{"$oid":"60c99405dc039a5b3f0135bd"},"title":"Functional Alert | Bucket \u003e1% and \u003c=2%","description":"Functional alert for errors which are greater than 1% and less than or equal to 2%","config":{"type":"event-processor-execution-v1","event_definition_id":"60c99405dc039a5b3f0135bc","parameters":{"type":"aggregation-v1","timerange":{"type":"absolute","from":{"$date":"2021-06-16T05:19:59.244Z"},"to":{"$date":"2021-06-16T06:19:59.244Z"}},"streams":[],"batch_size":500},"processing_window_size":{"$numberLong":"3600000"},"processing_hop_size":{"$numberLong":"3600000"}}} {"_id":{"$oid":"60c994ccdc039a5b3f0136a5"},"title":"Functional Alert | Bucket \u003e2% and \u003c=5%","description":"Functional alert for errors which are greater than 2% and less than or equal to 5%","config":{"type":"event-processor-execution-v1","event_definition_id":"60c994ccdc039a5b3f0136a4","parameters":{"type":"aggregation-v1","timerange":{"type":"absolute","from":{"$date":"2021-06-16T05:44:40.562Z"},"to":{"$date":"2021-06-16T06:44:40.562Z"}},"streams":[],"batch_size":500},"processing_window_size":{"$numberLong":"3600000"},"processing_hop_size":{"$numberLong":"3600000"}}} {"_id":{"$oid":"60c998bfdc039a5b3f013b13"},"title":"Functional Alert | Bucket \u003e5%","description":"Functional alert for errors which are greater than 5%","config":{"type":"event-processor-execution-v1","event_definition_id":"60c998bfdc039a5b3f013b12","parameters":{"type":"aggregation-v1","timerange":{"type":"absolute","from":{"$date":"2021-06-16T05:44:51.143Z"},"to":{"$date":"2021-06-16T06:44:51.143Z"}},"streams":[],"batch_size":500},"processing_window_size":{"$numberLong":"3600000"},"processing_hop_size":{"$numberLong":"3600000"}}} +{"_id":{"$oid":"60e82efc25aa97080bea89df"},"title":"DataProducts Status","description":"DataProducts execution status","config":{"type":"event-processor-execution-v1","event_definition_id":"60e82efc25aa97080bea89dd","parameters":{"type":"aggregation-v1","timerange":{"type":"absolute","from":{"$date":"2021-07-15T09:36:20.618Z"},"to":{"$date":"2021-07-15T10:36:20.618Z"}},"streams":[],"batch_size":500},"processing_window_size":{"$numberLong":"3600000"},"processing_hop_size":{"$numberLong":"3600000"}}} +{"_id":{"$oid":"60e8311025aa97080bea8c8c"},"title":"DataProducts Notification","description":"DP Notification","config":{"type":"notification-execution-v1","notification_id":"60e8311025aa97080bea8c8b"}} diff --git a/ansible/roles/graylog-mongodb-import/templates/scheduler_triggers.json b/ansible/roles/graylog-mongodb-import/templates/scheduler_triggers.json index a87f1d2291..56ab2fae66 100644 --- a/ansible/roles/graylog-mongodb-import/templates/scheduler_triggers.json +++ b/ansible/roles/graylog-mongodb-import/templates/scheduler_triggers.json @@ -2,3 +2,4 @@ {"_id":{"$oid":"60c99405dc039a5b3f0135be"},"job_definition_id":"60c99405dc039a5b3f0135bd","start_time":{"$date":"2021-06-16T06:02:45.180Z"},"end_time":null,"next_time":{"$date":"2021-06-16T07:02:45.179Z"},"created_at":{"$date":"2021-06-16T06:02:45.180Z"},"updated_at":{"$date":"2021-06-16T06:19:59.245Z"},"triggered_at":{"$date":"2021-06-16T06:19:59.996Z"},"status":"runnable","lock":{"clock":{"$numberLong":"0"},"progress":0,"last_lock_time":{"$date":"2021-06-16T06:19:59.996Z"},"owner":null},"schedule":{"type":"interval","interval":{"$numberLong":"3600000"},"unit":"MILLISECONDS"},"data":{"type":"event-processor-execution-v1","timerange_from":{"$date":"2021-06-16T06:02:45.180Z"},"timerange_to":{"$date":"2021-06-16T07:02:45.179Z"}}} {"_id":{"$oid":"60c994ccdc039a5b3f0136a6"},"job_definition_id":"60c994ccdc039a5b3f0136a5","start_time":{"$date":"2021-06-16T06:06:04.785Z"},"end_time":null,"next_time":{"$date":"2021-06-16T07:44:40.562Z"},"created_at":{"$date":"2021-06-16T06:06:04.785Z"},"updated_at":{"$date":"2021-06-16T06:44:40.563Z"},"triggered_at":{"$date":"2021-06-16T06:44:41.421Z"},"status":"runnable","lock":{"clock":{"$numberLong":"0"},"progress":0,"last_lock_time":{"$date":"2021-06-16T06:44:41.421Z"},"owner":null},"schedule":{"type":"interval","interval":{"$numberLong":"3600000"},"unit":"MILLISECONDS"},"data":{"type":"event-processor-execution-v1","timerange_from":{"$date":"2021-06-16T06:44:40.563Z"},"timerange_to":{"$date":"2021-06-16T07:44:40.562Z"}}} {"_id":{"$oid":"60c998bfdc039a5b3f013b14"},"job_definition_id":"60c998bfdc039a5b3f013b13","start_time":{"$date":"2021-06-16T06:22:55.068Z"},"end_time":null,"next_time":{"$date":"2021-06-16T07:44:51.143Z"},"created_at":{"$date":"2021-06-16T06:22:55.068Z"},"updated_at":{"$date":"2021-06-16T06:44:51.144Z"},"triggered_at":{"$date":"2021-06-16T06:44:56.855Z"},"status":"runnable","lock":{"clock":{"$numberLong":"0"},"progress":0,"last_lock_time":{"$date":"2021-06-16T06:44:56.855Z"},"owner":null},"schedule":{"type":"interval","interval":{"$numberLong":"3600000"},"unit":"MILLISECONDS"},"data":{"type":"event-processor-execution-v1","timerange_from":{"$date":"2021-06-16T06:44:51.144Z"},"timerange_to":{"$date":"2021-06-16T07:44:51.143Z"}}} +{"_id":{"$oid":"60e82efc25aa97080bea89e0"},"job_definition_id":"60e82efc25aa97080bea89df","start_time":{"$date":"2021-07-09T11:11:56.577Z"},"end_time":null,"next_time":{"$date":"2021-07-15T10:45:26.187Z"},"created_at":{"$date":"2021-07-09T11:11:56.577Z"},"updated_at":{"$date":"2021-07-15T10:36:20.622Z"},"triggered_at":{"$date":"2021-07-15T10:45:21.168Z"},"status":"runnable","lock":{"clock":{"$numberLong":"0"},"progress":0,"last_lock_time":{"$date":"2021-07-15T10:45:21.168Z"},"owner":null},"schedule":{"type":"interval","interval":{"$numberLong":"3600000"},"unit":"MILLISECONDS"},"data":null} diff --git a/ansible/roles/graylog-mongodb-import/templates/searches.json b/ansible/roles/graylog-mongodb-import/templates/searches.json index 32cac1e326..17018c2232 100644 --- a/ansible/roles/graylog-mongodb-import/templates/searches.json +++ b/ansible/roles/graylog-mongodb-import/templates/searches.json @@ -5,3 +5,4 @@ {"_id":{"$oid":"60c9a1ac10b85d9d03d63b30"},"queries":[{"id":"91fcb809-6b04-4590-9263-30d3295372c4","timerange":{"type":"relative","range":300},"query":{"type":"elasticsearch","query_string":""},"search_types":[{"timerange":{"type":"relative","range":3600},"query":{"type":"elasticsearch","query_string":"metric_value: \u003e0.1 AND metric_value: \u003c=1"},"streams":[],"id":"540657cf-781e-4332-a34a-925922b4a4aa","name":"chart","series":[{"type":"count","id":"count()"}],"sort":[],"rollup":true,"type":"pivot","row_groups":[{"type":"values","field":"dimensions_id","limit":15},{"type":"values","field":"dimensions_value","limit":15},{"type":"values","field":"metric_id","limit":15},{"type":"values","field":"metric_value","limit":15}],"column_groups":[]},{"timerange":{"type":"relative","range":3600},"query":{"type":"elasticsearch","query_string":"metric_value: \u003e0.1 AND metric_value: \u003c=1"},"streams":[],"id":"130a424e-94bf-40fc-b775-814b677c2800","name":"chart","series":[{"type":"count","id":"count()"}],"sort":[],"rollup":true,"type":"pivot","row_groups":[{"type":"values","field":"dimensions_id","limit":15},{"type":"values","field":"dimensions_value","limit":15},{"type":"values","field":"metric_id","limit":15},{"type":"values","field":"metric_value","limit":15}],"column_groups":[]}]},{"id":"806f5a1b-0923-4963-8fc2-057d5886d7dc","timerange":{"type":"relative","range":300},"query":{"type":"elasticsearch","query_string":""},"search_types":[{"timerange":{"type":"relative","range":3600},"query":{"type":"elasticsearch","query_string":"metric_value: \u003e1 AND metric_value: \u003c=2"},"streams":[],"id":"218d19af-4959-4c6c-a975-e5dc4ba0eb0c","name":"chart","series":[{"type":"count","id":"count()"}],"sort":[],"rollup":true,"type":"pivot","row_groups":[{"type":"values","field":"dimensions_id","limit":15},{"type":"values","field":"dimensions_value","limit":15},{"type":"values","field":"metric_id","limit":15},{"type":"values","field":"metric_value","limit":15}],"column_groups":[]},{"timerange":{"type":"relative","range":3600},"query":{"type":"elasticsearch","query_string":"metric_value: \u003e1 AND metric_value: \u003c=2"},"streams":[],"id":"04f08263-bf1a-447a-a991-41c3271f6d1d","name":"chart","series":[{"type":"count","id":"count()"}],"sort":[],"rollup":true,"type":"pivot","row_groups":[{"type":"values","field":"dimensions_id","limit":15},{"type":"values","field":"dimensions_value","limit":15},{"type":"values","field":"metric_id","limit":15},{"type":"values","field":"metric_value","limit":15}],"column_groups":[]}]},{"id":"fbd1868d-c074-4361-9130-1d1714c8ea67","timerange":{"type":"relative","range":300},"query":{"type":"elasticsearch","query_string":""},"search_types":[{"timerange":{"type":"relative","range":3600},"query":{"type":"elasticsearch","query_string":"metric_value: \u003e2 AND metric_value: \u003c=5"},"streams":[],"id":"518ea27c-dac8-445e-b959-0b0fe392fb0c","name":"chart","series":[{"type":"count","id":"count()"}],"sort":[],"rollup":true,"type":"pivot","row_groups":[{"type":"values","field":"dimensions_id","limit":15},{"type":"values","field":"dimensions_value","limit":15},{"type":"values","field":"metric_id","limit":15},{"type":"values","field":"metric_value","limit":15}],"column_groups":[]},{"timerange":{"type":"relative","range":3600},"query":{"type":"elasticsearch","query_string":"metric_value: \u003e2 AND metric_value: \u003c=5"},"streams":[],"id":"83f15909-9faf-4dca-9453-fb88662f56b0","name":"chart","series":[{"type":"count","id":"count()"}],"sort":[],"rollup":true,"type":"pivot","row_groups":[{"type":"values","field":"dimensions_id","limit":15},{"type":"values","field":"dimensions_value","limit":15},{"type":"values","field":"metric_id","limit":15},{"type":"values","field":"metric_value","limit":15}],"column_groups":[]}]},{"id":"cf249cae-17b7-498a-98a1-386de3931899","timerange":{"type":"relative","range":300},"query":{"type":"elasticsearch","query_string":""},"search_types":[{"timerange":{"type":"relative","range":3600},"query":{"type":"elasticsearch","query_string":"metric_value: \u003e5"},"streams":[],"id":"54c5de0d-8dc5-4e55-87b0-5e06837f8b0f","name":"chart","series":[{"type":"count","id":"count()"}],"sort":[],"rollup":true,"type":"pivot","row_groups":[{"type":"values","field":"dimensions_id","limit":15},{"type":"values","field":"dimensions_value","limit":15},{"type":"values","field":"metric_id","limit":15},{"type":"values","field":"metric_value","limit":15}],"column_groups":[]},{"timerange":{"type":"relative","range":3600},"query":{"type":"elasticsearch","query_string":"metric_value: \u003e5"},"streams":[],"id":"cb8f072c-b322-4670-bfba-cac53975b980","name":"chart","series":[{"type":"count","id":"count()"}],"sort":[],"rollup":true,"type":"pivot","row_groups":[{"type":"values","field":"dimensions_id","limit":15},{"type":"values","field":"dimensions_value","limit":15},{"type":"values","field":"metric_id","limit":15},{"type":"values","field":"metric_value","limit":15}],"column_groups":[]}]}],"parameters":[],"requires":{},"owner":"admin","created_at":{"$date":"2021-06-16T07:01:00.172Z"}} {"_id":{"$oid":"60c1d1f705a0719038bacdaa"},"queries":[{"id":"7b59069e-c82a-4d5a-8740-784fc57826fb","timerange":{"type":"relative","range":300},"query":{"type":"elasticsearch","query_string":"kubernetes_labels_app: player"},"search_types":[{"timerange":null,"query":null,"streams":[],"id":"bb6cd31a-c26f-48d9-a7b5-7eee245b3744","name":null,"limit":150,"offset":0,"sort":[{"field":"timestamp","order":"DESC"}],"decorators":[],"type":"messages"},{"timerange":null,"query":null,"streams":[],"id":"eb787319-596c-4c9b-8ea9-643048137beb","name":"chart","series":[{"type":"count","id":"count()"}],"sort":[],"rollup":true,"type":"pivot","row_groups":[{"type":"time","field":"timestamp","interval":{"type":"auto","scaling":1.0}}],"column_groups":[]}]}],"parameters":[],"requires":{},"owner":"viewer","created_at":{"$date":"2021-06-10T08:48:55.015Z"}} {"_id":{"$oid":"606ed19fe7202f30e9856553"},"queries":[{"id":"bafc4c40-177c-433d-ba3f-8934eacbfceb","timerange":{"type":"relative","range":3600},"query":{"type":"elasticsearch","query_string":""},"search_types":[{"timerange":null,"query":null,"streams":[],"id":"6129f3d0-43eb-4bc3-9931-cbe057cf9e25","name":null,"limit":150,"offset":0,"sort":[{"field":"timestamp","order":"DESC"}],"decorators":[],"type":"messages"},{"timerange":null,"query":null,"streams":[],"id":"7754427c-1c7c-4923-9db5-d67de6d1ebbd","name":"chart","series":[{"type":"count","id":"Message Count"}],"sort":[],"rollup":true,"type":"pivot","row_groups":[],"column_groups":[]},{"timerange":null,"query":null,"streams":[],"id":"02eabfc0-8b65-4f83-8005-11747a203aa5","name":"chart","series":[{"type":"count","id":"count()"}],"sort":[],"rollup":true,"type":"pivot","row_groups":[{"type":"time","field":"timestamp","interval":{"type":"auto","scaling":1.0}}],"column_groups":[]}]}],"parameters":[],"requires":{},"owner":"admin","created_at":{"$date":"2021-04-08T09:49:19.254Z"}} +{"_id":{"$oid":"60f010e7bb518b0d6458c4f1"},"queries":[{"id":"68cda4cf-0fff-4abb-ac6a-7dbec66f0cde","timerange":{"type":"relative","range":300},"query":{"type":"elasticsearch","query_string":""},"search_types":[{"timerange":{"type":"relative","range":28800},"query":{"type":"elasticsearch","query_string":""},"streams":[],"id":"5bb42331-3ef1-464f-9b7a-038fa555bc87","name":"chart","series":[],"sort":[],"rollup":true,"type":"pivot","row_groups":[{"type":"values","field":"subsystem","limit":15},{"type":"values","field":"status","limit":15},{"type":"time","field":"id-report-date","interval":{"type":"auto","scaling":1.0}}],"column_groups":[]}]},{"id":"e34ac556-9172-4a5f-adf0-24d0f9d62273","timerange":{"type":"relative","range":300},"query":{"type":"elasticsearch","query_string":""},"search_types":[{"timerange":{"type":"relative","range":28800},"query":{"type":"elasticsearch","query_string":""},"streams":[],"id":"a5929004-9714-4514-b25a-93d1de1a27b1","name":"chart","series":[],"sort":[],"rollup":true,"type":"pivot","row_groups":[{"type":"values","field":"subsystem","limit":15},{"type":"values","field":"total-requests","limit":15},{"type":"values","field":"success-requests","limit":15},{"type":"values","field":"failed-requests","limit":15},{"type":"values","field":"time-taken-secs","limit":15}],"column_groups":[]}]}],"parameters":[],"requires":{},"owner":"admin","created_at":{"$date":"2021-07-15T10:41:43.523Z"}} diff --git a/ansible/roles/graylog-mongodb-import/templates/views.json b/ansible/roles/graylog-mongodb-import/templates/views.json index 0ecf5a8c4d..b0597ba39c 100644 --- a/ansible/roles/graylog-mongodb-import/templates/views.json +++ b/ansible/roles/graylog-mongodb-import/templates/views.json @@ -3,3 +3,4 @@ {"_id":{"$oid":"6087f91807a3b704f5793257"},"type":"DASHBOARD","title":"Sources","summary":"This is a list of all sources that sent in messages to Graylog.","description":"This is a list of all sources that sent in messages to Graylog. You can narrow the timerange by zooming in on the message histogram, or you can increase the time range by specifying a broader one in the controls at the top. You can also specify filters to limit the results you are seeing. You can also add additional widgets to this dashboard, or adapt the appearance of existing widgets to suit your needs.","search_id":"6087f91807a3b704f5793255","properties":[],"requires":{},"state":{"a1647eb6-a064-4fe6-b459-1e4267d3f659":{"titles":{"tab":{"title":"Sources Overview"},"widget":{"6c127c5d-be75-4157-b43f-ac0194ac0586":"Selected sources","92d63811-e4dd-47db-bd3b-db03c8a9bd53":"Messages per Source","00637e63-d728-4b3e-932b-7c8696b4855d":"Messages over time"}},"widgets":[{"id":"92d63811-e4dd-47db-bd3b-db03c8a9bd53","type":"aggregation","timerange":{"type":"relative","range":300},"query":null,"streams":[],"config":{"row_pivots":[{"field":"source","type":"values","config":{"limit":10}}],"column_pivots":[],"series":[{"config":{"name":"Message count"},"function":"count()"}],"sort":[{"type":"series","field":"count()","direction":"Descending"}],"visualization":"pie","rollup":true,"event_annotation":false}},{"id":"00637e63-d728-4b3e-932b-7c8696b4855d","type":"aggregation","timerange":{"type":"relative","range":300},"query":null,"streams":[],"config":{"row_pivots":[{"field":"timestamp","type":"time","config":{"interval":{"type":"auto","scaling":null}}}],"column_pivots":[],"series":[{"config":{"name":"Message count"},"function":"count()"}],"sort":[],"visualization":"line","rollup":true,"event_annotation":false}},{"id":"6c127c5d-be75-4157-b43f-ac0194ac0586","type":"aggregation","timerange":{"type":"relative","range":300},"query":null,"streams":[],"config":{"row_pivots":[{"field":"source","type":"values","config":{"limit":15}}],"column_pivots":[],"series":[{"config":{"name":"Message count"},"function":"count()"}],"sort":[{"type":"series","field":"count()","direction":"Descending"}],"visualization":"table","rollup":true,"event_annotation":false}}],"widget_mapping":{"6c127c5d-be75-4157-b43f-ac0194ac0586":["011b2894-49e5-44d8-aab6-8c4d4457a886"],"92d63811-e4dd-47db-bd3b-db03c8a9bd53":["a964f1c5-e108-4b5e-a907-ffe0b0f0683c"],"00637e63-d728-4b3e-932b-7c8696b4855d":["481de18f-938e-40d5-8ab2-6eaf6a28f091"]},"positions":{"6c127c5d-be75-4157-b43f-ac0194ac0586":{"col":1,"row":5,"height":4,"width":6},"92d63811-e4dd-47db-bd3b-db03c8a9bd53":{"col":7,"row":5,"height":4,"width":6},"00637e63-d728-4b3e-932b-7c8696b4855d":{"col":1,"row":1,"height":4,"width":+Infinity}},"formatting":{"highlighting":[]},"display_mode_settings":{"positions":{}}}},"owner":"admin","created_at":{"$date":"2019-11-22T10:54:50.950Z"}} {"_id":{"$oid":"60b876fb337c3046d7c2e6f5"},"type":"DASHBOARD","title":"Functional Errors Dashboard","summary":"Functional Errors Dashboard","description":"Functional Errors Dashboard","search_id":"60c9a1ac10b85d9d03d63b30","properties":[],"requires":{},"state":{"91fcb809-6b04-4590-9263-30d3295372c4":{"titles":{"widget":{"dc0ec351-93ad-4c05-95ac-044c8fed9a03":"Percentage of Errors","23148474-33aa-45a6-b946-e9c0f322c346":"Count of Errors"},"tab":{"title":"Threshold \u003e 0.1% and \u003c= 1%"}},"widgets":[{"id":"23148474-33aa-45a6-b946-e9c0f322c346","type":"aggregation","timerange":{"type":"relative","range":3600},"query":{"type":"elasticsearch","query_string":"metric_value: \u003e0.1 AND metric_value: \u003c=1"},"streams":[],"config":{"row_pivots":[{"field":"dimensions_id","type":"values","config":{"limit":15}},{"field":"dimensions_value","type":"values","config":{"limit":15}},{"field":"metric_id","type":"values","config":{"limit":15}},{"field":"metric_value","type":"values","config":{"limit":15}}],"column_pivots":[],"series":[{"config":{},"function":"count()"}],"sort":[],"visualization":"table","rollup":true,"event_annotation":false}},{"id":"dc0ec351-93ad-4c05-95ac-044c8fed9a03","type":"aggregation","timerange":{"type":"relative","range":3600},"query":{"type":"elasticsearch","query_string":"metric_value: \u003e0.1 AND metric_value: \u003c=1"},"streams":[],"config":{"row_pivots":[{"field":"dimensions_id","type":"values","config":{"limit":15}},{"field":"dimensions_value","type":"values","config":{"limit":15}},{"field":"metric_id","type":"values","config":{"limit":15}},{"field":"metric_value","type":"values","config":{"limit":15}}],"column_pivots":[],"series":[{"config":{},"function":"count()"}],"sort":[],"visualization":"pie","rollup":true,"event_annotation":false}}],"widget_mapping":{"23148474-33aa-45a6-b946-e9c0f322c346":["540657cf-781e-4332-a34a-925922b4a4aa"],"dc0ec351-93ad-4c05-95ac-044c8fed9a03":["130a424e-94bf-40fc-b775-814b677c2800"]},"positions":{"23148474-33aa-45a6-b946-e9c0f322c346":{"col":1,"row":71,"height":4,"width":+Infinity},"dc0ec351-93ad-4c05-95ac-044c8fed9a03":{"col":1,"row":22,"height":4,"width":+Infinity}},"formatting":{"highlighting":[]},"display_mode_settings":{"positions":{}}},"806f5a1b-0923-4963-8fc2-057d5886d7dc":{"titles":{"widget":{"749f189f-fcba-4073-b3b4-200f73dea858":"Percentage of Errors","8e88585c-029b-4787-b94c-316d47817e0e":"Count of Errors"},"tab":{"title":"Threshold \u003e 1% and \u003c= 2%"}},"widgets":[{"id":"749f189f-fcba-4073-b3b4-200f73dea858","type":"aggregation","timerange":{"type":"relative","range":3600},"query":{"type":"elasticsearch","query_string":"metric_value: \u003e1 AND metric_value: \u003c=2"},"streams":[],"config":{"row_pivots":[{"field":"dimensions_id","type":"values","config":{"limit":15}},{"field":"dimensions_value","type":"values","config":{"limit":15}},{"field":"metric_id","type":"values","config":{"limit":15}},{"field":"metric_value","type":"values","config":{"limit":15}}],"column_pivots":[],"series":[{"config":{},"function":"count()"}],"sort":[],"visualization":"pie","rollup":true,"event_annotation":false}},{"id":"8e88585c-029b-4787-b94c-316d47817e0e","type":"aggregation","timerange":{"type":"relative","range":3600},"query":{"type":"elasticsearch","query_string":"metric_value: \u003e1 AND metric_value: \u003c=2"},"streams":[],"config":{"row_pivots":[{"field":"dimensions_id","type":"values","config":{"limit":15}},{"field":"dimensions_value","type":"values","config":{"limit":15}},{"field":"metric_id","type":"values","config":{"limit":15}},{"field":"metric_value","type":"values","config":{"limit":15}}],"column_pivots":[],"series":[{"config":{},"function":"count()"}],"sort":[],"visualization":"table","rollup":true,"event_annotation":false}}],"widget_mapping":{"8e88585c-029b-4787-b94c-316d47817e0e":["04f08263-bf1a-447a-a991-41c3271f6d1d"],"749f189f-fcba-4073-b3b4-200f73dea858":["218d19af-4959-4c6c-a975-e5dc4ba0eb0c"]},"positions":{"8e88585c-029b-4787-b94c-316d47817e0e":{"col":1,"row":73,"height":4,"width":+Infinity},"749f189f-fcba-4073-b3b4-200f73dea858":{"col":1,"row":24,"height":4,"width":+Infinity}},"formatting":{"highlighting":[]},"display_mode_settings":{"positions":{}}},"fbd1868d-c074-4361-9130-1d1714c8ea67":{"titles":{"widget":{"e6a276b8-a246-4cf6-8960-d1beecddf918":"Percentage of Errors","6f98b771-54b0-49cc-92a3-187ada526394":"Count of Errors"},"tab":{"title":"Threshold \u003e 2% and \u003c= 5%"}},"widgets":[{"id":"e6a276b8-a246-4cf6-8960-d1beecddf918","type":"aggregation","timerange":{"type":"relative","range":3600},"query":{"type":"elasticsearch","query_string":"metric_value: \u003e2 AND metric_value: \u003c=5"},"streams":[],"config":{"row_pivots":[{"field":"dimensions_id","type":"values","config":{"limit":15}},{"field":"dimensions_value","type":"values","config":{"limit":15}},{"field":"metric_id","type":"values","config":{"limit":15}},{"field":"metric_value","type":"values","config":{"limit":15}}],"column_pivots":[],"series":[{"config":{},"function":"count()"}],"sort":[],"visualization":"pie","rollup":true,"event_annotation":false}},{"id":"6f98b771-54b0-49cc-92a3-187ada526394","type":"aggregation","timerange":{"type":"relative","range":3600},"query":{"type":"elasticsearch","query_string":"metric_value: \u003e2 AND metric_value: \u003c=5"},"streams":[],"config":{"row_pivots":[{"field":"dimensions_id","type":"values","config":{"limit":15}},{"field":"dimensions_value","type":"values","config":{"limit":15}},{"field":"metric_id","type":"values","config":{"limit":15}},{"field":"metric_value","type":"values","config":{"limit":15}}],"column_pivots":[],"series":[{"config":{},"function":"count()"}],"sort":[],"visualization":"table","rollup":true,"event_annotation":false}}],"widget_mapping":{"6f98b771-54b0-49cc-92a3-187ada526394":["83f15909-9faf-4dca-9453-fb88662f56b0"],"e6a276b8-a246-4cf6-8960-d1beecddf918":["518ea27c-dac8-445e-b959-0b0fe392fb0c"]},"positions":{"6f98b771-54b0-49cc-92a3-187ada526394":{"col":1,"row":73,"height":4,"width":+Infinity},"e6a276b8-a246-4cf6-8960-d1beecddf918":{"col":1,"row":24,"height":4,"width":+Infinity}},"formatting":{"highlighting":[]},"display_mode_settings":{"positions":{}}},"cf249cae-17b7-498a-98a1-386de3931899":{"titles":{"widget":{"9759d11a-060d-46ad-93aa-e07b0bbe2940":"Percentage of Errors","0bd6ee4c-961a-4465-ad45-08a3c61a2723":"Count of Errors"},"tab":{"title":"Threshold \u003e 5%"}},"widgets":[{"id":"0bd6ee4c-961a-4465-ad45-08a3c61a2723","type":"aggregation","timerange":{"type":"relative","range":3600},"query":{"type":"elasticsearch","query_string":"metric_value: \u003e5"},"streams":[],"config":{"row_pivots":[{"field":"dimensions_id","type":"values","config":{"limit":15}},{"field":"dimensions_value","type":"values","config":{"limit":15}},{"field":"metric_id","type":"values","config":{"limit":15}},{"field":"metric_value","type":"values","config":{"limit":15}}],"column_pivots":[],"series":[{"config":{},"function":"count()"}],"sort":[],"visualization":"table","rollup":true,"event_annotation":false}},{"id":"9759d11a-060d-46ad-93aa-e07b0bbe2940","type":"aggregation","timerange":{"type":"relative","range":3600},"query":{"type":"elasticsearch","query_string":"metric_value: \u003e5"},"streams":[],"config":{"row_pivots":[{"field":"dimensions_id","type":"values","config":{"limit":15}},{"field":"dimensions_value","type":"values","config":{"limit":15}},{"field":"metric_id","type":"values","config":{"limit":15}},{"field":"metric_value","type":"values","config":{"limit":15}}],"column_pivots":[],"series":[{"config":{},"function":"count()"}],"sort":[],"visualization":"pie","rollup":true,"event_annotation":false}}],"widget_mapping":{"0bd6ee4c-961a-4465-ad45-08a3c61a2723":["cb8f072c-b322-4670-bfba-cac53975b980"],"9759d11a-060d-46ad-93aa-e07b0bbe2940":["54c5de0d-8dc5-4e55-87b0-5e06837f8b0f"]},"positions":{"0bd6ee4c-961a-4465-ad45-08a3c61a2723":{"col":1,"row":73,"height":4,"width":+Infinity},"9759d11a-060d-46ad-93aa-e07b0bbe2940":{"col":1,"row":24,"height":4,"width":+Infinity}},"formatting":{"highlighting":[]},"display_mode_settings":{"positions":{}}}},"owner":"admin","created_at":{"$date":"2021-06-03T06:19:02.711Z"}} {"_id":{"$oid":"60c1d20505a0719038bacdab"},"type":"SEARCH","title":"Show Logs without timestamp","summary":"","description":"","search_id":"60c1d1f705a0719038bacdaa","properties":[],"requires":{},"state":{"7b59069e-c82a-4d5a-8740-784fc57826fb":{"titles":{"widget":{"4e45ba55-2ac3-4eba-88f6-70a5fbe1ce5d":"Message Count","a2e06b69-d9d9-409d-b1de-dffae349c008":"All Messages"}},"widgets":[{"id":"4e45ba55-2ac3-4eba-88f6-70a5fbe1ce5d","type":"aggregation","timerange":null,"query":null,"streams":[],"config":{"row_pivots":[{"field":"timestamp","type":"time","config":{"interval":{"type":"auto","scaling":null}}}],"column_pivots":[],"series":[{"config":{},"function":"count()"}],"sort":[],"visualization":"bar","rollup":true,"event_annotation":false}},{"id":"a2e06b69-d9d9-409d-b1de-dffae349c008","type":"messages","timerange":null,"query":null,"streams":[],"config":{"fields":[],"show_message_row":true,"decorators":[],"sort":[{"type":"pivot","field":"timestamp","direction":"Descending"}]}}],"widget_mapping":{"4e45ba55-2ac3-4eba-88f6-70a5fbe1ce5d":["eb787319-596c-4c9b-8ea9-643048137beb"],"a2e06b69-d9d9-409d-b1de-dffae349c008":["bb6cd31a-c26f-48d9-a7b5-7eee245b3744"]},"positions":{"4e45ba55-2ac3-4eba-88f6-70a5fbe1ce5d":{"col":1,"row":3,"height":2,"width":+Infinity},"a2e06b69-d9d9-409d-b1de-dffae349c008":{"col":1,"row":5,"height":6,"width":+Infinity}},"formatting":{"highlighting":[]},"display_mode_settings":{"positions":{}}}},"owner":"viewer","created_at":{"$date":"2021-06-10T08:48:16.501Z"}} +{"_id":{"$oid":"60ed949db96722aa70a93421"},"type":"DASHBOARD","title":"DataProducts Dashboard","summary":"DataProducts Dashboard","description":"DataProducts Dashboard ","search_id":"60f010e7bb518b0d6458c4f1","properties":[],"requires":{},"state":{"68cda4cf-0fff-4abb-ac6a-7dbec66f0cde":{"titles":{"widget":{"a4e61cc5-7c46-44ab-877e-f0625e77f915":"Data Products Execution Status"},"tab":{"title":"DataProducts Status"}},"widgets":[{"id":"a4e61cc5-7c46-44ab-877e-f0625e77f915","type":"aggregation","timerange":{"type":"relative","range":28800},"query":{"type":"elasticsearch","query_string":""},"streams":[],"config":{"row_pivots":[{"field":"subsystem","type":"values","config":{"limit":15}},{"field":"status","type":"values","config":{"limit":15}},{"field":"id-report-date","type":"time","config":{"interval":{"type":"auto","scaling":null}}}],"column_pivots":[],"series":[],"sort":[],"visualization":"table","rollup":true,"event_annotation":false}}],"widget_mapping":{"a4e61cc5-7c46-44ab-877e-f0625e77f915":["5bb42331-3ef1-464f-9b7a-038fa555bc87"]},"positions":{"a4e61cc5-7c46-44ab-877e-f0625e77f915":{"col":1,"row":25,"height":4,"width":+Infinity}},"formatting":{"highlighting":[]},"display_mode_settings":{"positions":{}}},"e34ac556-9172-4a5f-adf0-24d0f9d62273":{"titles":{"tab":{"title":"Exhaust Reports Dashboard"},"widget":{"a0df09d4-16a7-4a5c-a0db-97e3447995dd":"Exhaust Jobs"}},"widgets":[{"id":"a0df09d4-16a7-4a5c-a0db-97e3447995dd","type":"aggregation","timerange":{"type":"relative","range":28800},"query":{"type":"elasticsearch","query_string":""},"streams":[],"config":{"row_pivots":[{"field":"subsystem","type":"values","config":{"limit":15}},{"field":"total-requests","type":"values","config":{"limit":15}},{"field":"success-requests","type":"values","config":{"limit":15}},{"field":"failed-requests","type":"values","config":{"limit":15}},{"field":"time-taken-secs","type":"values","config":{"limit":15}}],"column_pivots":[],"series":[],"sort":[],"visualization":"table","rollup":true,"event_annotation":false}}],"widget_mapping":{"a0df09d4-16a7-4a5c-a0db-97e3447995dd":["a5929004-9714-4514-b25a-93d1de1a27b1"]},"positions":{"a0df09d4-16a7-4a5c-a0db-97e3447995dd":{"col":1,"row":8,"height":4,"width":+Infinity}},"formatting":{"highlighting":[]},"display_mode_settings":{"positions":{}}}},"owner":"admin","created_at":{"$date":"2021-07-13T12:38:15.831Z"}} diff --git a/ansible/roles/keycloak-deploy/tasks/deploy.yml b/ansible/roles/keycloak-deploy/tasks/deploy.yml index 974293ceea..96719f424a 100644 --- a/ansible/roles/keycloak-deploy/tasks/deploy.yml +++ b/ansible/roles/keycloak-deploy/tasks/deploy.yml @@ -1,11 +1,15 @@ +- name: check whether keycloak installed + stat: + path: /opt/keycloak + register: keycloak_installed_path + - name: stop keycloak service debug: msg="stopping keycloak" notify: - stop service - wait for keycloak to stop changed_when: true - -- meta: flush_handlers + when: keycloak_installed_path.stat.exists - name: Adding ENV Vars to bashrc lineinfile: diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index a5bdbf57ee..1d16e9916e 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -90,6 +90,7 @@ observations_service_prefix: /observations observationSubmissions_service_prefix: /observationSubmissions surveys_service_prefix: /surveys user_extension_prefix: /user-extension +uci_admin_prefix: /uci # Service URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" @@ -114,6 +115,12 @@ ml_reports_service_url: "http://ml-reports-service:3000" ml_survey_service_url: "http://ml-survey-service:3000" ml_project_service_url: "http://ml-projects-service:3000" ml_core_service_url: "http://ml-core-service:3000" +uci_inbound_service_url: "http://inbound-service:8085" +uci_transformer_service_url: "http://trasnformer-service:9091" +uci_gql_service_url: "http://gql-service:8080" +uci_registry_service_url: "http://fusionauth-service:9011" +uci_admin_service_url: "http://uci_api-service:9999" + premium_consumer_rate_limits: - api: createContent @@ -5942,7 +5949,7 @@ kong_apis: config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: getUsersPrograms - uris: "{{ users_service_prefix }}/v1/users/programs" + uris: "{{ users_service_prefix }}/mlcore/v1/programs" upstream_url: "{{ ml_core_service_url }}/v1/users/programs" strip_uri: true plugins: @@ -5960,7 +5967,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: getUsersSolutions - uris: "{{ users_service_prefix }}/v1/users/solutions" + uris: "{{ users_service_prefix }}/mlcore/v1/solutions" upstream_url: "{{ ml_core_service_url }}/v1/users/solutions" strip_uri: true plugins: @@ -5978,7 +5985,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: getTargetedSolutions - uris: "{{ solutions_service_prefix }}/v1/solutions/targetedSolutions" + uris: "{{ solutions_service_prefix }}/mlcore/v1/targetedSolutions" upstream_url: "{{ ml_core_service_url }}/v1/solutions/targetedSolutions" strip_uri: true plugins: @@ -5996,7 +6003,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: mandatoryUserProfileFields - uris: "{{ entities_service_prefix }}/v1/entities/subEntityListBasedOnRoleAndLocation" + uris: "{{ entities_service_prefix }}/mlcore/v1/subEntityListBasedOnRoleAndLocation" upstream_url: "{{ ml_core_service_url }}/v1/entities/subEntityListBasedOnRoleAndLocation" strip_uri: true plugins: @@ -6014,7 +6021,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: locationListing - uris: "{{ entities_service_prefix }}/v1/entities/subEntityList" + uris: "{{ entities_service_prefix }}/mlcore/v1/subEntityList" upstream_url: "{{ ml_core_service_url }}/v1/entities/subEntityList" strip_uri: true plugins: @@ -6032,7 +6039,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: getTargetedEntity - uris: "{{ users_service_prefix }}/v1/users/targetedEntity" + uris: "{{ users_service_prefix }}/mlcore/v1/targetedEntity" upstream_url: "{{ ml_core_service_url }}/v1/users/targetedEntity" strip_uri: true plugins: @@ -6050,7 +6057,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: getProjectDetails - uris: "{{ userProjects_service_prefix }}/v1/userProjects/details" + uris: "{{ userProjects_service_prefix }}/mlprojects/v1/details" upstream_url: "{{ ml_project_service_url }}/v1/userProjects/details" strip_uri: true plugins: @@ -6068,7 +6075,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: getProjectEntities - uris: "{{ reports_service_prefix }}/v1/reports/entity" + uris: "{{ reports_service_prefix }}/mlprojects/v1/entity" upstream_url: "{{ ml_project_service_url }}/v1/reports/entity" strip_uri: true plugins: @@ -6086,7 +6093,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: getProjectDetailReport - uris: "{{ reports_service_prefix }}/v1/reports/detailView" + uris: "{{ reports_service_prefix }}/mlprojects/v1/detailView" upstream_url: "{{ ml_project_service_url }}/v1/reports/detailView" strip_uri: true plugins: @@ -6104,7 +6111,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: getProjectPrograms - uris: "{{ reports_service_prefix }}/v1/reports/getProgramsByEntity" + uris: "{{ reports_service_prefix }}/mlprojects/v1/getProgramsByEntity" upstream_url: "{{ ml_project_service_url }}/v1/reports/getProgramsByEntity" strip_uri: true plugins: @@ -6122,7 +6129,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: updateProject - uris: "{{ userProjects_service_prefix }}/v1/userProjects/sync" + uris: "{{ userProjects_service_prefix }}/mlprojects/v1/sync" upstream_url: "{{ ml_project_service_url }}/v1/userProjects/sync" strip_uri: true plugins: @@ -6140,7 +6147,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: createProject - uris: "{{ userProjects_service_prefix }}/v1/userProjects/add" + uris: "{{ userProjects_service_prefix }}/mlprojects/v1/add" upstream_url: "{{ ml_project_service_url }}/v1/userProjects/add" strip_uri: true plugins: @@ -6158,7 +6165,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: getProjectSolutionDetails - uris: "{{ userProjects_service_prefix }}/v1/userProjects/solutionDetails" + uris: "{{ userProjects_service_prefix }}/mlprojects/v1/solutionDetails" upstream_url: "{{ ml_project_service_url }}/v1/userProjects/solutionDetails" strip_uri: true plugins: @@ -6176,7 +6183,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: getProjectStatus - uris: "{{ userProjects_service_prefix }}/v1/userProjects/tasksStatus" + uris: "{{ userProjects_service_prefix }}/mlprojects/v1/tasksStatus" upstream_url: "{{ ml_project_service_url }}/v1/userProjects/tasksStatus" strip_uri: true plugins: @@ -6194,7 +6201,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: shareProject - uris: "{{ userProjects_service_prefix }}/v1/userProjects/share" + uris: "{{ userProjects_service_prefix }}/mlprojects/v1/share" upstream_url: "{{ ml_project_service_url }}/v1/userProjects/share" strip_uri: true plugins: @@ -6212,7 +6219,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: getProjectTemplatesDetails - uris: "{{ project_service_prefix }}/v1/project/templates/details" + uris: "{{ project_service_prefix }}/mlprojects/v1/templates/details" upstream_url: "{{ ml_project_service_url }}/v1/project/templates/details" strip_uri: true plugins: @@ -6230,7 +6237,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: listObservationEntities - uris: "{{ observations_service_prefix }}/v1/observations/entities" + uris: "{{ observations_service_prefix }}/mlsurvey/v1/entities" upstream_url: "{{ ml_survey_service_url }}/v1/observations/entities" strip_uri: true plugins: @@ -6248,7 +6255,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: observationSubmissionsList - uris: "{{ observationSubmissions_service_prefix }}/v1/observationSubmissions/list" + uris: "{{ observationSubmissions_service_prefix }}/mlsurvey/v1/list" upstream_url: "{{ ml_survey_service_url }}/v1/observationSubmissions/list" strip_uri: true plugins: @@ -6266,7 +6273,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: observationQuestionList - uris: "{{ observations_service_prefix }}/v1/observations/assessment" + uris: "{{ observations_service_prefix }}/mlsurvey/v1/assessment" upstream_url: "{{ ml_survey_service_url }}/v1/observations/assessment" strip_uri: true plugins: @@ -6284,7 +6291,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: updateObservationSubmission - uris: "{{ observationSubmissions_service_prefix }}/v1/observationSubmissions/update" + uris: "{{ observationSubmissions_service_prefix }}/mlsurvey/v1/update" upstream_url: "{{ ml_survey_service_url }}/v1/observationSubmissions/update" strip_uri: true plugins: @@ -6302,7 +6309,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: createObservationSubmission - uris: "{{ observationSubmissions_service_prefix }}/v1/observationSubmissions/create" + uris: "{{ observationSubmissions_service_prefix }}/mlsurvey/v1/create" upstream_url: "{{ ml_survey_service_url }}/v1/observationSubmissions/create" strip_uri: true plugins: @@ -6320,7 +6327,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: searchLocationEntities - uris: "{{ observations_service_prefix }}/v1/observations/searchEntities" + uris: "{{ observations_service_prefix }}/mlsurvey/v1/searchEntities" upstream_url: "{{ ml_survey_service_url }}/v1/observations/searchEntities" strip_uri: true plugins: @@ -6338,7 +6345,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: addObservationEntity - uris: "{{ observations_service_prefix }}/v1/observations/updateEntities" + uris: "{{ observations_service_prefix }}/mlsurvey/v1/updateEntities" upstream_url: "{{ ml_survey_service_url }}/v1/observations/updateEntities" strip_uri: true plugins: @@ -6356,7 +6363,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: observationSolutionList - uris: "{{ observationSubmissions_service_prefix }}/v1/observationSubmissions/solutionList" + uris: "{{ observationSubmissions_service_prefix }}/mlsurvey/v1/solutionList" upstream_url: "{{ ml_survey_service_url }}/v1/observationSubmissions/solutionList" strip_uri: true plugins: @@ -6374,7 +6381,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: surveyQuestionList - uris: "{{ surveys_service_prefix }}/v1/surveys/details" + uris: "{{ surveys_service_prefix }}/mlsurvey/v1/details" upstream_url: "{{ ml_survey_service_url }}/v1/surveys/details" strip_uri: true plugins: @@ -6392,7 +6399,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: solutionsVerifyLink - uris: "{{ solutions_service_prefix }}/v1/solutions/verifyLink" + uris: "{{ solutions_service_prefix }}/mlsurvey/v1/verifyLink" upstream_url: "{{ ml_survey_service_url }}/v1/solutions/verifyLink" strip_uri: true plugins: @@ -6410,7 +6417,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: observationListEvidences - uris: "{{ observations_service_prefix }}/v1/observations/listAllEvidences" + uris: "{{ observations_service_prefix }}/mlsurvey/v1/listAllEvidences" upstream_url: "{{ ml_survey_service_url }}/v1/observations/listAllEvidences" strip_uri: true plugins: @@ -6428,7 +6435,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: observationReports - uris: "{{ reports_service_prefix }}/v1/reports/fetch" + uris: "{{ reports_service_prefix }}/mlreports/v1/fetch" upstream_url: "{{ ml_reports_service_url }}/v1/reports/fetch" strip_uri: true plugins: @@ -6446,7 +6453,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: surveyListEvidences - uris: "{{ surveys_service_prefix }}/v1/surveys/listAllEvidences" + uris: "{{ surveys_service_prefix }}/mlreports/v1/listAllEvidences" upstream_url: "{{ ml_reports_service_url }}/v1/surveys/listAllEvidences" strip_uri: true plugins: @@ -6464,7 +6471,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: surveyReport - uris: "{{ surveys_service_prefix }}/v1/surveys/getAllResponsesOfQuestion" + uris: "{{ surveys_service_prefix }}/mlreports/v1/getAllResponsesOfQuestion" upstream_url: "{{ ml_reports_service_url }}/v1/surveys/getAllResponsesOfQuestion" strip_uri: true plugins: @@ -6482,7 +6489,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: observationSubmissionCount - uris: "{{ observations_service_prefix }}/v1/observations/submissionsCount" + uris: "{{ observations_service_prefix }}/mlreports/v1/submissionsCount" upstream_url: "{{ ml_reports_service_url }}/v1/observations/submissionsCount" strip_uri: true plugins: @@ -6500,7 +6507,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: getFileUploadUrls - uris: "{{ cloud_service_prefix }}/v1/cloud-services/files/preSignedUrls" + uris: "{{ cloud_service_prefix }}/mlcore/v1/files/preSignedUrls" upstream_url: "{{ ml_core_service_url }}/v1/cloud-services/files/preSignedUrls" strip_uri: true plugins: @@ -6518,7 +6525,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: listPlatformPrograms - uris: "{{ user_extension_prefix }}/v1/user-extension/programsByPlatformRoles" + uris: "{{ user_extension_prefix }}/mlcore/v1/programsByPlatformRoles" upstream_url: "{{ ml_core_service_url }}/v1/user-extension/programsByPlatformRoles" strip_uri: true plugins: @@ -6536,7 +6543,7 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: listPlatformSolutions - uris: "{{ user_extension_prefix }}/v1/user-extension/solutions" + uris: "{{ user_extension_prefix }}/mlcore/v1/solutions" upstream_url: "{{ ml_core_service_url }}/v1/user-extension/solutions" strip_uri: true plugins: @@ -6552,3 +6559,563 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + + +# UCI Related + - name: getUserSegmentsUCI + uris: "{{ uci_admin_prefix }}/admin/v1/userSegment/get" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/userSegment/get" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: createUserSegmentsUCI + uris: "{{ uci_admin_prefix }}/admin/v1/userSegment/create" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/userSegment/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: updateUserSegmentsUCI + uris: "{{ uci_admin_prefix }}/admin/v1/userSegment/update" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/userSegment/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: deleteUserSegmentsUCI + uris: "{{ uci_admin_prefix }}/admin/v1/userSegment/delete" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/userSegment/delete" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: searchUserSegmentsUCI + uris: "{{ uci_admin_prefix }}/admin/v1/userSegment/search" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/userSegment/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: createAdapterUCI + uris: "{{ uci_admin_prefix }}/admin/v1/adapter/create" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/adapter/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getAllAdapterUCI + uris: "{{ uci_admin_prefix }}/admin/v1/adapter/all" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/adapter/all" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getAdapterUCI + uris: "{{ uci_admin_prefix }}/admin/v1/adapter/get" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/adapter/get" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: deleteAdapterUCI + uris: "{{ uci_admin_prefix }}/admin/v1/adapter/delete" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/adapter/delete" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: updateAdapterUCI + uris: "{{ uci_admin_prefix }}/admin/v1/adapter/update" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/adapter/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getAllTransformerUCI + uris: "{{ uci_admin_prefix }}/admin/v1/transformer/all" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/transformer/all" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: createTransformerUCI + uris: "{{ uci_admin_prefix }}/admin/v1/transformer/create" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/transformer/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getTransformerUCI + uris: "{{ uci_admin_prefix }}/admin/v1/transformer/get" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/transformer/get" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: updateTransformerUCI + uris: "{{ uci_admin_prefix }}/admin/v1/transformer/update" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/transformer/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getFormsTransformerUCI + uris: "{{ uci_admin_prefix }}/admin/v1/transformer/getForms" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/transformer/getForms" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: uploadFormsTransformerUCI + uris: "{{ uci_admin_prefix }}/admin/v1/forms/upload" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/forms/upload" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: createConversationLogicUCI + uris: "{{ uci_admin_prefix }}/admin/v1/conversationLogic/create" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/conversationLogic/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getAllConversationLogicUCI + uris: "{{ uci_admin_prefix }}/admin/v1/conversationLogic/all" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/conversationLogic/all" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getConversationLogicUCI + uris: "{{ uci_admin_prefix }}/admin/v1/conversationLogic/get" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/conversationLogic/get" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: deleteConversationLogicUCI + uris: "{{ uci_admin_prefix }}/admin/v1/conversationLogic/delete" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/conversationLogic/delete" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: updateConversationLogicUCI + uris: "{{ uci_admin_prefix }}/admin/v1/conversationLogic/update" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/conversationLogic/delete" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: createBotUCI + uris: "{{ uci_admin_prefix }}/admin/v1/bot/create" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getAllBotUCI + uris: "{{ uci_admin_prefix }}/admin/v1/bot/all" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/all" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getBotUCI + uris: "{{ uci_admin_prefix }}/admin/v1/bot/get" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/get" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: startBotUCI + uris: "{{ uci_admin_prefix }}/admin/v1/bot/start" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/start" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: pauseBotUCI + uris: "{{ uci_admin_prefix }}/admin/v1/bot/pause" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/pause" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: searchBotUCI + uris: "{{ uci_admin_prefix }}/admin/v1/bot/search" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: deleteBotUCI + uris: "{{ uci_admin_prefix }}/admin/v1/bot/delete" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/delete" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: updateBotUCI + uris: "{{ uci_admin_prefix }}/admin/v1/bot/update" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getAllUserForBotUCI + uris: "{{ uci_admin_prefix }}/admin/v1/bot/getAllUsers" + upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/getAllUsers" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: gqlUCI + uris: "{{ uci_admin_prefix }}/uci-api/gql" + upstream_url: "{{ uci_admin_service_url }}/v1/graphql" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" \ No newline at end of file diff --git a/ansible/roles/kong-consumer/defaults/main.yml b/ansible/roles/kong-consumer/defaults/main.yml index 10974eb180..28a105f7af 100644 --- a/ansible/roles/kong-consumer/defaults/main.yml +++ b/ansible/roles/kong-consumer/defaults/main.yml @@ -89,6 +89,17 @@ kong_all_consumer_groups: - druidReportAdmin - dataCreate - frameworkAccess + - programAccess + - solutionAccess + - registryAccess + - projectAccess + - projectUpdate + - projectCreate + - observationAccess + - observationUpdate + - observationCreate + - surveyAccess + - cloudUrlsCreate kong_consumers: - username: api-admin diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 2ebbca8c55..193cda5008 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -3,5 +3,6 @@ BASEPATH: "/opt/sparkjobs" # Git Clone Path **Mandatory USER: "data-pipeline" WORKDIR: "/opt/sparkjobs" +config_path: "/opt/sparkjobs/ml-analytics-service" SYSTEMDDIR: "/lib/systemd/system" -ml_analytics_version: "release-4.0.0" +ml_analytics_version: "release-4.1.0" diff --git a/ansible/roles/ml-analytics-service/tasks/main.yml b/ansible/roles/ml-analytics-service/tasks/main.yml index 564338613f..caa2eb44a3 100755 --- a/ansible/roles/ml-analytics-service/tasks/main.yml +++ b/ansible/roles/ml-analytics-service/tasks/main.yml @@ -6,6 +6,7 @@ dest: "{{ BASEPATH }}/ml-analytics-service" version: "{{ ml_analytics_version }}" depth: "1" + force: yes - name: CREATE THE USER user: @@ -21,9 +22,8 @@ - openjdk-8-jdk - software-properties-common - python3-pip - - python3.6-dev - - python3.6-venv - - python-virtualenv + - python3-venv + - python3-virtualenv - zip - unzip state: present @@ -42,9 +42,8 @@ - "{{ WORKDIR }}/faust_as_service" - name: Change user and create working directory under opt dir and install python virtual environment - shell: "cd {{ WORKDIR }} && virtualenv --python=python3.6 spark_venv" - become: yes - become_user: "{{ USER }}" + shell: "cd {{ WORKDIR }} && virtualenv --python=python3.8 spark_venv" + become: true - name: Create necessary logs folders for pipeline become: yes diff --git a/ansible/roles/postgres-migration/files/sunbird_programs/V4.1.0.sql b/ansible/roles/postgres-migration/files/sunbird_programs/V4.1.0.sql new file mode 100644 index 0000000000..cd71b84a79 --- /dev/null +++ b/ansible/roles/postgres-migration/files/sunbird_programs/V4.1.0.sql @@ -0,0 +1,5 @@ +INSERT INTO "public"."configuration" ("key", "value", "status") VALUES ('programTargetObjectMap', '[{"identifier":"obj-cat:content-playlist_collection_all","name":"Content Playlist","targetObjectType":"Collection","associatedAssetTypes":["Content"],"contentAdditionMode":["Search"]},{"identifier":"obj-cat:demo-practice-question-set_questionset_all","name":"Demo Practice Question Set","targetObjectType":"QuestionSet","associatedAssetTypes":["Question","QuestionSet"],"contentAdditionMode":["New"]},{"identifier":"obj-cat:digital-textbook_collection_all","name":"Digital Textbook","targetObjectType":"Collection","associatedAssetTypes":["Content"],"contentAdditionMode":["Search"]},{"identifier":"obj-cat:professional-development-course_collection_all","name":"Course","targetObjectType":"Collection","associatedAssetTypes":["Content"],"contentAdditionMode":["Search"]},{"identifier":"obj-cat:question-paper_collection_all","name":"Question paper","targetObjectType":"Collection","associatedAssetTypes":["Content"],"contentAdditionMode":["Search"]}]', 'active'); +ALTER TABLE program ADD COLUMN targetCollectionPrimaryCategories jsonb; +CREATE TYPE programTargetType AS ENUM ('collections', 'searchCriteria'); +ALTER TABLE program ADD COLUMN target_type programTargetType; +UPDATE "public"."configuration" SET value='VidyaDaan: Your Content $contentName for the project $projectName has been approved by the project owner with few changes. Please login to $url for details.' WHERE key='smsContentAcceptWithChanges'; diff --git a/ansible/roles/postgresql-data-update-managed/defaults/main.yml b/ansible/roles/postgresql-data-update-managed/defaults/main.yml index 98d85a7d5f..3103230c59 100755 --- a/ansible/roles/postgresql-data-update-managed/defaults/main.yml +++ b/ansible/roles/postgresql-data-update-managed/defaults/main.yml @@ -1,3 +1,116 @@ --- postgresql_unix_socket_directories: - /var/run/postgresql + +############# Postgres users and databases ############### +postgresql_users: + - name: "{{kong_postgres_user}}" + login_host: "{{kong_postgres_host}}" + login_password: "{{kong_postgres_password}}" + password: "{{postgres_password}}" + db: "{{kong_postgres_database}}" + login_user: "{{kong_postgres_user}}" + priv: "ALL" + - name: "{{keycloak_postgres_user}}" + login_host: "{{keycloak_postgres_host}}" + login_password: "{{keycloak_postgres_password}}" + password: "{{postgres_password}}" + db: "{{keycloak_postgres_database}}" + login_user: "{{keycloak_postgres_user}}" + priv: "ALL" + - name: "{{application_postgres_user}}" + login_host: "{{application_postgres_host}}" + login_password: "{{application_postgres_password}}" + password: "{{postgres_password}}" + db: "{{application_postgres_database}}" + login_user: "{{application_postgres_user}}" + priv: "ALL" + - name: "{{user_org_service_postgres_user}}" + login_host: "{{user_org_service_postgres_host}}" + login_password: "{{user_org_service_postgres_password}}" + password: "{{user_org_service_postgres_password}}" + db: "{{user_org_service_postgres_database}}" + login_user: "{{user_org_service_postgres_user}}" + priv: "ALL" + - name: "{{enc_postgres_user}}" + login_host: "{{enc_postgres_host}}" + login_password: "{{enc_postgres_password}}" + password: "{{enc_postgres_password}}" + db: "{{enc_postgres_database}}" + login_user: "{{enc_postgres_user}}" + priv: "ALL" + - name: "{{uci_postgres_user}}" + login_host: "{{uci_postgres_host}}" + login_password: "{{uci_postgres_password}}" + password: "{{uci_postgres_password}}" + db: "{{uci_bot_postgres_database}}" + login_user: "{{uci_postgres_user}}" + priv: "ALL" + - name: "{{uci_postgres_user}}" + login_host: "{{uci_postgres_host}}" + login_password: "{{uci_postgres_password}}" + password: "{{uci_postgres_password}}" + db: "{{uci_forms_postgres_database}}" + login_user: "{{uci_postgres_user}}" + priv: "ALL" + - name: "{{uci_postgres_user}}" + login_host: "{{uci_postgres_host}}" + login_password: "{{uci_postgres_password}}" + password: "{{uci_postgres_password}}" + db: "{{uci_odk_postgres_database}}" + login_user: "{{uci_postgres_user}}" + priv: "ALL" + - name: "{{uci_postgres_user}}" + login_host: "{{uci_postgres_host}}" + login_password: "{{uci_postgres_password}}" + password: "{{uci_postgres_password}}" + db: "{{uci_fusionauth_postgres_database}}" + login_user: "{{uci_postgres_user}}" + priv: "ALL" + +postgresql_databases: + - name: "{{kong_postgres_database}}" + login_host: "{{kong_postgres_host}}" + login_password: "{{kong_postgres_password}}" + owner: "{{kong_postgres_user}}" + login_user: "{{kong_postgres_user}}" + - name: "{{keycloak_postgres_database}}" + login_host: "{{keycloak_postgres_host}}" + login_password: "{{keycloak_postgres_password}}" + owner: "{{keycloak_postgres_user}}" + login_user: "{{keycloak_postgres_user}}" + - name: "{{application_postgres_database}}" + login_host: "{{application_postgres_host}}" + login_password: "{{application_postgres_password}}" + owner: "{{application_postgres_user}}" + login_user: "{{application_postgres_user}}" + - name: "{{user_org_service_postgres_database}}" + login_host: "{{user_org_service_postgres_host}}" + login_password: "{{user_org_service_postgres_password}}" + owner: "{{user_org_service_postgres_user}}" + login_user: "{{user_org_service_postgres_user}}" + - name: "{{enc_postgres_database}}" + login_host: "{{enc_postgres_host}}" + login_password: "{{enc_postgres_password}}" + owner: "{{enc_postgres_user}}" + login_user: "{{enc_postgres_user}}" + - name: "{{uci_bot_postgres_database}}" + login_host: "{{uci_postgres_host}}" + login_password: "{{uci_postgres_password}}" + owner: "{{uci_postgres_user}}" + login_user: "{{uci_postgres_user}}" + - name: "{{uci_forms_postgres_database}}" + login_host: "{{uci_postgres_host}}" + login_password: "{{uci_postgres_password}}" + owner: "{{uci_postgres_user}}" + login_user: "{{uci_postgres_user}}" + - name: "{{uci_odk_postgres_database}}" + login_host: "{{uci_postgres_host}}" + login_password: "{{uci_postgres_password}}" + owner: "{{uci_postgres_user}}" + login_user: "{{uci_postgres_user}}" + - name: "{{uci_fusionauth_postgres_database}}" + login_host: "{{uci_postgres_host}}" + login_password: "{{uci_postgres_password}}" + owner: "{{uci_postgres_user}}" + login_user: "{{uci_postgres_user}}" diff --git a/ansible/roles/postgresql-data-update-managed/tasks/main.yml b/ansible/roles/postgresql-data-update-managed/tasks/main.yml index 250de30d7d..6be382083f 100644 --- a/ansible/roles/postgresql-data-update-managed/tasks/main.yml +++ b/ansible/roles/postgresql-data-update-managed/tasks/main.yml @@ -15,6 +15,8 @@ with_items: - tables_postgres.sql - enc_postgres.sql + - uci_odk_postgres.sql + - uci_transformer_postgres.sql - name: Install postgres client to create schema from file apt: @@ -22,7 +24,7 @@ state: present update_cache: yes -- name: Dump api manager database to a file +- name: Create the schema for quartz db postgresql_db: login_user: "{{ application_postgres_user }}" login_password: "{{ application_postgres_password }}" @@ -31,7 +33,7 @@ state: restore target: "/tmp/tables_postgres.sql" -- name: Create the schema for encryption service +- name: Create the schema for enc service db postgresql_db: login_user: "{{ enc_postgres_user }}" login_password: "{{ enc_postgres_password }}" @@ -39,3 +41,21 @@ name: "{{ enc_postgres_database }}" state: restore target: "/tmp/enc_postgres.sql" + +- name: Create the schema for uci transformer-service db + postgresql_db: + login_user: "{{ uci_postgres_user }}" + login_password: "{{ uci_postgres_password }}" + login_host: "{{ uci_postgres_host }}" + name: "{{ uci_forms_postgres_database }}" + state: restore + target: "/tmp/uci_transformer_postgres.sql" + +- name: Create the schema for uci odk db + postgresql_db: + login_user: "{{ uci_postgres_user }}" + login_password: "{{ uci_postgres_password }}" + login_host: "{{ uci_postgres_host }}" + name: "{{ uci_odk_postgres_database }}" + state: restore + target: "/tmp/uci_odk_postgres.sql" \ No newline at end of file diff --git a/ansible/roles/postgresql-data-update/defaults/main.yml b/ansible/roles/postgresql-data-update/defaults/main.yml index 0f0b64f49b..e131cec41d 100755 --- a/ansible/roles/postgresql-data-update/defaults/main.yml +++ b/ansible/roles/postgresql-data-update/defaults/main.yml @@ -4,3 +4,98 @@ postgresql_auth_method: "{{ ansible_fips | ternary('scram-sha-256', 'md5') }}" postgres_users_no_log: true postgresql_unix_socket_directories: - /var/run/postgresql + +############# Postgres users and databases ############### +postgresql_users: + - name: "{{kong_postgres_user}}" + login_password: "{{kong_postgres_password}}" + password: "{{postgres_password}}" + db: "{{kong_postgres_database}}" + login_user: "{{kong_postgres_user}}" + priv: "ALL" + - name: "{{keycloak_postgres_user}}" + login_password: "{{keycloak_postgres_password}}" + password: "{{postgres_password}}" + db: "{{keycloak_postgres_database}}" + login_user: "{{keycloak_postgres_user}}" + priv: "ALL" + - name: "{{application_postgres_user}}" + login_password: "{{application_postgres_password}}" + password: "{{postgres_password}}" + db: "{{application_postgres_database}}" + login_user: "{{application_postgres_user}}" + priv: "ALL" + - name: "{{user_org_service_postgres_user}}" + login_password: "{{user_org_service_postgres_password}}" + password: "{{user_org_service_postgres_password}}" + db: "{{user_org_service_postgres_database}}" + login_user: "{{user_org_service_postgres_user}}" + priv: "ALL" + - name: "{{enc_postgres_user}}" + login_password: "{{enc_postgres_password}}" + password: "{{enc_postgres_password}}" + db: "{{enc_postgres_database}}" + login_user: "{{enc_postgres_user}}" + priv: "ALL" + - name: "{{uci_postgres_user}}" + login_password: "{{uci_postgres_password}}" + password: "{{uci_postgres_password}}" + db: "{{uci_bot_postgres_database}}" + login_user: "{{uci_postgres_user}}" + priv: "ALL" + - name: "{{uci_postgres_user}}" + login_password: "{{uci_postgres_password}}" + password: "{{uci_postgres_password}}" + db: "{{uci_forms_postgres_database}}" + login_user: "{{uci_postgres_user}}" + priv: "ALL" + - name: "{{uci_postgres_user}}" + login_password: "{{uci_postgres_password}}" + password: "{{uci_postgres_password}}" + db: "{{uci_odk_postgres_database}}" + login_user: "{{uci_postgres_user}}" + priv: "ALL" + - name: "{{uci_postgres_user}}" + login_password: "{{uci_postgres_password}}" + password: "{{uci_postgres_password}}" + db: "{{uci_fusionauth_postgres_database}}" + login_user: "{{uci_postgres_user}}" + priv: "ALL" + +postgresql_databases: + - name: "{{kong_postgres_database}}" + login_password: "{{kong_postgres_password}}" + owner: "{{kong_postgres_user}}" + login_user: "{{kong_postgres_user}}" + - name: "{{keycloak_postgres_database}}" + login_password: "{{keycloak_postgres_password}}" + owner: "{{keycloak_postgres_user}}" + login_user: "{{keycloak_postgres_user}}" + - name: "{{application_postgres_database}}" + login_password: "{{application_postgres_password}}" + owner: "{{application_postgres_user}}" + login_user: "{{application_postgres_user}}" + - name: "{{user_org_service_postgres_database}}" + login_password: "{{user_org_service_postgres_password}}" + owner: "{{user_org_service_postgres_user}}" + login_user: "{{user_org_service_postgres_user}}" + - name: "{{enc_postgres_database}}" + login_password: "{{enc_postgres_password}}" + owner: "{{enc_postgres_user}}" + login_user: "{{enc_postgres_user}}" + - name: "{{uci_bot_postgres_database}}" + login_password: "{{uci_postgres_password}}" + owner: "{{uci_postgres_user}}" + login_user: "{{uci_postgres_user}}" + - name: "{{uci_forms_postgres_database}}" + login_password: "{{uci_postgres_password}}" + owner: "{{uci_postgres_user}}" + login_user: "{{uci_postgres_user}}" + - name: "{{uci_odk_postgres_database}}" + login_password: "{{uci_postgres_password}}" + owner: "{{uci_postgres_user}}" + login_user: "{{uci_postgres_user}}" + - name: "{{uci_fusionauth_postgres_database}}" + login_password: "{{uci_postgres_password}}" + owner: "{{uci_postgres_user}}" + login_user: "{{uci_postgres_user}}" diff --git a/ansible/roles/postgresql-data-update/tasks/main.yml b/ansible/roles/postgresql-data-update/tasks/main.yml index b793f42d4e..4dc4a1890b 100644 --- a/ansible/roles/postgresql-data-update/tasks/main.yml +++ b/ansible/roles/postgresql-data-update/tasks/main.yml @@ -14,6 +14,8 @@ with_items: - tables_postgres.sql - enc_postgres.sql + - uci_odk_postgres.sql + - uci_transformer_postgres.sql - name: Install postgres client to create schema from file apt: @@ -44,3 +46,27 @@ become_user: "{{ enc_postgres_user }}" vars: ansible_ssh_pipelining: true + +- name: Create the schema for uci transformer-service + postgresql_db: + login_user: "{{ uci_postgres_user }}" + login_password: "{{ uci_postgres_password }}" + login_unix_socket: "{{ postgresql_unix_socket_directories[0] }}" + name: "{{ uci_forms_postgres_database }}" + state: restore + target: "/tmp/uci_transformer_postgres.sql" + become_user: "{{ uci_postgres_user }}" + vars: + ansible_ssh_pipelining: true + +- name: Create the schema for uci odk + postgresql_db: + login_user: "{{ uci_postgres_user }}" + login_password: "{{ uci_postgres_password }}" + login_unix_socket: "{{ postgresql_unix_socket_directories[0] }}" + name: "{{ uci_odk_postgres_database }}" + state: restore + target: "/tmp/uci_odk_postgres.sql" + become_user: "{{ uci_postgres_user }}" + vars: + ansible_ssh_pipelining: true \ No newline at end of file diff --git a/ansible/roles/postgresql-data-update/templates/uci_odk_postgres.sql b/ansible/roles/postgresql-data-update/templates/uci_odk_postgres.sql new file mode 100644 index 0000000000..467e2c24a7 --- /dev/null +++ b/ansible/roles/postgresql-data-update/templates/uci_odk_postgres.sql @@ -0,0 +1,2 @@ +CREATE SCHEMA aggregate; +commit; \ No newline at end of file diff --git a/ansible/roles/postgresql-data-update/templates/uci_transformer_postgres.sql b/ansible/roles/postgresql-data-update/templates/uci_transformer_postgres.sql new file mode 100644 index 0000000000..6e008d0692 --- /dev/null +++ b/ansible/roles/postgresql-data-update/templates/uci_transformer_postgres.sql @@ -0,0 +1,2 @@ +CREATE EXTENSION IF NOT EXISTS "uuid-ossp"; +commit; \ No newline at end of file diff --git a/ansible/roles/setup-kafka/defaults/main.yml b/ansible/roles/setup-kafka/defaults/main.yml index ec43c74944..4412849e81 100644 --- a/ansible/roles/setup-kafka/defaults/main.yml +++ b/ansible/roles/setup-kafka/defaults/main.yml @@ -1,6 +1,7 @@ env: dev ml_kafka_topic_create: false +uci_kafka_topic_create: false processing_kafka_overriden_topics: - name: lms.audit.events @@ -76,4 +77,26 @@ ml_service_topics: - name: sl.improvement.project.submission retention_time: 172800000 replication_factor: 1 - num_of_partitions: 1 \ No newline at end of file + num_of_partitions: 1 + +uci_service_topics: + - name: inbound-error + retention_time: 86400000 + replication_factor: 1 + num_of_partitions: 1 + - name: inbound-processed + retention_time: 86400000 + replication_factor: 1 + num_of_partitions: 1 + - name: inbound-unprocessed + retention_time: 86400000 + replication_factor: 1 + num_of_partitions: 1 + - name: outbound + retention_time: 86400000 + replication_factor: 1 + num_of_partitions: 1 + - name: campaign + retention_time: 86400000 + replication_factor: 1 + num_of_partitions: 1 diff --git a/ansible/roles/setup-kafka/tasks/main.yml b/ansible/roles/setup-kafka/tasks/main.yml index c227c8de68..1ab9cb3898 100644 --- a/ansible/roles/setup-kafka/tasks/main.yml +++ b/ansible/roles/setup-kafka/tasks/main.yml @@ -20,3 +20,11 @@ when: kafka_id=="1" and ml_kafka_topic_create tags: - processing-kafka + +- name: create topics + command: /opt/kafka/bin/kafka-topics.sh --zookeeper localhost:2181 --create --topic {{env_name}}.{{item.name}} --partitions {{ item.num_of_partitions }} --replication-factor {{ item.replication_factor }} + with_items: "{{uci_service_topics}}" + ignore_errors: true + when: kafka_id=="1" and uci_kafka_topic_create + tags: + - processing-kafka diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index fb567ff304..2b15c246bd 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -269,6 +269,18 @@ service_env: ml-reports-service: ../../../../ansible/roles/stack-sunbird/templates/ml-reports-service.env ml-core-service: ../../../../ansible/roles/stack-sunbird/templates/ml-core-service.env ml-projects-service: ../../../../ansible/roles/stack-sunbird/templates/ml-projects-service.env + inbound: ../../../../ansible/roles/stack-sunbird/templates/inbound.env + outbound: + - ../../../../ansible/roles/stack-sunbird/templates/outbound.env + - ../../../../ansible/roles/stack-sunbird/templates/outbound_logback.xml + transformer: + - ../../../../ansible/roles/stack-sunbird/templates/transformer.env + - ../../../../ansible/roles/stack-sunbird/templates/transformer_industry_feedback.xml + uci: ../../../../ansible/roles/stack-sunbird/templates/uci_api.env + gql: ../../../../ansible/roles/stack-sunbird/templates/gql.env + odk: ../../../../ansible/roles/stack-sunbird/templates/odk.env + orchestrator: + - ../../../../ansible/roles/stack-sunbird/templates/orchestrator.env sunbird_portal_player_cdn_enabled: false @@ -801,6 +813,126 @@ dial_liveness_readiness: timeoutSeconds: 5 failureThreshold: 2 +uci_inbound_liveness_readiness: + healthcheck: true + readinessProbe: + httpGet: + path: /service/health + port: 8085 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 2 + successThreshold: 1 + livenessProbe: + httpGet: + path: /service/health + port: 8085 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 2 + +uci_outbound_liveness_readiness: + healthcheck: true + readinessProbe: + httpGet: + path: /service/health + port: 9090 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 2 + successThreshold: 1 + livenessProbe: + httpGet: + path: /service/health + port: 9090 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 2 + +uci_transformer_liveness_readiness: + healthcheck: true + readinessProbe: + httpGet: + path: /service/health + port: 9091 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 2 + successThreshold: 1 + livenessProbe: + httpGet: + path: /service/health + port: 9091 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 2 + +uci_orchestrator_liveness_readiness: + healthcheck: true + readinessProbe: + httpGet: + path: /service/health + port: 8686 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 2 + successThreshold: 1 + livenessProbe: + httpGet: + path: /service/health + port: 8686 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 2 + +uci_odk_liveness_readiness: + healthcheck: true + readinessProbe: + httpGet: + path: /service/health + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 2 + successThreshold: 1 + livenessProbe: + httpGet: + path: /service/health + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 2 + +uci_liveness_readiness: + healthcheck: true + readinessProbe: + httpGet: + path: /service/health + port: 9999 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 2 + successThreshold: 1 + livenessProbe: + httpGet: + path: /service/health + port: 9999 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 2 + adminutil__access_keyprefix: "access" adminutil__access_keystart: 0 adminutil__access_keycount: 0 @@ -859,4 +991,4 @@ mount_keycloak_key_apps: - ml-projects-service #master category validation enabled -master_category_validation_enabled: "Yes" \ No newline at end of file +master_category_validation_enabled: "Yes" diff --git a/ansible/roles/stack-sunbird/templates/gql.env b/ansible/roles/stack-sunbird/templates/gql.env new file mode 100644 index 0000000000..9fecaacd45 --- /dev/null +++ b/ansible/roles/stack-sunbird/templates/gql.env @@ -0,0 +1,18 @@ +ENV=prod +DATABASE_DEBUG=true +HASURA_GRAPHQL_ADMIN_SECRET={{hasura_graphql_admin_secret}} +HASURA_GRAPHQL_DATABASE_URL=postgres://{{ uci_postgres_user | urlencode }}:{{uci_postgres_password}}@{{uci_postgres_host}}:5432/{{uci_bot_postgres_database}} +HASURA_GRAPHQL_ENABLED_LOG_TYPES=startup, http-log, webhook-log, websocket-log, query-log +HASURA_GRAPHQL_ENABLE_CONSOLE=true +KAFKA_HOST={{kafka_broker_host}} +KAFKA_PASS="" +KAFKA_PORT=9092 +KAFKA_USER="" +POSTGRES_DB={{uci_bot_postgres_database}} +POSTGRES_PASSWORD={{uci_postgres_password}} +POSTGRES_USER={{uci_postgres_user}} +PSQL_DB_URL_DEV=postgres://{{ uci_postgres_user | urlencode }}:{{uci_postgres_password}}@{{uci_postgres_host}}:5432/{{uci_bot_postgres_database}} +REDIS_HOST={{sunbird_redis_host}} +REDIS_PASS="" +REDIS_PORT=6379 +UCI_CORE_BASE_URL=11.2.6.6/inbound-service diff --git a/ansible/roles/stack-sunbird/templates/inbound.env b/ansible/roles/stack-sunbird/templates/inbound.env new file mode 100644 index 0000000000..285e527967 --- /dev/null +++ b/ansible/roles/stack-sunbird/templates/inbound.env @@ -0,0 +1,38 @@ +#External Services +CAMPAIGN_URL=http://uci-service.{{namespace}}.svc.cluster.local:9999 + +#Kafka +BOOTSTRAP_SERVERS={{sunbird_processing_kafka_host}} +KAFKA_INBOUND_PROCESSED_TOPIC={{env_name}}.inbound-processed +KAFKA_CAMPAIGN_TOPIC={{env_name}}.campaign +KAFKA_INBOUND_UNPROCESSED_TOPIC={{env_name}}.inbound-unprocessed +KAFKA_INBOUND_GS_OPTED_OUT_TOPIC={{env_name}}.gs-opted-out +KAFKA_INBOUND_ERROR_TOPIC={{env_name}}.inbound-error +KAFKA_OUTBOUND_TOPIC={{env_name}}.outbound +KAFKA_TELEMETRY_TOPIC={{env_name}}.uci.telemetry +KAFKA_ODK_TRANSFORMER_TOPIC={{env_name}}.com.odk.transformer +KAFKA_ODK_TRANSFORMER_TOPIC_PATTERN={{env_name}}.com.odk.* + +#FormsDB +FORMS_DB_URL=postgresql://{{uci_postgres_host}}:5432/{{uci_forms_postgres_database}} +FORMS_DB_USERNAME={{uci_postgres_user}} +FORMS_DB_PASSWORD={{uci_postgres_password}} +FORMS_DB_NAME={{uci_forms_postgres_database}} +FORMS_DB_HOST={{uci_postgres_host}} +FORMS_DB_PORT=5432 + +#Cassandra +CASSANDRA_URL={{sunbird_cassandra_host}} +CASSANDRA_PORT=9042 +CASSANDRA_KEYSPACE={{env}}_uci_store + +#Ports +INBOUND_INTERNAL_PORT=8085 + +#ODK +ODK_URL=http://odk-service.{{namespace}}.svc.cluster.local:8080 +ODK_USER={{uci_odk_user}} +ODK_PASS={{uci_odk_password}} + +#FusionAuth +FUSIONAUTH_URL=http://fusionauth-service.{{namespace}}.svc.cluster.local:9011 diff --git a/ansible/roles/stack-sunbird/templates/ml-core-service.env b/ansible/roles/stack-sunbird/templates/ml-core-service.env index afb639952f..8845454134 100755 --- a/ansible/roles/stack-sunbird/templates/ml-core-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-core-service.env @@ -10,7 +10,7 @@ APPLICATION_ENV={{ml_core_node_env|default("development")}} ENABLE_CONSOLE_LOGGING={{ml_core_enable_debug_logging | default("OFF")}} # Mongo DB Configuration -MONGODB_URL={{ml_core_mongodb_url | default(groups['mongo_master'][0]+':27017')}} +MONGODB_URL=mongodb://{{ml_core_mongodb_url | default(groups['mongo_master'][0]+':27017')}}/ml-survey # Secure token access Admin related API's # The value of internal access token can be generated by command - "openssl rand -hex 10 diff --git a/ansible/roles/stack-sunbird/templates/ml-projects-service.env b/ansible/roles/stack-sunbird/templates/ml-projects-service.env index fef4a3f6ba..d570f8ce06 100644 --- a/ansible/roles/stack-sunbird/templates/ml-projects-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-projects-service.env @@ -11,7 +11,7 @@ INTERNAL_ACCESS_TOKEN={{ml_project_internal_access_token}} # Mongo db configurations # Mongodb host -MONGODB_URL={{ml_project_mongodb_url | default(groups['mongo_master'][0]+':27017')}} +MONGODB_URL=mongodb://{{ml_project_mongodb_url | default(groups['mongo_master'][0]+':27017')}}/ml-survey # ML Core Service ML_CORE_SERVICE_URL={{ml_core_service_url | default("http://ml-core-service:3000")}} diff --git a/ansible/roles/stack-sunbird/templates/ml-survey-service.env b/ansible/roles/stack-sunbird/templates/ml-survey-service.env index fa194fe575..d4f24bb9c2 100644 --- a/ansible/roles/stack-sunbird/templates/ml-survey-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-survey-service.env @@ -6,7 +6,7 @@ APPLICATION_PORT={{ml_survey_port | default("3000")}} APPLICATION_ENV={{ml_survey_node_env|default("development")}} # Mongodb connection url -MONGODB_URL={{ml_survey_mongodb_url | default(groups['mongo_master'][0]+':27017')}} +MONGODB_URL=mongodb://{{ml_survey_mongodb_url | default(groups['mongo_master'][0]+':27017')}}/ml-survey # Base url of the sunbird enviornment USER_SERVICE_URL={{ml_survey_user_service_URL | default("http://learner-service:9000")}} diff --git a/ansible/roles/stack-sunbird/templates/odk.env b/ansible/roles/stack-sunbird/templates/odk.env new file mode 100644 index 0000000000..992e775f9a --- /dev/null +++ b/ansible/roles/stack-sunbird/templates/odk.env @@ -0,0 +1,7 @@ +DB_URL=jdbc:postgres://{{uci_postgres_host}}:5432/{{uci_odk_postgres_database}}?user={{uci_postgres_user}}&password={{uci_postgres_password}}&sslmode=require +DB_RESOURCE_NAME=jdbc/{{uci_odk_postgres_database}} +DB_USERNAME={{uci_postgres_user}} +DB_PASSWORD={{uci_postgres_password}} +DB_SCHEMA=aggregate +DB_NAME={{uci_odk_postgres_database}} +DB_PORT=5432 \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/orchestrator.env b/ansible/roles/stack-sunbird/templates/orchestrator.env new file mode 100644 index 0000000000..2a93bcd1fa --- /dev/null +++ b/ansible/roles/stack-sunbird/templates/orchestrator.env @@ -0,0 +1,28 @@ +#External Services +CAMPAIGN_URL="http://uci_api-service.{{namespace}}.svc.cluster.local:9011" + +#Kafka +BOOTSTRAP_SERVERS={{sunbird_processing_kafka_host}} +KAFKA_INBOUND_PROCESSED_TOPIC={{env_name}}.inbound-processed +KAFKA_CAMPAIGN_TOPIC={{env_name}}.campaign +KAFKA_INBOUND_UNPROCESSED_TOPIC={{env_name}}.inbound-unprocessed +KAFKA_INBOUND_GS_OPTED_OUT_TOPIC={{env_name}}.gs-opted-out +KAFKA_INBOUND_ERROR_TOPIC={{env_name}}.inbound-error +KAFKA_OUTBOUND_TOPIC={{env_name}}.outbound +KAFKA_TELEMETRY_TOPIC={{env_name}}.uci.telemetry +KAFKA_ODK_TRANSFORMER_TOPIC={{env_name}}.com.odk.transformer +KAFKA_ODK_TRANSFORMER_TOPIC_PATTERN={{env_name}}.com.odk.* + +#FormsDB +FORMS_DB_URL=postgresql://{{uci_postgres_host}}:5432/{{uci_forms_postgres_database}} +FORMS_DB_USERNAME={{uci_postgres_user}} +FORMS_DB_PASSWORD={{uci_postgres_password}} +FORMS_DB_NAME={{uci_forms_postgres_database}} + +#Cassandra +CASSANDRA_URL={{sunbird_cassandra_host}} +CASSANDRA_PORT=9042 +CASSANDRA_KEYSPACE={{env}}_uci_store + +#Ports +ORCHESTRATOR_INTERNAL_PORT=8686 \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/outbound.env b/ansible/roles/stack-sunbird/templates/outbound.env new file mode 100644 index 0000000000..f4c9db9d61 --- /dev/null +++ b/ansible/roles/stack-sunbird/templates/outbound.env @@ -0,0 +1,31 @@ +#External Services +CAMPAIGN_URL="http://uci-service.{{namespace}}.svc.cluster.local:9999" + +#Kafka +BOOTSTRAP_SERVERS={{sunbird_processing_kafka_host}} +KAFKA_INBOUND_PROCESSED_TOPIC={{env_name}}.inbound-processed +KAFKA_CAMPAIGN_TOPIC={{env_name}}.campaign +KAFKA_INBOUND_UNPROCESSED_TOPIC={{env_name}}.inbound-unprocessed +KAFKA_INBOUND_GS_OPTED_OUT_TOPIC={{env_name}}.gs-opted-out +KAFKA_INBOUND_ERROR_TOPIC={{env_name}}.inbound-error +KAFKA_OUTBOUND_TOPIC={{env_name}}.outbound +KAFKA_TELEMETRY_TOPIC={{env_name}}.uci.telemetry +KAFKA_ODK_TRANSFORMER_TOPIC={{env_name}}.com.odk.transformer +KAFKA_ODK_TRANSFORMER_TOPIC_PATTERN={{env_name}}.com.odk.* + +#FormsDB +FORMS_DB_URL=postgresql://{{uci_postgres_host}}:5432/{{uci_forms_postgres_database}} +FORMS_DB_USERNAME={{uci_postgres_user}} +FORMS_DB_PASSWORD={{uci_postgres_password}} +FORMS_DB_NAME={{uci_forms_postgres_database}} + +#Cassandra +CASSANDRA_URL={{sunbird_cassandra_host}} +CASSANDRA_PORT=9042 +CASSANDRA_KEYSPACE={{env}}_uci_store + +#FusionAuth +FUSIONAUTH_URL=http://fusionauth-service.{{namespace}}.svc.cluster.local:9011/ + +#Ports +OUTBOUND_INTERNAL_PORT=9090 diff --git a/ansible/roles/stack-sunbird/templates/outbound_logback.xml b/ansible/roles/stack-sunbird/templates/outbound_logback.xml new file mode 100644 index 0000000000..b451692063 --- /dev/null +++ b/ansible/roles/stack-sunbird/templates/outbound_logback.xml @@ -0,0 +1,47 @@ + + + + + + + + + %black(%d{ISO8601}) %highlight(%-5level) [%blue(%t)] %yellow(%C{1.}): %msg%n%throwable + + + + + + ${LOGS}/spring-boot-logger.log + + %d %p %C{1.} [%t] %m%n + + + + + ${LOGS}/archived/spring-boot-logger-%d{yyyy-MM-dd}.%i.log + + + 10MB + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/sunbird_player.env b/ansible/roles/stack-sunbird/templates/sunbird_player.env index 61d2e4c7c8..363d70b715 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_player.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_player.env @@ -158,3 +158,5 @@ sunbird_portal_session_secret={{sunbird_portal_session_secret}} sunbird_base_proto={{sunbird_base_proto | default(proto)}} ML_SERVICE_BASE_URL={{ml_survey_url|default(proto+'://' +domain_name) }} +#Release-4.1.0 +sunbird_azure_storage_account_name=https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/ diff --git a/ansible/roles/stack-sunbird/templates/transformer.env b/ansible/roles/stack-sunbird/templates/transformer.env new file mode 100644 index 0000000000..34f444b7bf --- /dev/null +++ b/ansible/roles/stack-sunbird/templates/transformer.env @@ -0,0 +1,38 @@ +#External Services +CAMPAIGN_URL="http://uci-service.{{namespace}}.svc.cluster.local:9999" + +#Kafka +BOOTSTRAP_SERVERS={{sunbird_processing_kafka_host}} +KAFKA_INBOUND_PROCESSED_TOPIC={{env_name}}.inbound-processed +KAFKA_CAMPAIGN_TOPIC={{env_name}}.campaign +KAFKA_INBOUND_UNPROCESSED_TOPIC={{env_name}}.inbound-unprocessed +KAFKA_INBOUND_GS_OPTED_OUT_TOPIC={{env_name}}.gs-opted-out +KAFKA_INBOUND_ERROR_TOPIC={{env_name}}.inbound-error +KAFKA_OUTBOUND_TOPIC={{env_name}}.outbound +KAFKA_TELEMETRY_TOPIC={{env_name}}.uci.telemetry +KAFKA_ODK_TRANSFORMER_TOPIC={{env_name}}.com.odk.transformer +KAFKA_ODK_TRANSFORMER_TOPIC_PATTERN={{env_name}}.com.odk.* + +#FormsDB +FORMS_DB_URL=postgresql://{{uci_postgres_host}}:5432/{{uci_forms_postgres_database}} +FORMS_DB_USERNAME={{uci_postgres_user}} +FORMS_DB_PASSWORD={{uci_postgres_password}} +FORMS_DB_NAME={{uci_forms_postgres_database}} +FORMS_DB_HOST={{uci_postgres_host}} +FORMS_DB_PORT=5432 + +#Cassandra +CASSANDRA_URL={{sunbird_cassandra_host}} +CASSANDRA_PORT=9042 +CASSANDRA_KEYSPACE={{env}}_uci_store + +#Ports +TRANSFORMER_INTERNAL_PORT=9091 + +#ODK +ODK_URL=http://odk-service.{{namespace}}.svc.cluster.local:8080 +ODK_USER={{uci_odk_user}} +ODK_PASS={{uci_odk_password}} + +#FusionAuth +FUSIONAUTH_URL=http://fusionauth-service.{{namespace}}.svc.cluster.local:9011 diff --git a/ansible/roles/stack-sunbird/templates/transformer_industry_feedback.xml b/ansible/roles/stack-sunbird/templates/transformer_industry_feedback.xml new file mode 100644 index 0000000000..3904958a22 --- /dev/null +++ b/ansible/roles/stack-sunbird/templates/transformer_industry_feedback.xml @@ -0,0 +1,640 @@ + + + + Establishment Survey - Current Hiring Requirements + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Ambala + + + + Bhiwani + + + + Charkhi Dadri + + + + Faridabad + + + + Fatehabad + + + + Gurugram + + + + Hisar + + + + Jhajjar + + + + Jind + + + + Kaithal + + + + Karnal + + + + Kurukshetra + + + + Mahendragarh at Narnaul + + + + Nuh + + + + Palwal + + + + Panchkula + + + + Panipat + + + + Rewari + + + + Rohtak + + + + Sirsa + + + + Sonipat + + + + Yamunanagar + + + + + + + Manufacturing + + + + Services + + + + Construction + + + + + + + Retail trade + + + + Land transport and transport via pipelines + + + + Water transport + + + + Air Transport + + + + Warehousing and Logistics + + + + Postal and courier activities + + + + Hospitality + + + + Food and beverage service + + + + Publishing + + + + Motion picture, video and television programme production, sound recording and music publishing + + + + Broadcasting and programming + + + + Telecommunications + + + + Computer programming, consultancy and related activities + + + + Information services + + + + Financial service activities + + + + Beauty + + + + Real estate + + + + Legal and accounting activities + + + + Management consultancy + + + + Architecture and engineering + + + + Scientific research and development + + + + Advertising and market research + + + + Veterinary activities + + + + Rental and leasing + + + + Employment activities + + + + Travel agency, tour operator and other reservation service + + + + Security and investigation activities + + + + Services to buildings + + + + Sales and Operations + + + + Public administration and defence; compulsory social security + + + + Education + + + + Human health activities + + + + Residential care activities + + + + Creative, arts and entertainment activities + + + + Libraries, archives, museums and other cultural activities + + + + Sports activities and amusement and recreation activities + + + + Repair of computers and personal and household goods + + + + Activites of households as employers of domestic personnel + + + + Undifferentiated goods and services-producting activites of private households for own use + + + + + + + Forestry and logging + + + + Fishing and aquaculture + + + + Mining and quarring + + + + Extraction of crude petroleum and natural gas + + + + Mining of metal ores + + + + Manufacture of food products + + + + Manufacture of beverages + + + + Manufacture of tobacco products + + + + Manufacture of textiles + + + + Manufacture of wearing apparel + + + + Manufacture of leather and related products + + + + Manufacture of wood and products of wood and cork + + + + Manufacture of paper and paper products + + + + Printing and reproduction of recorded media + + + + Manufacture of coke and refined petroleum products + + + + Manufacture of chemicals and chemical products + + + + Manufacture of pharmaceuticals, medicinal chemical and botanical products + + + + Manufacture of rubber and plastics products + + + + Manufacture of other non-metallic mineral products + + + + Manufacture of basic metals + + + + Manufacture of fabricated metal products, except machinery and equipment + + + + Manufacture of computer, electronic and optical products + + + + Manufacture of electrical equipment + + + + Manufacture of machinery and equipment n.e.c. + + + + Manufacture of motor vehicles, trailers and semi-trailers + + + + Manufacture of furniture + + + + Repair and installation of machinery and equipment + + + + Electricity, gas, steam and air conditioning supply + + + + Water collection, treatment and supply + + + + Sewerage + + + + Waste collection, treatment and disposal activities; materials recovery + + + + Remediation activities and other waste management services + + + + + + + + + + 10th pass + + + + 12th pass + + + + ITI pass + + + + Diploma Holder + + + + Graduate + + + + Post Graduate + + + + None + + + + + + + + + + yes + + + + no + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <7 days + + + + 7-15 days + + + + 15-30 days + + + + >30 days + + + + + + + yes + + + + no + + + + + + + Yes + + + + No + + + + + + + + + + Yes + + + + No + + + + + + + Was not aware of it + + + + Was aware but have not logged in + + + + Have logged in but not downloaded any data + + + + Downloaded data but did not find it useful + + + + Other + + + + + \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/uci_api.env b/ansible/roles/stack-sunbird/templates/uci_api.env new file mode 100644 index 0000000000..c525870c9f --- /dev/null +++ b/ansible/roles/stack-sunbird/templates/uci_api.env @@ -0,0 +1,18 @@ +ENV=prod +DATABASE_DEBUG=true +HASURA_GRAPHQL_ADMIN_SECRET={{hasura_graphql_admin_secret}} +HASURA_GRAPHQL_DATABASE_URL=postgres://{{uci_postgres_user}}:{{uci_postgres_password}}@{{uci_postgres_host}}:5432/{{uci_bot_postgres_database}} +HASURA_GRAPHQL_ENABLED_LOG_TYPES=startup, http-log, webhook-log, websocket-log, query-log +HASURA_GRAPHQL_ENABLE_CONSOLE=true +KAFKA_HOST={{kafka_broker_host}} +KAFKA_PASS="" +KAFKA_PORT=9092 +KAFKA_USER="" +POSTGRES_DB={{uci_bot_postgres_database}} +POSTGRES_PASSWORD={{uci_postgres_password}} +POSTGRES_USER={{uci_postgres_user}} +PSQL_DB_URL_DEV=postgres://{{uci_postgres_user}}:{{uci_postgres_password}}@{{uci_postgres_host}}:5432/{{uci_bot_postgres_database}} +REDIS_HOST={{sunbird_redis_host}} +REDIS_PASS="" +REDIS_PORT=6379 +UCI_CORE_BASE_URL=11.2.6.6/inbound-service diff --git a/deploy/azure-provision.yaml b/deploy/azure-provision.yaml new file mode 100644 index 0000000000..46fbedb1a7 --- /dev/null +++ b/deploy/azure-provision.yaml @@ -0,0 +1,380 @@ +# Notes: +# How To Run: +# Easy way: +# Open azure portal -> cloudshell -> Clone the repo -> `ansible-playbook -c azure-provision.yaml` +# Manual way: +# Ref: https://docs.microsoft.com/en-us/azure/developer/ansible/install-on-linux-vm?tabs=azure-cli#install-ansible-on-the-virtual-machine +# Prerequisites: +# Have to create SP for kubernetes cluster +# Command: az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/xxx-xxx-xxxx-xxx" --name install-testing-3-9 +--- +- hosts: localhost + connection: local + gather_facts: false + vars: + # ############################################################## + # MANDATORY TO CHANGE + # ############################################################## + version: "3.9" + sp_client_id: "" + sp_client_secret: "" + ssh_public_key_file_location: /home/rajesh_r/deployer.pub + ############### Maxmind licence key ########################### + # To create license key + # Goto: https://www.maxmind.com/en/accounts/current/license-key + # Click: Generate a new license key. + # ############################################################## + geoip_licence_key: "" + # ############################################################## + # OPTIONAL + # ############################################################## + rg_name: "sunbird-installation-test-{{ version }}" + location: centralindia + vnet_name: "installation-test-{{ version }}" + subnet_name: "installation-test-subnet-{{ version }}" + storage_account_name: "sbinstallation{{ version | regex_replace('\\.|-', '') }}" + vm_names: + - jenkins + - kp + - dp + - yarn + - db + - others + vm_size: Standard_D4s_v4 + # To get correct verions, run + # az aks get-versions -l centralindia -o table + aks_version: 1.20.7 + private_containers: + - private + - artifacts + - management + - results + - backups + - label + public_containers: + - contents + - public + tasks: + - name: Creating resource group - "{{ rg_name }}" + azure_rm_resourcegroup: + name: "{{ rg_name }}" + location: "{{ location }}" + register: rg + - debug: + var: rg + - name: Create virtual network + azure_rm_virtualnetwork: + resource_group: "{{ rg_name }}" + name: "{{ vnet_name }}" + address_prefixes: "10.0.0.0/16" + tags: + - network + - name: Add subnet + azure_rm_subnet: + resource_group: "{{ rg_name }}" + name: "{{ subnet_name }}" + address_prefix: "10.0.1.0/24" + virtual_network: "{{ vnet_name }}" + register: subnet + tags: + - always + - network + - k8s + - info + - name: Creating public ip for jenkins + azure_rm_publicipaddress: + resource_group: "{{ rg_name }}" + name: jenkins-ip + allocation_method: static + register: public_ip + tags: + - network + - info + - name: Creating Nics + azure_rm_networkinterface: + name: "{{ item }}" + resource_group: "{{ rg_name }}" + virtual_network: "{{ vnet_name }}" + subnet_name: "{{ subnet_name }}" + with_items: "{{vm_names}}" + tags: + - network + - name: Assinging public ip for jenkins + azure_rm_networkinterface: + name: jenkins + resource_group: "{{ rg_name }}" + virtual_network: "{{ vnet_name }}" + subnet_name: "{{ subnet_name }}" + public_ip_name: jenkins-ip + tags: + - network + - name: Creating vm {{ name }} + azure_rm_virtualmachine: + resource_group: "{{ rg_name }}" + name: "{{ item }}" + vm_size: "{{ vm_size }}" + admin_username: deployer + ssh_password_enabled: false + public_ip_allocation_method: Disabled + managed_disk_type: Standard_LRS + os_disk_size_gb: 250 + network_interfaces: "{{ item }}" + state: present + allocated: "{{ allocate | d(true) }}" + ssh_public_keys: + - path: /home/deployer/.ssh/authorized_keys + key_data: "{{ lookup('file', ssh_public_key_file_location) }}" + # To get image: + # az vm image list -o table --publisher Canonical + image: + offer: UbuntuServer + publisher: Canonical + sku: '18.04-LTS' + version: latest + with_items: "{{ vm_names }}" + tags: + - vm + # Note: to download the aks kubeconfig + # az aks get-credentials --resource-group sunbird-installation-test-3.9 --name sb-installation-3-9 + - name: Create a managed Azure Container Services (AKS) cluster + azure_rm_aks: + name: "{{ storage_account_name }}" + location: "{{ location }}" + resource_group: "{{ rg_name }}" + kubernetes_version: "{{aks_version}}" + dns_prefix: "{{ storage_account_name }}" + linux_profile: + admin_username: "deployer" + ssh_key: "{{ lookup('file', ssh_public_key_file_location) }}" + service_principal: + client_id: "{{ sp_client_id }}" + client_secret: "{{ sp_client_secret }}" + network_profile: + network_plugin: kubenet + pod_cidr: 192.168.0.0/16 + docker_bridge_cidr: 172.17.0.1/16 + dns_service_ip: 10.233.0.10 + service_cidr: 10.233.0.0/16 + agent_pool_profiles: + - name: default + count: 4 + vm_size: Standard_D4s_v4 + type: VirtualMachineScaleSets + vnet_subnet_id: "{{ subnet.state.id }}" + tags: + Environment: installation + tags: + - k8s + - name: create an account with blob CORS + block: + - name: Creating storage account + azure_rm_storageaccount: + resource_group: "{{ rg_name }}" + # names should only have alphanumerics + name: "{{ storage_account_name }}" + type: Standard_RAGRS + blob_cors: + - allowed_origins: + - '*' + allowed_methods: + - GET + - HEAD + - OPTIONS + - PUT + allowed_headers: + - Access-Control-Allow-Origin + - Access-Control-Allow-Method + - Origin + - x-ms-meta-qq + - x-ms-blob-type + - x-ms-blob-content-type + - Content-Type + exposed_headers: + - Access-Control-Allow-Origin + - Access-Control-Allow-Methods + max_age_in_seconds: 200 + retries: 3 + delay: 30 + register: result + until: result is not failed + - name: Create private containers + azure_rm_storageblob: + resource_group: "{{ rg_name }}" + storage_account_name: "{{ storage_account_name }}" + container: "{{ item }}" + with_items: "{{ private_containers }}" + - name: Create public containers + azure_rm_storageblob: + resource_group: "{{ rg_name }}" + storage_account_name: "{{ storage_account_name }}" + container: "{{ item }}" + public_access: container + with_items: "{{ public_containers }}" + - name: Creating a dummy folder for creation + file: + path: /tmp/dummy.txt + state: touch + - name: Creating folder structurue in blob + azure_rm_storageblob: + resource_group: "{{ rg_name }}" + storage_account_name: "{{ storage_account_name }}" + container: contents + blob: "{{ item }}/dummy.txt" + src: /tmp/dummy.txt + public_access: container + content_type: 'text/plain' + with_items: + - collection-editor + - generic-editor + - content-edition + - v3/preview + - terms-and-conditions + - name: Downloading terms-and-conditions + get_url: + url: https://sunbirdpublic.blob.core.windows.net/installation/terms-and-conditions/terms-and-conditions-v9.html + dest: /tmp/terms-and-conditions-v9.html + mode: '0440' + - name: Uploading T&C + azure_rm_storageblob: + resource_group: "{{ rg_name }}" + storage_account_name: "{{ storage_account_name }}" + container: contents + public_access: container + blob: "terms-and-conditions/terms-and-conditions-v9.html" + src: /tmp/terms-and-conditions-v9.html + content_type: 'text/plain' + - name: Downloading GeoIP2 + get_url: + url: "https://download.maxmind.com/app/geoip_download?edition_id={{ item.type }}&license_key={{ geoip_licence_key }}&suffix={{ item.prefix }}" + dest: "/tmp/geoip2_db.{{ item.prefix }}" + mode: '0440' + with_items: + - {type: 'GeoLite2-City-CSV', prefix: 'zip' } + - {type: 'GeoLite2-City', prefix: 'tar.gz'} + - name: Uploading GeoIP2 to artifacts + azure_rm_storageblob: + resource_group: "{{ rg_name }}" + storage_account_name: "{{ storage_account_name }}" + container: artifacts + blob: "geoip2_db.{{ item }}" + src: "/tmp/geoip2_db.{{ item }}" + with_items: + - zip + - tar.gz + - name: Uploading labels + azure_rm_storageblob: + resource_group: "{{ rg_name }}" + storage_account_name: "{{ storage_account_name }}" + container: label + batch_upload_dst: "labels/" + batch_upload_src: "../utils/portal/labels/" + state: present + - name: Unarchive plugins + unarchive: + src: "https://sunbirdpublic.blob.core.windows.net/installation/content-plugins.zip" + dest: /tmp/ + creates: /tmp/content-plugins + remote_src: yes + tags: + - plugins + - name: Uploading plugins + azure_rm_storageblob: + resource_group: "{{ rg_name }}" + storage_account_name: "{{ storage_account_name }}" + container: contents + batch_upload_dst: "rajesh-plugins/" + batch_upload_src: "/tmp/content-plugins/" + state: present + tags: + - plugins + tags: + - storage + - name: Creating containier registry + azure_rm_containerregistry: + name: "{{ storage_account_name }}" + location: "{{ location }}" + resource_group: "{{ rg_name }}" + admin_user_enabled: true + sku: Basic + tags: + Environment: installation + - name: Get instance of Registry + azure_rm_containerregistry_info: + resource_group: "{{ rg_name }}" + retrieve_credentials: true + name: "{{ storage_account_name }}" + register: registry + tags: + - info + - name: Get facts for storage account + azure_rm_storageaccount_info: + resource_group: "{{ rg_name }}" + name: "{{ storage_account_name }}" + show_connection_string: yes + register: storage_account_info + tags: + - info + - name: Get instance ips + azure_rm_networkinterface_info: + resource_group: "{{ rg_name }}" + name: "{{ item }}" + with_items: "{{vm_names}}" + register: nics + tags: + - info + - block: + - name: Generating SAS token + shell: | + sas_expire_time=`date +'%Y-%m-%dT%H:%m:%SZ' -d '+1 year'` + sas_token=?`az storage account generate-sas --account-name "{{ storage_account_name }}" --account-key "{{ storage_account_info.storageaccounts[0].primary_endpoints.key }}" --expiry $sas_expire_time --https-only --permissions acdlpruw --resource-types sco --services bfqt | xargs` + echo $sas_token + register: sas_token + - name: Showing resources info + debug: + msg: + - Jenkins public ip: "{{ public_ip.state.ip_address }}" + - ACR password: "{{ registry.registries[0].credentials.password }}" + - ACR registry server: "{{ registry.registries[0].login_server }}" + - ACR username: "{{ registry.registries[0].name }}" + - Storage account name: "{{ storage_account_name }}" + - Storage account key: "{{ storage_account_info.storageaccounts[0].primary_endpoints.key }}" + - Storage account endpoint: "{{ storage_account_info.storageaccounts[0].primary_endpoints.blob.endpoint }}" + - Storage account sas token: "{{ sas_token.stdout }}" + - name: Showing instance ips + debug: + msg: + "{{ item.networkinterfaces[0].name }}: {{ item.networkinterfaces[0].ip_configurations[0].private_ip_address }}" + with_items: "{{ nics.results }}" + # Else the item dict is very big + loop_control: + label: "{{ item.networkinterfaces[0].name }}" + tags: + - info + - block: + - name: Writing resource info to azure-resources.txt + copy: + dest: azure-resources.txt + content: |- + ================================================================ + jenkins_public_ip="{{ public_ip.state.ip_address }}" + acr_password="{{ registry.registries[0].credentials.password }}" + acr_registry_server="{{ registry.registries[0].login_server }}" + acr_username="{{ registry.registries[0].name }}" + storage_account_name="{{ storage_account_name }}" + storage_account_key="{{ storage_account_info.storageaccounts[0].primary_endpoints.key }}" + storage_account_endpoint="{{ storage_account_info.storageaccounts[0].primary_endpoints.blob.endpoint }}" + storage_account_sas_token="{{ sas_token.stdout }}" + - name: Writing machine ips to azure-resources.txt + lineinfile: + state: present + insertbefore: EOF + dest: azure-resources.txt + line: "{{ item.networkinterfaces[0].name }}={{ item.networkinterfaces[0].ip_configurations[0].private_ip_address }}" + with_items: "{{ nics.results }}" + # Else the item dict is very big + loop_control: + label: "{{ item.networkinterfaces[0].name }}" + - debug: + msg: ansible variable values to update for the installation is stored in "sunbird-devops/deploy/azure-resources.txt" + tags: + - info diff --git a/deploy/jenkins/jenkins-server-setup.sh b/deploy/jenkins/jenkins-server-setup.sh index 4c97e17fcc..538d1cc0b2 100755 --- a/deploy/jenkins/jenkins-server-setup.sh +++ b/deploy/jenkins/jenkins-server-setup.sh @@ -92,10 +92,6 @@ cp ./azcopy_linux_amd64_*/azcopy /usr/bin/ rm -rf downloadazcopy-v10-linux* azcopy_linux_amd* ### -echo -e "\n\e[0;32m${bold}Installating Docker-py${normal}" -pip install docker-py -pip3 install docker-py - echo -e "\n\e[0;32m${bold}Installating pip docker${normal}" pip install docker pip3 install docker @@ -117,8 +113,7 @@ echo -e "\n\e[0;32m${bold}Installing nvm${normal}" su jenkins bash -c "curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.34.0/install.sh | bash" echo -e "\n\e[0;32m${bold}Installing jmespath${normal}" -pip uninstall jmespath -pip3 install -y jmespath +sudo apt install -y python3-jmespath #### Kubernetes Tools #### diff --git a/deploy/jenkins/jenkins.yaml b/deploy/jenkins/jenkins.yaml new file mode 100644 index 0000000000..5f4b9523f0 --- /dev/null +++ b/deploy/jenkins/jenkins.yaml @@ -0,0 +1,71 @@ +# Copy this file to /var/lib/jenkins/jenkins.yaml +# Install configuration as code plugin +# Open configurtion page +# http://jenkins-ip:8080/configuration-as-code/ +# check the file is already loaded, else give the path +# Then apply the config +credentials: + system: + domainCredentials: + - credentials: + - usernamePassword: + scope: GLOBAL + id: github-cred + username: "${GH_USERNAME}" + # This is the api token for GH private repo access. + # 1. open https://github.com/settings/tokens/new + # 2. Select repo checkbox + # 3. Give a proper note, for ex: Sunbird Jenkins + password: "${GH_PASSWORD}" +security: + scriptApproval: + approvedSignatures: + - method java.io.File exists + - new java.io.File java.lang.String +jenkins: + systemMessage: "Project Sunbird Jenkins configured automatically by Jenkins Configuration as Code plugin\n\n" + numExecutors: 8 + labelString: "build-slave ops-slave" + markupFormatter: "rawHtml" + globalNodeProperties: + - envVars: + env: + - key: ANSIBLE_FORCE_COLOR + value: true + - key: ANSIBLE_HOST_KEY_CHECKING + value: false + - key: ANSIBLE_STDOUT_CALLBACK + value: debug + - key: hub_org + value: "${DOCKER_REGISTRY_URL}" + - key: private_repo_branch + value: "${GH_PRIVATE_REPO_BRANCH}" + - key: private_repo_credentials + value: "github-cred" + - key: private_repo_url + value: "${GH_PRIVATE_REPO_URL}" + - key: public_repo_branch + value: "${GH_PUBLIC_REPO_BRANCH}" + - key: override_private_branch + value: "true" + - key: override_public_branch + value: "true" + - key: java11_home + value: "/usr/lib/jvm/java-11-openjdk-amd64/" +unclassified: + globalLibraries: + libraries: + - defaultVersion: "heads/shared-lib" + name: "deploy-conf" + retriever: + modernSCM: + scm: + git: + id: "pipeline-shared-lib" + remote: "https://github.com/project-sunbird/sunbird-devops.git" + traits: + - cloneOptionTrait: + extension: + depth: 1 + noTags: true + shallow: true diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/DataPipeline/jobs/Monitoring/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/DataPipeline/jobs/Monitoring/config.xml index 26bce7cb5d..09a769509c 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/DataPipeline/jobs/Monitoring/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/DataPipeline/jobs/Monitoring/config.xml @@ -84,12 +84,6 @@ return """<b>This parameter is not used</b>""" false - - kubeconfigpath - - /var/lib/jenkins/secrets/dp-k8s.yml - false - @@ -136,4 +130,4 @@ return """<b>This parameter is not used</b>""" false - \ No newline at end of file + diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Upload_CollectionHierarchy_CSV/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Upload_CollectionHierarchy_CSV/config.xml new file mode 100644 index 0000000000..bc90b79ad2 --- /dev/null +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Upload_CollectionHierarchy_CSV/config.xml @@ -0,0 +1,163 @@ + + + + + hudson.model.ParametersDefinitionProperty + com.sonyericsson.rebuild.RebuildSettings + + + + + false + + + + -1 + 10 + -1 + 2 + + + + + false + false + + + + + private_branch + + choice-parameter-2544395024638227 + 1 + + true + + + + true + + + Upload_CollectionHierarchy_CSV + Deploy/staging/Kubernetes/Upload_CollectionHierarchy_CSV + + + ET_FORMATTED_HTML + true + + + branch_or_tag + + choice-parameter-2620434998790477 + 1 + + true + + + + true + + + Upload_CollectionHierarchy_CSV + Deploy/staging/Kubernetes/Upload_CollectionHierarchy_CSV + + + ET_FORMATTED_HTML + true + + + editor_repo_branch + <font color=dimgray size=2><b>Enter the branch of <a href="https://github.com/Sunbird-Ed/sunbird-collection-editor">Sunbird-Ed/sunbird-collection-editor</a></b></font> + + false + + + container_name + + + + sourcing + + + + + source_path + + sunbird-collection-editor/utils/hierarchy/ + false + + + destination_path + + sourcing/collection-hierarchy + false + + + tag + + + + upload-batch + + + + + + + 0 + 0 + + false + project + false + + + + + + + + + + 2 + + + https://github.com/project-sunbird/sunbird-devops.git + + + + + ${branch_or_tag} + + + false + + + + true + false + + 0 + false + + + + pipelines/upload/portal-csv/Jenkinsfile + false + + + false + diff --git a/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/PostInstallScript/config.xml b/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/PostInstallScript/config.xml index a79f67ec33..982f4fb9b3 100644 --- a/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/PostInstallScript/config.xml +++ b/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/PostInstallScript/config.xml @@ -87,7 +87,7 @@ 2 - https://github.com/keshavprasadms/sunbird-devops.git + https://github.com/project-sunbird/sunbird-devops.git diff --git a/deploy/jenkins/jobs/Provision/jobs/dev/jobs/Core/jobs/Keycloak/config.xml b/deploy/jenkins/jobs/Provision/jobs/dev/jobs/Core/jobs/Keycloak/config.xml index 3453b5ffa9..e5e4c70499 100644 --- a/deploy/jenkins/jobs/Provision/jobs/dev/jobs/Core/jobs/Keycloak/config.xml +++ b/deploy/jenkins/jobs/Provision/jobs/dev/jobs/Core/jobs/Keycloak/config.xml @@ -95,7 +95,7 @@ return """<b>This parameter is not used</b>"&quo - keycloak7 + ${branch_or_tag} false @@ -115,4 +115,4 @@ return """<b>This parameter is not used</b>"&quo false - \ No newline at end of file + diff --git a/deploy/post-install-script.sh b/deploy/post-install-script.sh index bf16a26f30..800b763a82 100755 --- a/deploy/post-install-script.sh +++ b/deploy/post-install-script.sh @@ -62,6 +62,21 @@ create_organisation(){ } }' | jq -r .result.organisationId) echo "organisationId: ${organisation}" + + echo -e "\e[0;32m${bold}Creating ntp organisation for login page ${normal}" + curl -sS -XPOST "${proto}://${domain_name}/api/org/v1/create" -H 'Accept: application/json' -H 'Content-Type: application/json' \ + -H "X-Authenticated-User-Token: ${x_authenticated_token}" \ + -H "Authorization: Bearer ${core_vault_sunbird_api_auth_token}" \ + -d '{ + "request":{ + "orgName":"NTP", + "description":"NTP Organisation for Sunbird", + "isRootOrg": true, + "channel": "ntp", + "organisationType": "board", + "isTenant": true + } + }' } create_users(){ @@ -78,7 +93,6 @@ create_users(){ "password": "Pass@123", "phone": "9999911111", "userName": "creator", - "channel": "sunbird", "phoneVerified": true } }' | jq -r .result.userId) @@ -94,7 +108,6 @@ create_users(){ "password": "Pass@123", "phone": "9999911112", "userName": "reviewer", - "channel": "sunbird", "phoneVerified": true } }' | jq -r .result.userId) @@ -110,7 +123,6 @@ create_users(){ "password": "Pass@123", "phone": "9999911113", "userName": "orgadmin", - "channel": "sunbird", "phoneVerified": true } }' | jq -r .result.userId) @@ -396,6 +408,7 @@ create_framework(){ echo -e "\e[0;32m${bold}Create default NCF framework ${normal}" curl -XPOST "${proto}://${domain_name}/api/framework/v1/create" -H 'Content-Type: application/json' -H 'accept: application/json' \ -H "X-Authenticated-User-Token: ${x_authenticated_token}" \ + -H "X-Channel-Id: ${organisation}" \ -H "Authorization: Bearer ${core_vault_sunbird_api_auth_token}" \ -d '{ "request": @@ -415,8 +428,9 @@ create_framework_categories(){ # Create framework categories printf "\n\n" echo -e "\e[0;32m${bold}Create framework categories ${normal}" - curl -XPOST "${proto}://${domain_name}/api/framework/v1/create?framework=NCF" -H 'Content-Type: application/json' -H 'accept: application/json' \ + curl -XPOST "${proto}://${domain_name}/api/framework/v1/category/create?framework=NCF" -H 'Content-Type: application/json' -H 'accept: application/json' \ -H "X-Authenticated-User-Token: ${x_authenticated_token}" \ + -H "X-Channel-Id: ${organisation}" \ -H "Authorization: Bearer ${core_vault_sunbird_api_auth_token}" \ -d '{ "request": { @@ -427,8 +441,9 @@ create_framework_categories(){ } }' - curl -XPOST "${proto}://${domain_name}/api/framework/v1/create?framework=NCF" -H 'Content-Type: application/json' -H 'accept: application/json' \ + curl -XPOST "${proto}://${domain_name}/api/framework/v1/category/create?framework=NCF" -H 'Content-Type: application/json' -H 'accept: application/json' \ -H "X-Authenticated-User-Token: ${x_authenticated_token}" \ + -H "X-Channel-Id: ${organisation}" \ -H "Authorization: Bearer ${core_vault_sunbird_api_auth_token}" \ -d '{ "request": { @@ -439,8 +454,9 @@ create_framework_categories(){ } }' - curl -XPOST "${proto}://${domain_name}/api/framework/v1/create?framework=NCF" -H 'Content-Type: application/json' -H 'accept: application/json' \ + curl -XPOST "${proto}://${domain_name}/api/framework/v1/category/create?framework=NCF" -H 'Content-Type: application/json' -H 'accept: application/json' \ -H "X-Authenticated-User-Token: ${x_authenticated_token}" \ + -H "X-Channel-Id: ${organisation}" \ -H "Authorization: Bearer ${core_vault_sunbird_api_auth_token}" \ -d '{ "request": { @@ -451,8 +467,9 @@ create_framework_categories(){ } }' - curl -XPOST "${proto}://${domain_name}/api/framework/v1/create?framework=NCF" -H 'Content-Type: application/json' -H 'accept: application/json' \ + curl -XPOST "${proto}://${domain_name}/api/framework/v1/category/create?framework=NCF" -H 'Content-Type: application/json' -H 'accept: application/json' \ -H "X-Authenticated-User-Token: ${x_authenticated_token}" \ + -H "X-Channel-Id: ${organisation}" \ -H "Authorization: Bearer ${core_vault_sunbird_api_auth_token}" \ -d '{ "request": { @@ -468,8 +485,9 @@ create_framework_terms(){ # Create framework terms printf "\n\n" echo -e "\e[0;32m${bold}Create framework terms ${normal}" - curl -XPOST "${proto}://${domain_name}/api/framework/v1/create?framework=NCF&category=board" -H 'Content-Type: application/json' -H 'accept: application/json' \ + curl -XPOST "${proto}://${domain_name}/api/framework/v1/term/create?framework=NCF&category=board" -H 'Content-Type: application/json' -H 'accept: application/json' \ -H "X-Authenticated-User-Token: ${x_authenticated_token}" \ + -H "X-Channel-Id: ${organisation}" \ -H "Authorization: Bearer ${core_vault_sunbird_api_auth_token}" \ -d '{ "request": { @@ -480,8 +498,9 @@ create_framework_terms(){ } }' - curl -XPOST "${proto}://${domain_name}/api/framework/v1/create?framework=NCF&category=medium" -H 'Content-Type: application/json' -H 'accept: application/json' \ + curl -XPOST "${proto}://${domain_name}/api/framework/v1/term/create?framework=NCF&category=medium" -H 'Content-Type: application/json' -H 'accept: application/json' \ -H "X-Authenticated-User-Token: ${x_authenticated_token}" \ + -H "X-Channel-Id: ${organisation}" \ -H "Authorization: Bearer ${core_vault_sunbird_api_auth_token}" \ -d '{ "request": { @@ -492,8 +511,9 @@ create_framework_terms(){ } }' - curl -XPOST "${proto}://${domain_name}/api/framework/v1/create?framework=NCF&category=subject" -H 'Content-Type: application/json' -H 'accept: application/json' \ + curl -XPOST "${proto}://${domain_name}/api/framework/v1/term/create?framework=NCF&category=subject" -H 'Content-Type: application/json' -H 'accept: application/json' \ -H "X-Authenticated-User-Token: ${x_authenticated_token}" \ + -H "X-Channel-Id: ${organisation}" \ -H "Authorization: Bearer ${core_vault_sunbird_api_auth_token}" \ -d '{ "request": { @@ -504,8 +524,9 @@ create_framework_terms(){ } }' - curl -XPOST "${proto}://${domain_name}/api/framework/v1/create?framework=NCF&category=gradeLevel" -H 'Content-Type: application/json' -H 'accept: application/json' \ + curl -XPOST "${proto}://${domain_name}/api/framework/v1/term/create?framework=NCF&category=gradeLevel" -H 'Content-Type: application/json' -H 'accept: application/json' \ -H "X-Authenticated-User-Token: ${x_authenticated_token}" \ + -H "X-Channel-Id: ${organisation}" \ -H "Authorization: Bearer ${core_vault_sunbird_api_auth_token}" \ -d '{ "request": { @@ -655,13 +676,13 @@ printf "\n\n" cassandra_forms get_x_authenticated_token create_organisation -create_users -assign_roles create_master_categories create_default_licenses create_default_channel_license create_other_categories system_settings +create_users +assign_roles create_framework create_framework_categories create_framework_terms diff --git a/kubernetes/helm_charts/core/content/values.j2 b/kubernetes/helm_charts/core/content/values.j2 index f0d14ddbc3..8263fdbbf9 100644 --- a/kubernetes/helm_charts/core/content/values.j2 +++ b/kubernetes/helm_charts/core/content/values.j2 @@ -32,4 +32,4 @@ autoscaling: minReplicas: {{ content_autoscaling_minReplicas|default(1) }} maxReplicas: {{ content_autoscaling_maxReplicas|default(2) }} targetCPUUtilizationPercentage: {{ content_autoscaling_targetCPUUtilizationPercentage|default(60) }} - targetMemoryUtilizationPercentage: {{ content_autoscaling_targetMemoryUtilizationPercentage|default('') }} \ No newline at end of file + targetMemoryUtilizationPercentage: {{ content_autoscaling_targetMemoryUtilizationPercentage|default('') }} diff --git a/kubernetes/helm_charts/core/fusionauth/.helmignore b/kubernetes/helm_charts/core/fusionauth/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/kubernetes/helm_charts/core/fusionauth/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kubernetes/helm_charts/core/fusionauth/Chart.yaml b/kubernetes/helm_charts/core/fusionauth/Chart.yaml new file mode 100644 index 0000000000..216bbf361b --- /dev/null +++ b/kubernetes/helm_charts/core/fusionauth/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +appVersion: "1.27.2" +description: Helm chart for fusionauth +type: application +name: fusionauth +version: 0.0.0+dev diff --git a/kubernetes/helm_charts/core/fusionauth/templates/_helpers.tpl b/kubernetes/helm_charts/core/fusionauth/templates/_helpers.tpl new file mode 100644 index 0000000000..e6ddf42be1 --- /dev/null +++ b/kubernetes/helm_charts/core/fusionauth/templates/_helpers.tpl @@ -0,0 +1,71 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "fusionauth.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "fusionauth.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Set apiVersion for ingress +*/}} +{{- define "fusionauth.ingressApiVersion" -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}} +networking.k8s.io/v1beta1 +{{- else -}} +extensions/v1beta1 +{{- end -}} +{{- end -}} + +{{/* +Configure TLS if enabled +*/}} +{{- define "fusionauth.databaseTLS" -}} +{{- if .Values.database.tls -}} +?sslmode={{ .Values.database.tlsMode }} +{{- end -}} +{{- end -}} + +{{- define "fusionauth.searchLogin" -}} +{{- if .Values.search.user -}} +{{- printf "%s:%s@" .Values.search.user .Values.search.password -}} +{{- else -}} +{{- printf "" -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "fusionauth.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Set name of secret to use for credentials +*/}} +{{- define "fusionauth.database.secretName" -}} +{{- if .Values.database.existingSecret -}} +{{- .Values.database.existingSecret -}} +{{- else -}} +{{ .Release.Name }}-credentials +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/fusionauth/templates/configmap.yaml b/kubernetes/helm_charts/core/fusionauth/templates/configmap.yaml new file mode 100644 index 0000000000..e0fdba52e7 --- /dev/null +++ b/kubernetes/helm_charts/core/fusionauth/templates/configmap.yaml @@ -0,0 +1,18 @@ +{{- if .Values.kickstart.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fusionauth.fullname" . }}-kickstart-config + labels: + heritage: {{ .Release.Name }} + release: {{ .Release.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app: {{ template "fusionauth.name" . }} +data: + {{- if .Values.kickstart.data }} + {{- range $key, $value := .Values.kickstart.data }} + {{ $key }}: | +{{ $value | indent 4 }} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/helm_charts/core/fusionauth/templates/deployment.yaml b/kubernetes/helm_charts/core/fusionauth/templates/deployment.yaml new file mode 100644 index 0000000000..fb71e42b38 --- /dev/null +++ b/kubernetes/helm_charts/core/fusionauth/templates/deployment.yaml @@ -0,0 +1,157 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "fusionauth.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "fusionauth.name" . }} + helm.sh/chart: {{ include "fusionauth.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "fusionauth.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "fusionauth.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + initContainers: + - name: wait-for-db + image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}" + args: + - /bin/sh + - -c + - > + set -x; + while [[ "$(nc -zv '{{- .Values.database.host -}}' {{ .Values.database.port }} &> /dev/null; echo $?)" != 0 ]]; do + echo '.' + sleep 15; + done + {{- if eq .Values.search.engine "elasticsearch" }} + - name: wait-for-search + image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}" + args: + - /bin/sh + - -c + - > + set -x; + while [[ "$(nc -zv '{{- .Values.search.host -}}' {{ .Values.search.port }} &> /dev/null; echo $?)" != 0 ]]; do + echo '.' + sleep 15; + done + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 9011 + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + startupProbe: + {{- toYaml .Values.startupProbe | nindent 12 }} + {{- with .Values.lifecycle }} + lifecycle: + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: DATABASE_USERNAME + value: {{ required "A valid username for the database is required!" .Values.database.user }} + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "fusionauth.database.secretName" . }} + key: password + {{- if .Values.database.root.user }} + - name: DATABASE_ROOT_USERNAME + value: {{ .Values.database.root.user }} + - name: DATABASE_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "fusionauth.database.secretName" . }} + key: rootpassword + {{- end }} + - name: DATABASE_URL + value: "jdbc:{{ .Values.database.protocol }}://{{- required "A valid database host is required!" .Values.database.host -}}:{{ .Values.database.port }}/{{ .Values.database.name }}{{ include "fusionauth.databaseTLS" . }}" + - name: SEARCH_TYPE + value: {{ .Values.search.engine }} + {{- if eq .Values.search.engine "elasticsearch" }} + - name: SEARCH_SERVERS + value: "{{ .Values.search.protocol }}://{{ include "fusionauth.searchLogin" . }}{{- required "A valid elasticsearch host is required!" .Values.search.host -}}:{{ .Values.search.port }}" + {{- end }} + - name: FUSIONAUTH_APP_MEMORY + value: {{ .Values.app.memory }} + - name: FUSIONAUTH_APP_RUNTIME_MODE + value: {{ .Values.app.runtimeMode }} + {{- if .Values.environment }} + {{- toYaml .Values.environment |nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + + {{- if or .Values.kickstart.enabled .Values.extraVolumeMounts }} + volumeMounts: + {{- end }} + + {{- if .Values.kickstart.enabled }} + - name: {{ template "fusionauth.fullname" . }}-config-volume + mountPath: /kickstart + {{- end }} + + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + + {{- if .Values.dnsConfig }} + dnsConfig: + {{- toYaml .Values.dnsConfig |nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy }} + + {{- if or .Values.kickstart.enabled .Values.extraVolumes }} + volumes: + {{- end }} + + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} + + {{- if .Values.kickstart.enabled }} + - name: {{ template "fusionauth.fullname" . }}-config-volume + configMap: + name: {{ template "fusionauth.fullname" . }}-kickstart-config + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + restartPolicy: Always diff --git a/kubernetes/helm_charts/core/fusionauth/templates/poddisruptionbudget.yaml b/kubernetes/helm_charts/core/fusionauth/templates/poddisruptionbudget.yaml new file mode 100644 index 0000000000..9efdb60173 --- /dev/null +++ b/kubernetes/helm_charts/core/fusionauth/templates/poddisruptionbudget.yaml @@ -0,0 +1,11 @@ +{{- if .Values.podDisruptionBudget.enabled -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ include "fusionauth.fullname" . }} +spec: + maxUnavailable: {{ sub .Values.replicaCount 1 }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "fusionauth.name" . }} +{{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/fusionauth/templates/secret.yaml b/kubernetes/helm_charts/core/fusionauth/templates/secret.yaml new file mode 100644 index 0000000000..624c0640fb --- /dev/null +++ b/kubernetes/helm_charts/core/fusionauth/templates/secret.yaml @@ -0,0 +1,17 @@ +{{- if eq .Values.database.existingSecret "" -}} +apiVersion: v1 +data: + password: {{ required "A password for your database is required!" .Values.database.password | b64enc }} +{{- if .Values.database.root.password }} + rootpassword: {{ .Values.database.root.password | b64enc }} +{{- end }} +kind: Secret +metadata: + labels: + app.kubernetes.io/name: {{ include "fusionauth.name" . }} + helm.sh/chart: {{ include "fusionauth.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + name: {{ include "fusionauth.database.secretName" . }} +type: Opaque +{{- end -}} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/fusionauth/templates/service.yaml b/kubernetes/helm_charts/core/fusionauth/templates/service.yaml new file mode 100644 index 0000000000..850e93f43b --- /dev/null +++ b/kubernetes/helm_charts/core/fusionauth/templates/service.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "fusionauth.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "fusionauth.name" . }} + helm.sh/chart: {{ include "fusionauth.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- if .Values.service.annotations }} + annotations: +{{ .Values.service.annotations | toYaml | indent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "fusionauth.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.service.spec }} +{{ .Values.service.spec | toYaml | indent 2 }} + {{- end }} diff --git a/kubernetes/helm_charts/core/fusionauth/values.j2 b/kubernetes/helm_charts/core/fusionauth/values.j2 new file mode 100644 index 0000000000..469597449c --- /dev/null +++ b/kubernetes/helm_charts/core/fusionauth/values.j2 @@ -0,0 +1,220 @@ +# Default values for fusionauth. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# replicaCount -- The number of fusionauth-app instances to run +replicaCount: 1 +image: + # image.repository -- The name of the docker repository for fusionauth-app + repository: fusionauth/fusionauth-app + # image.repository -- The docker tag to pull for fusionauth-app + tag: 1.27.2 + # image.pullPolicy -- Kubernetes image pullPolicy to use for fusionauth-app + pullPolicy: IfNotPresent + +# imagePullSecrets -- Configures kubernetes secrets to use for pulling private images +imagePullSecrets: [] + +# This image should contain `nc`, `wget` and a shell of some kind to do a simple loop. +initImage: + # initImage.repository -- Docker image to use for initContainers + repository: busybox + # initImage.repository -- Tag to use for initContainers docker image + tag: latest + +# nameOverride -- Overrides resource names +nameOverride: "" +# fullnameOverride -- Overrides full resource names +fullnameOverride: "" + +service: + # service.type -- Type of Kubernetes service to create + type: ClusterIP + # service.port -- Port for the Kubernetes service to expose + port: 9011 + # service.annotations -- Extra annotations to add to service object + annotations: {} + # service.spec -- Any extra fields to add to the service object spec + spec: {} + +database: + # database.protocol -- Should either be postgresql or mysql. Protocol for jdbc connection to database + protocol: postgresql + # database.host -- Hostname or ip of the database instance + host: {{uci_postgres_host}} + # database.host -- Port of the database instance + port: 5432 + # database.tls -- Configures whether or not to use tls when connecting to the database + tls: false + # database.tlsMode -- If tls is enabled, this configures the mode + tlsMode: require + # database.name -- Name of the fusionauth database + name: {{uci_fusionauth_postgres_database}} + + # To use an existing secret, set `existingSecret` to the name of the secret. We expect at most two keys: `password` is required. `rootpassword` is only required if `database.root.user` is set. + # database.existingSecret -- The name of an existing secret that contains the database passwords + existingSecret: "" + # database.user -- Database username for fusionauth to use in normal operation + user: {{uci_postgres_user}} + # database.password -- Database password for fusionauth to use in normal operation - not required if database.existingSecret is configured + password: {{uci_postgres_password}} + # These credentials are used for bootstrapping the database + root: + # database.root.user -- Database username for fusionauth to use during initial bootstrap - not required if you have manually bootstrapped your database + user: {{uci_postgres_user}} + # database.root.password -- Database password for fusionauth to use during initial bootstrap - not required if database.existingSecret is configured + password: {{uci_postgres_password}} + +search: + # search.engine -- Defines backend for fusionauth search capabilities. Valid values for engine are 'elasticsearch' or 'database'. + engine: elasticsearch + # search.engine -- Protocol to use when connecting to elasticsearch. Ignored when search.engine is NOT elasticsearch + protocol: http + # search.host -- Hostname or ip to use when connecting to elasticsearch. Ignored when search.engine is NOT elasticsearch + host: {{sunbird_es_host}} + # search.port -- Port to use when connecting to elasticsearch. Ignored when search.engine is NOT elasticsearch + port: 9200 + # search.user -- Username to use with basic auth when connecting to elasticsearch. Ignored when search.engine is NOT elasticsearch + user: "" + # search.password -- Password to use with basic auth when connecting to elasticsearch. Ignored when search.engine is NOT elasticsearch + password: "" + + +app: + # app.memory -- Configures the amount of memory Java can use + memory: 256M + # app.memory -- Configures runtime mode for fusionauth. Should be 'development' or 'production' + runtimeMode: development + +# environment - Configure additional environment variables. Should only be used for things that are not explicitly set elsewhere in the chart. +environment: [] + # - name: POD_IP + # valueFrom: + # fieldRef: + # fieldPath: status.podIP + # - name: FUSIONAUTH_API_KEY + # value: test + # Its important to add /kickstart/ as prefix to your kickstart file else it won't work! All other files will be mounted below /kickstart/ + # - name: FUSIONAUTH_KICKSTART + # value: /kickstart/kickstart.json + +kickstart: + enabled: false + data: {} + # kickstart.json: | + # { + # "variables": { + # "defaultTenantId": "d7d09513-a3f5-401c-9685-34ab6c552453", + # "adminEmail": "admin@fusionauth.io", + # "adminPassword": "password", + # }, + # "apiKeys": [ + # { + # "key": "bf69486b-4733-4470-a592-f1bfce7af580", + # "description": "Core API Key" + # } + # ], + # "requests": [ + # { + # "method": "POST", + # "url": "/api/user/registration", + # "body": { + # "user": { + # "email": "#{adminEmail}", + # "password": "#{adminPassword}" + # }, + # "registration": { + # "applicationId": "#{FUSIONAUTH_APPLICATION_ID}", + # "roles": [ + # "admin" + # ] + # } + # } + # } + # ] + # } + # setup-password.html: | + #
Test
+ # setup-password.txt: | + # Hallo + +lifecycle: {} + # # lifecycle.postStart -- postStart lifecycle command for fusionauth container + # postStart: + # exec: + # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] + # # lifecycle.preStop -- preStop lifecycle command for fusionauth container + # preStop: + # exec: + # command: ["/bin/bash","-c","kill -3 1"] + +podDisruptionBudget: + # podDisruptionBudget.enabled -- Enables creation of a PodDisruptionBudget + enabled: false + +# resources -- Define resource requests and limits for fusionauth-app. +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# nodeSelector -- Define nodeSelector for kubernetes to use when scheduling fusionauth pods. +nodeSelector: {} + +# tolerations -- Define tolerations for kubernetes to use when scheduling fusionauth pods. +tolerations: [] + +# affinty -- Define affinity for kubernetes to use when scheduling fusionauth pods. +affinity: {} + +# dnsConfig -- Define dnsConfig for fusionauth pods. +dnsConfig: {} +# dnsPolicy -- Define dnsPolicy for fusionauth pods. +dnsPolicy: ClusterFirst + +# annotations -- Define annotations for fusionauth deployment. +annotations: {} +# podAnnotations -- Define annotations for fusionauth pods. +podAnnotations: {} + +# livenessProbe -- Configures a livenessProbe to ensure fusionauth is running +livenessProbe: + httpGet: + path: / + port: http + failureThreshold: 3 + periodSeconds: 30 + timeoutSeconds: 5 +# readinessProbe -- Configures a readinessProbe to ensure fusionauth is ready for requests +readinessProbe: + httpGet: + path: / + port: http + failureThreshold: 5 + timeoutSeconds: 5 +# startupProbe -- Configures a startupProbe to ensure fusionauth has finished starting up +startupProbe: + httpGet: + path: / + port: http + failureThreshold: 20 + periodSeconds: 10 + timeoutSeconds: 5 + +# extraVolumes -- Define extra Volumes. Allow to add existing claimName +extraVolumes: [] + # - name: custom-css-data + # persistentVolumeClaim: + # claimName: custom-css-data + +# extraVolumes -- Associate mountPath for each extraVolumes +extraVolumeMounts: [] + # - name: custom-css-data + # mountPath: /usr/local/fusionauth/fusionauth-app/web/custom diff --git a/kubernetes/helm_charts/core/fusionauth/values.schema.json b/kubernetes/helm_charts/core/fusionauth/values.schema.json new file mode 100644 index 0000000000..bb6c53cf90 --- /dev/null +++ b/kubernetes/helm_charts/core/fusionauth/values.schema.json @@ -0,0 +1,992 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "$id": "http://example.com/example.json", + "type": "object", + "title": "The root schema", + "description": "The root schema comprises the entire JSON document.", + "default": {}, + "examples": [ + { + "replicaCount": 1, + "image": { + "repository": "fusionauth/fusionauth-app", + "tag": "1.22.2", + "pullPolicy": "IfNotPresent" + }, + "imagePullSecrets": [], + "initImage": { + "repository": "busybox", + "tag": "latest" + }, + "nameOverride": "", + "fullnameOverride": "", + "service": { + "type": "ClusterIP", + "port": 9011, + "annotations": {}, + "spec": {} + }, + "database": { + "protocol": "postgresql", + "host": "", + "port": 5432, + "tls": false, + "tlsMode": "require", + "name": "fusionauth", + "existingSecret": "", + "user": "", + "password": "", + "root": { + "user": "", + "password": "" + } + }, + "search": { + "engine": "elasticsearch", + "protocol": "http", + "host": "", + "port": 9200 + }, + "app": { + "memory": "256M", + "runtimeMode": "development" + }, + "environment": [], + "kickstart": { + "enabled": false, + "data": {} + }, + "resources": {}, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "dnsConfig": {}, + "dnsPolicy": "ClusterFirst", + "annotations": {}, + "podAnnotations": {}, + "livenessProbe": { + "httpGet": { + "path": "/", + "port": "http" + }, + "periodSeconds": 30 + }, + "readinessProbe": { + "httpGet": { + "path": "/", + "port": "http" + } + }, + "startupProbe": { + "httpGet": { + "path": "/", + "port": "http" + }, + "failureThreshold": 20, + "periodSeconds": 10 + } + } + ], + "required": [ + "replicaCount", + "image", + "imagePullSecrets", + "initImage", + "nameOverride", + "fullnameOverride", + "service", + "database", + "search", + "app", + "environment", + "kickstart", + "podDisruptionBudget", + "resources", + "nodeSelector", + "tolerations", + "affinity", + "dnsConfig", + "dnsPolicy", + "annotations", + "podAnnotations", + "livenessProbe", + "readinessProbe", + "startupProbe" + ], + "properties": { + "replicaCount": { + "$id": "#/properties/replicaCount", + "type": "integer", + "title": "The replicaCount schema", + "description": "An explanation about the purpose of this instance.", + "default": 0, + "examples": [ + 1 + ] + }, + "image": { + "$id": "#/properties/image", + "type": "object", + "title": "The image schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + { + "repository": "fusionauth/fusionauth-app", + "tag": "1.26.1", + "pullPolicy": "IfNotPresent" + } + ], + "required": [ + "repository", + "tag", + "pullPolicy" + ], + "properties": { + "repository": { + "$id": "#/properties/image/properties/repository", + "type": "string", + "title": "The repository schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "fusionauth/fusionauth-app" + ] + }, + "tag": { + "$id": "#/properties/image/properties/tag", + "type": "string", + "title": "The tag schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "1.22.2" + ] + }, + "pullPolicy": { + "$id": "#/properties/image/properties/pullPolicy", + "type": "string", + "title": "The pullPolicy schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "IfNotPresent" + ] + } + }, + "additionalProperties": true + }, + "imagePullSecrets": { + "$id": "#/properties/imagePullSecrets", + "type": "array", + "title": "The imagePullSecrets schema", + "description": "An explanation about the purpose of this instance.", + "default": [], + "examples": [ + [] + ], + "additionalItems": true, + "items": { + "$id": "#/properties/imagePullSecrets/items" + } + }, + "initImage": { + "$id": "#/properties/initImage", + "type": "object", + "title": "The initImage schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + { + "repository": "busybox", + "tag": "latest" + } + ], + "required": [ + "repository", + "tag" + ], + "properties": { + "repository": { + "$id": "#/properties/initImage/properties/repository", + "type": "string", + "title": "The repository schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "busybox" + ] + }, + "tag": { + "$id": "#/properties/initImage/properties/tag", + "type": "string", + "title": "The tag schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "latest" + ] + } + }, + "additionalProperties": true + }, + "nameOverride": { + "$id": "#/properties/nameOverride", + "type": "string", + "title": "The nameOverride schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "" + ] + }, + "fullnameOverride": { + "$id": "#/properties/fullnameOverride", + "type": "string", + "title": "The fullnameOverride schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "" + ] + }, + "service": { + "$id": "#/properties/service", + "type": "object", + "title": "The service schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + { + "type": "ClusterIP", + "port": 9011, + "annotations": {}, + "spec": {} + } + ], + "required": [ + "type", + "port", + "annotations", + "spec" + ], + "properties": { + "type": { + "$id": "#/properties/service/properties/type", + "type": "string", + "title": "The type schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "ClusterIP" + ] + }, + "port": { + "$id": "#/properties/service/properties/port", + "type": "integer", + "title": "The port schema", + "description": "An explanation about the purpose of this instance.", + "default": 0, + "examples": [ + 9011 + ] + }, + "annotations": { + "$id": "#/properties/service/properties/annotations", + "type": "object", + "title": "The annotations schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + {} + ], + "required": [], + "additionalProperties": true + }, + "spec": { + "$id": "#/properties/service/properties/spec", + "type": "object", + "title": "The spec schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + {} + ], + "required": [], + "additionalProperties": true + } + }, + "additionalProperties": true + }, + "database": { + "$id": "#/properties/database", + "type": "object", + "title": "The database schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + { + "protocol": "postgresql", + "host": "", + "port": 5432, + "tls": false, + "tlsMode": "require", + "name": "fusionauth", + "existingSecret": "", + "user": "", + "password": "", + "root": { + "user": "", + "password": "" + } + } + ], + "required": [ + "protocol", + "host", + "port", + "tls", + "tlsMode", + "name", + "existingSecret", + "user", + "password", + "root" + ], + "properties": { + "protocol": { + "$id": "#/properties/database/properties/protocol", + "type": "string", + "title": "The protocol schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "postgresql" + ] + }, + "host": { + "$id": "#/properties/database/properties/host", + "type": "string", + "title": "The host schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "" + ] + }, + "port": { + "$id": "#/properties/database/properties/port", + "type": "integer", + "title": "The port schema", + "description": "An explanation about the purpose of this instance.", + "default": 0, + "examples": [ + 5432 + ] + }, + "tls": { + "$id": "#/properties/database/properties/tls", + "type": "boolean", + "title": "The tls schema", + "description": "An explanation about the purpose of this instance.", + "default": false, + "examples": [ + false + ] + }, + "tlsMode": { + "$id": "#/properties/database/properties/tlsMode", + "type": "string", + "title": "The tlsMode schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "require" + ] + }, + "name": { + "$id": "#/properties/database/properties/name", + "type": "string", + "title": "The name schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "fusionauth" + ] + }, + "existingSecret": { + "$id": "#/properties/database/properties/existingSecret", + "type": "string", + "title": "The existingSecret schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "" + ] + }, + "user": { + "$id": "#/properties/database/properties/user", + "type": "string", + "title": "The user schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "" + ] + }, + "password": { + "$id": "#/properties/database/properties/password", + "type": "string", + "title": "The password schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "" + ] + }, + "root": { + "$id": "#/properties/database/properties/root", + "type": "object", + "title": "The root schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + { + "user": "", + "password": "" + } + ], + "required": [ + "user", + "password" + ], + "properties": { + "user": { + "$id": "#/properties/database/properties/root/properties/user", + "type": "string", + "title": "The user schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "" + ] + }, + "password": { + "$id": "#/properties/database/properties/root/properties/password", + "type": "string", + "title": "The password schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "" + ] + } + }, + "additionalProperties": true + } + }, + "additionalProperties": true + }, + "search": { + "$id": "#/properties/search", + "type": "object", + "title": "The search schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + { + "engine": "elasticsearch", + "protocol": "http", + "host": "", + "port": 9200 + } + ], + "required": [ + "engine", + "protocol", + "host", + "port" + ], + "properties": { + "engine": { + "$id": "#/properties/search/properties/engine", + "type": "string", + "title": "The engine schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "elasticsearch" + ] + }, + "protocol": { + "$id": "#/properties/search/properties/protocol", + "type": "string", + "title": "The protocol schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "http" + ] + }, + "host": { + "$id": "#/properties/search/properties/host", + "type": "string", + "title": "The host schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "" + ] + }, + "port": { + "$id": "#/properties/search/properties/port", + "type": "integer", + "title": "The port schema", + "description": "An explanation about the purpose of this instance.", + "default": 0, + "examples": [ + 9200 + ] + } + }, + "additionalProperties": true + }, + "app": { + "$id": "#/properties/app", + "type": "object", + "title": "The app schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + { + "memory": "256M", + "runtimeMode": "development" + } + ], + "required": [ + "memory", + "runtimeMode" + ], + "properties": { + "memory": { + "$id": "#/properties/app/properties/memory", + "type": "string", + "title": "The memory schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "256M" + ] + }, + "runtimeMode": { + "$id": "#/properties/app/properties/runtimeMode", + "type": "string", + "title": "The runtimeMode schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "development" + ] + } + }, + "additionalProperties": true + }, + "environment": { + "$id": "#/properties/environment", + "type": "array", + "title": "The environment schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + {} + ], + "required": [], + "additionalProperties": true + }, + "kickstart": { + "$id": "#/properties/kickstart", + "type": "object", + "title": "The kickstart schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + { + "enabled": false, + "data": {} + } + ], + "required": [ + "enabled", + "data" + ], + "properties": { + "enabled": { + "$id": "#/properties/kickstart/properties/enabled", + "type": "boolean", + "title": "The enabled schema", + "description": "An explanation about the purpose of this instance.", + "default": false, + "examples": [ + false + ] + }, + "data": { + "$id": "#/properties/kickstart/properties/data", + "type": "object", + "title": "The data schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + {} + ], + "required": [], + "additionalProperties": true + } + }, + "additionalProperties": true + }, + "podDisruptionBudget": { + "$id": "#/properties/podDisruptionBudget", + "type": "object", + "title": "The podDisruptionBudget schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + { + "enabled": false + } + ], + "required": [ + "enabled" + ], + "properties": { + "enabled": { + "$id": "#/properties/podDisruptionBudget/properties/enabled", + "type": "boolean", + "title": "The enabled schema", + "description": "An explanation about the purpose of this instance.", + "default": false, + "examples": [ + false + ] + } + } + }, + "resources": { + "$id": "#/properties/resources", + "type": "object", + "title": "The resources schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + {} + ], + "required": [], + "additionalProperties": true + }, + "nodeSelector": { + "$id": "#/properties/nodeSelector", + "type": "object", + "title": "The nodeSelector schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + {} + ], + "required": [], + "additionalProperties": true + }, + "tolerations": { + "$id": "#/properties/tolerations", + "type": "array", + "title": "The tolerations schema", + "description": "An explanation about the purpose of this instance.", + "default": [], + "examples": [ + [] + ], + "additionalItems": true, + "items": { + "$id": "#/properties/tolerations/items" + } + }, + "affinity": { + "$id": "#/properties/affinity", + "type": "object", + "title": "The affinity schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + {} + ], + "required": [], + "additionalProperties": true + }, + "dnsConfig": { + "$id": "#/properties/dnsConfig", + "type": "object", + "title": "The dnsConfig schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + {} + ], + "required": [], + "additionalProperties": true + }, + "dnsPolicy": { + "$id": "#/properties/dnsPolicy", + "type": "string", + "title": "The dnsPolicy schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "ClusterFirst" + ] + }, + "annotations": { + "$id": "#/properties/annotations", + "type": "object", + "title": "The annotations schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + {} + ], + "required": [], + "additionalProperties": true + }, + "podAnnotations": { + "$id": "#/properties/podAnnotations", + "type": "object", + "title": "The podAnnotations schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + {} + ], + "required": [], + "additionalProperties": true + }, + "livenessProbe": { + "$id": "#/properties/livenessProbe", + "type": "object", + "title": "The livenessProbe schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + { + "httpGet": { + "path": "/", + "port": "http" + }, + "periodSeconds": 30 + } + ], + "required": [ + "httpGet", + "periodSeconds" + ], + "properties": { + "httpGet": { + "$id": "#/properties/livenessProbe/properties/httpGet", + "type": "object", + "title": "The httpGet schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + { + "path": "/", + "port": "http" + } + ], + "required": [ + "path", + "port" + ], + "properties": { + "path": { + "$id": "#/properties/livenessProbe/properties/httpGet/properties/path", + "type": "string", + "title": "The path schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "/" + ] + }, + "port": { + "$id": "#/properties/livenessProbe/properties/httpGet/properties/port", + "type": "string", + "title": "The port schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "http" + ] + } + }, + "additionalProperties": true + }, + "periodSeconds": { + "$id": "#/properties/livenessProbe/properties/periodSeconds", + "type": "integer", + "title": "The periodSeconds schema", + "description": "An explanation about the purpose of this instance.", + "default": 0, + "examples": [ + 30 + ] + } + }, + "additionalProperties": true + }, + "readinessProbe": { + "$id": "#/properties/readinessProbe", + "type": "object", + "title": "The readinessProbe schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + { + "httpGet": { + "path": "/", + "port": "http" + } + } + ], + "required": [ + "httpGet" + ], + "properties": { + "httpGet": { + "$id": "#/properties/readinessProbe/properties/httpGet", + "type": "object", + "title": "The httpGet schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + { + "path": "/", + "port": "http" + } + ], + "required": [ + "path", + "port" + ], + "properties": { + "path": { + "$id": "#/properties/readinessProbe/properties/httpGet/properties/path", + "type": "string", + "title": "The path schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "/" + ] + }, + "port": { + "$id": "#/properties/readinessProbe/properties/httpGet/properties/port", + "type": "string", + "title": "The port schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "http" + ] + } + }, + "additionalProperties": true + } + }, + "additionalProperties": true + }, + "startupProbe": { + "$id": "#/properties/startupProbe", + "type": "object", + "title": "The startupProbe schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + { + "httpGet": { + "path": "/", + "port": "http" + }, + "failureThreshold": 20, + "periodSeconds": 10 + } + ], + "required": [ + "httpGet", + "failureThreshold", + "periodSeconds" + ], + "properties": { + "httpGet": { + "$id": "#/properties/startupProbe/properties/httpGet", + "type": "object", + "title": "The httpGet schema", + "description": "An explanation about the purpose of this instance.", + "default": {}, + "examples": [ + { + "path": "/", + "port": "http" + } + ], + "required": [ + "path", + "port" + ], + "properties": { + "path": { + "$id": "#/properties/startupProbe/properties/httpGet/properties/path", + "type": "string", + "title": "The path schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "/" + ] + }, + "port": { + "$id": "#/properties/startupProbe/properties/httpGet/properties/port", + "type": "string", + "title": "The port schema", + "description": "An explanation about the purpose of this instance.", + "default": "", + "examples": [ + "http" + ] + } + }, + "additionalProperties": true + }, + "failureThreshold": { + "$id": "#/properties/startupProbe/properties/failureThreshold", + "type": "integer", + "title": "The failureThreshold schema", + "description": "An explanation about the purpose of this instance.", + "default": 0, + "examples": [ + 20 + ] + }, + "periodSeconds": { + "$id": "#/properties/startupProbe/properties/periodSeconds", + "type": "integer", + "title": "The periodSeconds schema", + "description": "An explanation about the purpose of this instance.", + "default": 0, + "examples": [ + 10 + ] + } + }, + "additionalProperties": true + } + }, + "additionalProperties": true +} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/gql/Chart.yaml b/kubernetes/helm_charts/core/gql/Chart.yaml new file mode 100644 index 0000000000..b245515254 --- /dev/null +++ b/kubernetes/helm_charts/core/gql/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +name: gql +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 1.16.0 + diff --git a/kubernetes/helm_charts/core/gql/templates/deployment.yaml b/kubernetes/helm_charts/core/gql/templates/deployment.yaml new file mode 100644 index 0000000000..ca84526805 --- /dev/null +++ b/kubernetes/helm_charts/core/gql/templates/deployment.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: {{ .Values.namespace }} + annotations: + reloader.stakater.com/auto: "true" +spec: + replicas: {{ .Values.replicaCount }} + strategy: + rollingUpdate: + maxSurge: {{ .Values.strategy.maxsurge }} + maxUnavailable: {{ .Values.strategy.maxunavailable }} + selector: + matchLabels: + app: {{ .Chart.Name }} + template: + metadata: + labels: + app: {{ .Chart.Name }} + spec: +{{- if .Values.imagepullsecrets }} + imagePullSecrets: + - name: {{ .Values.imagepullsecrets }} +{{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.dockerhub }}/{{ .Values.repository }}:{{ .Values.image_tag }}" + imagePullPolicy: Always + env: + - name: JAVA_OPTIONS + value: {{ .Values.env.javaoptions | quote }} + envFrom: + - configMapRef: + name: {{ .Chart.Name }}-config + resources: +{{ toYaml .Values.resources | indent 10 }} + ports: + - containerPort: {{ .Values.network.port }} + {{- if .Values.healthcheck }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + {{- end }} + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }}-service + namespace: {{ .Values.namespace }} + labels: + app: {{ .Chart.Name }} +spec: + ports: + - name: http-{{ .Chart.Name }} + protocol: TCP + port: {{ .Values.network.targetport }} + selector: + app: {{ .Chart.Name }} diff --git a/kubernetes/helm_charts/core/gql/templates/hpa.yaml b/kubernetes/helm_charts/core/gql/templates/hpa.yaml new file mode 100644 index 0000000000..0fef8ca0e7 --- /dev/null +++ b/kubernetes/helm_charts/core/gql/templates/hpa.yaml @@ -0,0 +1,27 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Chart.Name }} + namespace: {{ .Values.namespace }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Chart.Name }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/gql/values.j2 b/kubernetes/helm_charts/core/gql/values.j2 new file mode 100644 index 0000000000..2c6afc59ae --- /dev/null +++ b/kubernetes/helm_charts/core/gql/values.j2 @@ -0,0 +1,33 @@ +### Default variable file for cert-service ### + +namespace: {{ namespace }} +imagepullsecrets: {{ imagepullsecrets }} +dockerhub: {{ dockerhub }} + +env: + javaoptions: {{gql_java_mem_limit|default('-Xmx600m')}} + +replicaCount: {{gql_replicacount|default(1)}} +repository: {{gql_repository|default('graphql-engine')}} +image_tag: {{image_tag}} +resources: + requests: + cpu: {{gql_cpu_req|default('100m')}} + memory: {{gql_mem_req|default('100Mi')}} + limits: + cpu: {{gql_cpu_limit|default('1')}} + memory: {{gql_mem_limit|default('1024Mi')}} +network: + port: 8080 + targetport: 8080 +strategy: + type: RollingUpdate + maxsurge: {{ gql_maxsurge|default('25%') }} + maxunavailable: {{ gql_maxunavailable|default('25%') }} + +autoscaling: + enabled: {{ gql_autoscaling_enabled | default('false') }} + minReplicas: {{ gql_autoscaling_minReplicas|default(1) }} + maxReplicas: {{ gql_autoscaling_maxReplicas|default(2) }} + targetCPUUtilizationPercentage: {{ gql_autoscaling_targetCPUUtilizationPercentage|default(60) }} + targetMemoryUtilizationPercentage: {{ gql_autoscaling_targetMemoryUtilizationPercentage|default('') }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/inbound/Chart.yaml b/kubernetes/helm_charts/core/inbound/Chart.yaml new file mode 100644 index 0000000000..f65a898131 --- /dev/null +++ b/kubernetes/helm_charts/core/inbound/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: inbound +version: 0.1.0 diff --git a/kubernetes/helm_charts/core/inbound/templates/deployment.yaml b/kubernetes/helm_charts/core/inbound/templates/deployment.yaml new file mode 100644 index 0000000000..ca84526805 --- /dev/null +++ b/kubernetes/helm_charts/core/inbound/templates/deployment.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: {{ .Values.namespace }} + annotations: + reloader.stakater.com/auto: "true" +spec: + replicas: {{ .Values.replicaCount }} + strategy: + rollingUpdate: + maxSurge: {{ .Values.strategy.maxsurge }} + maxUnavailable: {{ .Values.strategy.maxunavailable }} + selector: + matchLabels: + app: {{ .Chart.Name }} + template: + metadata: + labels: + app: {{ .Chart.Name }} + spec: +{{- if .Values.imagepullsecrets }} + imagePullSecrets: + - name: {{ .Values.imagepullsecrets }} +{{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.dockerhub }}/{{ .Values.repository }}:{{ .Values.image_tag }}" + imagePullPolicy: Always + env: + - name: JAVA_OPTIONS + value: {{ .Values.env.javaoptions | quote }} + envFrom: + - configMapRef: + name: {{ .Chart.Name }}-config + resources: +{{ toYaml .Values.resources | indent 10 }} + ports: + - containerPort: {{ .Values.network.port }} + {{- if .Values.healthcheck }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + {{- end }} + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }}-service + namespace: {{ .Values.namespace }} + labels: + app: {{ .Chart.Name }} +spec: + ports: + - name: http-{{ .Chart.Name }} + protocol: TCP + port: {{ .Values.network.targetport }} + selector: + app: {{ .Chart.Name }} diff --git a/kubernetes/helm_charts/core/inbound/templates/hpa.yaml b/kubernetes/helm_charts/core/inbound/templates/hpa.yaml new file mode 100644 index 0000000000..0fef8ca0e7 --- /dev/null +++ b/kubernetes/helm_charts/core/inbound/templates/hpa.yaml @@ -0,0 +1,27 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Chart.Name }} + namespace: {{ .Values.namespace }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Chart.Name }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/inbound/values.j2 b/kubernetes/helm_charts/core/inbound/values.j2 new file mode 100644 index 0000000000..3e05115ba2 --- /dev/null +++ b/kubernetes/helm_charts/core/inbound/values.j2 @@ -0,0 +1,35 @@ +### Default variable file for cert-service ### + +namespace: {{ namespace }} +imagepullsecrets: {{ imagepullsecrets }} +dockerhub: {{ dockerhub }} + +env: + javaoptions: {{uci_inbound_java_mem_limit|default('-Xmx600m')}} + +replicaCount: {{uci_inbound_replicacount|default(1)}} +repository: {{uci_inbound_repository|default('uci-inbound')}} +image_tag: {{ image_tag }} +resources: + requests: + cpu: {{uci_inbound_cpu_req|default('100m')}} + memory: {{uci_inbound_mem_req|default('100Mi')}} + limits: + cpu: {{uci_inbound_cpu_limit|default('1')}} + memory: {{uci_inbound_mem_limit|default('1024Mi')}} +network: + port: 8085 + targetport: 8085 +strategy: + type: RollingUpdate + maxsurge: {{ uci_inbound_maxsurge|default('25%') }} + maxunavailable: {{ uci_inbound_maxunavailable|default('25%') }} + +{{ uci_inbound_liveness_readiness | to_nice_yaml }} + +autoscaling: + enabled: {{ uci_inbound_autoscaling_enabled | default('false') }} + minReplicas: {{ uci_inbound_autoscaling_minReplicas|default(1) }} + maxReplicas: {{ uci_inbound_autoscaling_maxReplicas|default(2) }} + targetCPUUtilizationPercentage: {{ uci_inbound_autoscaling_targetCPUUtilizationPercentage|default(60) }} + targetMemoryUtilizationPercentage: {{ uci_inbound_autoscaling_targetMemoryUtilizationPercentage|default('') }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml index a82ff22b72..522767d8ce 100644 --- a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml +++ b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml @@ -147,6 +147,46 @@ data: rewrite ^/dial/(.*) /$1 break; proxy_pass $target; } + location /inbound-service/ { + set $target http://inbound-service.{{ .Values.namespace }}.svc.cluster.local:8085; + rewrite ^/inbound-service/(.*) /$1 break; + proxy_pass $target; + } + location /outbound-service/ { + set $target http://outbound-service.{{ .Values.namespace }}.svc.cluster.local:9090; + rewrite ^/outbound-service/(.*) /$1 break; + proxy_pass $target; + } + location /orchestrator-service/ { + set $target http://orchestrator-service.{{ .Values.namespace }}.svc.cluster.local:8686; + rewrite ^/orchestrator-service/(.*) /$1 break; + proxy_pass $target; + } + location /transformer-service/ { + set $target http://transformer-service.{{ .Values.namespace }}.svc.cluster.local:9091; + rewrite ^/transformer-service/(.*) /$1 break; + proxy_pass $target; + } + location /federation-service/ { + set $target http://federation-service.{{ .Values.namespace }}.svc.cluster.local:9999; + rewrite ^/federation-service/(.*) /$1 break; + proxy_pass $target; + } + location /gql-service/ { + set $target http://gql-service.{{ .Values.namespace }}.svc.cluster.local:8080; + rewrite ^/odk-service/(.*) /$1 break; + proxy_pass $target; + } + location /fusionauth-service/ { + set $target http://fusionauth-service.{{ .Values.namespace }}.svc.cluster.local:9011; + rewrite ^/odk-service/(.*) /$1 break; + proxy_pass $target; + } + location /odk-service/ { + set $target http://odk-service.{{ .Values.namespace }}.svc.cluster.local:8080; + rewrite ^/odk-service/(.*) /$1 break; + proxy_pass $target; + } } } kind: ConfigMap diff --git a/kubernetes/helm_charts/core/odk/Chart.yaml b/kubernetes/helm_charts/core/odk/Chart.yaml new file mode 100644 index 0000000000..026af85670 --- /dev/null +++ b/kubernetes/helm_charts/core/odk/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: odk +version: 0.1.0 \ No newline at end of file diff --git a/kubernetes/helm_charts/core/odk/templates/deployment.yaml b/kubernetes/helm_charts/core/odk/templates/deployment.yaml new file mode 100644 index 0000000000..d4badb8f3f --- /dev/null +++ b/kubernetes/helm_charts/core/odk/templates/deployment.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: {{ .Values.namespace }} + annotations: + reloader.stakater.com/auto: "true" +spec: + replicas: {{ .Values.replicaCount }} + strategy: + rollingUpdate: + maxSurge: {{ .Values.strategy.maxsurge }} + maxUnavailable: {{ .Values.strategy.maxunavailable }} + selector: + matchLabels: + app: {{ .Chart.Name }} + template: + metadata: + labels: + app: {{ .Chart.Name }} + spec: +{{- if .Values.imagepullsecrets }} + imagePullSecrets: + - name: {{ .Values.imagepullsecrets }} +{{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.dockerhub }}/{{ .Values.repository }}:{{ .Values.image_tag }}" + imagePullPolicy: Always + env: + - name: JAVA_OPTIONS + value: {{ .Values.env.javaoptions | quote }} + envFrom: + - configMapRef: + name: {{ .Chart.Name }}-config + resources: +{{ toYaml .Values.resources | indent 10 }} + ports: + - containerPort: {{ .Values.network.port }} + {{- if .Values.healthcheck }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + {{- end }} + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }}-service + namespace: {{ .Values.namespace }} + labels: + app: {{ .Chart.Name }} +spec: + ports: + - name: http-{{ .Chart.Name }} + protocol: TCP + port: {{ .Values.network.targetport }} + selector: + app: {{ .Chart.Name }} diff --git a/kubernetes/helm_charts/core/odk/templates/hpa.yaml b/kubernetes/helm_charts/core/odk/templates/hpa.yaml new file mode 100644 index 0000000000..0fef8ca0e7 --- /dev/null +++ b/kubernetes/helm_charts/core/odk/templates/hpa.yaml @@ -0,0 +1,27 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Chart.Name }} + namespace: {{ .Values.namespace }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Chart.Name }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/odk/values.j2 b/kubernetes/helm_charts/core/odk/values.j2 new file mode 100644 index 0000000000..50349ab314 --- /dev/null +++ b/kubernetes/helm_charts/core/odk/values.j2 @@ -0,0 +1,35 @@ +### Default variable file for cert-service ### + +namespace: {{ namespace }} +imagepullsecrets: {{ imagepullsecrets }} +dockerhub: {{ dockerhub }} + +env: + javaoptions: {{uci_odk_java_mem_limit|default('-Xmx600m')}} + +replicaCount: {{uci_odk_replicacount|default(1)}} +repository: {{uci_odk_repository|default('odk')}} +image_tag: {{ image_tag }} +resources: + requests: + cpu: {{uci_odk_cpu_req|default('100m')}} + memory: {{uci_odk_mem_req|default('100Mi')}} + limits: + cpu: {{uci_odk_cpu_limit|default('1')}} + memory: {{uci_odk_mem_limit|default('1024Mi')}} +network: + port: 8080 + targetport: 8080 +strategy: + type: RollingUpdate + maxsurge: {{ uci_odk_maxsurge|default('25%') }} + maxunavailable: {{ uci_odk_maxunavailable|default('25%') }} + +{{ uci_odk_liveness_readiness | to_nice_yaml }} + +autoscaling: + enabled: {{ uci_odk_autoscaling_enabled | default('false') }} + minReplicas: {{ uci_odk_autoscaling_minReplicas|default(1) }} + maxReplicas: {{ uci_odk_autoscaling_maxReplicas|default(2) }} + targetCPUUtilizationPercentage: {{ uci_odk_autoscaling_targetCPUUtilizationPercentage|default(60) }} + targetMemoryUtilizationPercentage: {{ uci_odk_autoscaling_targetMemoryUtilizationPercentage|default('') }} diff --git a/kubernetes/helm_charts/core/orchestrator/Chart.yaml b/kubernetes/helm_charts/core/orchestrator/Chart.yaml new file mode 100644 index 0000000000..b871d0f8e0 --- /dev/null +++ b/kubernetes/helm_charts/core/orchestrator/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: orchestrator +version: 0.1.0 diff --git a/kubernetes/helm_charts/core/orchestrator/templates/deployment.yaml b/kubernetes/helm_charts/core/orchestrator/templates/deployment.yaml new file mode 100644 index 0000000000..d4badb8f3f --- /dev/null +++ b/kubernetes/helm_charts/core/orchestrator/templates/deployment.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: {{ .Values.namespace }} + annotations: + reloader.stakater.com/auto: "true" +spec: + replicas: {{ .Values.replicaCount }} + strategy: + rollingUpdate: + maxSurge: {{ .Values.strategy.maxsurge }} + maxUnavailable: {{ .Values.strategy.maxunavailable }} + selector: + matchLabels: + app: {{ .Chart.Name }} + template: + metadata: + labels: + app: {{ .Chart.Name }} + spec: +{{- if .Values.imagepullsecrets }} + imagePullSecrets: + - name: {{ .Values.imagepullsecrets }} +{{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.dockerhub }}/{{ .Values.repository }}:{{ .Values.image_tag }}" + imagePullPolicy: Always + env: + - name: JAVA_OPTIONS + value: {{ .Values.env.javaoptions | quote }} + envFrom: + - configMapRef: + name: {{ .Chart.Name }}-config + resources: +{{ toYaml .Values.resources | indent 10 }} + ports: + - containerPort: {{ .Values.network.port }} + {{- if .Values.healthcheck }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + {{- end }} + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }}-service + namespace: {{ .Values.namespace }} + labels: + app: {{ .Chart.Name }} +spec: + ports: + - name: http-{{ .Chart.Name }} + protocol: TCP + port: {{ .Values.network.targetport }} + selector: + app: {{ .Chart.Name }} diff --git a/kubernetes/helm_charts/core/orchestrator/templates/hpa.yaml b/kubernetes/helm_charts/core/orchestrator/templates/hpa.yaml new file mode 100644 index 0000000000..0fef8ca0e7 --- /dev/null +++ b/kubernetes/helm_charts/core/orchestrator/templates/hpa.yaml @@ -0,0 +1,27 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Chart.Name }} + namespace: {{ .Values.namespace }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Chart.Name }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/orchestrator/values.j2 b/kubernetes/helm_charts/core/orchestrator/values.j2 new file mode 100644 index 0000000000..e81f861854 --- /dev/null +++ b/kubernetes/helm_charts/core/orchestrator/values.j2 @@ -0,0 +1,35 @@ +### Default variable file for cert-service ### + +namespace: {{ namespace }} +imagepullsecrets: {{ imagepullsecrets }} +dockerhub: {{ dockerhub }} + +env: + javaoptions: {{uci_orchestrator_java_mem_limit|default('-Xmx600m')}} + +replicaCount: {{uci_orchestrator_replicacount|default(1)}} +repository: {{uci_orchestrator_repository|default('uci-orchestrator')}} +image_tag: {{ image_tag }} +resources: + requests: + cpu: {{uci_orchestrator_cpu_req|default('100m')}} + memory: {{uci_orchestrator_mem_req|default('100Mi')}} + limits: + cpu: {{uci_orchestrator_cpu_limit|default('1')}} + memory: {{uci_orchestrator_mem_limit|default('1024Mi')}} +network: + port: 8686 + targetport: 8686 +strategy: + type: RollingUpdate + maxsurge: {{ uci_orchestrator_maxsurge|default('25%') }} + maxunavailable: {{ uci_orchestrator_maxunavailable|default('25%') }} + +{{ uci_orchestrator_liveness_readiness | to_nice_yaml }} + +autoscaling: + enabled: {{ uci_orchestrator_autoscaling_enabled | default('false') }} + minReplicas: {{ uci_orchestrator_autoscaling_minReplicas|default(1) }} + maxReplicas: {{ uci_orchestrator_autoscaling_maxReplicas|default(2) }} + targetCPUUtilizationPercentage: {{ uci_orchestrator_autoscaling_targetCPUUtilizationPercentage|default(60) }} + targetMemoryUtilizationPercentage: {{ uci_orchestrator_autoscaling_targetMemoryUtilizationPercentage|default('') }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/outbound/Chart.yaml b/kubernetes/helm_charts/core/outbound/Chart.yaml new file mode 100644 index 0000000000..d513ba19d1 --- /dev/null +++ b/kubernetes/helm_charts/core/outbound/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: outbound +version: 0.1.0 \ No newline at end of file diff --git a/kubernetes/helm_charts/core/outbound/templates/deployment.yaml b/kubernetes/helm_charts/core/outbound/templates/deployment.yaml new file mode 100644 index 0000000000..7a8aa896d8 --- /dev/null +++ b/kubernetes/helm_charts/core/outbound/templates/deployment.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: {{ .Values.namespace }} + annotations: + reloader.stakater.com/auto: "true" +spec: + replicas: {{ .Values.replicaCount }} + strategy: + rollingUpdate: + maxSurge: {{ .Values.strategy.maxsurge }} + maxUnavailable: {{ .Values.strategy.maxunavailable }} + selector: + matchLabels: + app: {{ .Chart.Name }} + template: + metadata: + labels: + app: {{ .Chart.Name }} + spec: +{{- if .Values.imagepullsecrets }} + imagePullSecrets: + - name: {{ .Values.imagepullsecrets }} +{{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.dockerhub }}/{{ .Values.repository }}:{{ .Values.image_tag }}" + imagePullPolicy: Always + env: + - name: JAVA_OPTIONS + value: {{ .Values.env.javaoptions | quote }} + envFrom: + - configMapRef: + name: {{ .Chart.Name }}-config + resources: +{{ toYaml .Values.resources | indent 10 }} + ports: + - containerPort: {{ .Values.network.port }} + {{- if .Values.healthcheck }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + {{- end }} + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }}-service + namespace: {{ .Values.namespace }} + labels: + app: {{ .Chart.Name }} +spec: + ports: + - name: http-{{ .Chart.Name }} + protocol: TCP + port: {{ .Values.network.targetport }} + selector: + app: {{ .Chart.Name }} diff --git a/kubernetes/helm_charts/core/outbound/templates/hpa.yaml b/kubernetes/helm_charts/core/outbound/templates/hpa.yaml new file mode 100644 index 0000000000..0fef8ca0e7 --- /dev/null +++ b/kubernetes/helm_charts/core/outbound/templates/hpa.yaml @@ -0,0 +1,27 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Chart.Name }} + namespace: {{ .Values.namespace }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Chart.Name }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/outbound/values.j2 b/kubernetes/helm_charts/core/outbound/values.j2 new file mode 100644 index 0000000000..56ff5078c0 --- /dev/null +++ b/kubernetes/helm_charts/core/outbound/values.j2 @@ -0,0 +1,35 @@ +### Default variable file for cert-service ### + +namespace: {{ namespace }} +imagepullsecrets: {{ imagepullsecrets }} +dockerhub: {{ dockerhub }} + +env: + javaoptions: {{uci_outbound_java_mem_limit|default('-Xmx600m')}} + +replicaCount: {{uci_outbound_replicacount|default(1)}} +repository: {{uci_outbound_repository|default('uci-outbound')}} +image_tag: {{ image_tag }} +resources: + requests: + cpu: {{uci_outbound_cpu_req|default('100m')}} + memory: {{uci_outbound_mem_req|default('100Mi')}} + limits: + cpu: {{uci_outbound_cpu_limit|default('1')}} + memory: {{uci_outbound_mem_limit|default('1024Mi')}} +network: + port: 9090 + targetport: 9090 +strategy: + type: RollingUpdate + maxsurge: {{ uci_outbound_maxsurge|default('25%') }} + maxunavailable: {{ uci_outbound_maxunavailable|default('25%') }} + +{{ uci_outbound_liveness_readiness | to_nice_yaml }} + +autoscaling: + enabled: {{ uci_outbound_autoscaling_enabled | default('false') }} + minReplicas: {{ uci_outbound_autoscaling_minReplicas|default(1) }} + maxReplicas: {{ uci_outbound_autoscaling_maxReplicas|default(2) }} + targetCPUUtilizationPercentage: {{ uci_outbound_autoscaling_targetCPUUtilizationPercentage|default(60) }} + targetMemoryUtilizationPercentage: {{ uci_outbound_autoscaling_targetMemoryUtilizationPercentage|default('') }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/transformer/Chart.yaml b/kubernetes/helm_charts/core/transformer/Chart.yaml new file mode 100644 index 0000000000..eb49765656 --- /dev/null +++ b/kubernetes/helm_charts/core/transformer/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: transformer +version: 0.1.0 diff --git a/kubernetes/helm_charts/core/transformer/templates/deployment.yaml b/kubernetes/helm_charts/core/transformer/templates/deployment.yaml new file mode 100644 index 0000000000..0d6eb27e36 --- /dev/null +++ b/kubernetes/helm_charts/core/transformer/templates/deployment.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: {{ .Values.namespace }} + annotations: + reloader.stakater.com/auto: "true" +spec: + replicas: {{ .Values.replicaCount }} + strategy: + rollingUpdate: + maxSurge: {{ .Values.strategy.maxsurge }} + maxUnavailable: {{ .Values.strategy.maxunavailable }} + selector: + matchLabels: + app: {{ .Chart.Name }} + template: + metadata: + labels: + app: {{ .Chart.Name }} + spec: +{{- if .Values.imagepullsecrets }} + imagePullSecrets: + - name: {{ .Values.imagepullsecrets }} +{{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.dockerhub }}/{{ .Values.repository }}:{{ .Values.image_tag }}" + imagePullPolicy: Always + env: + - name: JAVA_OPTIONS + value: {{ .Values.env.javaoptions | quote }} + envFrom: + - configMapRef: + name: {{ .Chart.Name }}-config + resources: +{{ toYaml .Values.resources | indent 10 }} + ports: + - containerPort: {{ .Values.network.port }} + {{- if .Values.healthcheck }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + {{- end }} + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }}-service + namespace: {{ .Values.namespace }} + labels: + app: {{ .Chart.Name }} +spec: + ports: + - name: http-{{ .Chart.Name }} + protocol: TCP + port: {{ .Values.network.targetport }} + selector: + app: {{ .Chart.Name }} diff --git a/kubernetes/helm_charts/core/transformer/templates/hpa.yaml b/kubernetes/helm_charts/core/transformer/templates/hpa.yaml new file mode 100644 index 0000000000..0fef8ca0e7 --- /dev/null +++ b/kubernetes/helm_charts/core/transformer/templates/hpa.yaml @@ -0,0 +1,27 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Chart.Name }} + namespace: {{ .Values.namespace }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Chart.Name }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/transformer/values.j2 b/kubernetes/helm_charts/core/transformer/values.j2 new file mode 100644 index 0000000000..94389eb040 --- /dev/null +++ b/kubernetes/helm_charts/core/transformer/values.j2 @@ -0,0 +1,35 @@ +### Default variable file for cert-service ### + +namespace: {{ namespace }} +imagepullsecrets: {{ imagepullsecrets }} +dockerhub: {{ dockerhub }} + +env: + javaoptions: {{uci_transformer_java_mem_limit|default('-Xmx600m')}} + +replicaCount: {{uci_transformer_replicacount|default(1)}} +repository: {{uci_transformer_repository|default('uci-transformer')}} +image_tag: {{ image_tag }} +resources: + requests: + cpu: {{uci_transformer_cpu_req|default('100m')}} + memory: {{uci_transformer_mem_req|default('100Mi')}} + limits: + cpu: {{uci_transformer_cpu_limit|default('1')}} + memory: {{uci_transformer_mem_limit|default('1024Mi')}} +network: + port: 9091 + targetport: 9091 +strategy: + type: RollingUpdate + maxsurge: {{ uci_transformer_maxsurge|default('25%') }} + maxunavailable: {{ uci_transformer_maxunavailable|default('25%') }} + +{{ uci_transformer_liveness_readiness | to_nice_yaml }} + +autoscaling: + enabled: {{ uci_transformer_autoscaling_enabled | default('false') }} + minReplicas: {{ uci_transformer_autoscaling_minReplicas|default(1) }} + maxReplicas: {{ uci_transformer_autoscaling_maxReplicas|default(2) }} + targetCPUUtilizationPercentage: {{ uci_transformer_autoscaling_targetCPUUtilizationPercentage|default(60) }} + targetMemoryUtilizationPercentage: {{ uci_transformer_autoscaling_targetMemoryUtilizationPercentage|default('') }} diff --git a/kubernetes/helm_charts/core/uci/Chart.yaml b/kubernetes/helm_charts/core/uci/Chart.yaml new file mode 100644 index 0000000000..67d59fe1a8 --- /dev/null +++ b/kubernetes/helm_charts/core/uci/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: uci +version: 0.1.0 diff --git a/kubernetes/helm_charts/core/uci/templates/deployment.yaml b/kubernetes/helm_charts/core/uci/templates/deployment.yaml new file mode 100644 index 0000000000..ca84526805 --- /dev/null +++ b/kubernetes/helm_charts/core/uci/templates/deployment.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: {{ .Values.namespace }} + annotations: + reloader.stakater.com/auto: "true" +spec: + replicas: {{ .Values.replicaCount }} + strategy: + rollingUpdate: + maxSurge: {{ .Values.strategy.maxsurge }} + maxUnavailable: {{ .Values.strategy.maxunavailable }} + selector: + matchLabels: + app: {{ .Chart.Name }} + template: + metadata: + labels: + app: {{ .Chart.Name }} + spec: +{{- if .Values.imagepullsecrets }} + imagePullSecrets: + - name: {{ .Values.imagepullsecrets }} +{{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.dockerhub }}/{{ .Values.repository }}:{{ .Values.image_tag }}" + imagePullPolicy: Always + env: + - name: JAVA_OPTIONS + value: {{ .Values.env.javaoptions | quote }} + envFrom: + - configMapRef: + name: {{ .Chart.Name }}-config + resources: +{{ toYaml .Values.resources | indent 10 }} + ports: + - containerPort: {{ .Values.network.port }} + {{- if .Values.healthcheck }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + {{- end }} + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }}-service + namespace: {{ .Values.namespace }} + labels: + app: {{ .Chart.Name }} +spec: + ports: + - name: http-{{ .Chart.Name }} + protocol: TCP + port: {{ .Values.network.targetport }} + selector: + app: {{ .Chart.Name }} diff --git a/kubernetes/helm_charts/core/uci/templates/hpa.yaml b/kubernetes/helm_charts/core/uci/templates/hpa.yaml new file mode 100644 index 0000000000..0fef8ca0e7 --- /dev/null +++ b/kubernetes/helm_charts/core/uci/templates/hpa.yaml @@ -0,0 +1,27 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Chart.Name }} + namespace: {{ .Values.namespace }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Chart.Name }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/uci/values.j2 b/kubernetes/helm_charts/core/uci/values.j2 new file mode 100644 index 0000000000..935f3fe55a --- /dev/null +++ b/kubernetes/helm_charts/core/uci/values.j2 @@ -0,0 +1,35 @@ +### Default variable file for cert-service ### + +namespace: {{ namespace }} +imagepullsecrets: {{ imagepullsecrets }} +dockerhub: {{ dockerhub }} + +env: + javaoptions: {{uci_java_mem_limit|default('-Xmx600m')}} + +replicaCount: {{uci_replicacount|default(1)}} +repository: {{uci_repository|default('uci')}} +image_tag: {{ image_tag }} +resources: + requests: + cpu: {{uci_cpu_req|default('100m')}} + memory: {{uci_mem_req|default('100Mi')}} + limits: + cpu: {{uci_cpu_limit|default('1')}} + memory: {{uci_mem_limit|default('1024Mi')}} +network: + port: 9999 + targetport: 9999 +strategy: + type: RollingUpdate + maxsurge: {{ uci_maxsurge|default('25%') }} + maxunavailable: {{ uci_maxunavailable|default('25%') }} + +{{ uci_liveness_readiness | to_nice_yaml }} + +autoscaling: + enabled: {{ uci_autoscaling_enabled | default('false') }} + minReplicas: {{ uci_autoscaling_minReplicas|default(1) }} + maxReplicas: {{ uci_autoscaling_maxReplicas|default(2) }} + targetCPUUtilizationPercentage: {{ uci_autoscaling_targetCPUUtilizationPercentage|default(60) }} + targetMemoryUtilizationPercentage: {{ uci_autoscaling_targetMemoryUtilizationPercentage|default('') }} diff --git a/kubernetes/helm_charts/monitoring/dashboards/dashboards/kp-flink-jobs-metrics-dashboard.json b/kubernetes/helm_charts/monitoring/dashboards/dashboards/kp-flink-jobs-metrics-dashboard.json index e56f29f69f..05e7f87c87 100644 --- a/kubernetes/helm_charts/monitoring/dashboards/dashboards/kp-flink-jobs-metrics-dashboard.json +++ b/kubernetes/helm_charts/monitoring/dashboards/dashboards/kp-flink-jobs-metrics-dashboard.json @@ -15,6 +15,7 @@ "editable": true, "gnetId": null, "graphTooltip": 0, + "id": 55, "links": [], "panels": [ { @@ -1380,7 +1381,7 @@ "h": 4, "w": 6, "x": 0, - "y": 23 + "y": 2 }, "id": 113, "interval": null, @@ -1471,7 +1472,7 @@ "h": 4, "w": 6, "x": 6, - "y": 23 + "y": 2 }, "id": 114, "interval": null, @@ -1562,7 +1563,7 @@ "h": 4, "w": 6, "x": 12, - "y": 23 + "y": 2 }, "id": 117, "interval": null, @@ -1653,7 +1654,7 @@ "h": 4, "w": 6, "x": 18, - "y": 23 + "y": 2 }, "id": 115, "interval": null, @@ -1744,7 +1745,7 @@ "h": 4, "w": 8, "x": 0, - "y": 27 + "y": 6 }, "id": 116, "interval": null, @@ -1835,7 +1836,7 @@ "h": 4, "w": 8, "x": 8, - "y": 27 + "y": 6 }, "id": 118, "interval": null, @@ -1926,7 +1927,7 @@ "h": 4, "w": 8, "x": 16, - "y": 27 + "y": 6 }, "id": 119, "interval": null, @@ -2017,7 +2018,7 @@ "h": 4, "w": 8, "x": 0, - "y": 31 + "y": 10 }, "id": 120, "interval": null, @@ -2108,7 +2109,7 @@ "h": 4, "w": 8, "x": 8, - "y": 31 + "y": 10 }, "id": 121, "interval": null, @@ -2199,7 +2200,7 @@ "h": 4, "w": 8, "x": 16, - "y": 31 + "y": 10 }, "id": 122, "interval": null, @@ -2285,7 +2286,7 @@ "h": 8, "w": 12, "x": 0, - "y": 35 + "y": 14 }, "hiddenSeries": false, "id": 125, @@ -2402,7 +2403,7 @@ "h": 8, "w": 12, "x": 12, - "y": 35 + "y": 14 }, "hiddenSeries": false, "id": 126, @@ -3574,7 +3575,7 @@ "thresholds": "", "timeFrom": null, "timeShift": null, - "title": "Dailcode Externla Success Events", + "title": "Dailcode External Success Events", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ @@ -7241,7 +7242,7 @@ "h": 4, "w": 6, "x": 0, - "y": 9 + "y": 32 }, "id": 158, "interval": null, @@ -7332,7 +7333,7 @@ "h": 4, "w": 6, "x": 6, - "y": 9 + "y": 32 }, "id": 160, "interval": null, @@ -7423,7 +7424,7 @@ "h": 4, "w": 6, "x": 12, - "y": 9 + "y": 32 }, "id": 161, "interval": null, @@ -7516,7 +7517,7 @@ "h": 4, "w": 6, "x": 18, - "y": 9 + "y": 32 }, "id": 159, "interval": null, @@ -7607,7 +7608,7 @@ "h": 4, "w": 6, "x": 0, - "y": 13 + "y": 36 }, "id": 162, "interval": null, @@ -7698,7 +7699,7 @@ "h": 4, "w": 6, "x": 6, - "y": 13 + "y": 36 }, "id": 166, "interval": null, @@ -7789,7 +7790,7 @@ "h": 4, "w": 6, "x": 12, - "y": 13 + "y": 36 }, "id": 164, "interval": null, @@ -7880,7 +7881,7 @@ "h": 4, "w": 6, "x": 18, - "y": 13 + "y": 36 }, "id": 165, "interval": null, @@ -7969,100 +7970,9 @@ }, "gridPos": { "h": 4, - "w": 8, + "w": 12, "x": 0, - "y": 17 - }, - "id": 167, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false, - "ymax": null, - "ymin": null - }, - "tableColumn": "DB Read Count", - "targets": [ - { - "expr": "sum(sum_over_time(flink_taskmanager_job_task_operator_enrolment_reconciliation_processed_enrolment_count[$__range]))", - "instant": true, - "interval": "", - "legendFormat": "DB Read Count", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Processed Enrolment Count", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "#73BF69", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Flink-Prometheus", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 8, - "y": 17 + "y": 40 }, "id": 169, "interval": null, @@ -8113,7 +8023,7 @@ "thresholds": "", "timeFrom": null, "timeShift": null, - "title": "Retired Consumption Events Count", + "title": "Retried Consumption Events Count", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ @@ -8151,9 +8061,9 @@ }, "gridPos": { "h": 4, - "w": 8, - "x": 16, - "y": 17 + "w": 12, + "x": 12, + "y": 40 }, "id": 163, "interval": null, @@ -8234,7 +8144,7 @@ "h": 8, "w": 12, "x": 0, - "y": 21 + "y": 44 }, "hiddenSeries": false, "id": 155, @@ -8346,7 +8256,7 @@ "h": 8, "w": 12, "x": 12, - "y": 21 + "y": 44 }, "hiddenSeries": false, "id": 157, @@ -8465,7 +8375,7 @@ "h": 4, "w": 6, "x": 0, - "y": 9 + "y": 53 }, "id": 172, "interval": null, @@ -8556,7 +8466,7 @@ "h": 4, "w": 6, "x": 6, - "y": 9 + "y": 53 }, "id": 173, "interval": null, @@ -8647,7 +8557,7 @@ "h": 4, "w": 6, "x": 12, - "y": 9 + "y": 53 }, "id": 174, "interval": null, @@ -8738,7 +8648,7 @@ "h": 4, "w": 6, "x": 18, - "y": 9 + "y": 53 }, "id": 175, "interval": null, @@ -8829,7 +8739,7 @@ "h": 4, "w": 8, "x": 0, - "y": 13 + "y": 57 }, "id": 178, "interval": null, @@ -8920,7 +8830,7 @@ "h": 4, "w": 8, "x": 8, - "y": 13 + "y": 57 }, "id": 179, "interval": null, @@ -9011,7 +8921,7 @@ "h": 4, "w": 8, "x": 16, - "y": 13 + "y": 57 }, "id": 180, "interval": null, @@ -9102,7 +9012,7 @@ "h": 4, "w": 8, "x": 0, - "y": 17 + "y": 61 }, "id": 181, "interval": null, @@ -9193,7 +9103,7 @@ "h": 4, "w": 8, "x": 8, - "y": 17 + "y": 61 }, "id": 182, "interval": null, @@ -9284,7 +9194,7 @@ "h": 4, "w": 8, "x": 16, - "y": 17 + "y": 61 }, "id": 183, "interval": null, @@ -9375,7 +9285,7 @@ "h": 3, "w": 24, "x": 0, - "y": 21 + "y": 65 }, "id": 184, "interval": null, @@ -9461,7 +9371,7 @@ "h": 8, "w": 12, "x": 0, - "y": 24 + "y": 68 }, "hiddenSeries": false, "id": 176, @@ -9578,7 +9488,7 @@ "h": 8, "w": 12, "x": 12, - "y": 24 + "y": 68 }, "hiddenSeries": false, "id": 177, @@ -10443,6 +10353,601 @@ ], "title": "Audit event generator", "type": "row" + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 196, + "panels": [], + "title": "Content Publish", + "type": "row" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "#73BF69", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "Flink-Prometheus", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 0, + "y": 11 + }, + "id": 197, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false, + "ymax": null, + "ymin": null + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(sum_over_time(flink_taskmanager_job_task_operator_content_publish_total_events_count[$__range]))", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Total Events", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "#73BF69", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "Flink-Prometheus", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 6, + "y": 11 + }, + "id": 199, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false, + "ymax": null, + "ymin": null + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(sum_over_time(flink_taskmanager_job_task_operator_content_publish_skipped_event_count[$__range]))", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Skipped Events", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "#73BF69", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "Flink-Prometheus", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 12, + "y": 11 + }, + "id": 201, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false, + "ymax": null, + "ymin": null + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(sum_over_time(flink_taskmanager_job_task_operator_content_publish_content_publish_success_count[$__range]))", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Total Success Events", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "#d44a3a", + "rgba(237, 129, 40, 0.89)", + "#73BF69" + ], + "datasource": "Flink-Prometheus", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 18, + "y": 11 + }, + "id": 202, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false, + "ymax": null, + "ymin": null + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(sum_over_time(flink_taskmanager_job_task_operator_content_publish_content_publish_failed_count[$__range])) + sum(sum_over_time(flink_taskmanager_job_task_operator_content_publish_content_publish_failed_count[$__range]))", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Total Failed Events", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "aliasColors": { + "Failed Events": "red", + "Skipped Events": "dark-purple", + "Success Events": "yellow", + "Total Events": "green" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Flink-Prometheus", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 15 + }, + "hiddenSeries": false, + "id": 204, + "legend": { + "avg": false, + "current": true, + "max": false, + "min": false, + "show": true, + "total": true, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(flink_taskmanager_job_task_operator_content_publish_content_publish_success_count)", + "instant": false, + "interval": "", + "legendFormat": "Success Events", + "refId": "A" + }, + { + "expr": "sum(flink_taskmanager_job_task_operator_content_publish_skipped_event_count)", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "Skipped Events", + "refId": "B" + }, + { + "expr": "sum(flink_taskmanager_job_task_operator_content_publish_content_publish_failed_count)", + "instant": false, + "interval": "", + "legendFormat": "Failed Events", + "refId": "C" + }, + { + "expr": "sum(flink_taskmanager_job_task_operator_content_publish_total_events_count)", + "instant": false, + "interval": "", + "legendFormat": "Total Events", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Content Publish", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Flink-Prometheus", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 15 + }, + "hiddenSeries": false, + "id": 206, + "legend": { + "avg": false, + "current": true, + "max": false, + "min": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(flink_taskmanager_job_task_operator_KafkaConsumer_records_lag_max { job = \"content-publish-taskmanager-prometheus\" })", + "instant": false, + "interval": "", + "legendFormat": "Consumer lag", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Content Publish Lag", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } } ], "refresh": false, diff --git a/kubernetes/pipelines/deploy_uci/Jenkinsfile b/kubernetes/pipelines/deploy_uci/Jenkinsfile new file mode 100644 index 0000000000..a6b6467bd8 --- /dev/null +++ b/kubernetes/pipelines/deploy_uci/Jenkinsfile @@ -0,0 +1,51 @@ +@Library('deploy-conf') _ +node() { + try { + String ANSI_GREEN = "\u001B[32m" + String ANSI_NORMAL = "\u001B[0m" + String ANSI_BOLD = "\u001B[1m" + String ANSI_RED = "\u001B[31m" + String ANSI_YELLOW = "\u001B[33m" + + stage('checkout public repo') { + folder = new File("$WORKSPACE/.git") + if (folder.exists()) + { + println "Found .git folder. Clearing it.." + sh'git clean -fxd' + } + checkout scm + } + + stage('deploy') { + envDir = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-3].trim() + module = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-2].trim() + jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() + values = [:] + values.put('env', envDir) + values.put('module', module) + values.put('jobName', jobName) + values.put('image_tag', params.image_tag) + values.put('image_name', params.image_name) + values.put('dockerhub', params.dockerhub_name) + jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim().toLowerCase() + currentWs = sh(returnStdout: true, script: 'pwd').trim() + ansiblePlaybook = "$currentWs/kubernetes/ansible/deploy_core_service.yml" + ansibleExtraArgs = "--extra-vars \"chart_path=${currentWs}/kubernetes/helm_charts/core/$jobName release_name=$jobName dockerhub=$values.dockerhub image_tag=$values.image_tag image_name=$values.image_name role_name=${params.role_name}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass -v" + values.put('currentWs', currentWs) + values.put('ansiblePlaybook', ansiblePlaybook) + values.put('ansibleExtraArgs', ansibleExtraArgs) + ansible_playbook_run(values) + currentBuild.description = "Image: ${values.image_tag}, Private: ${params.private_branch}, Public: ${params.branch_or_tag}" + } + summary() + } + catch (err) { + currentBuild.result = "FAILURE" + throw err + } + finally { + slack_notify(currentBuild.result) + email_notify() + } +} diff --git a/pipelines/deploy/mobile/Jenkinfile b/pipelines/deploy/mobile/Jenkinfile new file mode 100644 index 0000000000..6efeebc6b6 --- /dev/null +++ b/pipelines/deploy/mobile/Jenkinfile @@ -0,0 +1,61 @@ +@Library('deploy-conf') _ +node() { + try { + String ANSI_GREEN = "\u001B[32m" + String ANSI_NORMAL = "\u001B[0m" + String ANSI_BOLD = "\u001B[1m" + String ANSI_RED = "\u001B[31m" + String ANSI_YELLOW = "\u001B[33m" + stage('checkout public repo') { + folder = new File("$WORKSPACE/.git") + if (folder.exists()) + { + println "Found .git folder. Clearing it.." + sh'git clean -ffxd' + } + checkout scm + } + ansiColor('xterm') { + values = lp_dp_params() + currentWs = sh(returnStdout: true, script: 'pwd').trim() + envName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-3].trim().replace("-", ""); + artifact = values.artifact_name + ":" + values.artifact_version + stage('Get artifact') { + artifact = values.artifact_name + ":" + values.artifact_version + values.put('currentWs', currentWs) + values.put('artifact', artifact) + artifact_download(values) + } + stage('Upload debug build to Gdrive and deploy to firebase') { + sh "unzip ${artifact}" + ansiblePlaybook = "${currentWs}/ansible/mobile_upload.yml" + ansibleExtraArgs = "--extra-vars \"env_name=${envName}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + values.put('currentWs', currentWs) + values.put('ansiblePlaybook', ansiblePlaybook) + values.put('ansibleExtraArgs', ansibleExtraArgs) + println values + ansible_playbook_run(values) + + ansiblePlaybook = "${currentWs}/ansible/firebase_deploy.yml" + ansibleExtraArgs = "--extra-vars \"env_name=${envName}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + values.put('currentWs', currentWs) + values.put('ansiblePlaybook', ansiblePlaybook) + values.put('ansibleExtraArgs', ansibleExtraArgs) + println values + ansible_playbook_run(values) + currentBuild.result = 'SUCCESS' + } + archiveArtifacts artifacts: "${artifact}", fingerprint: true, onlyIfSuccessful: true + archiveArtifacts artifacts: 'metadata.json', onlyIfSuccessful: true + currentBuild.description = "Artifact: ${values.artifact_version}, Private: ${params.private_branch}, Public: ${params.branch_or_tag}" + } + } + catch (err) { + currentBuild.result = "FAILURE" + throw err + } + finally { + slack_notify(currentBuild.result) + email_notify() + } +} diff --git a/pipelines/upload/discussion-UI/Jenkinsfile b/pipelines/upload/discussion-UI/Jenkinsfile new file mode 100644 index 0000000000..4de3383796 --- /dev/null +++ b/pipelines/upload/discussion-UI/Jenkinsfile @@ -0,0 +1,54 @@ +@Library('deploy-conf') _ +node() { + try { + String ANSI_GREEN = "\u001B[32m" + String ANSI_NORMAL = "\u001B[0m" + String ANSI_BOLD = "\u001B[1m" + String ANSI_RED = "\u001B[31m" + String ANSI_YELLOW = "\u001B[33m" + + stage('checkout public repo') { + folder = new File("$WORKSPACE/.git") + if (folder.exists()) + { + println "Found .git folder. Clearing it.." + sh'git clean -fxd' + } + checkout scm + } + ansiColor('xterm') { + stage('get artifact') { + values = lp_dp_params() + currentWs = sh(returnStdout: true, script: 'pwd').trim() + artifact = values.artifact_name + ":" + values.artifact_version + values.put('currentWs', currentWs) + values.put('artifact', artifact) + artifact_download(values) + } + stage('deploy artifact') { + sh """ + unzip ${artifact} + """ + ansiblePlaybook = "${currentWs}/ansible/desktop-faq-upload.yml" + ansibleExtraArgs = "--extra-vars \" desktop_container=${params.container_name} src_file_path=${params.source_path} destination_path=${params.destination_path}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag}" + values.put('ansiblePlaybook', ansiblePlaybook) + values.put('ansibleExtraArgs', ansibleExtraArgs) + println values + ansible_playbook_run(values) + currentBuild.result = 'SUCCESS' + archiveArtifacts artifacts: "${artifact}", fingerprint: true, onlyIfSuccessful: true + archiveArtifacts artifacts: 'metadata.json', onlyIfSuccessful: true + currentBuild.description = "Artifact: ${values.artifact_version}, Private: ${params.private_branch}, Public: ${params.branch_or_tag}" + } + } + summary() + } + catch (err) { + currentBuild.result = "FAILURE" + throw err + } + finally { + slack_notify(currentBuild.result) + email_notify() + } +} diff --git a/pipelines/upload/portal-csv/Jenkinsfile b/pipelines/upload/portal-csv/Jenkinsfile new file mode 100644 index 0000000000..4a62e46e2f --- /dev/null +++ b/pipelines/upload/portal-csv/Jenkinsfile @@ -0,0 +1,49 @@ +@Library('deploy-conf') _ +node() { + try { + String ANSI_GREEN = "\u001B[32m" + String ANSI_NORMAL = "\u001B[0m" + String ANSI_BOLD = "\u001B[1m" + String ANSI_RED = "\u001B[31m" + String ANSI_YELLOW = "\u001B[33m" + + stage('checkout public repo') { + folder = new File("$WORKSPACE/.git") + if (folder.exists()) + { + println "Found .git folder. Clearing it.." + sh'git clean -fxd' + } + checkout scm + } + + stage('clone chatbot config repo') { + sh("rm -rf sunbird-collection-editor") + sh("git clone https://github.com/Sunbird-Ed/sunbird-collection-editor.git -b ${params.editor_repo_branch}") + } + + ansiColor('xterm') { + stage('deploy'){ + values = [:] + envDir = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-3].trim() + module = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-2].trim() + jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() + currentWs = sh(returnStdout: true, script: 'pwd').trim() + ansiblePlaybook = "${currentWs}/ansible/desktop-faq-upload.yml" + ansibleExtraArgs = "--extra-vars \" desktop_container=${params.container_name} src_file_path=${params.source_path} destination_path=${params.destination_path}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag}" + values.put('currentWs', currentWs) + values.put('env', envDir) + values.put('module', module) + values.put('jobName', jobName) + values.put('ansiblePlaybook', ansiblePlaybook) + values.put('ansibleExtraArgs', ansibleExtraArgs) + println values + ansible_playbook_run(values) + } + } + summary() + } + catch (err) { + throw err + } +} diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index f4802b7c57..c5a433d4da 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -1,48 +1,69 @@ # ------------------------------------------------------------------------------------------------------------ # # Mandatorty variables - DO NOT LEAVE ANYTHING BLANK # -env: # some name like dev, preprod etc -proto: # http or https, preferably https -domain_name: # your domain name like example.com - -learningservice_ip: # Load balancer IP or server ip -keycloak_url: "" # Keycloak Load balancer IP; eg http://10.10.10.10 or VM IP with port like http://10.10.10.10:8080 -sunbird_default_channel: # default sunbird channel name - +# ------------------------------------------------------------------------------------------------------------ # +domain_name: "" # your domain name like example.com +dockerhub: "change.docker.url" # docker hub username or url incase of private registry +# This ip should be in the kubenetes subnet range. For example, if your kube cluster is running in `10.0.0.0/24, then it can be 10.0.0.5. Make sure this ip is not allocated to any other things.` +private_ingressgateway_ip: "" # your private kubernetes load balancer ip + +# For sendgrid, if you want to change, update the following +mail_server_host: "smtp.sendgrid.net" # Email host, can be any email provider +mail_server_username: "apikey" # Email provider username; for sendgrid you can use "apikey" + +# This mail id should be verified by your provider. This is the mail id which will be used for `From Address`. For example, +# +# From: support@sunbird.org +# Subject: Forgot password +# Hi..... +sunbird_mail_server_from_email: "support@myorg.com" # Email ID that should be as from address in mails +# List of mail ids to whome the monitoring alerts should be sent. +alerts_mailing_list : "devops@myorg.com" # Comma separated mail list for Alerts; eg: user1@mail.com, user2@mail.com # Note - You can use the same azure account for the below variables or have separate azure accounts -sunbird_content_azure_storage_container: # Azure container name for storing public data (like contents), should be same as azure_public_container defined in KP common.yml -sunbird_public_storage_account_name: # Azure account name for storing public data (like contents) -sunbird_private_storage_account_name: # Azure account name for storing private data (like reports, telemetry data) -sunbird_artifact_storage_account_name: # Azure account name for storing artifacts data (like jenkins build zip files) -sunbird_management_storage_account_name: # Azure account name for storing backup data (like cassandra backups) - -# docker hub details -dockerhub: # docker hub username or url incase of private registry -storage_class_name: "" # your cloud specific storage class name, for azure you can use managed-premium -private_ingressgateway_ip: # your private kubernetes load balancer ip - -environment_id: # A 8 digit number for example like 1000000, should be same as defined in KP common.yml - -mail_server_host: # Email host, can be any email provider -mail_server_username: # Email provider username -sunbird_mail_server_from_email: # Email id that should be as FROM address in email -alerts_mailing_list : "" # Comma separated mail list for Alerts; eg: user1@mail.com, user2@mail.com -sunbird_msg_sender: # SMS from Address; exact 6 char like SBSUNB - +sunbird_public_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing public data (like contents) +sunbird_private_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing private data (like reports, telemetry data) +sunbird_artifact_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing artifacts data (like jenkins build zip files) +sunbird_management_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing backup data (like cassandra backups) # ------------------------------------------------------------------------------------------------------------ # # Cloud / Infra Specific values - Check these and update accordingly -# This variable is specific to Azure to create a private load balancer, Update the value of service.beta.kubernetes.io/azure-load-balancer-internal: "true" as per your cloud provider -# eg: +# Kubernetes annotation to create private loadbalancer. Will be used for private nginx and others. +# for google: # nginx_private_ingress_annotations: # cloud.google.com/load-balancer-type: "Internal" +# for azure: +# nginx_private_ingress_annotations: +# service.beta.kubernetes.io/azure-load-balancer-internal: "true" nginx_private_ingress_annotations: service.beta.kubernetes.io/azure-load-balancer-internal: "true" +# ------------------------------------------------------------------------------------------------------------ # + +## Optional + +learningservice_ip: "10.0.1.5" # Load balancer IP or server ip +keycloak_url: "http://10.0.1.6:8080" # Keycloak Load balancer IP; eg http://10.10.10.10 or VM IP with port like http://10.10.10.10:8080 +env: dev # some name like dev, preprod etc +proto: https # http or https, preferably https +sunbird_default_channel: sunbird # default sunbird channel name +environment_id: "10000003" # A 8 digit number for example like 1000000, should be same as defined in KP common.yml + +sunbird_content_azure_storage_container: contents # Azure container name for storing public data (like contents), should be same as azure_public_container defined in KP common.yml +# This sms sender id should be verified by your provider. This is the sender id which will be used for `From Address`. For example, +# +# From: SBSMS +# Hi..... +# This is optional. +# If not set, you won't get sms OTPs. You'll get it in mail though. +sunbird_msg_sender: # SMS from Address; exact 6 char like SBSUNB + #sunbird_cassandra_replication_strategy: '{"class":"NetworkTopologyStrategy","datacenter1":2}' # If using cluster give this value and choose datacenter and replication factor as required '{"class":"NetworkTopologyStrategy","datacenter1":2}' if not using cluster, leave this variable commented # ------------------------------------------------------------------------------------------------------------ # -# Optional variables - Can be left blank if you dont plan to use the intended features +# +# **Optional variables** - Can be left blank if you dont plan to use the intended features +# +# ------------------------------------------------------------------------------------------------------------ # kibana_oauth_authenticated_email_domains_kube: '["domain.com","domain1.com"]' # whitelisted domains for accessing kibana # whitelisted email ids for access kibana kibana_oauth_authenticated_email_ids: @@ -59,7 +80,6 @@ certs_badge_root_org_id: "" # Root org ID for which the certs will be c certs_badge_issuer_name: "" # The issuer of the certs name e.g value is "Government of karnataka" certs_badge_issuer_url: "" # Issuer organisation official URL e.g value is "https://testdomain.in" - # ------------------------------------------------------------------------------------------------------------ # # Sensible defaults which you need not change - But if you would like to change, you are free to do so env_name: "{{ env }}" diff --git a/private_repo/ansible/inventory/dev/Core/hosts b/private_repo/ansible/inventory/dev/Core/hosts index 3fc66266fd..60a596f115 100644 --- a/private_repo/ansible/inventory/dev/Core/hosts +++ b/private_repo/ansible/inventory/dev/Core/hosts @@ -1,21 +1,22 @@ [all:vars] -ansible_ssh_user=deployer # Replace the value deployer to your server login user name, for example ubuntu +# Replace the value deployer to your server login user name, for example ubuntu +ansible_ssh_user=deployer ansible_ssh_private_key_file=/var/lib/jenkins/secrets/deployer_ssh_key [keycloak-1] -18.3.1.6 +10.0.1.6 [keycloak:children] keycloak-1 [log-es-1] -18.3.1.6 es_instance_name=log-es-1 node_name=log-es-1 es_etc_node_master=true es_etc_node_data=true +10.0.1.9 es_instance_name=log-es-1 node_name=log-es-1 es_etc_node_master=true es_etc_node_data=true [log-es:children] log-es-1 [mongo_master] -11.2.3.75 mongodb_master=True +10.0.1.8 mongodb_master=True [mongo_replicas] #add ip in case replicaSet @@ -24,7 +25,7 @@ mongo_master mongo_replicas [es-1] -18.3.0.4 es_instance_name=es-1 es_etc_node_master=true es_etc_node_data=true +10.0.1.8 es_instance_name=es-1 es_etc_node_master=true es_etc_node_data=true [es-backup:children] es-1 @@ -41,13 +42,13 @@ es-1 es7-1 [cassandra-1] -18.3.0.4 +10.0.1.8 [cassandra:children] cassandra-1 [postgresql-master-1] -18.3.0.4 +10.0.1.8 [postgresql-master:children] postgresql-master-1 @@ -56,28 +57,28 @@ postgresql-master-1 postgresql-master [kafka-1] -18.3.1.5 kafka_id=1 +10.0.1.5 kafka_id=1 [processing-cluster-kafka] -18.3.1.5 +10.0.1.5 [kafka:children] kafka-1 [processing-cluster-zookeepers] -18.3.1.5 # Zookeeper IP of processing cluster in Data pipeline +10.0.1.5 # Zookeeper IP of processing cluster in Data pipeline [ingestion-cluster-kafka] -18.3.0.5 +10.0.1.5 [zookeeper:children] processing-cluster-zookeepers [lp-redis] -18.3.1.5 # Redis master IP of Knowledge platform +10.0.1.5 # Redis master IP of Knowledge platform [dp-redis] -18.3.1.5 +10.0.1.5 [lp-redis-ps:children] lp-redis @@ -89,32 +90,32 @@ lp-redis-ps lp-redis [learning-neo4j-node1] -18.3.0.4 # Neo4j ip of Knowledge platform +10.0.1.8 # Neo4j ip of Knowledge platform [lp-cassandra] -18.3.0.4 # cassandra ip of Knowledge platform +10.0.1.8 # cassandra ip of Knowledge platform [dp-cassandra] -18.3.0.4 # cassandra ip of Datapipeline +10.0.1.8 # cassandra ip of Datapipeline [local] localhost ansible_connection=local [raw-broker] #Druid host IP -18.3.0.15 +10.0.1.9 [kong-api] localhost [composite-search-cluster] -18.3.0.4 +10.0.1.8 [yarn-master] -18.3.1.8 +10.0.1.7 [yarn-slave] -18.3.1.8 #yarn master -18.3.1.9 +10.0.1.7 #yarn master +10.0.1.7 [yarn:children] yarn-master @@ -122,9 +123,11 @@ yarn-slave [node-exporter] # Add all your VM IP's under this group -18.3.1.8 -18.3.1.9 -18.3.0.4 +10.1.4.4 +10.1.4.5 +10.1.4.6 +10.1.4.7 +10.1.4.8 [process-exporter:children] node-exporter diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml index 530ac382e0..94c349f5bd 100644 --- a/private_repo/ansible/inventory/dev/Core/secrets.yml +++ b/private_repo/ansible/inventory/dev/Core/secrets.yml @@ -1,12 +1,22 @@ # ------------------------------------------------------------------------------------------------------------ # # Mandatorty variables - DO NOT LEAVE ANYTHING BLANK # -core_vault_sunbird_encryption_key: # Random string to encrypt data -core_vault_postgres_password: # Update same password in dp secrets dp_vault_pgdb_admin_password variable -core_vault_dp_pgdb_password: #update same password in dp secrets dp_vault_pgdb_password variable -core_vault_sunbird_azure_storage_key : -core_vault_docker_registry_url: "https://index.docker.io/v1" # use this value if using dockerhub -core_vault_docker_registry_user: -core_vault_docker_registry_password: +core_vault_sunbird_encryption_key: "change.sunbird.encryption.key" # Random string to encrypt data +core_vault_postgres_password: "change.postgres.password" # Update same password in dp secrets dp_vault_pgdb_admin_password variable +core_vault_dp_pgdb_password: "change.postgres.password" #update same password in dp secrets dp_vault_pgdb_password variable +core_vault_sunbird_azure_storage_key: "change.azure.storage.account.key" +core_vault_docker_registry_url: "change.docker.url" # for docker hub "https://index.docker.io/v1" +core_vault_docker_registry_user: "change.docker.username" +core_vault_docker_registry_password: "change.docker.password" + +# Run the below command in shell +# date +'%Y-%m-%dT%H:%m:%SZ' -d '+1 year' +# sas_token=?`az storage account generate-sas --account-name "{{ azure_plugin_storage_account_name }}" --account-key "{{ azure_plugin_storage_account_key }}" --expiry $sas_expire_time --https-only --permissions acdlpruw --resource-types sco --services bfqt | xargs` +# generate a sas for the blob for entire storage accout with write and read access +artifact_azure_account_sas: "change.azure.storage.account.sas" # SAS token value generated from above command +sunbird_artifact_storage_account_sas: "change.azure.storage.account.sas" # SAS token value generated from above command +sunbird_public_storage_account_sas: "change.azure.storage.account.sas" # SAS token value generated from above command +sunbird_public_storage_account_key: "change.azure.storage.account.key" +sunbird_private_storage_account_key: "change.azure.storage.account.key" # The proxy key and crt values should be padded to the right by a couple of spaces # Example: @@ -37,9 +47,10 @@ sunbird_google_desktop_keycloak_secret: "" # Keycloak google a core_vault_sunbird_sso_client_secret: "" # Keycloak lms client secret core_vault_sunbird_trampoline_secret: "" # Keycloak trampoline client secret core_vault_sunbird_keycloak_user_federation_provider_id: "" # Keycloak cassandra federation id +core_vault_android_secret: "" # Keycloak android client secret core_vault_sunbird_sso_publickey: # Public key of keycloak sunbird realm, update this post keycloak deployment. See below for steps -# SSH tunnel to the keycloak VM by running ssh -L 8080:localhost:8080 deployer@Keycloak-VM-IP +# SSH tunnel to the keycloak VM by running ssh -L 8080::8080 deployer@Keycloak-VM-IP # If you cannot tunnel directly to Keycloak VM, then tunnel to Jenkins first and then tunnel to Keycloak VM from jenkins # # Go to http://localhost:8080/auth/admin/master/console/#/realms/sunbird/clients -> lms -> service account roles -> Click on client roles drop down -> Select realm-management -> Select manage-users in Available Roles -> Click on Add selected @@ -54,15 +65,6 @@ adminutil_refresh_token_public_key_kid: "" # get after keycloak deployment, go #SELECT value FROM component_config CC INNER JOIN component C ON(CC.component_id = C.id) WHERE C.realm_id = 'sunbird' and provider_id = 'hmac-generated' AND CC.name = 'secret'; adminutil_refresh_token_secret_key: "" # get after Keycloak deployment from postgres using the above query -# Run the below command in shell -# date +'%Y-%m-%dT%H:%m:%SZ' -d '+1 year' -# sas_token=?`az storage account generate-sas --account-name "{{ azure_plugin_storage_account_name }}" --account-key "{{ azure_plugin_storage_account_key }}" --expiry $sas_expire_time --https-only --permissions acdlpruw --resource-types sco --services bfqt | xargs` -# generate a sas for the blob for entire storage accout with write and read access -artifact_azure_account_sas: "" # SAS token value generated from above command -sunbird_artifact_storage_account_sas: "" # SAS token value generated from above command -sunbird_public_storage_account_sas: "" # SAS token value generated from above command -sunbird_public_storage_account_key: -sunbird_private_storage_account_key: # mongodb keyfile content generated using # 'openssl rand -base64 741' diff --git a/private_repo/ansible/inventory/dev/DataPipeline/common.yml b/private_repo/ansible/inventory/dev/DataPipeline/common.yml index 4a272bbaba..d58f913a57 100644 --- a/private_repo/ansible/inventory/dev/DataPipeline/common.yml +++ b/private_repo/ansible/inventory/dev/DataPipeline/common.yml @@ -1,26 +1,27 @@ # ------------------------------------------------------------------------------------------------------------ # # Mandatorty variables - DO NOT LEAVE ANYTHING BLANK # -env: # some name like dev, preprod etc -proto: # http or https, preferably https -domain_name: # your domain name like example.com - +domain_name: "" # your domain name like example.com +# docker hub details +dockerhub: "change.docker.url" # docker hub username or url incase of private registry +private_ingressgateway_ip: "" # your private kubernetes load balancer ip # Note - You can use the same azure account for the below variables or have separate azure accounts -sunbird_private_storage_account_name: # Azure account name for storing private data (like reports, telemetry data) -sunbird_public_storage_account_name: # Azure account name for storing public data (like contents) -sunbird_druid_storage_account_name: # Azure account name for storing druid data (like query results) -sunbird_artifact_storage_account_name: # Azure account name for storing artifacts data (like jenkins build zip files) -sunbird_management_storage_account_name: # Azure account name for storing backup data (like cassandra backups) +sunbird_private_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing private data (like reports, telemetry data) +sunbird_public_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing public data (like contents) +sunbird_druid_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing druid data (like query results) +sunbird_artifact_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing artifacts data (like jenkins build zip files) +sunbird_management_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing backup data (like cassandra backups) + + -# docker hub details -dockerhub: # docker hub username or url incase of private registry -private_ingressgateway_ip: # your private kubernetes load balancer ip # ------------------------------------------------------------------------------------------------------------ # # Optional variables - Can be left blank if you dont plan to use the intended features +env: dev # some name like dev, preprod etc +proto: https # http or https, preferably https + # Azure media streaming service stream_base_url: "" # Media service streaming url media_service_azure_tenant: "" # value have to be defined -media_service_azure_tenant: "" media_service_azure_subscription_id: "" media_service_azure_account_name: "" media_service_azure_resource_group_name: "" @@ -28,8 +29,9 @@ media_service_azure_token_client_key: "" media_service_azure_token_client_secret: "" # data exhaust alerts -data_exhaust_webhook_url: "" # Slack webhook url -data_exhaust_Channel: "" # Slack channel for data products alerts +data_exhaust_webhook_url: "" # Slack webhook url +data_exhaust_Channel: "" # Slack channel for data products alerts +secor_alerts_slack_channel: "" # Slack channel name for secor alerts - Example #all_alerts_channel # ------------------------------------------------------------------------------------------------------------ # # Sensible defaults which you need not change - But if you would like to change, you are free to do so @@ -184,4 +186,4 @@ processing_kafka_overriden_topics: replication_factor: 1 - name: telemetry.error retention_time: 86400000 - replication_factor: 1 \ No newline at end of file + replication_factor: 1 diff --git a/private_repo/ansible/inventory/dev/DataPipeline/hosts b/private_repo/ansible/inventory/dev/DataPipeline/hosts index e48e938877..2ecf51e3bc 100644 --- a/private_repo/ansible/inventory/dev/DataPipeline/hosts +++ b/private_repo/ansible/inventory/dev/DataPipeline/hosts @@ -1,38 +1,39 @@ [all:vars] -ansible_ssh_user=deployer # Replace the value deployer to your server login user name, for example ubuntu +# Replace the value deployer to your server login user name, for example ubuntu +ansible_ssh_user=deployer ansible_ssh_private_key_file=/var/lib/jenkins/secrets/deployer_ssh_key ################ Core ######################### [core-cassandra] -18.3.0.4 +10.0.1.8 [core-es-1] -18.3.0.4 # This should be elasticsearch master IP of Core +10.0.1.8 # This should be elasticsearch master IP of Core [core-es:children] core-es-1 [log-es-1] -18.3.16 +10.1.4.8 [log-es:children] log-es-1 ################# KP ########################## [learning] -18.3.1.5 +10.0.1.5 [composite-search-cluster] -18.3.0.4 +10.1.4.5 [lp-cassandra] -18.3.0.4 +10.0.1.8 [dp-cassandra] -18.3.0.4 +10.0.1.8 [lp-redis] -18.3.1.5 +10.0.1.5 ################# DP ######################### [report-cassandra:children] @@ -42,13 +43,13 @@ core-cassandra 18.3.1.7 [spark] -18.3.1.7 +10.0.1.6 [cassandra] -18.3.0.4 +10.0.1.8 [postgres] -18.3.0.4 +10.0.1.8 [lpa:children] spark @@ -57,22 +58,22 @@ analytics-api cassandra [kafka-indexer] -18.3.1.7 +10.0.1.6 [influxdb] -18.3.0.4 +10.0.1.6 [redis] -18.3.1.5 +10.0.1.5 [redisall:children] redis [processing-cluster-kafka] -18.3.1.5 +10.0.1.5 [processing-cluster-zookeepers] -18.3.1.5 +10.0.1.5 [ingestion-cluster-kafka:children] processing-cluster-kafka @@ -87,31 +88,31 @@ processing-cluster-zookeepers localhost ansible_connection=local [druid-postgres] -18.3.1.10 +10.0.1.8 [rollup-coordinator] raw-coordinator [raw-coordinator] -18.3.1.10 +10.0.1.9 [raw-overlord] -18.3.1.10 +10.0.1.9 [raw-broker] -18.3.1.10 +10.0.1.9 [raw-historical] -18.3.1.10 +10.0.1.9 [raw-middlemanager] -18.3.1.10 +10.0.1.9 [raw-graphite] -18.3.1.10 +10.0.1.9 [raw-zookeeper] -18.3.1.10 +10.0.1.9 [druid-raw:children] raw-coordinator @@ -126,10 +127,10 @@ raw-zookeeper cluster=raw [broker] -18.3.1.10 +10.0.1.9 [coordinator] -18.3.1.10 +10.0.1.9 [dp:children] local diff --git a/private_repo/ansible/inventory/dev/DataPipeline/secrets.yml b/private_repo/ansible/inventory/dev/DataPipeline/secrets.yml index 546fc5b343..d18a6d1e0e 100644 --- a/private_repo/ansible/inventory/dev/DataPipeline/secrets.yml +++ b/private_repo/ansible/inventory/dev/DataPipeline/secrets.yml @@ -1,23 +1,23 @@ # ------------------------------------------------------------------------------------------------------------ # # Mandatorty variables - DO NOT LEAVE ANYTHING BLANK # -dp_vault_pgdb_password: # postgres password for analytics db -dp_vault_pgdb_admin_password: # postgres password for admin -dp_vault_druid_postgress_pass: # postgres password for druid db +dp_vault_pgdb_password: "change.postgres.password" # postgres password for analytics db +dp_vault_pgdb_admin_password: "change.postgres.password" # postgres password for admin +dp_vault_druid_postgress_pass: "change.postgres.password" # postgres password for druid db # Azure storage account credentials - Note if you are using a single account, you can set the same key for the belows -sunbird_management_storage_account_key: -sunbird_artifact_storage_account_key: -sunbird_private_storage_account_key: -sunbird_public_storage_account_key: -sunbird_druid_storage_account_key: -sunbird_artifact_storage_account_sas: # this must be the sas token from Core directory that your generated +sunbird_management_storage_account_key: "change.azure.storage.account.key" +sunbird_artifact_storage_account_key: "change.azure.storage.account.key" +sunbird_private_storage_account_key: "change.azure.storage.account.key" +sunbird_public_storage_account_key: "change.azure.storage.account.key" +sunbird_druid_storage_account_key: "change.azure.storage.account.key" +sunbird_artifact_storage_account_sas: "change.azure.storage.account.sas" # this must be the sas token from Core directory that your generated -core_vault_docker_registry_url: # for docker hub use https://index.docker.io/v1 -core_vault_docker_registry_user: -core_vault_docker_registry_password: +core_vault_docker_registry_url: "change.docker.url" # for docker hub use https://index.docker.io/v1 +core_vault_docker_registry_user: "change.docker.user" +core_vault_docker_registry_password: "change.docker.password" sunbird_api_auth_token: # copy value form variable core_vault_sunbird_api_auth_token from core/secrets.yml -core_vault_sunbird_encryption_key: # copy value from variable core_vault_sunbird_encryption_key from core secrets.yml +core_vault_sunbird_encryption_key: "change.sunbird.encryption.key" # copy value from variable core_vault_sunbird_encryption_key from core secrets.yml # ------------------------------------------------------------------------------------------------------------ # # Optional variables - Can be left blank if you dont plan to use the intended features diff --git a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml index c4873a03b9..ca4c3d1876 100644 --- a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml +++ b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml @@ -1,24 +1,28 @@ # ------------------------------------------------------------------------------------------------------------ # # Mandatorty variables - DO NOT LEAVE ANYTHING BLANK # -env: # some name like dev, preprod etc -proto: # http or https, preferably https -domain_name: # your domain name like example.com - +# docker hub details +dockerhub: "change.docker.url" # docker hub username or url incase of private registry +private_ingressgateway_ip: "" # your private kubernetes load balancer ip +domain_name: "" # your domain name like example.com # Note - You can use the same azure account for the below variables or have separate azure accounts -azure_public_container: # Azure container name for storing public data (like contents) -sunbird_public_storage_account_name: # Azure account name for storing public data (like contents) -sunbird_private_storage_account_name: # Azure account name for storing private data (like reports, telemetry data) -sunbird_artifact_storage_account_name: # Azure account name for storing artifacts data (like jenkins build zip files) -sunbird_management_storage_account_name: # Azure account name for storing backup data (like cassandra backups) +sunbird_public_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing public data (like contents) +sunbird_private_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing private data (like reports, telemetry data) +sunbird_artifact_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing artifacts data (like jenkins build zip files) +sunbird_management_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing backup data (like cassandra backups) + +# Optional -environment_id: # A 8 digit number for example like 1000000 +env: dev # some name like dev, preprod etc +proto: https # http or https, preferably https + +azure_public_container: contents # Azure container name for storing public data (like contents) + +environment_id: "10000003" # A 8 digit number for example like 1000000, + # Important: same as the one in core/common.yaml neo4j_zip: neo4j-community-3.3.9-unix.tar.gz # Neo4j file name present in the azure blob artifacts folder (only neo4j 3.4 and below is supported) neo4j_home: "{{learner_user_home}}/{{neo4j_dir}}/neo4j-community-3.3.9" # update the version number here of the neo4j neo4j_enterprise: false # Set this to true if you use the enterprise version -# docker hub details -dockerhub: # docker hub username or url incase of private registry -private_ingressgateway_ip: # your private kubernetes load balancer ip # ------------------------------------------------------------------------------------------------------------ # # Sensible defaults which you need not change - But if you would like to change, you are free to do so @@ -27,4 +31,4 @@ artifacts_container: artifacts plugin_container_name: "{{azure_public_container}}" kp_schema_base_path: "{{proto}}://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{plugin_container_name}}/schemas/local" imagepullsecrets: "{{env}}registrysecret" # kubernetes imagePullSecrets -kubeconfig_path: /var/lib/jenkins/secrets/k8s.yaml # kubeconfig file path on jenkins \ No newline at end of file +kubeconfig_path: /var/lib/jenkins/secrets/k8s.yaml # kubeconfig file path on jenkins diff --git a/private_repo/ansible/inventory/dev/KnowledgePlatform/hosts b/private_repo/ansible/inventory/dev/KnowledgePlatform/hosts index 2776702309..e735ac4c01 100644 --- a/private_repo/ansible/inventory/dev/KnowledgePlatform/hosts +++ b/private_repo/ansible/inventory/dev/KnowledgePlatform/hosts @@ -1,16 +1,17 @@ [all:vars] -ansible_ssh_user=deployer # Replace the value deployer to your server login user name, for example ubuntu +# Replace the value deployer to your server login user name, for example ubuntu +ansible_ssh_user=deployer ansible_ssh_private_key_file=/var/lib/jenkins/secrets/deployer_ssh_key ######################## KP ######################## [learning1] -18.3.1.5 +10.0.1.5 [learningall:children] learning1 [redis1] -18.3.1.5 +10.0.1.5 [redisall:children] redis1 @@ -22,13 +23,13 @@ redis1 dial1 [dp-redis] -18.3.1.5 +10.0.1.5 [lms-redis] -18.3.1.5 +10.0.1.5 [learning-neo4j-node1] -18.3.0.4 +10.0.1.8 # Enable following host, if you're have neo4j cluster and an arbiter for election # [arbiter] @@ -38,47 +39,47 @@ dial1 learning-neo4j-node1 [cassandra-node-1] -18.3.0.4 +10.0.1.8 [cassandra:children] cassandra-node-1 [dp-cassandra] -18.3.0.4 +10.0.1.8 [core-cassandra] -18.3.0.4 +10.0.1.8 [core-es-1] -18.3.0.4 # This should be elasticsearch master IP of Core +10.0.1.8 # This should be elasticsearch master IP of Core [core-es:children] core-es-1 [log-es-1] -18.3.1.6 +10.0.1.9 [log-es:children] log-es-1 [composite-search-cluster] -18.3.0.4 +10.1.4.5 [yarn-master] -18.3.1.8 +10.0.1.7 [yarn-slave] -18.3.1.8 #yarn master is also a yarn slave so we run workloads +10.0.1.7 #yarn master is also a yarn slave so we run workloads [yarn:children] yarn-master yarn-slave [processing-cluster-kafka] -18.3.1.5 +10.0.1.5 [processing-cluster-zookeepers] -18.3.1.5 +10.0.1.5 [zookeeper:children] processing-cluster-zookeepers diff --git a/private_repo/ansible/inventory/dev/KnowledgePlatform/secrets.yml b/private_repo/ansible/inventory/dev/KnowledgePlatform/secrets.yml index f9e151d634..fb1af29c0a 100644 --- a/private_repo/ansible/inventory/dev/KnowledgePlatform/secrets.yml +++ b/private_repo/ansible/inventory/dev/KnowledgePlatform/secrets.yml @@ -1,15 +1,15 @@ # ------------------------------------------------------------------------------------------------------------ # # Mandatorty variables - DO NOT LEAVE ANYTHING BLANK # # Azure storage account credentials - Note if you are using a single account, you can set the same key for the belows -sunbird_private_storage_account_key: -sunbird_public_storage_account_key: -sunbird_management_storage_account_key: -sunbird_artifact_storage_account_key: -sunbird_artifact_storage_account_sas: +sunbird_private_storage_account_key: "change.azure.storage.account.key" +sunbird_public_storage_account_key: "change.azure.storage.account.key" +sunbird_management_storage_account_key: "change.azure.storage.account.key" +sunbird_artifact_storage_account_key: "change.azure.storage.account.key" +sunbird_artifact_storage_account_sas: "change.azure.storage.account.sas" -core_vault_docker_registry_url: # for docker hub use https://index.docker.io/v1 -core_vault_docker_registry_user: -core_vault_docker_registry_password: +core_vault_docker_registry_url: "change.docker.url" # for docker hub use https://index.docker.io/v1 +core_vault_docker_registry_user: "change.docker.user" +core_vault_docker_registry_password: "change.docker.password" # ------------------------------------------------------------------------------------------------------------ # # Optional variables - Can be left blank if you dont plan to use the intended features From f02a9ccda718536b192efc5d9bf940e5a77b0fd4 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Thu, 3 Feb 2022 17:05:27 +0530 Subject: [PATCH 010/434] fix: adding alert rule for opa (#3168) * fix: adding alert rule for opa * fix: updated envoy dashboard panel --- .../templates/opa_envoy_403_alerts.yaml | 20 +++++++++++++++++++ .../dashboards/dashboards/envoy-proxy.json | 4 ++-- 2 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 kubernetes/helm_charts/monitoring/alertrules/templates/opa_envoy_403_alerts.yaml diff --git a/kubernetes/helm_charts/monitoring/alertrules/templates/opa_envoy_403_alerts.yaml b/kubernetes/helm_charts/monitoring/alertrules/templates/opa_envoy_403_alerts.yaml new file mode 100644 index 0000000000..920d2bfa3d --- /dev/null +++ b/kubernetes/helm_charts/monitoring/alertrules/templates/opa_envoy_403_alerts.yaml @@ -0,0 +1,20 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + role: alert-rules + app: {{ .Values.prometheus_rule_selector_app }} + release: {{ .Values.prometheus_rule_selector_release }} + name: {{ .Values.fullnameOverride }}-api-response-rules + namespace: {{ .Values.namespace }} +spec: + groups: + - name: opa-403-errors + rules: + - alert: 403_errors_spiking_due_to_opa + annotations: + message: There is an upward trend in 403 API errors due to OPA for {{$labels.job}} + expr: (sum(rate(envoy_cluster_upstream_rq{envoy_response_code="403",envoy_cluster_name="service"}[5m])) by(job, envoy_response_code) / ignoring(envoy_response_code) group_left sum(rate(envoy_cluster_upstream_rq_total{envoy_cluster_name="service"}[5m])) by(job)) > 0.05 + for: 5m + labels: + severity: critical \ No newline at end of file diff --git a/kubernetes/helm_charts/monitoring/dashboards/dashboards/envoy-proxy.json b/kubernetes/helm_charts/monitoring/dashboards/dashboards/envoy-proxy.json index 477c14a66a..298f05330d 100644 --- a/kubernetes/helm_charts/monitoring/dashboards/dashboards/envoy-proxy.json +++ b/kubernetes/helm_charts/monitoring/dashboards/dashboards/envoy-proxy.json @@ -301,7 +301,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "5xx Success %", + "title": "5xx Failures %", "tooltip": { "shared": true, "sort": 0, @@ -505,7 +505,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "4xx Success %", + "title": "4xx Failures %", "tooltip": { "shared": true, "sort": 0, From cf44d02bb5b43674bd2dc9df534ce72e68678f14 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Thu, 3 Feb 2022 17:54:32 +0530 Subject: [PATCH 011/434] fix: escape alert varaible in helm (#3171) * fix: escape alert varaible in helm * fix: rename rule --- .../monitoring/alertrules/templates/opa_envoy_403_alerts.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/helm_charts/monitoring/alertrules/templates/opa_envoy_403_alerts.yaml b/kubernetes/helm_charts/monitoring/alertrules/templates/opa_envoy_403_alerts.yaml index 920d2bfa3d..83f30ce3b7 100644 --- a/kubernetes/helm_charts/monitoring/alertrules/templates/opa_envoy_403_alerts.yaml +++ b/kubernetes/helm_charts/monitoring/alertrules/templates/opa_envoy_403_alerts.yaml @@ -5,7 +5,7 @@ metadata: role: alert-rules app: {{ .Values.prometheus_rule_selector_app }} release: {{ .Values.prometheus_rule_selector_release }} - name: {{ .Values.fullnameOverride }}-api-response-rules + name: {{ .Values.fullnameOverride }}-opa-403-errors namespace: {{ .Values.namespace }} spec: groups: @@ -13,7 +13,7 @@ spec: rules: - alert: 403_errors_spiking_due_to_opa annotations: - message: There is an upward trend in 403 API errors due to OPA for {{$labels.job}} + message: {{`'There is an upward trend in 403 API errors due to OPA for {{$labels.job}}'`}} expr: (sum(rate(envoy_cluster_upstream_rq{envoy_response_code="403",envoy_cluster_name="service"}[5m])) by(job, envoy_response_code) / ignoring(envoy_response_code) group_left sum(rate(envoy_cluster_upstream_rq_total{envoy_cluster_name="service"}[5m])) by(job)) > 0.05 for: 5m labels: From 725ce3bf55e1a1c4a3b7d978a845393c7e86a509 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Thu, 3 Feb 2022 19:02:52 +0530 Subject: [PATCH 012/434] fix: add json parser for opa logs (#3174) --- ansible/roles/graylog-mongodb-import/templates/inputs.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/graylog-mongodb-import/templates/inputs.json b/ansible/roles/graylog-mongodb-import/templates/inputs.json index 31ea1217f6..1756a319a4 100644 --- a/ansible/roles/graylog-mongodb-import/templates/inputs.json +++ b/ansible/roles/graylog-mongodb-import/templates/inputs.json @@ -1,4 +1,4 @@ -{"_id":{"$oid":"606d4adecc575336d5ef0c5f"},"creator_user_id":"admin","configuration":{"recv_buffer_size":1048576,"tcp_keepalive":true,"number_worker_threads":16,"tls_client_auth_cert_file":"","bind_address":"0.0.0.0","tls_cert_file":"","port":5044,"tls_key_file":"","tls_enable":false,"tls_key_password":"","tls_client_auth":"disabled","override_source":null,"no_beats_prefix":true},"name":"Beats","created_at":{"$date":"2021-04-07T09:09:23.771Z"},"global":true,"type":"org.graylog.plugins.beats.Beats2Input","title":"beats","content_pack":null} +{"_id":{"$oid":"606d4adecc575336d5ef0c5f"},"creator_user_id":"admin","configuration":{"recv_buffer_size":1048576,"tcp_keepalive":true,"number_worker_threads":16,"tls_client_auth_cert_file":"","bind_address":"0.0.0.0","tls_cert_file":"","port":5044,"tls_key_file":"","tls_enable":false,"tls_key_password":"","tls_client_auth":"disabled","override_source":null,"no_beats_prefix":true},"name":"Beats","created_at":{"$date":"2021-04-07T09:09:23.771Z"},"global":true,"type":"org.graylog.plugins.beats.Beats2Input","title":"beats","content_pack":null,"extractors":[{"creator_user_id":"admin","source_field":"message","condition_type":"string","title":"JSON_EXTRACTOR_FOR_OPA_LOGS","type":"json","cursor_strategy":"copy","target_field":"","extractor_config":{"flatten":false,"list_separator":", ","kv_separator":"=","key_prefix":"opa_","key_separator":".","replace_key_whitespace":false,"key_whitespace_replacement":""},"condition_value":"decision_id","converters":[],"id":"840a58c0-84f4-11ec-b9c2-002248d48142","order":{"$numberLong":"0"}}]} {"_id":{"$oid":"608fa8f9feca855051cffa19"},"creator_user_id":"admin","extractors":[{"creator_user_id":"admin","source_field":"message","condition_type":"none","title":"JSON_EXTRACTOR","type":"json","cursor_strategy":"cut","target_field":"","extractor_config":{"flatten":false,"list_separator":", ","kv_separator":"=","key_prefix":"","key_separator":"_","replace_key_whitespace":true,"key_whitespace_replacement":"_"},"condition_value":"","converters":[],"id":"2cf74d70-abe4-11eb-8d7f-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"source","condition_type":"none","title":"SET_SOURCE","type":"regex_replace","cursor_strategy":"cut","target_field":"source","extractor_config":{"regex":"^unknown$","replacement":"druid.events.log","replace_all":true},"condition_value":"","converters":[],"id":"e728f490-abea-11eb-8d7f-002248d48142","order":{"$numberLong":"1"}}],"configuration":{"topic_filter":"^.*.druid.events.log$","fetch_wait_max":100,"offset_reset":"largest","zookeeper":"","threads":1,"custom_properties":"","group_id":"graylog2","throttling_allowed":false,"fetch_min_bytes":5,"legacy_mode":false,"override_source":null,"bootstrap_server":"{{ sunbird_processing_kafka_host }}"},"name":"Raw/Plaintext Kafka","created_at":{"$date":"2021-05-03T13:42:16.955Z"},"global":true,"type":"org.graylog2.inputs.raw.kafka.RawKafkaInput","title":"druid.events.log","content_pack":null} {"_id":{"$oid":"608fb5affeca855051d007ee"},"creator_user_id":"admin","extractors":[{"creator_user_id":"admin","source_field":"message","condition_type":"none","title":"JSON_EXTRACTOR","type":"json","cursor_strategy":"cut","target_field":"","extractor_config":{"flatten":false,"list_separator":", ","kv_separator":"=","key_prefix":"","key_separator":"_","replace_key_whitespace":true,"key_whitespace_replacement":"_"},"condition_value":"","converters":[],"id":"7b87be50-abeb-11eb-8d7f-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"source","condition_type":"none","title":"SET_SOURCE","type":"regex_replace","cursor_strategy":"cut","target_field":"source","extractor_config":{"regex":"^unknown$","replacement":"druid.events.error","replace_all":true},"condition_value":"","converters":[],"id":"9e4ddfa0-abeb-11eb-8d7f-002248d48142","order":{"$numberLong":"0"}}],"configuration":{"topic_filter":"^.*.druid.events.error$","fetch_wait_max":100,"offset_reset":"largest","zookeeper":"","threads":1,"custom_properties":"","group_id":"graylog2","throttling_allowed":false,"fetch_min_bytes":5,"legacy_mode":false,"override_source":null,"bootstrap_server":"{{ sunbird_processing_kafka_host }}"},"name":"Raw/Plaintext Kafka","created_at":{"$date":"2021-05-03T13:42:05.635Z"},"global":true,"type":"org.graylog2.inputs.raw.kafka.RawKafkaInput","title":"druid.events.error","content_pack":null} {"_id":{"$oid":"60e58a23dc039a5b3f22ab06"},"creator_user_id":"admin","extractors":[{"creator_user_id":"admin","source_field":"message","condition_type":"none","title":"JSON EXTRACTOR","type":"json","cursor_strategy":"copy","target_field":"","extractor_config":{"flatten":false,"list_separator":", ","kv_separator":"=","key_prefix":"","key_separator":"_","replace_key_whitespace":false,"key_whitespace_replacement":"_"},"condition_value":"","converters":[],"id":"3411a150-df15-11eb-a1a4-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"source","condition_type":"none","title":"SET SOURCE","type":"regex_replace","cursor_strategy":"copy","target_field":"source","extractor_config":{"regex":"^unknown$","replacement":"dataproducts.metrics","replace_all":true},"condition_value":"","converters":[],"id":"2cdd1e70-df18-11eb-a1a4-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"dimensions","condition_type":"none","title":"DIMENSION EXTRACTOR","type":"grok","cursor_strategy":"copy","target_field":"","extractor_config":{"grok_pattern":"%{DP_DIMENSION_PARSE}"},"condition_value":"","converters":[],"id":"e1c0f630-e0a4-11eb-8a7a-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"metrics","condition_type":"none","title":"EXHAUST METRICS EXTRACTOR","type":"grok","cursor_strategy":"copy","target_field":"","extractor_config":{"grok_pattern":"%{DP_METRIC_PARSE_2}"},"condition_value":"","converters":[],"id":"45ecf160-e468-11eb-8a7a-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"metrics","condition_type":"none","title":"METRICS EXTRACTOR","type":"grok","cursor_strategy":"copy","target_field":"","extractor_config":{"grok_pattern":"%{DP_METRIC_PARSE_1}"},"condition_value":"","converters":[],"id":"05259460-e469-11eb-8a7a-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"time-taken-secs","condition_type":"none","title":"DP_Time_Taken_Numeric_Convertor","type":"copy_input","cursor_strategy":"cut","target_field":"time_taken_secs","extractor_config":{},"condition_value":"","converters":[{"type":"numeric","config":{}}],"id":"93a03df0-178e-11ec-bf6f-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"total-requests","condition_type":"none","title":"DP_Total_Numeric_Convertor","type":"copy_input","cursor_strategy":"cut","target_field":"total_requests","extractor_config":{},"condition_value":"","converters":[{"type":"numeric","config":{}}],"id":"85e86720-1791-11ec-bf6f-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"success-requests","condition_type":"none","title":"DP_Success_Numeric_Convertor","type":"copy_input","cursor_strategy":"cut","target_field":"success_requests","extractor_config":{},"condition_value":"","converters":[{"type":"numeric","config":{}}],"id":"a166fa20-1791-11ec-bf6f-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"failed-requests","condition_type":"none","title":"DP_Failed_Numeric_Convertor","type":"copy_input","cursor_strategy":"cut","target_field":"failed_requests","extractor_config":{},"condition_value":"","converters":[{"type":"numeric","config":{}}],"id":"bb4fd1f0-1791-11ec-bf6f-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"input-events","condition_type":"none","title":"DP_Input_Numeric_Convertor","type":"copy_input","cursor_strategy":"cut","target_field":"input_events","extractor_config":{},"condition_value":"","converters":[{"type":"numeric","config":{}}],"id":"ebca8700-1794-11ec-bf6f-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"output-events","condition_type":"none","title":"DP_Output_Numeric_Convertor","type":"copy_input","cursor_strategy":"cut","target_field":"output_events","extractor_config":{},"condition_value":"","converters":[{"type":"numeric","config":{}}],"id":"049c4980-1795-11ec-bf6f-002248d48142","order":{"$numberLong":"0"}},{"creator_user_id":"admin","source_field":"metrics","condition_type":"none","title":"FILESIZE METRICS EXTRACTOR","type":"grok","cursor_strategy":"copy","target_field":"","extractor_config":{"grok_pattern":"%{DP_METRICS_PARSE_3}"},"condition_value":"","converters":[],"id":"bccd12c0-3c96-11ec-b6ec-002248d48142","order":{"$numberLong":"0"}}],"configuration":{"topic_filter":"^.*.prom.monitoring.metrics$","fetch_wait_max":100,"offset_reset":"largest","zookeeper":"","threads":2,"custom_properties":"","group_id":"graylog2","throttling_allowed":false,"fetch_min_bytes":5,"legacy_mode":false,"override_source":null,"bootstrap_server":"{{ sunbird_processing_kafka_host }}"},"name":"Raw/Plaintext Kafka","created_at":{"$date":"2021-07-15T10:36:58.024Z"},"global":true,"type":"org.graylog2.inputs.raw.kafka.RawKafkaInput","title":"DataProducts","content_pack":null,"node_id":"a02291b8-a5df-409b-8c6e-8e70d8280ffa"} From 298c0e0cb57f5d8fa32bbc3676ae57c6c2127a6f Mon Sep 17 00:00:00 2001 From: AMIT KUMAR Date: Tue, 8 Feb 2022 13:46:15 +0530 Subject: [PATCH 013/434] Issue #SB-28497 feat:updated enrollment list size env (#3180) --- ansible/roles/stack-sunbird/templates/sunbird_lms-service.env | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 6a5a5e9b1f..112c702f37 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -142,3 +142,4 @@ druid_proxy_api_port=8082 druid_proxy_api_endpoint=/druid/v2/ collection_summary_agg_data_source={{ summary_agg_data_source | default('audit-rollup-syncts') }} collection_summary_agg_cache_ttl={{ summary_agg_ttl | default(21600) }} +enrollment_list_size={{ enrollment_list_size | default(1000) }} \ No newline at end of file From 73555eea04f048fe49e77bba457b8a7a7fcede0c Mon Sep 17 00:00:00 2001 From: amit-tarento Date: Tue, 21 Jun 2022 10:22:38 +0530 Subject: [PATCH 014/434] Issue #SB-30067 feat:removed api which not part of lern --- ansible/roles/kong-api/defaults/main.yml | 7252 +++------------------- 1 file changed, 846 insertions(+), 6406 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 3ae6e47417..ac376828f9 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -32,98 +32,33 @@ small_request_size_limit: 1 medium_request_size_limit: 10 large_request_size_limit: 100 -# External URL's -freshDesk_url: "http://dummy.freshDesk.url" - # Default service prefixes learner_private_route_prefix: /private -private_content_prefix: /private/content -device_prefix: /v3/device -content_prefix: /content -tickets_prefix: /tickets course_service_prefix: /course -itemset_prefix: /itemset user_service_prefix: /user data_service_prefix: /data notes_service_prefix: /notes org_service_prefix: /org -echo_service_prefix: /echo -composite_service_prefix: /composite api_manager_perfix: /api-manager -meta_service_prefix: /meta -announcement_service_prefix: /announcement -dialcode_service_prefix: /dialcode -channel_service_prefix: /channel -framework_service_prefix: /framework -badge_service_prefix: /badging -plugin_service_prefix: /plugins -config_service_prefix: /config -textbook_service_prefix: /textbook -lock_service_prefix: /lock otp_service_prefix: /otp sso_service_prefix: /sso cert_service_prefix: /cert cert_registry_service_prefix: /certreg -desktop_app_prefix: /desktop -license_api_prefix: /license -report_service_prefix: /data/v1/report-service -analytics_report_service_prefix: /report/jobs group_service_prefix: /group auth_service_prefix: /auth -object_category_prefix: /object/category -object_category_definition_prefix: /object/category/definition -dataset_service_prefix: /dataset -asset_prefix: /asset -collection_prefix: /collection discussions_prefix: /discussion -question_prefix: /question -questionset_prefix: /questionset -integration_app_prefix: /app users_service_prefix: /users -solutions_service_prefix: /solutions -entities_service_prefix: /entities -cloud_service_prefix: /cloud-services -userProjects_service_prefix: /userProjects -reports_service_prefix: /reports -project_service_prefix: /project -observations_service_prefix: /observations -observationSubmissions_service_prefix: /observationSubmissions -surveys_service_prefix: /surveys -surveySubmissions_service_prefix: /surveySubmissions -user_extension_prefix: /user-extension -uci_admin_prefix: /uci notification_service_prefix: /notification registry_service_prefix: /rc -assessment_prefix: /assessment # Service URLs -knowledge_mw_service_url: "http://knowledge-mw-service:5000" learning_service_url: "http://learner-service:9000" -vm_learning_service_url: "http://{{learningservice_ip}}:8080/learning-service" -telemetry_service_url: "http://telemetry-service:9001" -player_service_url: "http://player:3000" -echo_service_url: "http://echo:9595" am_util_url: "http://adminutil:4000" -config_service_url: "http://config-service:8080" lms_service_url: "http://lms-service:9000" cert_service_url: "http://cert-service:9000" cert_registry_service_url: "http://cert-registry-service:9000" -content_service_url: "http://content-service:9000" -report_service_url: "http://report-service:3030" group_service_url: "http://groups-service:9000" -analytics_api_service_url: "http://analytics-service:9000" -taxonomy_service_url: "http://taxonomy-service:9000" discussions_mw_service_url: "http://discussionsmw-service:3002/discussion" -assessment_service_url: "http://assessment-service:9000" -ml_reports_service_url: "http://ml-reports-service:3000" -ml_survey_service_url: "http://ml-survey-service:3000" -ml_project_service_url: "http://ml-projects-service:3000" -ml_core_service_url: "http://ml-core-service:3000" -uci_inbound_service_url: "http://inbound-service:8085" -uci_transformer_service_url: "http://trasnformer-service:9091" -uci_gql_service_url: "http://gql-service:8080" -uci_registry_service_url: "http://fusionauth-service:9011" -uci_admin_service_url: "http://uci-service:9999" notification_service_url: "http://notification-service:9000" registry_service_url: "http://registry-service:8081" @@ -142,27 +77,6 @@ premium_consumer_rate_limits: config.policy: local kong_apis: -- name: acceptContentFlag - uris: "{{ content_prefix }}/v1/flag/accept" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/flag/accept" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - - name: acceptTermsAndCondition uris: "{{ user_service_prefix }}/v1/tnc/accept" upstream_url: "{{ learning_service_url }}/v1/user/tnc/accept" @@ -184,27 +98,6 @@ kong_apis: config.required: true config.enabled: true -- name: addBadgeToUser - uris: "{{ user_service_prefix }}/v1/badges/add" - upstream_url: "{{ learning_service_url }}/v1/user/badges/add" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - badgeCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - - name: addSystemSettings uris: "{{ data_service_prefix }}/v1/system/settings/set" upstream_url: "{{ learning_service_url }}/v1/system/settings/set" @@ -370,9 +263,9 @@ kong_apis: config.required: false config.enabled: false -- name: compositeSearch - uris: "{{ composite_service_prefix }}/v1/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/search" +- name: courseBatchAddCertificateTemplate + uris: "{{ course_service_prefix }}/batch/cert/v1/template/add" + upstream_url: "{{ lms_service_url }}/v1/course/batch/cert/template/add" strip_uri: true plugins: - name: jwt @@ -380,8 +273,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin - - contentTempAccess + - certificateCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -389,12 +281,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: compositePrivateSearch - uris: "{{ composite_service_prefix }}/v1/private/search" - upstream_url: "{{ knowledge_mw_service_url }}/v3/private/search" +- name: courseBatchRemoveCertificateTemplate + uris: "{{ course_service_prefix }}/batch/cert/v1/template/remove" + upstream_url: "{{ lms_service_url }}/v1/course/batch/cert/template/remove" strip_uri: true plugins: - name: jwt @@ -402,7 +294,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - courseAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -410,12 +302,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: contentBadgeLink - uris: "{{ badge_service_prefix }}/v1/content/link" - upstream_url: "{{ lms_service_url }}/v1/content/link" +- name: courseEnrollment + uris: "{{ course_service_prefix }}/v1/enrol" + upstream_url: "{{ lms_service_url }}/v1/course/enroll" strip_uri: true plugins: - name: jwt @@ -423,7 +315,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - badgeUpdate + - courseAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -431,12 +323,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: contentBadgeUnLink - uris: "{{ badge_service_prefix }}/v1/content/unlink" - upstream_url: "{{ lms_service_url }}/v1/content/unlink" +- name: courseIssueCertificate + uris: "{{ course_service_prefix }}/batch/cert/v1/issue" + upstream_url: "{{ lms_service_url }}/v1/course/batch/cert/issue" strip_uri: true plugins: - name: jwt @@ -444,7 +336,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - badgeAdmin + - certificateCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -455,9 +347,9 @@ kong_apis: config.required: false config.enabled: false -- name: copyContent - uris: "{{ content_prefix }}/v1/copy" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/copy" +- name: courseUnEnrollment + uris: "{{ course_service_prefix }}/v1/unenrol" + upstream_url: "{{ lms_service_url }}/v1/course/unenroll" strip_uri: true plugins: - name: jwt @@ -465,20 +357,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - courseAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: true config.enabled: true -- name: copyFramework - uris: "{{ framework_service_prefix }}/v1/copy" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/copy" +- name: createBatch + uris: "{{ course_service_prefix }}/v1/batch/create" + upstream_url: "{{ lms_service_url }}/v1/course/batch/create" strip_uri: true plugins: - name: jwt @@ -486,20 +378,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkCreate + - courseCreate - name: rate-limiting config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: courseBatchAddCertificateTemplate - uris: "{{ course_service_prefix }}/batch/cert/v1/template/add" - upstream_url: "{{ lms_service_url }}/v1/course/batch/cert/template/add" +- name: createCertTemplate + uris: "{{ cert_service_prefix }}/v1/template/create" + upstream_url: "{{ cert_service_url }}/cert/v1/template/create" strip_uri: true plugins: - name: jwt @@ -513,14 +405,14 @@ kong_apis: config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: true - config.enabled: true + config.required: false + config.enabled: false -- name: courseBatchRemoveCertificateTemplate - uris: "{{ course_service_prefix }}/batch/cert/v1/template/remove" - upstream_url: "{{ lms_service_url }}/v1/course/batch/cert/template/remove" +- name: createCourse + uris: "{{ course_service_prefix }}/v1/create" + upstream_url: "{{ lms_service_url }}/v1/course/create" strip_uri: true plugins: - name: jwt @@ -528,7 +420,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - courseAdmin + - courseCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -536,12 +428,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: true - config.enabled: true + config.required: false + config.enabled: false -- name: courseEnrollment - uris: "{{ course_service_prefix }}/v1/enrol" - upstream_url: "{{ lms_service_url }}/v1/course/enroll" +- name: createNote + uris: "{{ notes_service_prefix }}/v1/create" + upstream_url: "{{ learning_service_url }}/v1/note/create" strip_uri: true plugins: - name: jwt @@ -549,7 +441,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - courseAccess + - noteCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -557,12 +449,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: true - config.enabled: true + config.required: false + config.enabled: false -- name: courseIssueCertificate - uris: "{{ course_service_prefix }}/batch/cert/v1/issue" - upstream_url: "{{ lms_service_url }}/v1/course/batch/cert/issue" +- name: createOrg + uris: "{{ org_service_prefix }}/v1/create" + upstream_url: "{{ learning_service_url }}/v1/org/create" strip_uri: true plugins: - name: jwt @@ -570,7 +462,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - certificateCreate + - orgCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -581,9 +473,9 @@ kong_apis: config.required: false config.enabled: false -- name: courseUnEnrollment - uris: "{{ course_service_prefix }}/v1/unenrol" - upstream_url: "{{ lms_service_url }}/v1/course/unenroll" +- name: createPage + uris: "{{ data_service_prefix }}/v1/page/create" + upstream_url: "{{ lms_service_url }}/v1/page/create" strip_uri: true plugins: - name: jwt @@ -591,7 +483,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - courseAccess + - pageCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -599,12 +491,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: true - config.enabled: true + config.required: false + config.enabled: false -- name: createBatch - uris: "{{ course_service_prefix }}/v1/batch/create" - upstream_url: "{{ lms_service_url }}/v1/course/batch/create" +- name: createPageSection + uris: "{{ data_service_prefix }}/v1/page/section/create" + upstream_url: "{{ lms_service_url }}/v1/page/section/create" strip_uri: true plugins: - name: jwt @@ -612,7 +504,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - courseCreate + - pageCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -620,12 +512,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: true - config.enabled: true + config.required: false + config.enabled: false -- name: createCertTemplate - uris: "{{ cert_service_prefix }}/v1/template/create" - upstream_url: "{{ cert_service_url }}/cert/v1/template/create" +- name: createUser + uris: "{{ user_service_prefix }}/v1/create" + upstream_url: "{{ learning_service_url }}/v1/user/create" strip_uri: true plugins: - name: jwt @@ -633,20 +525,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - certificateCreate + - userCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: createChannel - uris: "{{ channel_service_prefix }}/v1/create" - upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/create" +- name: createUserLearnerV3 + uris: "{{ user_service_prefix }}/v1/signup" + upstream_url: "{{ learning_service_url }}/v1/user/signup" strip_uri: true plugins: - name: jwt @@ -654,7 +546,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - channelCreate + - userCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -665,9 +557,9 @@ kong_apis: config.required: false config.enabled: false -- name: createContent - uris: "{{ content_prefix }}/v1/create" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/create" +- name: createUserVersion2 + uris: "{{ user_service_prefix }}/v2/create" + upstream_url: "{{ learning_service_url }}/v2/user/create" strip_uri: true plugins: - name: jwt @@ -675,7 +567,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - userCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -683,12 +575,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: true - config.enabled: true + config.required: false + config.enabled: false -- name: createCourse - uris: "{{ course_service_prefix }}/v1/create" - upstream_url: "{{ lms_service_url }}/v1/course/create" +- name: createUserVersion3 + uris: "{{ user_service_prefix }}/v3/create" + upstream_url: "{{ learning_service_url }}/v3/user/create" strip_uri: true plugins: - name: jwt @@ -696,7 +588,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - courseCreate + - userCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -707,9 +599,9 @@ kong_apis: config.required: false config.enabled: false -- name: createForm - uris: "{{ data_service_prefix }}/v1/form/create" - upstream_url: "{{ player_service_url }}/plugin/v1/form/create" +- name: createUserVersion4 + uris: "{{ user_service_prefix }}/v4/create" + upstream_url: "{{ learning_service_url }}/v4/user/create" strip_uri: true plugins: - name: jwt @@ -717,20 +609,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - formCreate + - userAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: createFramework - uris: "{{ framework_service_prefix }}/v1/create" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/create" +- name: deleteNote + uris: "{{ notes_service_prefix }}/v1/delete" + upstream_url: "{{ learning_service_url }}/v1/note/delete" strip_uri: true plugins: - name: jwt @@ -738,10 +630,10 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkCreate + - noteAdmin - name: rate-limiting config.policy: local - config.hour: "{{ x_medium_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" @@ -749,30 +641,26 @@ kong_apis: config.required: false config.enabled: false -- name: createFrameworkCategory - uris: "{{ framework_service_prefix }}/v1/category/create" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/category/create" +- name: dialAssemble + uris: "{{ data_service_prefix }}/v1/dial/assemble" + upstream_url: "{{ lms_service_url }}/v1/dial/assemble" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - frameworkCreate - name: rate-limiting config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" - config.limit_by: credential + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: createFrameworkTerm - uris: "{{ framework_service_prefix }}/v1/term/create" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/term/create" +- name: downloadCertificate + uris: "{{ user_service_prefix }}/v1/certs/download" + upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/download" strip_uri: true plugins: - name: jwt @@ -780,10 +668,10 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkCreate + - certificateAccess - name: rate-limiting config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" @@ -791,9 +679,9 @@ kong_apis: config.required: false config.enabled: false -- name: createLock - uris: "{{ lock_service_prefix }}/v1/create" - upstream_url: "{{ knowledge_mw_service_url }}/v1/lock/create" +- name: downloadRegCertificate + uris: "{{ cert_registry_service_prefix }}/v1/certs/download" + upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/download" strip_uri: true plugins: - name: jwt @@ -801,7 +689,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - certificateAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -812,9 +700,9 @@ kong_apis: config.required: true config.enabled: true -- name: createNote - uris: "{{ notes_service_prefix }}/v1/create" - upstream_url: "{{ learning_service_url }}/v1/note/create" +- name: downloadTOC + uris: "{{ textbook_service_prefix }}/v1/toc/download" + upstream_url: "{{ lms_service_url }}/v1/textbook/toc/download" strip_uri: true plugins: - name: jwt @@ -822,20 +710,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - noteCreate + - anonymousContentAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: createOrg - uris: "{{ org_service_prefix }}/v1/create" - upstream_url: "{{ learning_service_url }}/v1/org/create" +- name: generateOtp + uris: "{{ otp_service_prefix }}/v1/generate" + upstream_url: "{{ learning_service_url }}/v1/otp/generate" strip_uri: true plugins: - name: jwt @@ -843,7 +731,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - orgCreate + - anonymousUserAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -854,9 +742,9 @@ kong_apis: config.required: false config.enabled: false -- name: createPage - uris: "{{ data_service_prefix }}/v1/page/create" - upstream_url: "{{ lms_service_url }}/v1/page/create" +- name: generateOtpV2 + uris: "{{ otp_service_prefix }}/v2/generate" + upstream_url: "{{ learning_service_url }}/v2/otp/generate" strip_uri: true plugins: - name: jwt @@ -864,7 +752,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - pageCreate + - anonymousUserAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -875,9 +763,9 @@ kong_apis: config.required: false config.enabled: false -- name: createPageSection - uris: "{{ data_service_prefix }}/v1/page/section/create" - upstream_url: "{{ lms_service_url }}/v1/page/section/create" +- name: getBatch + uris: "{{ course_service_prefix }}/v1/batch/read" + upstream_url: "{{ lms_service_url }}/v1/course/batch/read" strip_uri: true plugins: - name: jwt @@ -885,7 +773,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - pageCreate + - courseAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -893,12 +781,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: createPublisher - uris: "{{ dialcode_service_prefix }}/v1/publisher/create" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/publisher/create" +- name: collectionSummaryAgg + uris: "/v1/collection/summary" + upstream_url: "{{ lms_service_url }}/v1/collection/summary" strip_uri: true plugins: - name: jwt @@ -906,7 +794,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - dialcodeCreate + - courseAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -917,9 +805,9 @@ kong_apis: config.required: false config.enabled: false -- name: createSession - uris: "{{ sso_service_prefix }}/v1/create/session" - upstream_url: "{{ player_service_url }}/v1/sso/create/session" +- name: getPageSettings + uris: "{{ data_service_prefix }}/v1/page/read" + upstream_url: "{{ lms_service_url }}/v1/page/read" strip_uri: true plugins: - name: jwt @@ -927,7 +815,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - ssoAdmin + - pageAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -938,9 +826,9 @@ kong_apis: config.required: false config.enabled: false -- name: createUser - uris: "{{ user_service_prefix }}/v1/create" - upstream_url: "{{ learning_service_url }}/v1/user/create" +- name: getParticipants + uris: "{{ course_service_prefix }}/v1/batch/participants/list" + upstream_url: "{{ lms_service_url }}/v1/batch/participants/list" strip_uri: true plugins: - name: jwt @@ -948,7 +836,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userCreate + - courseCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -959,9 +847,9 @@ kong_apis: config.required: false config.enabled: false -- name: createUserLearnerV3 - uris: "{{ user_service_prefix }}/v1/signup" - upstream_url: "{{ learning_service_url }}/v1/user/signup" +- name: getSystemSettings + uris: "{{ data_service_prefix }}/v1/system/settings/get" + upstream_url: "{{ learning_service_url }}/v1/system/settings/get" strip_uri: true plugins: - name: jwt @@ -969,7 +857,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userCreate + - anonymousAppAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -980,9 +868,9 @@ kong_apis: config.required: false config.enabled: false -- name: createUserVersion2 - uris: "{{ user_service_prefix }}/v2/create" - upstream_url: "{{ learning_service_url }}/v2/user/create" +- name: getUserByKey + uris: "{{ user_service_prefix }}/v1/get" + upstream_url: "{{ learning_service_url }}/v1/user/get" strip_uri: true plugins: - name: jwt @@ -990,7 +878,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userCreate + - anonymousUserAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1001,9 +889,9 @@ kong_apis: config.required: false config.enabled: false -- name: createUserVersion3 - uris: "{{ user_service_prefix }}/v3/create" - upstream_url: "{{ learning_service_url }}/v3/user/create" +- name: getUserByKeyV2 + uris: "{{ user_service_prefix }}/v2/get" + upstream_url: "{{ learning_service_url }}/v2/user/get" strip_uri: true plugins: - name: jwt @@ -1011,7 +899,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userCreate + - anonymousUserAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1022,9 +910,9 @@ kong_apis: config.required: false config.enabled: false -- name: createUserVersion4 - uris: "{{ user_service_prefix }}/v4/create" - upstream_url: "{{ learning_service_url }}/v4/user/create" +- name: getUserProfile + uris: "{{ user_service_prefix }}/v1/read" + upstream_url: "{{ learning_service_url }}/v1/user/read" strip_uri: true plugins: - name: jwt @@ -1040,12 +928,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: deleteNote - uris: "{{ notes_service_prefix }}/v1/delete" - upstream_url: "{{ learning_service_url }}/v1/note/delete" +- name: getUserProfileV2 + uris: "{{ user_service_prefix }}/v2/read" + upstream_url: "{{ learning_service_url }}/v2/user/read" strip_uri: true plugins: - name: jwt @@ -1053,7 +941,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - noteAdmin + - userAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1061,12 +949,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: deviceProfile - uris: "{{ device_prefix }}/profile" - upstream_url: "{{ analytics_api_service_url }}/v1/device/profile" +- name: indexSync + uris: "{{ data_service_prefix }}/v1/index/sync" + upstream_url: "{{ learning_service_url }}/v1/data/sync" strip_uri: true plugins: - name: jwt @@ -1074,7 +962,8 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - deviceCreate + - userAdmin + - orgAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1085,9 +974,9 @@ kong_apis: config.required: false config.enabled: false -- name: deviceRegister - uris: "{{ device_prefix }}/register" - upstream_url: "{{ analytics_api_service_url }}/v1/device/register" +- name: KongConsumerApi + uris: "{{ api_manager_perfix }}/v1/consumer" + upstream_url: "{{ am_util_url }}/v1/consumer" strip_uri: true plugins: - name: jwt @@ -1095,10 +984,10 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - deviceCreate + - kongConsumerAdmin - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ small_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" @@ -1106,26 +995,9 @@ kong_apis: config.required: false config.enabled: false -- name: dialAssemble - uris: "{{ data_service_prefix }}/v1/dial/assemble" - upstream_url: "{{ lms_service_url }}/v1/dial/assemble" - strip_uri: true - plugins: - - name: cors - - "{{ statsd_pulgin }}" - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: downloadCertificate - uris: "{{ user_service_prefix }}/v1/certs/download" - upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/download" +- name: searchCourseBatches + uris: "{{ course_service_prefix }}/v1/batch/list" + upstream_url: "{{ lms_service_url }}/v1/course/batch/search" strip_uri: true plugins: - name: jwt @@ -1133,7 +1005,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - certificateAccess + - anonymousCourseAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1144,9 +1016,9 @@ kong_apis: config.required: false config.enabled: false -- name: downloadRegCertificate - uris: "{{ cert_registry_service_prefix }}/v1/certs/download" - upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/download" +- name: listCourseEnrollments + uris: "{{ course_service_prefix }}/v1/user/enrollment/list" + upstream_url: "{{ lms_service_url }}/v1/user/courses/list" strip_uri: true plugins: - name: jwt @@ -1154,7 +1026,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - certificateAccess + - anonymousCourseAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1165,9 +1037,9 @@ kong_apis: config.required: true config.enabled: true -- name: downloadTOC - uris: "{{ textbook_service_prefix }}/v1/toc/download" - upstream_url: "{{ lms_service_url }}/v1/textbook/toc/download" +- name: privateListCourseEnrollments + uris: "{{ course_service_prefix }}/private/v1/user/enrollment/list" + upstream_url: "{{ lms_service_url }}/private/v1/user/courses/list" strip_uri: true plugins: - name: jwt @@ -1175,20 +1047,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - anonymousContentAccess + - courseAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: echo - uris: "{{ echo_service_prefix }}" - upstream_url: "{{ echo_service_url }}" +- name: listUserCourseEnrollments + uris: "{{ course_service_prefix }}/v2/user/enrollment/list" + upstream_url: "{{ lms_service_url }}/v2/user/courses/list" strip_uri: true plugins: - name: jwt @@ -1196,7 +1068,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - ssoCreate + - anonymousCourseAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1207,9 +1079,9 @@ kong_apis: config.required: false config.enabled: false -- name: experimentcreate - uris: "{{ data_service_prefix }}/v1/experiement/create" - upstream_url: "{{ analytics_api_service_url }}/experiment/create" +- name: privateListUserCourseEnrollments + uris: "{{ course_service_prefix }}/private/v2/user/enrollment/list" + upstream_url: "{{ lms_service_url }}/private/v2/user/courses/list" strip_uri: true plugins: - name: jwt @@ -1217,7 +1089,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - experimentCreate + - privateCourseAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1228,9 +1100,9 @@ kong_apis: config.required: false config.enabled: false -- name: experimentread - uris: "{{ data_service_prefix }}/v1/experiement/get" - upstream_url: "{{ analytics_api_service_url }}/experiment/get" +- name: listPageSections + uris: "{{ data_service_prefix }}/v1/page/section/list" + upstream_url: "{{ lms_service_url }}/v1/page/section/list" strip_uri: true plugins: - name: jwt @@ -1238,7 +1110,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - expirementAccess + - pageAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1249,9 +1121,9 @@ kong_apis: config.required: false config.enabled: false -- name: fetchURLMetaInformation - uris: "{{ content_prefix }}/v1/fetchmeta" - upstream_url: "{{ knowledge_mw_service_url }}/v1/url/fetchmeta" +- name: listSystemSettings + uris: "{{ data_service_prefix }}/v1/system/settings/list" + upstream_url: "{{ learning_service_url }}/v1/system/settings/list" strip_uri: true plugins: - name: jwt @@ -1270,9 +1142,9 @@ kong_apis: config.required: false config.enabled: false -- name: flagContent - uris: "{{ content_prefix }}/v1/flag" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/flag" +- name: masterLocationCreate + uris: "{{ data_service_prefix }}/v1/location/create" + upstream_url: "{{ learning_service_url }}/v1/location/create" strip_uri: true plugins: - name: jwt @@ -1280,20 +1152,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAccess + - locationCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: freshDesk - uris: "{{ tickets_prefix }}/v1/create" - upstream_url: "{{ freshDesk_url }}/api/v2/tickets" +- name: masterLocationDelete + uris: "{{ data_service_prefix }}/v1/location/delete" + upstream_url: "{{ learning_service_url }}/v1/location/delete" strip_uri: true plugins: - name: jwt @@ -1301,7 +1173,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - appAccess + - locationAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1312,9 +1184,9 @@ kong_apis: config.required: false config.enabled: false -- name: generateDialcodes - uris: "{{ dialcode_service_prefix }}/v1/generate" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/generate" +- name: masterLocationSearch + uris: "{{ data_service_prefix }}/v1/location/search" + upstream_url: "{{ learning_service_url }}/v1/location/search" strip_uri: true plugins: - name: jwt @@ -1322,20 +1194,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - dialcodeCreate + - locationAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: generateOtp - uris: "{{ otp_service_prefix }}/v1/generate" - upstream_url: "{{ learning_service_url }}/v1/otp/generate" +- name: masterLocationUpdate + uris: "{{ data_service_prefix }}/v1/location/update" + upstream_url: "{{ learning_service_url }}/v1/location/update" strip_uri: true plugins: - name: jwt @@ -1343,20 +1215,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - anonymousUserAccess + - locationUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: generateOtpV2 - uris: "{{ otp_service_prefix }}/v2/generate" - upstream_url: "{{ learning_service_url }}/v2/otp/generate" +- name: masterLocationUpload + uris: "{{ data_service_prefix }}/v1/bulk/location/upload" + upstream_url: "{{ learning_service_url }}/v1/bulk/location/upload" strip_uri: true plugins: - name: jwt @@ -1364,20 +1236,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - anonymousUserAccess + - locationSuperAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: getBatch - uris: "{{ course_service_prefix }}/v1/batch/read" - upstream_url: "{{ lms_service_url }}/v1/course/batch/read" +- name: mergeUserAccounts + uris: "{{ user_service_prefix }}/v1/account/merge" + upstream_url: "{{ learning_service_url }}/private/user/v1/account/merge" strip_uri: true plugins: - name: jwt @@ -1385,7 +1257,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - courseAccess + - userUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1393,12 +1265,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: true - config.enabled: true + config.required: false + config.enabled: false -- name: collectionSummaryAgg - uris: "/v1/collection/summary" - upstream_url: "{{ lms_service_url }}/v1/collection/summary" +- name: orgAssignKeys + uris: "{{ org_service_prefix }}/v1/assign/key" + upstream_url: "{{ learning_service_url }}/v1/org/assign/key" strip_uri: true plugins: - name: jwt @@ -1406,7 +1278,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - courseAdmin + - orgAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1417,9 +1289,9 @@ kong_apis: config.required: false config.enabled: false -- name: getContentUploadUrl - uris: "{{ content_prefix }}/v1/upload/url/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/upload/url" +- name: orgBulkUpload + uris: "{{ org_service_prefix }}/v1/upload" + upstream_url: "{{ learning_service_url }}/v1/org/upload" strip_uri: true plugins: - name: jwt @@ -1427,37 +1299,41 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - orgSuperAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: getCourseHierarchy - uris: "{{ course_service_prefix }}/v1/hierarchy" - upstream_url: "{{ knowledge_mw_service_url }}/v1/course/hierarchy" +- name: privateUserAssignRole + uris: "{{ user_service_prefix }}/private/v1/assign/role" + upstream_url: "{{ learning_service_url }}/private/user/v1/assign/role" strip_uri: true plugins: + - name: jwt - name: cors - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - userSuperAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip + config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: getPageSettings - uris: "{{ data_service_prefix }}/v1/page/read" - upstream_url: "{{ lms_service_url }}/v1/page/read" +- name: privateUserRead + uris: "{{ user_service_prefix }}/private/v1/read" + upstream_url: "{{ learning_service_url }}/private/user/v1/read" strip_uri: true plugins: - name: jwt @@ -1465,7 +1341,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - pageAccess + - userSuperAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1476,9 +1352,9 @@ kong_apis: config.required: false config.enabled: false -- name: getParticipants - uris: "{{ course_service_prefix }}/v1/batch/participants/list" - upstream_url: "{{ lms_service_url }}/v1/batch/participants/list" +- name: qrCodeDownload + uris: "{{ course_service_prefix }}/v1/qrcode/download" + upstream_url: "{{ lms_service_url }}/v1/course/qrcode/download" strip_uri: true plugins: - name: jwt @@ -1486,7 +1362,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - courseCreate + - dialcodeAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1497,9 +1373,9 @@ kong_apis: config.required: false config.enabled: false -- name: getSystemSettings - uris: "{{ data_service_prefix }}/v1/system/settings/get" - upstream_url: "{{ learning_service_url }}/v1/system/settings/get" +- name: readCertTemplate + uris: "{{ cert_service_prefix }}/v1/template/read" + upstream_url: "{{ cert_service_url }}/cert/v1/template/read" strip_uri: true plugins: - name: jwt @@ -1507,20 +1383,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - anonymousAppAccess + - certificateAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: getTenantInfo - uris: "{{ org_service_prefix }}/v1/tenant/info" - upstream_url: "{{ player_service_url }}/v1/tenant/info" +- name: readContentState + uris: "{{ course_service_prefix }}/v1/content/state/read" + upstream_url: "{{ lms_service_url }}/v1/content/state/read" strip_uri: true plugins: - name: jwt @@ -1528,7 +1404,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - anonymousOrgAccess + - courseAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1536,12 +1412,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: getUserByKey - uris: "{{ user_service_prefix }}/v1/get" - upstream_url: "{{ learning_service_url }}/v1/user/get" +- name: privateReadContentState + uris: "{{ course_service_prefix }}/private/v1/content/state/read" + upstream_url: "{{ lms_service_url }}/private/v1/content/state/read" strip_uri: true plugins: - name: jwt @@ -1549,7 +1425,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - anonymousUserAccess + - privateCourseAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1560,9 +1436,9 @@ kong_apis: config.required: false config.enabled: false -- name: getUserByKeyV2 - uris: "{{ user_service_prefix }}/v2/get" - upstream_url: "{{ learning_service_url }}/v2/user/get" +- name: readCourseEnrollment + uris: "{{ course_service_prefix }}/v1/user/enrollment/read" + upstream_url: "{{ lms_service_url }}/v1/user/courses/read" strip_uri: true plugins: - name: jwt @@ -1570,7 +1446,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - anonymousUserAccess + - courseAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1581,9 +1457,9 @@ kong_apis: config.required: false config.enabled: false -- name: getUserProfile - uris: "{{ user_service_prefix }}/v1/read" - upstream_url: "{{ learning_service_url }}/v1/user/read" +- name: readNote + uris: "{{ notes_service_prefix }}/v1/read" + upstream_url: "{{ learning_service_url }}/v1/note/read" strip_uri: true plugins: - name: jwt @@ -1591,176 +1467,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: getUserProfileV2 - uris: "{{ user_service_prefix }}/v2/read" - upstream_url: "{{ learning_service_url }}/v2/user/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: indexSync - uris: "{{ data_service_prefix }}/v1/index/sync" - upstream_url: "{{ learning_service_url }}/v1/data/sync" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userAdmin - - orgAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: ItemSetAPIs - uris: "{{ itemset_prefix }}/v1" - upstream_url: "{{ knowledge_mw_service_url }}/itemset/v1" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - itemSetAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: KongConsumerApi - uris: "{{ api_manager_perfix }}/v1/consumer" - upstream_url: "{{ am_util_url }}/v1/consumer" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - kongConsumerAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: LicenseAPI - uris: "{{ license_api_prefix }}/v3" - upstream_url: "{{ content_service_url }}/license/v3" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - appAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: linkDialcodeContent - uris: "{{ dialcode_service_prefix }}/v1/content/link" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/content/link" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dialcodeCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: listAllBadges - uris: "{{ org_service_prefix }}/v1/badges/list" - upstream_url: "{{ learning_service_url }}/v1/badges/list" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - badgeAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: listChannel - uris: "{{ channel_service_prefix }}/v1/list" - upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/list" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - channelAccess + - noteAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1771,9 +1478,9 @@ kong_apis: config.required: false config.enabled: false -- name: searchCourseBatches - uris: "{{ course_service_prefix }}/v1/batch/list" - upstream_url: "{{ lms_service_url }}/v1/course/batch/search" +- name: readOrg + uris: "{{ org_service_prefix }}/v1/read" + upstream_url: "{{ learning_service_url }}/v1/org/read" strip_uri: true plugins: - name: jwt @@ -1781,7 +1488,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - anonymousCourseAccess + - anonymousOrgAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1792,30 +1499,9 @@ kong_apis: config.required: false config.enabled: false -- name: listCourseEnrollments - uris: "{{ course_service_prefix }}/v1/user/enrollment/list" - upstream_url: "{{ lms_service_url }}/v1/user/courses/list" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - anonymousCourseAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: privateListCourseEnrollments - uris: "{{ course_service_prefix }}/private/v1/user/enrollment/list" - upstream_url: "{{ lms_service_url }}/private/v1/user/courses/list" +- name: readPageSection + uris: "{{ data_service_prefix }}/v1/page/section/read" + upstream_url: "{{ lms_service_url }}/v1/page/section/read" strip_uri: true plugins: - name: jwt @@ -1823,7 +1509,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - courseAccess + - pageAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1834,9 +1520,9 @@ kong_apis: config.required: false config.enabled: false -- name: listUserCourseEnrollments - uris: "{{ course_service_prefix }}/v2/user/enrollment/list" - upstream_url: "{{ lms_service_url }}/v2/user/courses/list" +- name: readRoleMapping + uris: "{{ data_service_prefix }}/v1/role/read" + upstream_url: "{{ learning_service_url }}/v1/role/read" strip_uri: true plugins: - name: jwt @@ -1844,7 +1530,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - anonymousCourseAccess + - userAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1855,9 +1541,9 @@ kong_apis: config.required: false config.enabled: false -- name: privateListUserCourseEnrollments - uris: "{{ course_service_prefix }}/private/v2/user/enrollment/list" - upstream_url: "{{ lms_service_url }}/private/v2/user/courses/list" +- name: readUserSpecificRole + uris: "{{ user_service_prefix }}/v1/role/read" + upstream_url: "{{ learning_service_url }}/v1/user/role/read" strip_uri: true plugins: - name: jwt @@ -1865,7 +1551,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - privateCourseAccess + - userAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1876,9 +1562,9 @@ kong_apis: config.required: false config.enabled: false -- name: listDialcodes - uris: "{{ dialcode_service_prefix }}/v1/list" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/list" +- name: readUserProfile + uris: "{{ user_service_prefix }}/v1/profile/read" + upstream_url: "{{ learning_service_url }}/v1/user/getuser" strip_uri: true plugins: - name: jwt @@ -1886,7 +1572,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - dialcodeAccess + - userAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1897,51 +1583,9 @@ kong_apis: config.required: false config.enabled: false -- name: listFramework - uris: "{{ framework_service_prefix }}/v1/list" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/list" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - frameworkAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ x_medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: listLock - uris: "{{ lock_service_prefix }}/v1/list" - upstream_url: "{{ knowledge_mw_service_url }}/v1/lock/list" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: listOrdinals - uris: "{{ meta_service_prefix }}/v1/ordinals/list" - upstream_url: "{{ knowledge_mw_service_url }}/v1/ordinals/list" +- name: registerDesktopApp + uris: "{{ api_manager_perfix }}/v1/consumer/desktop_app/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/desktop_app/credential/register" strip_uri: true plugins: - name: jwt @@ -1949,7 +1593,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - appAccess + - desktopSuperAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -1958,5190 +1602,11 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false - config.enabled: false - -- name: listPageSections - uris: "{{ data_service_prefix }}/v1/page/section/list" - upstream_url: "{{ lms_service_url }}/v1/page/section/list" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - pageAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: listResourceBundles - uris: "{{ meta_service_prefix }}/v1/resourcebundles/list" - upstream_url: "{{ knowledge_mw_service_url }}/v1/resourcebundles/list" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - anonymousAppAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: listSystemSettings - uris: "{{ data_service_prefix }}/v1/system/settings/list" - upstream_url: "{{ learning_service_url }}/v1/system/settings/list" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - appAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: listTerms - uris: "{{ meta_service_prefix }}/v1/terms/list" - upstream_url: "{{ knowledge_mw_service_url }}/v1/terms/list" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - frameworkAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: masterLocationCreate - uris: "{{ data_service_prefix }}/v1/location/create" - upstream_url: "{{ learning_service_url }}/v1/location/create" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - locationCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: masterLocationDelete - uris: "{{ data_service_prefix }}/v1/location/delete" - upstream_url: "{{ learning_service_url }}/v1/location/delete" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - locationAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: masterLocationSearch - uris: "{{ data_service_prefix }}/v1/location/search" - upstream_url: "{{ learning_service_url }}/v1/location/search" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - locationAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: masterLocationUpdate - uris: "{{ data_service_prefix }}/v1/location/update" - upstream_url: "{{ learning_service_url }}/v1/location/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - locationUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: masterLocationUpload - uris: "{{ data_service_prefix }}/v1/bulk/location/upload" - upstream_url: "{{ learning_service_url }}/v1/bulk/location/upload" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - locationSuperAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: mergeUserAccounts - uris: "{{ user_service_prefix }}/v1/account/merge" - upstream_url: "{{ learning_service_url }}/private/user/v1/account/merge" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: orgAssignKeys - uris: "{{ org_service_prefix }}/v1/assign/key" - upstream_url: "{{ learning_service_url }}/v1/org/assign/key" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - orgAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: orgBulkUpload - uris: "{{ org_service_prefix }}/v1/upload" - upstream_url: "{{ learning_service_url }}/v1/org/upload" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - orgSuperAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: pluginSearch - uris: "{{ plugin_service_prefix }}/v1/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/plugins/search" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - pluginAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: PrivateContentCreateAPIs - uris: "{{ private_content_prefix }}/v3/create" - upstream_url: "{{ content_service_url }}/content/v3/create" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentSuperAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: PrivateContentReadAPIs - uris: "{{ private_content_prefix }}/v3/read" - upstream_url: "{{ content_service_url }}/content/v3/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentSuperAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: PrivateContentUpdateAPIs - uris: "{{ private_content_prefix }}/v3/update" - upstream_url: "{{ content_service_url }}/content/v3/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentSuperAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: PrivateContentRetireAPI - uris: "{{ private_content_prefix }}/v3/retire" - upstream_url: "{{ vm_learning_service_url }}/content/v3/retire" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentSuperAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: PrivateContentUploadAPI - uris: "{{ private_content_prefix }}/v3/upload" - upstream_url: "{{ content_service_url }}/content/v3/upload" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentSuperAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: PrivateContentReviewAPI - uris: "{{ private_content_prefix }}/v3/review" - upstream_url: "{{ vm_learning_service_url }}/content/v3/review" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentSuperAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: PrivateContentPublishAPI - uris: "{{ private_content_prefix }}/v3/publish" - upstream_url: "{{ vm_learning_service_url }}/content/v3/publish" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentSuperAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: PrivateContentRejectAPI - uris: "{{ private_content_prefix }}/v3/reject" - upstream_url: "{{ vm_learning_service_url }}/content/v3/reject" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentSuperAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: PrivateContentHierarchyAPI - uris: "{{ private_content_prefix }}/v3/hierarchy" - upstream_url: "{{ content_service_url }}/content/v3/hierarchy" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentSuperAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: privateUserAssignRole - uris: "{{ user_service_prefix }}/private/v1/assign/role" - upstream_url: "{{ learning_service_url }}/private/user/v1/assign/role" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userSuperAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: privateUserRead - uris: "{{ user_service_prefix }}/private/v1/read" - upstream_url: "{{ learning_service_url }}/private/user/v1/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userSuperAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: publishContent - uris: "{{ content_prefix }}/v1/publish" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/publish" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: publishCourse - uris: "{{ course_service_prefix }}/v1/publish" - upstream_url: "{{ knowledge_mw_service_url }}/v1/course/publish" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - courseAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: publishDialcode - uris: "{{ dialcode_service_prefix }}/v1/publish" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/publish" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dialcodeAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: publishFramework - uris: "{{ framework_service_prefix }}/v1/publish" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/publish" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - frameworkAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: qrCodeBatchProcessRetry - uris: "{{ dialcode_service_prefix }}/v1/process/retry" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/process/retry" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dialcodeUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: qrCodeBatchProcessStatus - uris: "{{ dialcode_service_prefix }}/v1/process/status" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/process/status" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dialcodeAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: qrCodeDownload - uris: "{{ course_service_prefix }}/v1/qrcode/download" - upstream_url: "{{ lms_service_url }}/v1/course/qrcode/download" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dialcodeAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readCertTemplate - uris: "{{ cert_service_prefix }}/v1/template/read" - upstream_url: "{{ cert_service_url }}/cert/v1/template/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - certificateAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readChannel - uris: "{{ channel_service_prefix }}/v1/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/read" - strip_uri: true - plugins: - - name: cors - - "{{ statsd_pulgin }}" - - name: rate-limiting - config.policy: local - config.hour: "{{ x_large_rate_limit_per_hour }}" - config.limit_by: ip - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readContent - uris: "{{ content_prefix }}/v1/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/read" - strip_uri: true - plugins: - - name: cors - - "{{ statsd_pulgin }}" - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: contentPrivateRead - uris: "{{ content_prefix }}/v1/private/read" - upstream_url: "{{ content_service_url }}/content/v4/private/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readContentState - uris: "{{ course_service_prefix }}/v1/content/state/read" - upstream_url: "{{ lms_service_url }}/v1/content/state/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - courseAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: privateReadContentState - uris: "{{ course_service_prefix }}/private/v1/content/state/read" - upstream_url: "{{ lms_service_url }}/private/v1/content/state/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - privateCourseAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readCourse - uris: "{{ course_service_prefix }}/v1/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/course/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - courseAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readCourseEnrollment - uris: "{{ course_service_prefix }}/v1/user/enrollment/read" - upstream_url: "{{ lms_service_url }}/v1/user/courses/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - courseAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readDialcode - uris: "{{ dialcode_service_prefix }}/v1/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dialcodeAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readDialcodeV2 - uris: "{{ dialcode_service_prefix }}/v2/read" - upstream_url: "{{ knowledge_mw_service_url }}/v2/dialcode/read" - strip_uri: true - plugins: - - name: cors - - "{{ statsd_pulgin }}" - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readForm - uris: "{{ data_service_prefix }}/v1/form/read" - upstream_url: "{{ player_service_url }}/plugin/v1/form/read" - strip_uri: true - plugins: - - name: cors - - "{{ statsd_pulgin }}" - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readFramework - uris: "{{ framework_service_prefix }}/v1/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/read" - strip_uri: true - plugins: - - name: cors - - "{{ statsd_pulgin }}" - - name: rate-limiting - config.policy: local - config.hour: "{{ premium_consumer_large_rate_limit_per_hour }}" - config.limit_by: ip - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readFrameworkCategory - uris: "{{ framework_service_prefix }}/v1/category/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/category/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - frameworkAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readFrameworkTerm - uris: "{{ framework_service_prefix }}/v1/term/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/term/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - frameworkAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ x_large_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readNote - uris: "{{ notes_service_prefix }}/v1/read" - upstream_url: "{{ learning_service_url }}/v1/note/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - noteAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readOrg - uris: "{{ org_service_prefix }}/v1/read" - upstream_url: "{{ learning_service_url }}/v1/org/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - anonymousOrgAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readPageSection - uris: "{{ data_service_prefix }}/v1/page/section/read" - upstream_url: "{{ lms_service_url }}/v1/page/section/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - pageAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readPublisher - uris: "{{ dialcode_service_prefix }}/v1/publisher/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/publisher/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dialcodeCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readRoleMapping - uris: "{{ data_service_prefix }}/v1/role/read" - upstream_url: "{{ learning_service_url }}/v1/role/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readUserSpecificRole - uris: "{{ user_service_prefix }}/v1/role/read" - upstream_url: "{{ learning_service_url }}/v1/user/role/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readUserProfile - uris: "{{ user_service_prefix }}/v1/profile/read" - upstream_url: "{{ learning_service_url }}/v1/user/getuser" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: registerDesktopApp - uris: "{{ api_manager_perfix }}/v1/consumer/desktop_app/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/desktop_app/credential/register" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - desktopSuperAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: registerDesktopDevice - uris: "{{ api_manager_perfix }}/v1/consumer/desktop_device/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/desktop_device/credential/register" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - desktopAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: registerDesktopDevicev2 - uris: "{{ api_manager_perfix }}/v2/consumer/desktop_device/credential/register" - upstream_url: "{{ am_util_url }}/v2/consumer/desktop_device/credential/register" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - desktopAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: refreshLock - uris: "{{ lock_service_prefix }}/v1/refresh" - upstream_url: "{{ knowledge_mw_service_url }}/v1/lock/refresh" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: refreshToken - uris: "{{ auth_service_prefix }}/v1/refresh/token" - upstream_url: "{{ am_util_url }}/v1/auth/refresh/token" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - refreshTokenCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: registerMobileApp - uris: "{{ api_manager_perfix }}/v1/consumer/mobile_app/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/mobile_app/credential/register" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - mobileSuperAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: registerMobileAppOpenRAP - uris: "{{ api_manager_perfix }}/v1/consumer/mobile_app_openrap/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/mobile_app_openrap/credential/register" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - mobileOpenRAPSuperAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: registerMobileAppTeacherAid - uris: "{{ api_manager_perfix }}/v1/consumer/mobile_app_teacheraid/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/mobile_app_teacheraid/credential/register" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - mobileTeacherAidSuperAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: registerMobileDevice - uris: "{{ api_manager_perfix }}/v1/consumer/mobile_device/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/mobile_device/credential/register" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - mobileAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: registerMobileDevicev2 - uris: "{{ api_manager_perfix }}/v2/consumer/mobile_device/credential/register" - upstream_url: "{{ am_util_url }}/v2/consumer/mobile_device/credential/register" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - mobileAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: registerPortalAnonymous - uris: "{{ api_manager_perfix }}/v2/consumer/portal_anonymous/credential/register" - upstream_url: "{{ am_util_url }}/v2/consumer/portal_anonymous/credential/register" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - portalAnonymous - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: registerPortalLoggedin - uris: "{{ api_manager_perfix }}/v2/consumer/portal_loggedin/credential/register" - upstream_url: "{{ am_util_url }}/v2/consumer/portal_loggedin/credential/register" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - portalLoggedin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: registerMobileDeviceOpenRAP - uris: "{{ api_manager_perfix }}/v1/consumer/mobile_device_openrap/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/mobile_device_openrap/credential/register" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - mobileOpenRAPAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: registerMobileDeviceTeacherAid - uris: "{{ api_manager_perfix }}/v1/consumer/mobile_device_teacheraid/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/mobile_device_teacheraid/credential/register" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - mobileTeacherAidAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: rejectContent - uris: "{{ content_prefix }}/v1/reject" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/reject" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: rejectContentFlag - uris: "{{ content_prefix }}/v1/flag/reject" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/flag/reject" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: releaseDialcode - uris: "{{ dialcode_service_prefix }}/v1/release" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/release" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dialcodeAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: reserveDialcode - uris: "{{ dialcode_service_prefix }}/v1/reserve" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/reserve" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dialcodeAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: retireContent - uris: "{{ content_prefix }}/v1/retire" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/retire" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: retireCourse - uris: "{{ course_service_prefix }}/v1/retire" - upstream_url: "{{ knowledge_mw_service_url }}/v1/course/retire" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - courseAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: retireLock - uris: "{{ lock_service_prefix }}/v1/retire" - upstream_url: "{{ knowledge_mw_service_url }}/v1/lock/retire" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: searchChannel - uris: "{{ channel_service_prefix }}/v1/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/search" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - channelAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: searchContent - uris: "{{ content_prefix }}/v1/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/search" - strip_uri: true - plugins: - - name: cors - - "{{ statsd_pulgin }}" - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: searchCourse - uris: "{{ course_service_prefix }}/v1/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/course/search" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - courseAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: searchDialcodes - uris: "{{ dialcode_service_prefix }}/v1/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/search" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dialcodeAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: searchFrameworkCategory - uris: "{{ framework_service_prefix }}/v1/category/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/category/search" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - frameworkAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: searchFrameworkTerm - uris: "{{ framework_service_prefix }}/v1/term/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/term/search" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - frameworkAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: searchNotes - uris: "{{ notes_service_prefix }}/v1/search" - upstream_url: "{{ learning_service_url }}/v1/note/search" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - noteAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: searchOrgExtended - uris: "{{ org_service_prefix }}/v1/ext/search" - upstream_url: "{{ learning_service_url }}/v1/org/search" - strip_uri: true - plugins: - - name: cors - - "{{ statsd_pulgin }}" - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: searchOrg - uris: "{{ org_service_prefix }}/v1/search" - upstream_url: "{{ learning_service_url }}/v1/org/search" - strip_uri: true - plugins: - - name: cors - - "{{ statsd_pulgin }}" - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: searchUser - uris: "{{ user_service_prefix }}/v1/search" - upstream_url: "{{ learning_service_url }}/v1/user/search" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userTempAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: sendEmailNotification - uris: "{{ user_service_prefix }}/v1/notification/email" - upstream_url: "{{ learning_service_url }}/v1/notification/email" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - appUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: submitContentForReview - uris: "{{ content_prefix }}/v1/review" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/review" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: submitCourseForReview - uris: "{{ course_service_prefix }}/v1/review" - upstream_url: "{{ knowledge_mw_service_url }}/v1/course/review" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - courseAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: telemetry - uris: "{{ data_service_prefix }}/v1/telemetry" - upstream_url: "{{ telemetry_service_url }}/v1/telemetry" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - telemetryCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ premium_consumer_large_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: telemetryErrorLogging - uris: "{{ data_service_prefix }}/v1/client/logs" - upstream_url: "{{ analytics_api_service_url }}/data/v1/client/logs" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - telemetryCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: unblockUser - uris: "{{ user_service_prefix }}/v1/unblock" - upstream_url: "{{ learning_service_url }}/v1/user/unblock" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateBatch - uris: "{{ course_service_prefix }}/v1/batch/update" - upstream_url: "{{ lms_service_url }}/v1/course/batch/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - courseUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: updateCertTemplate - uris: "{{ cert_service_prefix }}/v1/template/update" - upstream_url: "{{ cert_service_url }}/cert/v1/template/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - certificateUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateChannel - uris: "{{ channel_service_prefix }}/v1/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - channelUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateCollaborators - uris: "{{ content_prefix }}/v1/collaborator/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/collaborator/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: updateContent - uris: "{{ content_prefix }}/v1/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: updateContentState - uris: "{{ course_service_prefix }}/v1/content/state/update" - upstream_url: "{{ lms_service_url }}/v1/content/state/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - courseAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: updateCourse - uris: "{{ course_service_prefix }}/v1/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/course/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - courseUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateCourseHierarchy - uris: "{{ course_service_prefix }}/v1/hierarchy/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/course/hierarchy/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - courseUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateDesktopApp - uris: "{{ desktop_app_prefix }}/v1/update" - upstream_url: "{{ player_service_url }}/v1/desktop/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - anonymousAppAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateDialcode - uris: "{{ dialcode_service_prefix }}/v1/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dialcodeUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateDialcodeV2 - uris: "{{ dialcode_service_prefix }}/v2/update" - upstream_url: "{{ knowledge_mw_service_url }}/v2/dialcode/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dialcodeUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateForm - uris: "{{ data_service_prefix }}/v1/form/update" - upstream_url: "{{ player_service_url }}/plugin/v1/form/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - formUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateFramework - uris: "{{ framework_service_prefix }}/v1/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - frameworkUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateFrameworkCategory - uris: "{{ framework_service_prefix }}/v1/category/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/category/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - frameworkUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateFrameworkTerm - uris: "{{ framework_service_prefix }}/v1/term/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/term/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - frameworkUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateNote - uris: "{{ notes_service_prefix }}/v1/update" - upstream_url: "{{ learning_service_url }}/v1/note/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - noteUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateOrg - uris: "{{ org_service_prefix }}/v1/update" - upstream_url: "{{ learning_service_url }}/v1/org/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - orgUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateOrgStatus - uris: "{{ org_service_prefix }}/v1/status/update" - upstream_url: "{{ learning_service_url }}/v1/org/status/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - orgUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updatePage - uris: "{{ data_service_prefix }}/v1/page/update" - upstream_url: "{{ lms_service_url }}/v1/page/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - pageUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updatePageSection - uris: "{{ data_service_prefix }}/v1/page/section/update" - upstream_url: "{{ lms_service_url }}/v1/page/section/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - pageUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updatePublisher - uris: "{{ dialcode_service_prefix }}/v1/publisher/update" - upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/publisher/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dialcodeUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateUser - uris: "{{ user_service_prefix }}/v1/update" - upstream_url: "{{ learning_service_url }}/v1/user/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: uploadContent - uris: "{{ content_prefix }}/v1/upload" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/upload" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ large_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: uploadCrashLogs - uris: "{{ desktop_app_prefix }}/v1/upload-crash-logs" - upstream_url: "{{ player_service_url }}/v1/desktop/upload-crash-logs" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - telemetryCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: uploadTOC - uris: "{{ textbook_service_prefix }}/v1/toc/upload" - upstream_url: "{{ lms_service_url }}/v1/textbook/toc/upload" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: userBulkUpload - uris: "{{ user_service_prefix }}/v1/upload" - upstream_url: "{{ learning_service_url }}/v1/user/upload" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: userExistenceApi - uris: "{{ user_service_prefix }}/v1/exists" - upstream_url: "{{ learning_service_url }}/v1/user/exists" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - anonymousUserAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: userExistenceApiV2 - uris: "{{ user_service_prefix }}/v2/exists" - upstream_url: "{{ learning_service_url }}/v2/user/exists" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: userFeed - uris: "{{ user_service_prefix }}/v1/feed" - upstream_url: "{{ learning_service_url }}/v1/user/feed" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: userFeedCreate - uris: "{{ user_service_prefix }}/feed/v1/create" - upstream_url: "{{ learning_service_url }}/v1/user/feed/create" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: userFeedDelete - uris: "{{ user_service_prefix }}/feed/v1/delete" - upstream_url: "{{ learning_service_url }}/v1/user/feed/delete" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: userFeedUpdate - uris: "{{ user_service_prefix }}/feed/v1/update" - upstream_url: "{{ learning_service_url }}/v1/user/feed/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: userMigrate - uris: "{{ user_service_prefix }}/v1/migrate" - upstream_url: "{{ learning_service_url }}/v1/user/migrate" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: validateRegCertificate - uris: "{{ cert_registry_service_prefix }}/v1/certs/validate" - upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/validate" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - anonymousCertificateAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: verifyOtp - uris: "{{ otp_service_prefix }}/v1/verify" - upstream_url: "{{ learning_service_url }}/v1/otp/verify" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - anonymousUserAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: verifyOtpV2 - uris: "{{ otp_service_prefix }}/v2/verify" - upstream_url: "{{ learning_service_url }}/v2/otp/verify" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - anonymousUserAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: verifyRegCertificate - uris: "{{ cert_registry_service_prefix }}/v1/certs/verify" - upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/verify" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - certificateAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: registerIgotApp - uris: "{{ api_manager_perfix }}/v1/consumer/igot_app/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/igot_app/credential/register" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - igotAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: registerIgotDevice - uris: "{{ api_manager_perfix }}/v1/consumer/igot_device/credential/register" - upstream_url: "{{ am_util_url }}/v1/consumer/igot_device/credential/register" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - igotApp - - name: rate-limiting - config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: listReports - uris: "{{ report_service_prefix }}/report/list" - upstream_url: "{{ report_service_url }}/report/list" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - reportsAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: getReport - uris: "{{ report_service_prefix }}/report/get" - upstream_url: "{{ report_service_url }}/report/get" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - reportsAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: updateReport - uris: "{{ report_service_prefix }}/report/update" - upstream_url: "{{ report_service_url }}/report/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - reportsUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: deleteReport - uris: "{{ report_service_prefix }}/report/delete" - upstream_url: "{{ report_service_url }}/report/delete" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - reportsAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: createReport - uris: "{{ report_service_prefix }}/report/create" - upstream_url: "{{ report_service_url }}/report/create" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - reportsCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: createReportSummary - uris: "{{ report_service_prefix }}/report/summary/create" - upstream_url: "{{ report_service_url }}/report/summary/create" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - reportsCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: getReportSummary - uris: "{{ report_service_prefix }}/report/summary" - upstream_url: "{{ report_service_url }}/report/summary" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - reportsAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: listReportSummary - uris: "{{ report_service_prefix }}/report/summary/list" - upstream_url: "{{ report_service_url }}/report/summary/list" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - reportsAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: searchRegCertificate - uris: "{{ cert_registry_service_prefix }}/v1/certs/search" - upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/search" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - certificateAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: searchRegCertificateV2 - uris: "{{ cert_registry_service_prefix }}/v2/certs/search" - upstream_url: "{{ cert_registry_service_url }}/certs/v2/registry/search" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - certificateAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readRegCertificate - uris: "{{ cert_registry_service_prefix }}/v1/certs/read" - upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - certificateAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: forgotPassword - uris: "{{ learner_private_route_prefix }}/user/v1/password/reset" - upstream_url: "{{ learning_service_url }}/private/user/v1/password/reset" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - anonymousUserAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: publishReport - uris: "{{ report_service_prefix }}/report/publish" - upstream_url: "{{ report_service_url }}/report/publish" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - reportsAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: retireReport - uris: "{{ report_service_prefix }}/report/retire" - upstream_url: "{{ report_service_url }}/report/retire" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - reportsAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: searchManagedUser - uris: "{{ user_service_prefix }}/v1/managed" - upstream_url: "{{ learning_service_url }}/v1/user/managed" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - anonymousUserAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: createGroup - uris: "{{ group_service_prefix }}/v1/create" - upstream_url: "{{ group_service_url }}/v1/group/create" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - groupCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateGroup - uris: "{{ group_service_prefix }}/v1/update" - upstream_url: "{{ group_service_url }}/v1/group/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - groupUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: listGroup - uris: "{{ group_service_prefix }}/v1/list" - upstream_url: "{{ group_service_url }}/v1/group/list" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - groupAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readGroup - uris: "{{ group_service_prefix }}/v1/read" - upstream_url: "{{ group_service_url }}/v1/group/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - groupAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: deleteGroup - uris: "{{ group_service_prefix }}/v1/delete" - upstream_url: "{{ group_service_url }}/v1/group/delete" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - groupAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateGroupMembership - uris: "{{ group_service_prefix }}/membership/v1/update" - upstream_url: "{{ group_service_url }}/v1/group/membership/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - groupUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: groupActivityAgg - uris: "{{ data_service_prefix }}/v1/group/activity/agg" - upstream_url: "{{ lms_service_url }}/v1/group/activity/agg" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - groupAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: listForm - uris: "{{ data_service_prefix }}/v1/form/list" - upstream_url: "{{ player_service_url }}/plugin/v1/form/list" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - appAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: getUserProfileV3 - uris: "{{ user_service_prefix }}/v3/read" - upstream_url: "{{ learning_service_url }}/v3/user/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: updateUserDeclarations - uris: "{{ user_service_prefix }}/v1/declarations" - upstream_url: "{{ learning_service_url }}/v1/user/declarations" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: updateUserConsent - uris: "{{ user_service_prefix }}/v1/consent/update" - upstream_url: "{{ learning_service_url }}/v1/user/consent/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: readUserConsent - uris: "{{ user_service_prefix }}/v1/consent/read" - upstream_url: "{{ learning_service_url }}/v1/user/consent/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: readUserConsentV2 - uris: "{{ user_service_prefix }}/v2/consent/read" - upstream_url: "{{ learning_service_url }}/v2/user/consent/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: channelSpecificTelemetryExhaust - uris: "{{ data_service_prefix }}/v3/dataset/get" - upstream_url: "{{ analytics_api_service_url }}/dataset/get" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dataAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: publicDataExhaust - uris: "{{ dataset_service_prefix }}/get" - upstream_url: "{{ analytics_api_service_url }}/public/dataset/get" - strip_uri: true - plugins: - - name: cors - - "{{ statsd_pulgin }}" - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: submitDataExhaustRequest - uris: "{{ dataset_service_prefix }}/v1/request/submit" - upstream_url: "{{ analytics_api_service_url }}/request/submit" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dataCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: getDataExhaustRequest - uris: "{{ dataset_service_prefix }}/v1/request/read" - upstream_url: "{{ analytics_api_service_url }}/request/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dataAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: listDataExhaustRequest - uris: "{{ dataset_service_prefix }}/v1/request/list" - upstream_url: "{{ analytics_api_service_url }}/request/list" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dataAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: addDataset - uris: "{{ dataset_service_prefix }}/v1/add" - upstream_url: "{{ analytics_api_service_url }}/dataset/add" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dataCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: listDataset - uris: "{{ dataset_service_prefix }}/v1/list" - upstream_url: "{{ analytics_api_service_url }}/dataset/list" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - dataAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: createTenantPreferences - uris: "{{ org_service_prefix }}/v2/preferences/create" - upstream_url: "{{ learning_service_url }}/v2/org/preferences/create" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - orgUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: updateTenantPreferences - uris: "{{ org_service_prefix }}/v2/preferences/update" - upstream_url: "{{ learning_service_url }}/v2/org/preferences/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - orgUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: readTenantPreferencess - uris: "{{ org_service_prefix }}/v2/preferences/read" - upstream_url: "{{ learning_service_url }}/v2/org/preferences/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - orgAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: generateCertificateV2 - uris: "{{ cert_service_prefix }}/v2/certs/generate" - upstream_url: "{{ cert_service_url }}/v2/certs/generate" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - certificateCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: addRegCertificateV2 - uris: "{{ cert_registry_service_prefix }}/v2/certs/add" - upstream_url: "{{ cert_registry_service_url }}/certs/v2/registry/add" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - certificateCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: downloadRegCertificateV2 - uris: "{{ cert_registry_service_prefix }}/v2/certs/download" - upstream_url: "{{ cert_registry_service_url }}/certs/v2/registry/download" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - certificateAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: contentImportAPI - uris: "{{ content_prefix }}/v1/import" - upstream_url: "{{ content_service_url }}/content/v3/import" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: druidGetUpdateListReport - uris: "{{ data_service_prefix }}/v1{{ analytics_report_service_prefix }}" - upstream_url: "{{ analytics_api_service_url }}{{ analytics_report_service_prefix }}" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - druidReportAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: druidDeactivateReport - uris: "{{ data_service_prefix }}/v1{{ analytics_report_service_prefix }}/deactivate" - upstream_url: "{{ analytics_api_service_url }}{{ analytics_report_service_prefix }}/deactivate" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - druidReportAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: druidCreateReport - uris: "{{ data_service_prefix }}/v1{{ analytics_report_service_prefix }}/submit" - upstream_url: "{{ analytics_api_service_url }}{{ analytics_report_service_prefix }}/submit" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - druidReportCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: addRegCertificate - uris: "{{ cert_registry_service_prefix }}/v1/certs/add" - upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/add" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - certificateCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: generateCertificate - uris: "{{ cert_service_prefix }}/v1/certs/generate" - upstream_url: "{{ cert_service_url }}/v1/certs/generate" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - certificateCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: createObjectCategory - uris: "{{ object_category_prefix }}/v1/create" - upstream_url: "{{ taxonomy_service_url }}/object/category/v4/create" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - frameworkCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readObjectCategory - uris: "{{ object_category_prefix }}/v1/read" - upstream_url: "{{ taxonomy_service_url }}/object/category/v4/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - frameworkAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ x_medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateObjectCategory - uris: "{{ object_category_prefix }}/v1/update" - upstream_url: "{{ taxonomy_service_url }}/object/category/v4/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - frameworkUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: createObjectCategoryDefinition - uris: "{{ object_category_definition_prefix }}/v1/create" - upstream_url: "{{ taxonomy_service_url }}/object/category/definition/v4/create" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - frameworkCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: readObjectCategoryDefinition - uris: "{{ object_category_definition_prefix }}/v1/read" - upstream_url: "{{ taxonomy_service_url }}/object/category/definition/v4/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - frameworkAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ x_medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateObjectCategoryDefinition - uris: "{{ object_category_definition_prefix }}/v1/update" - upstream_url: "{{ taxonomy_service_url }}/object/category/definition/v4/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - frameworkUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ small_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: createAsset - uris: "{{ asset_prefix }}/v1/create" - upstream_url: "{{ content_service_url }}/asset/v4/create" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: updateAsset - uris: "{{ asset_prefix }}/v1/update" - upstream_url: "{{ content_service_url }}/asset/v4/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: readAsset - uris: "{{ asset_prefix }}/v1/read" - upstream_url: "{{ content_service_url }}/asset/v4/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - anonymousContentAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: uploadAsset - uris: "{{ asset_prefix }}/v1/upload" - upstream_url: "{{ content_service_url }}/asset/v4/upload" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: uploadUrlAsset - uris: "{{ asset_prefix }}/v1/upload/url" - upstream_url: "{{ content_service_url }}/asset/v4/upload/url" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: copyAsset - uris: "{{ asset_prefix }}/v1/copy" - upstream_url: "{{ content_service_url }}/asset/v4/copy" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: collectionCreate - uris: "{{ collection_prefix }}/v1/create" - upstream_url: "{{ content_service_url }}/collection/v4/create" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: collectionRead - uris: "{{ collection_prefix }}/v1/read" - upstream_url: "{{ content_service_url }}/collection/v4/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - anonymousContentAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: collectionPrivateRead - uris: "{{ collection_prefix }}/v1/private/read" - upstream_url: "{{ content_service_url }}/collection/v4/private/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: assessmentItemRead - uris: "{{ assessment_prefix }}/v1/items/read" - upstream_url: "{{ vm_learning_service_url }}/assessment/v3/items/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - assessmentAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: collectionUpdate - uris: "{{ collection_prefix }}/v1/update" - upstream_url: "{{ content_service_url }}/collection/v4/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: collectionFlag - uris: "{{ collection_prefix }}/v1/flag" - upstream_url: "{{ content_service_url }}/collection/v4/flag" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: collectionDiscard - uris: "{{ collection_prefix }}/v1/discard" - upstream_url: "{{ content_service_url }}/collection/v4/discard" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: collectionRetire - uris: "{{ collection_prefix }}/v1/retire" - upstream_url: "{{ content_service_url }}/collection/v4/retire" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: collectionHierarchyAdd - uris: "{{ collection_prefix }}/v1/hierarchy/add" - upstream_url: "{{ content_service_url }}/collection/v4/hierarchy/add" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: collectionHierarchyRemove - uris: "{{ collection_prefix }}/v1/hierarchy/remove" - upstream_url: "{{ content_service_url }}/collection/v4/hierarchy/remove" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: collectionHierarchyUpdate - uris: "{{ collection_prefix }}/v1/hierarchy/update" - upstream_url: "{{ content_service_url }}/collection/v4/hierarchy/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: collectionHierarchyRead - uris: "{{ collection_prefix }}/v1/hierarchy" - upstream_url: "{{ content_service_url }}/collection/v4/hierarchy" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - anonymousContentAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: collectionCopy - uris: "{{ collection_prefix }}/v1/copy" - upstream_url: "{{ content_service_url }}/collection/v4/copy" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: collectionImport - uris: "{{ collection_prefix }}/v1/import" - upstream_url: "{{ content_service_url }}/collection/v4/import" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: collectionExport - uris: "{{ collection_prefix }}/v1/export" - upstream_url: "{{ content_service_url }}/collection/v4/export" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: getDiscussionTagsList - uris: "{{ discussions_prefix }}/tags" - upstream_url: "{{ discussions_mw_service_url }}/tags" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: getDiscussionCategories - uris: "{{ discussions_prefix }}/categories" - upstream_url: "{{ discussions_mw_service_url }}/categories" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: getDiscussionNotificationsList - uris: "{{ discussions_prefix }}/notifications" - upstream_url: "{{ discussions_mw_service_url }}/notifications" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: getUserDetailsOfDiscussion - uris: "{{ discussions_prefix }}/user" - upstream_url: "{{ discussions_mw_service_url }}/user" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: getCategoryDetailsOfDiscussion - uris: "{{ discussions_prefix }}/category" - upstream_url: "{{ discussions_mw_service_url }}/category" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: getUnreadTopicsOfDiscussion - uris: "{{ discussions_prefix }}/unread" - upstream_url: "{{ discussions_mw_service_url }}/unread" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: getRecentTopicsOfDiscussion - uris: "{{ discussions_prefix }}/recent" - upstream_url: "{{ discussions_mw_service_url }}/recent" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: getPopularTopicsOfDiscussion - uris: "{{ discussions_prefix }}/popular" - upstream_url: "{{ discussions_mw_service_url }}/popular" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: getTopTopicsOfDiscussion - uris: "{{ discussions_prefix }}/top" - upstream_url: "{{ discussions_mw_service_url }}/top" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: getTopicsOfDiscussionById - uris: "{{ discussions_prefix }}/topic" - upstream_url: "{{ discussions_mw_service_url }}/topic" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: getTotalUnreadTopicsOfDiscussion - uris: "{{ discussions_prefix }}/unread/total" - upstream_url: "{{ discussions_mw_service_url }}/unread/total" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: getTopicsOfDiscussionByTeaserId - uris: "{{ discussions_prefix }}/topic/teaser" - upstream_url: "{{ discussions_mw_service_url }}/topic/teaser" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: getTopicsPaginationByIdOfDiscussion - uris: "{{ discussions_prefix }}/topic/pagination" - upstream_url: "{{ discussions_mw_service_url }}/topic/pagination" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: getGroupsListOfDiscussion - uris: "{{ discussions_prefix }}/groups" - upstream_url: "{{ discussions_mw_service_url }}/groups" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: getRecentPostsByDateOfDiscussions - uris: "{{ discussions_prefix }}/recent/posts" - upstream_url: "{{ discussions_mw_service_url }}/recent/posts" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: createTopicOfDiscussions - uris: "{{ discussions_prefix }}/v2/topics" - upstream_url: "{{ discussions_mw_service_url }}/v2/topics" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: createCategoryOfDiscussion - uris: "{{ discussions_prefix }}/v2/categories" - upstream_url: "{{ discussions_mw_service_url }}/v2/categories" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: createGroupsOfDiscussion - uris: "{{ discussions_prefix }}/v2/groups" - upstream_url: "{{ discussions_mw_service_url }}/v2/groups" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: createNewPostOfDiscussion - uris: "{{ discussions_prefix }}/v2/posts" - upstream_url: "{{ discussions_mw_service_url }}/v2/posts" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: createNewUserOfDiscussion - uris: "{{ discussions_prefix }}/v2/users" - upstream_url: "{{ discussions_mw_service_url }}/v2/users" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: getUserDetailsByUsername - uris: "{{ discussions_prefix }}/user/username" - upstream_url: "{{ discussions_mw_service_url }}/user/username" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: getForumIdOfDiscussion - uris: "{{ discussions_prefix }}/forumId" - upstream_url: "{{ discussions_mw_service_url }}/forumId" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: addForumOfDiscussion - uris: "{{ discussions_prefix }}/forum" - upstream_url: "{{ discussions_mw_service_url }}/forum" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: copyPrivilegesFromParentCategory - uris: "{{ discussions_prefix }}/privileges/v2/copy" - upstream_url: "{{ discussions_mw_service_url }}/privileges/v2/copy" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - discussionCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionCreate - uris: "{{ question_prefix }}/v1/create" - upstream_url: "{{ assessment_service_url }}/question/v4/create" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionRead - uris: "{{ question_prefix }}/v1/read" - upstream_url: "{{ assessment_service_url }}/question/v4/read" - strip_uri: true - plugins: - - name: cors - - "{{ statsd_pulgin }}" - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionPrivateRead - uris: "{{ question_prefix }}/v1/private/read" - upstream_url: "{{ assessment_service_url }}/question/v4/private/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionUpdate - uris: "{{ question_prefix }}/v1/update" - upstream_url: "{{ assessment_service_url }}/question/v4/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionRetire - uris: "{{ question_prefix }}/v1/retire" - upstream_url: "{{ assessment_service_url }}/question/v4/retire" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionReview - uris: "{{ question_prefix }}/v1/review" - upstream_url: "{{ assessment_service_url }}/question/v4/review" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionPublish - uris: "{{ question_prefix }}/v1/publish" - upstream_url: "{{ assessment_service_url }}/question/v4/publish" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionList - uris: "{{ question_prefix }}/v1/list" - upstream_url: "{{ assessment_service_url }}/question/v4/list" - strip_uri: true - plugins: - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionReject - uris: "{{ question_prefix }}/v1/reject" - upstream_url: "{{ assessment_service_url }}/question/v4/reject" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionSetCreate - uris: "{{ questionset_prefix }}/v1/create" - upstream_url: "{{ assessment_service_url }}/questionset/v4/create" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionSetRead - uris: "{{ questionset_prefix }}/v1/read" - upstream_url: "{{ assessment_service_url }}/questionset/v4/read" - strip_uri: true - plugins: - - name: cors - - "{{ statsd_pulgin }}" - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionSetPrivateRead - uris: "{{ questionset_prefix }}/v1/private/read" - upstream_url: "{{ assessment_service_url }}/questionset/v4/private/read" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionSetUpdate - uris: "{{ questionset_prefix }}/v1/update" - upstream_url: "{{ assessment_service_url }}/questionset/v4/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionSetAddQuestion - uris: "{{ questionset_prefix }}/v1/add" - upstream_url: "{{ assessment_service_url }}/questionset/v4/add" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'contentUpdate' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionSetRemoveQuestion - uris: "{{ questionset_prefix }}/v1/remove" - upstream_url: "{{ assessment_service_url }}/questionset/v4/remove" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - 'contentUpdate' - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionSetRetire - uris: "{{ questionset_prefix }}/v1/retire" - upstream_url: "{{ assessment_service_url }}/questionset/v4/retire" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionSetReview - uris: "{{ questionset_prefix }}/v1/review" - upstream_url: "{{ assessment_service_url }}/questionset/v4/review" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionSetPublish - uris: "{{ questionset_prefix }}/v1/publish" - upstream_url: "{{ assessment_service_url }}/questionset/v4/publish" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionSetUpdateHierarchy - uris: "{{ questionset_prefix }}/v1/hierarchy/update" - upstream_url: "{{ assessment_service_url }}/questionset/v4/hierarchy/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionSetReadHierarchy - uris: "{{ questionset_prefix }}/v1/hierarchy" - upstream_url: "{{ assessment_service_url }}/questionset/v4/hierarchy" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - anonymousContentAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: questionSetReject - uris: "{{ questionset_prefix }}/v1/reject" - upstream_url: "{{ assessment_service_url }}/questionset/v4/reject" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAdmin - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: updateUserV2 - uris: "{{ user_service_prefix }}/v2/update" - upstream_url: "{{ learning_service_url }}/v2/user/update" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - userUpdate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true - -- name: questionImportAPI - uris: "{{ question_prefix }}/v1/import" - upstream_url: "{{ assessment_service_url }}/question/v4/import" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentCreate - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" - - name: opa-checks - config.required: false - config.enabled: false - -- name: managedUserV1Create - uris: "{{ user_service_prefix }}/v1/managed/create" - upstream_url: "{{ learning_service_url }}/v1/manageduser/create" + config.enabled: false + +- name: registerDesktopDevice + uris: "{{ api_manager_perfix }}/v1/consumer/desktop_device/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/desktop_device/credential/register" strip_uri: true plugins: - name: jwt @@ -7149,20 +1614,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAccess + - desktopAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: true - config.enabled: true + config.required: false + config.enabled: false -- name: managedUserV2Create - uris: "{{ user_service_prefix }}/v2/managed/create" - upstream_url: "{{ learning_service_url }}/v2/manageduser/create" +- name: registerDesktopDevicev2 + uris: "{{ api_manager_perfix }}/v2/consumer/desktop_device/credential/register" + upstream_url: "{{ am_util_url }}/v2/consumer/desktop_device/credential/register" strip_uri: true plugins: - name: jwt @@ -7170,20 +1635,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAccess + - desktopAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: ssoUserV1Create - uris: "{{ user_service_prefix }}/v1/sso/create" - upstream_url: "{{ learning_service_url }}/v1/ssouser/create" +- name: refreshToken + uris: "{{ auth_service_prefix }}/v1/refresh/token" + upstream_url: "{{ am_util_url }}/v1/auth/refresh/token" strip_uri: true plugins: - name: jwt @@ -7191,20 +1656,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - anonymousUserCreate + - refreshTokenCreate - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ small_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: ssoUserV2Create - uris: "{{ user_service_prefix }}/v2/signup" - upstream_url: "{{ learning_service_url }}/v2/user/signup" +- name: registerMobileApp + uris: "{{ api_manager_perfix }}/v1/consumer/mobile_app/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/mobile_app/credential/register" strip_uri: true plugins: - name: jwt @@ -7212,20 +1677,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - anonymousUserCreate + - mobileSuperAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: getUserProfileV4 - uris: "{{ user_service_prefix }}/v4/read" - upstream_url: "{{ learning_service_url }}/v4/user/read" +- name: registerMobileAppOpenRAP + uris: "{{ api_manager_perfix }}/v1/consumer/mobile_app_openrap/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/mobile_app_openrap/credential/register" strip_uri: true plugins: - name: jwt @@ -7233,7 +1698,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAccess + - mobileOpenRAPSuperAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7241,12 +1706,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: true - config.enabled: true + config.required: false + config.enabled: false -- name: getUserProfileV5 - uris: "{{ user_service_prefix }}/v5/read" - upstream_url: "{{ learning_service_url }}/v5/user/read" +- name: registerMobileAppTeacherAid + uris: "{{ api_manager_perfix }}/v1/consumer/mobile_app_teacheraid/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/mobile_app_teacheraid/credential/register" strip_uri: true plugins: - name: jwt @@ -7254,7 +1719,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAccess + - mobileTeacherAidSuperAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7262,12 +1727,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: true - config.enabled: true + config.required: false + config.enabled: false -- name: searchUserV2 - uris: "{{ user_service_prefix }}/v2/search" - upstream_url: "{{ learning_service_url }}/v2/user/search" +- name: registerMobileDevice + uris: "{{ api_manager_perfix }}/v1/consumer/mobile_device/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/mobile_device/credential/register" strip_uri: true plugins: - name: jwt @@ -7275,7 +1740,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userTempAdmin + - mobileAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7286,9 +1751,9 @@ kong_apis: config.required: false config.enabled: false -- name: searchUserV3 - uris: "{{ user_service_prefix }}/v3/search" - upstream_url: "{{ learning_service_url }}/v3/user/search" +- name: registerMobileDevicev2 + uris: "{{ api_manager_perfix }}/v2/consumer/mobile_device/credential/register" + upstream_url: "{{ am_util_url }}/v2/consumer/mobile_device/credential/register" strip_uri: true plugins: - name: jwt @@ -7296,7 +1761,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userTempAdmin + - mobileAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7307,26 +1772,30 @@ kong_apis: config.required: false config.enabled: false -- name: searchOrgV2 - uris: "{{ org_service_prefix }}/v2/search" - upstream_url: "{{ learning_service_url }}/v2/org/search" +- name: registerPortalAnonymous + uris: "{{ api_manager_perfix }}/v2/consumer/portal_anonymous/credential/register" + upstream_url: "{{ am_util_url }}/v2/consumer/portal_anonymous/credential/register" strip_uri: true plugins: + - name: jwt - name: cors - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - portalAnonymous - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip + config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: integrationAppRead - uris: "{{ integration_app_prefix }}/v1/read" - upstream_url: "{{ content_service_url }}/app/v4/read" +- name: registerPortalLoggedin + uris: "{{ api_manager_perfix }}/v2/consumer/portal_loggedin/credential/register" + upstream_url: "{{ am_util_url }}/v2/consumer/portal_loggedin/credential/register" strip_uri: true plugins: - name: jwt @@ -7334,10 +1803,10 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAccess + - portalLoggedin - name: rate-limiting config.policy: local - config.hour: "{{ small_request_size_limit }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" @@ -7345,9 +1814,9 @@ kong_apis: config.required: false config.enabled: false -- name: questionsetImportAPI - uris: "{{ questionset_prefix }}/v1/import" - upstream_url: "{{ assessment_service_url }}/questionset/v4/import" +- name: registerMobileDeviceOpenRAP + uris: "{{ api_manager_perfix }}/v1/consumer/mobile_device_openrap/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/mobile_device_openrap/credential/register" strip_uri: true plugins: - name: jwt @@ -7355,20 +1824,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - mobileOpenRAPAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: getUsersPrograms - uris: "{{ users_service_prefix }}/mlcore/v1/programs" - upstream_url: "{{ ml_core_service_url }}/v1/users/programs" +- name: registerMobileDeviceTeacherAid + uris: "{{ api_manager_perfix }}/v1/consumer/mobile_device_teacheraid/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/mobile_device_teacheraid/credential/register" strip_uri: true plugins: - name: jwt @@ -7376,7 +1845,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - programAccess + - mobileTeacherAidAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7387,9 +1856,9 @@ kong_apis: config.required: false config.enabled: false -- name: getUsersSolutions - uris: "{{ users_service_prefix }}/mlcore/v1/solutions" - upstream_url: "{{ ml_core_service_url }}/v1/users/solutions" +- name: searchNotes + uris: "{{ notes_service_prefix }}/v1/search" + upstream_url: "{{ learning_service_url }}/v1/note/search" strip_uri: true plugins: - name: jwt @@ -7397,7 +1866,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - solutionAccess + - noteAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7408,51 +1877,43 @@ kong_apis: config.required: false config.enabled: false -- name: getTargetedSolutions - uris: "{{ solutions_service_prefix }}/mlcore/v1/targetedSolutions" - upstream_url: "{{ ml_core_service_url }}/v1/solutions/targetedSolutions" +- name: searchOrgExtended + uris: "{{ org_service_prefix }}/v1/ext/search" + upstream_url: "{{ learning_service_url }}/v1/org/search" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - solutionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential + config.limit_by: ip - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: getSolutionReportInformation - uris: "{{ solutions_service_prefix }}/mlcore/v1/read" - upstream_url: "{{ ml_core_service_url }}/v1/solutions/read" +- name: searchOrg + uris: "{{ org_service_prefix }}/v1/search" + upstream_url: "{{ learning_service_url }}/v1/org/search" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - solutionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential + config.limit_by: ip - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: userLocationScope - uris: "{{ entities_service_prefix }}/mlcore/v1/subEntityListBasedOnRoleAndLocation" - upstream_url: "{{ ml_core_service_url }}/v1/entities/subEntityListBasedOnRoleAndLocation" +- name: searchUser + uris: "{{ user_service_prefix }}/v1/search" + upstream_url: "{{ learning_service_url }}/v1/user/search" strip_uri: true plugins: - name: jwt @@ -7460,7 +1921,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - registryAccess + - userTempAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7471,9 +1932,9 @@ kong_apis: config.required: false config.enabled: false -- name: mandatoryUserProfileFields - uris: "{{ entities_service_prefix }}/mlcore/v1/entityTypesByLocationAndRole" - upstream_url: "{{ ml_core_service_url }}/v1/users/entityTypesByLocationAndRole" +- name: sendEmailNotification + uris: "{{ user_service_prefix }}/v1/notification/email" + upstream_url: "{{ learning_service_url }}/v1/notification/email" strip_uri: true plugins: - name: jwt @@ -7481,20 +1942,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - registryAccess + - appUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: observationListEvidences - uris: "{{ observations_service_prefix }}/mlreports/v1/listAllEvidences" - upstream_url: "{{ ml_reports_service_url }}/v1/observations/listAllEvidences" +- name: unblockUser + uris: "{{ user_service_prefix }}/v1/unblock" + upstream_url: "{{ learning_service_url }}/v1/user/unblock" strip_uri: true plugins: - name: jwt @@ -7502,7 +1963,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - observationAccess + - userAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7513,9 +1974,9 @@ kong_apis: config.required: false config.enabled: false -- name: locationListing - uris: "{{ entities_service_prefix }}/mlcore/v1/subEntityList" - upstream_url: "{{ ml_core_service_url }}/v1/entities/subEntityList" +- name: updateBatch + uris: "{{ course_service_prefix }}/v1/batch/update" + upstream_url: "{{ lms_service_url }}/v1/course/batch/update" strip_uri: true plugins: - name: jwt @@ -7523,7 +1984,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - locationAccess + - courseUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7531,12 +1992,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: getTargetedEntity - uris: "{{ users_service_prefix }}/mlcore/v1/targetedEntity" - upstream_url: "{{ ml_core_service_url }}/v1/users/targetedEntity" +- name: updateCertTemplate + uris: "{{ cert_service_prefix }}/v1/template/update" + upstream_url: "{{ cert_service_url }}/cert/v1/template/update" strip_uri: true plugins: - name: jwt @@ -7544,20 +2005,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - registryAccess + - certificateUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: getProjectDetails - uris: "{{ userProjects_service_prefix }}/mlprojects/v1/details" - upstream_url: "{{ ml_project_service_url }}/v1/userProjects/details" +- name: updateContentState + uris: "{{ course_service_prefix }}/v1/content/state/update" + upstream_url: "{{ lms_service_url }}/v1/content/state/update" strip_uri: true plugins: - name: jwt @@ -7565,7 +2026,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - projectAccess + - courseAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7573,12 +2034,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: getProjectEntities - uris: "{{ reports_service_prefix }}/mlprojects/v1/entity" - upstream_url: "{{ ml_project_service_url }}/v1/reports/entity" +- name: updateNote + uris: "{{ notes_service_prefix }}/v1/update" + upstream_url: "{{ learning_service_url }}/v1/note/update" strip_uri: true plugins: - name: jwt @@ -7586,7 +2047,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - projectAccess + - noteUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7597,9 +2058,9 @@ kong_apis: config.required: false config.enabled: false -- name: getProjectDetailReport - uris: "{{ reports_service_prefix }}/mlprojects/v1/detailView" - upstream_url: "{{ ml_project_service_url }}/v1/reports/detailView" +- name: updateOrg + uris: "{{ org_service_prefix }}/v1/update" + upstream_url: "{{ learning_service_url }}/v1/org/update" strip_uri: true plugins: - name: jwt @@ -7607,7 +2068,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - projectAccess + - orgUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7618,9 +2079,9 @@ kong_apis: config.required: false config.enabled: false -- name: getProjectPrograms - uris: "{{ reports_service_prefix }}/mlprojects/v1/getProgramsByEntity" - upstream_url: "{{ ml_project_service_url }}/v1/reports/getProgramsByEntity" +- name: updateOrgStatus + uris: "{{ org_service_prefix }}/v1/status/update" + upstream_url: "{{ learning_service_url }}/v1/org/status/update" strip_uri: true plugins: - name: jwt @@ -7628,7 +2089,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - projectAccess + - orgUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7639,9 +2100,9 @@ kong_apis: config.required: false config.enabled: false -- name: updateProject - uris: "{{ userProjects_service_prefix }}/mlprojects/v1/sync" - upstream_url: "{{ ml_project_service_url }}/v1/userProjects/sync" +- name: updatePage + uris: "{{ data_service_prefix }}/v1/page/update" + upstream_url: "{{ lms_service_url }}/v1/page/update" strip_uri: true plugins: - name: jwt @@ -7649,7 +2110,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - projectUpdate + - pageUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7660,9 +2121,9 @@ kong_apis: config.required: false config.enabled: false -- name: createProject - uris: "{{ userProjects_service_prefix }}/mlprojects/v1/add" - upstream_url: "{{ ml_project_service_url }}/v1/userProjects/add" +- name: updatePageSection + uris: "{{ data_service_prefix }}/v1/page/section/update" + upstream_url: "{{ lms_service_url }}/v1/page/section/update" strip_uri: true plugins: - name: jwt @@ -7670,7 +2131,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - projectCreate + - pageUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7681,9 +2142,9 @@ kong_apis: config.required: false config.enabled: false -- name: getProjectSolutionDetails - uris: "{{ userProjects_service_prefix }}/mlprojects/v1/solutionDetails" - upstream_url: "{{ ml_project_service_url }}/v1/userProjects/solutionDetails" +- name: updateUser + uris: "{{ user_service_prefix }}/v1/update" + upstream_url: "{{ learning_service_url }}/v1/user/update" strip_uri: true plugins: - name: jwt @@ -7691,20 +2152,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - projectAccess + - userUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: getProjectStatus - uris: "{{ userProjects_service_prefix }}/mlprojects/v1/tasksStatus" - upstream_url: "{{ ml_project_service_url }}/v1/userProjects/tasksStatus" +- name: uploadTOC + uris: "{{ textbook_service_prefix }}/v1/toc/upload" + upstream_url: "{{ lms_service_url }}/v1/textbook/toc/upload" strip_uri: true plugins: - name: jwt @@ -7712,20 +2173,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - projectAccess + - contentCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: shareProject - uris: "{{ userProjects_service_prefix }}/mlprojects/v1/share" - upstream_url: "{{ ml_project_service_url }}/v1/userProjects/share" +- name: userBulkUpload + uris: "{{ user_service_prefix }}/v1/upload" + upstream_url: "{{ learning_service_url }}/v1/user/upload" strip_uri: true plugins: - name: jwt @@ -7733,20 +2194,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - projectAccess + - userAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: getProjectTemplatesDetails - uris: "{{ project_service_prefix }}/mlprojects/v1/templates/details" - upstream_url: "{{ ml_project_service_url }}/v1/project/templates/details" +- name: userExistenceApi + uris: "{{ user_service_prefix }}/v1/exists" + upstream_url: "{{ learning_service_url }}/v1/user/exists" strip_uri: true plugins: - name: jwt @@ -7754,7 +2215,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - solutionAccess + - anonymousUserAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7765,9 +2226,9 @@ kong_apis: config.required: false config.enabled: false -- name: listObservationEntities - uris: "{{ observations_service_prefix }}/mlsurvey/v1/entities" - upstream_url: "{{ ml_survey_service_url }}/v1/observations/entities" +- name: userExistenceApiV2 + uris: "{{ user_service_prefix }}/v2/exists" + upstream_url: "{{ learning_service_url }}/v2/user/exists" strip_uri: true plugins: - name: jwt @@ -7775,7 +2236,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - observationAccess + - userAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7786,9 +2247,9 @@ kong_apis: config.required: false config.enabled: false -- name: observationSubmissionsList - uris: "{{ observationSubmissions_service_prefix }}/mlsurvey/v1/list" - upstream_url: "{{ ml_survey_service_url }}/v1/observationSubmissions/list" +- name: userFeed + uris: "{{ user_service_prefix }}/v1/feed" + upstream_url: "{{ learning_service_url }}/v1/user/feed" strip_uri: true plugins: - name: jwt @@ -7796,7 +2257,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - observationAccess + - userAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7804,12 +2265,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: observationQuestionList - uris: "{{ observations_service_prefix }}/mlsurvey/v1/assessment" - upstream_url: "{{ ml_survey_service_url }}/v1/observations/assessment" +- name: userFeedCreate + uris: "{{ user_service_prefix }}/feed/v1/create" + upstream_url: "{{ learning_service_url }}/v1/user/feed/create" strip_uri: true plugins: - name: jwt @@ -7817,7 +2278,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - observationAccess + - userAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7828,9 +2289,9 @@ kong_apis: config.required: false config.enabled: false -- name: updateObservationSubmission - uris: "{{ observationSubmissions_service_prefix }}/mlsurvey/v1/update" - upstream_url: "{{ ml_survey_service_url }}/v1/observationSubmissions/update" +- name: userFeedDelete + uris: "{{ user_service_prefix }}/feed/v1/delete" + upstream_url: "{{ learning_service_url }}/v1/user/feed/delete" strip_uri: true plugins: - name: jwt @@ -7838,7 +2299,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - observationUpdate + - userAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7849,9 +2310,9 @@ kong_apis: config.required: false config.enabled: false -- name: createObservationSubmission - uris: "{{ observationSubmissions_service_prefix }}/mlsurvey/v1/create" - upstream_url: "{{ ml_survey_service_url }}/v1/observationSubmissions/create" +- name: userFeedUpdate + uris: "{{ user_service_prefix }}/feed/v1/update" + upstream_url: "{{ learning_service_url }}/v1/user/feed/update" strip_uri: true plugins: - name: jwt @@ -7859,7 +2320,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - observationCreate + - userAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7870,9 +2331,9 @@ kong_apis: config.required: false config.enabled: false -- name: searchLocationEntities - uris: "{{ observations_service_prefix }}/mlsurvey/v1/searchEntities" - upstream_url: "{{ ml_survey_service_url }}/v1/observations/searchEntities" +- name: userMigrate + uris: "{{ user_service_prefix }}/v1/migrate" + upstream_url: "{{ learning_service_url }}/v1/user/migrate" strip_uri: true plugins: - name: jwt @@ -7880,7 +2341,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - registryAccess + - userUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7891,9 +2352,9 @@ kong_apis: config.required: false config.enabled: false -- name: addObservationEntity - uris: "{{ observations_service_prefix }}/mlsurvey/v1/updateEntities" - upstream_url: "{{ ml_survey_service_url }}/v1/observations/updateEntities" +- name: validateRegCertificate + uris: "{{ cert_registry_service_prefix }}/v1/certs/validate" + upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/validate" strip_uri: true plugins: - name: jwt @@ -7901,7 +2362,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - observationCreate + - anonymousCertificateAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7912,9 +2373,9 @@ kong_apis: config.required: false config.enabled: false -- name: observationSolutionList - uris: "{{ observationSubmissions_service_prefix }}/mlsurvey/v1/solutionList" - upstream_url: "{{ ml_survey_service_url }}/v1/observationSubmissions/solutionList" +- name: verifyOtp + uris: "{{ otp_service_prefix }}/v1/verify" + upstream_url: "{{ learning_service_url }}/v1/otp/verify" strip_uri: true plugins: - name: jwt @@ -7922,7 +2383,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - observationAccess + - anonymousUserAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7933,9 +2394,9 @@ kong_apis: config.required: false config.enabled: false -- name: surveyQuestionList - uris: "{{ surveys_service_prefix }}/mlsurvey/v1/details" - upstream_url: "{{ ml_survey_service_url }}/v1/surveys/details" +- name: verifyOtpV2 + uris: "{{ otp_service_prefix }}/v2/verify" + upstream_url: "{{ learning_service_url }}/v2/otp/verify" strip_uri: true plugins: - name: jwt @@ -7943,7 +2404,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - surveyAccess + - anonymousUserAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7954,9 +2415,9 @@ kong_apis: config.required: false config.enabled: false -- name: solutionsVerifyLink - uris: "{{ solutions_service_prefix }}/mlsurvey/v1/verifyLink" - upstream_url: "{{ ml_survey_service_url }}/v1/solutions/verifyLink" +- name: verifyRegCertificate + uris: "{{ cert_registry_service_prefix }}/v1/certs/verify" + upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/verify" strip_uri: true plugins: - name: jwt @@ -7964,7 +2425,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - solutionAccess + - certificateAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7975,9 +2436,9 @@ kong_apis: config.required: false config.enabled: false -- name: updateSurveySubmission - uris: "{{ surveySubmissions_service_prefix }}/mlsurvey/v1/update" - upstream_url: "{{ ml_survey_service_url }}/v1/surveySubmissions/update" +- name: registerIgotApp + uris: "{{ api_manager_perfix }}/v1/consumer/igot_app/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/igot_app/credential/register" strip_uri: true plugins: - name: jwt @@ -7985,7 +2446,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - surveyUpdate + - igotAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -7996,9 +2457,9 @@ kong_apis: config.required: false config.enabled: false -- name: observationReports - uris: "{{ reports_service_prefix }}/mlreports/v1/fetch" - upstream_url: "{{ ml_reports_service_url }}/v1/reports/fetch" +- name: registerIgotDevice + uris: "{{ api_manager_perfix }}/v1/consumer/igot_device/credential/register" + upstream_url: "{{ am_util_url }}/v1/consumer/igot_device/credential/register" strip_uri: true plugins: - name: jwt @@ -8006,10 +2467,10 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - observationAccess + - igotApp - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ large_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" @@ -8017,9 +2478,9 @@ kong_apis: config.required: false config.enabled: false -- name: surveyListEvidences - uris: "{{ surveys_service_prefix }}/mlreports/v1/listAllEvidences" - upstream_url: "{{ ml_reports_service_url }}/v1/surveys/listAllEvidences" +- name: searchRegCertificate + uris: "{{ cert_registry_service_prefix }}/v1/certs/search" + upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/search" strip_uri: true plugins: - name: jwt @@ -8027,7 +2488,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - surveyAccess + - certificateAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -8035,12 +2496,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: surveyReport - uris: "{{ surveys_service_prefix }}/mlreports/v1/getAllResponsesOfQuestion" - upstream_url: "{{ ml_reports_service_url }}/v1/surveys/getAllResponsesOfQuestion" +- name: searchRegCertificateV2 + uris: "{{ cert_registry_service_prefix }}/v2/certs/search" + upstream_url: "{{ cert_registry_service_url }}/certs/v2/registry/search" strip_uri: true plugins: - name: jwt @@ -8048,7 +2509,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - surveyAccess + - certificateAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -8059,9 +2520,9 @@ kong_apis: config.required: false config.enabled: false -- name: observationSubmissionCount - uris: "{{ observations_service_prefix }}/mlreports/v1/submissionsCount" - upstream_url: "{{ ml_reports_service_url }}/v1/observations/submissionsCount" +- name: readRegCertificate + uris: "{{ cert_registry_service_prefix }}/v1/certs/read" + upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/read" strip_uri: true plugins: - name: jwt @@ -8069,7 +2530,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - observationAccess + - certificateAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -8080,9 +2541,9 @@ kong_apis: config.required: false config.enabled: false -- name: getFileUploadUrls - uris: "{{ cloud_service_prefix }}/mlcore/v1/files/preSignedUrls" - upstream_url: "{{ ml_core_service_url }}/v1/cloud-services/files/preSignedUrls" +- name: forgotPassword + uris: "{{ learner_private_route_prefix }}/user/v1/password/reset" + upstream_url: "{{ learning_service_url }}/private/user/v1/password/reset" strip_uri: true plugins: - name: jwt @@ -8090,10 +2551,10 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - cloudUrlsCreate + - anonymousUserAccess - name: rate-limiting config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" + config.hour: "{{ small_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" @@ -8101,9 +2562,9 @@ kong_apis: config.required: false config.enabled: false -- name: listPlatformPrograms - uris: "{{ user_extension_prefix }}/mlcore/v1/programsByPlatformRoles" - upstream_url: "{{ ml_core_service_url }}/v1/user-extension/programsByPlatformRoles" +- name: searchManagedUser + uris: "{{ user_service_prefix }}/v1/managed" + upstream_url: "{{ learning_service_url }}/v1/user/managed" strip_uri: true plugins: - name: jwt @@ -8111,7 +2572,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - programAccess + - anonymousUserAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -8119,12 +2580,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: listPlatformSolutions - uris: "{{ user_extension_prefix }}/mlcore/v1/solutions" - upstream_url: "{{ ml_core_service_url }}/v1/user-extension/solutions" +- name: createGroup + uris: "{{ group_service_prefix }}/v1/create" + upstream_url: "{{ group_service_url }}/v1/group/create" strip_uri: true plugins: - name: jwt @@ -8132,7 +2593,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - solutionAccess + - groupCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -8143,9 +2604,9 @@ kong_apis: config.required: false config.enabled: false -- name: getUserSegmentsUCI - uris: "{{ uci_admin_prefix }}/admin/v1/userSegment/get" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/userSegment/get" +- name: updateGroup + uris: "{{ group_service_prefix }}/v1/update" + upstream_url: "{{ group_service_url }}/v1/group/update" strip_uri: true plugins: - name: jwt @@ -8153,7 +2614,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - groupUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -8164,9 +2625,9 @@ kong_apis: config.required: false config.enabled: false -- name: createUserSegmentsUCI - uris: "{{ uci_admin_prefix }}/admin/v1/userSegment/create" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/userSegment/create" +- name: listGroup + uris: "{{ group_service_prefix }}/v1/list" + upstream_url: "{{ group_service_url }}/v1/group/list" strip_uri: true plugins: - name: jwt @@ -8174,7 +2635,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - groupAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -8185,9 +2646,9 @@ kong_apis: config.required: false config.enabled: false -- name: updateUserSegmentsUCI - uris: "{{ uci_admin_prefix }}/admin/v1/userSegment/update" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/userSegment/update" +- name: readGroup + uris: "{{ group_service_prefix }}/v1/read" + upstream_url: "{{ group_service_url }}/v1/group/read" strip_uri: true plugins: - name: jwt @@ -8195,7 +2656,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - groupAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -8206,9 +2667,9 @@ kong_apis: config.required: false config.enabled: false -- name: deleteUserSegmentsUCI - uris: "{{ uci_admin_prefix }}/admin/v1/userSegment/delete" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/userSegment/delete" +- name: deleteGroup + uris: "{{ group_service_prefix }}/v1/delete" + upstream_url: "{{ group_service_url }}/v1/group/delete" strip_uri: true plugins: - name: jwt @@ -8216,7 +2677,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - groupAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -8227,9 +2688,9 @@ kong_apis: config.required: false config.enabled: false -- name: userSegmentsQueryBuilderUCI - uris: "{{ uci_admin_prefix }}/admin/v1/userSegment/queryBuilder" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/userSegment/queryBuilder" +- name: updateGroupMembership + uris: "{{ group_service_prefix }}/membership/v1/update" + upstream_url: "{{ group_service_url }}/v1/group/membership/update" strip_uri: true plugins: - name: jwt @@ -8237,7 +2698,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - groupUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -8248,9 +2709,9 @@ kong_apis: config.required: false config.enabled: false -- name: searchUserSegmentsUCI - uris: "{{ uci_admin_prefix }}/admin/v1/userSegment/search" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/userSegment/search" +- name: groupActivityAgg + uris: "{{ data_service_prefix }}/v1/group/activity/agg" + upstream_url: "{{ lms_service_url }}/v1/group/activity/agg" strip_uri: true plugins: - name: jwt @@ -8258,7 +2719,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - groupAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -8269,9 +2730,9 @@ kong_apis: config.required: false config.enabled: false -- name: createAdapterUCI - uris: "{{ uci_admin_prefix }}/admin/v1/adapter/create" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/adapter/create" +- name: getUserProfileV3 + uris: "{{ user_service_prefix }}/v3/read" + upstream_url: "{{ learning_service_url }}/v3/user/read" strip_uri: true plugins: - name: jwt @@ -8279,7 +2740,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - userAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -8287,12 +2748,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: getAllAdapterUCI - uris: "{{ uci_admin_prefix }}/admin/v1/adapter/all" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/adapter/all" +- name: updateUserDeclarations + uris: "{{ user_service_prefix }}/v1/declarations" + upstream_url: "{{ learning_service_url }}/v1/user/declarations" strip_uri: true plugins: - name: jwt @@ -8300,20 +2761,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - userUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: getAdapterUCI - uris: "{{ uci_admin_prefix }}/admin/v1/adapter/get" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/adapter/get" +- name: updateUserConsent + uris: "{{ user_service_prefix }}/v1/consent/update" + upstream_url: "{{ learning_service_url }}/v1/user/consent/update" strip_uri: true plugins: - name: jwt @@ -8321,20 +2782,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - userUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: deleteAdapterUCI - uris: "{{ uci_admin_prefix }}/admin/v1/adapter/delete" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/adapter/delete" +- name: readUserConsent + uris: "{{ user_service_prefix }}/v1/consent/read" + upstream_url: "{{ learning_service_url }}/v1/user/consent/read" strip_uri: true plugins: - name: jwt @@ -8342,20 +2803,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - userAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: updateAdapterUCI - uris: "{{ uci_admin_prefix }}/admin/v1/adapter/update" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/adapter/update" +- name: readUserConsentV2 + uris: "{{ user_service_prefix }}/v2/consent/read" + upstream_url: "{{ learning_service_url }}/v2/user/consent/read" strip_uri: true plugins: - name: jwt @@ -8363,20 +2824,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - userAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: getAllTransformerUCI - uris: "{{ uci_admin_prefix }}/admin/v1/transformer/all" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/transformer/all" +- name: createTenantPreferences + uris: "{{ org_service_prefix }}/v2/preferences/create" + upstream_url: "{{ learning_service_url }}/v2/org/preferences/create" strip_uri: true plugins: - name: jwt @@ -8384,7 +2845,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - orgUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -8392,12 +2853,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: createTransformerUCI - uris: "{{ uci_admin_prefix }}/admin/v1/transformer/create" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/transformer/create" +- name: updateTenantPreferences + uris: "{{ org_service_prefix }}/v2/preferences/update" + upstream_url: "{{ learning_service_url }}/v2/org/preferences/update" strip_uri: true plugins: - name: jwt @@ -8405,7 +2866,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - orgUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -8413,12 +2874,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: getTransformerUCI - uris: "{{ uci_admin_prefix }}/admin/v1/transformer/get" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/transformer/get" +- name: readTenantPreferencess + uris: "{{ org_service_prefix }}/v2/preferences/read" + upstream_url: "{{ learning_service_url }}/v2/org/preferences/read" strip_uri: true plugins: - name: jwt @@ -8426,7 +2887,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - orgAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -8434,12 +2895,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: updateTransformerUCI - uris: "{{ uci_admin_prefix }}/admin/v1/transformer/update" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/transformer/update" +- name: generateCertificateV2 + uris: "{{ cert_service_prefix }}/v2/certs/generate" + upstream_url: "{{ cert_service_url }}/v2/certs/generate" strip_uri: true plugins: - name: jwt @@ -8447,20 +2908,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - certificateCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: getFormsTransformerUCI - uris: "{{ uci_admin_prefix }}/admin/v1/transformer/getForms" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/transformer/getForms" +- name: addRegCertificateV2 + uris: "{{ cert_registry_service_prefix }}/v2/certs/add" + upstream_url: "{{ cert_registry_service_url }}/certs/v2/registry/add" strip_uri: true plugins: - name: jwt @@ -8468,7 +2929,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - certificateCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -8479,9 +2940,9 @@ kong_apis: config.required: false config.enabled: false -- name: uploadFormsTransformerUCI - uris: "{{ uci_admin_prefix }}/admin/v1/forms/upload" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/forms/upload" +- name: downloadRegCertificateV2 + uris: "{{ cert_registry_service_prefix }}/v2/certs/download" + upstream_url: "{{ cert_registry_service_url }}/certs/v2/registry/download" strip_uri: true plugins: - name: jwt @@ -8489,20 +2950,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - certificateAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ large_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: createConversationLogicUCI - uris: "{{ uci_admin_prefix }}/admin/v1/conversationLogic/create" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/conversationLogic/create" +- name: addRegCertificate + uris: "{{ cert_registry_service_prefix }}/v1/certs/add" + upstream_url: "{{ cert_registry_service_url }}/certs/v1/registry/add" strip_uri: true plugins: - name: jwt @@ -8510,7 +2971,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - certificateCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -8521,9 +2982,9 @@ kong_apis: config.required: false config.enabled: false -- name: getAllConversationLogicUCI - uris: "{{ uci_admin_prefix }}/admin/v1/conversationLogic/all" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/conversationLogic/all" +- name: generateCertificate + uris: "{{ cert_service_prefix }}/v1/certs/generate" + upstream_url: "{{ cert_service_url }}/v1/certs/generate" strip_uri: true plugins: - name: jwt @@ -8531,20 +2992,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - certificateCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: getConversationLogicUCI - uris: "{{ uci_admin_prefix }}/admin/v1/conversationLogic/get" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/conversationLogic/get" +- name: getDiscussionTagsList + uris: "{{ discussions_prefix }}/tags" + upstream_url: "{{ discussions_mw_service_url }}/tags" strip_uri: true plugins: - name: jwt @@ -8552,20 +3013,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - discussionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: deleteConversationLogicUCI - uris: "{{ uci_admin_prefix }}/admin/v1/conversationLogic/delete" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/conversationLogic/delete" +- name: getDiscussionCategories + uris: "{{ discussions_prefix }}/categories" + upstream_url: "{{ discussions_mw_service_url }}/categories" strip_uri: true plugins: - name: jwt @@ -8573,20 +3034,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - discussionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: updateConversationLogicUCI - uris: "{{ uci_admin_prefix }}/admin/v1/conversationLogic/update" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/conversationLogic/update" +- name: getDiscussionNotificationsList + uris: "{{ discussions_prefix }}/notifications" + upstream_url: "{{ discussions_mw_service_url }}/notifications" strip_uri: true plugins: - name: jwt @@ -8594,20 +3055,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - discussionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: createBotUCI - uris: "{{ uci_admin_prefix }}/admin/v1/bot/create" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/create" +- name: getUserDetailsOfDiscussion + uris: "{{ discussions_prefix }}/user" + upstream_url: "{{ discussions_mw_service_url }}/user" strip_uri: true plugins: - name: jwt @@ -8615,20 +3076,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - discussionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: getAllBotUCI - uris: "{{ uci_admin_prefix }}/admin/v1/bot/all" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/all" +- name: getCategoryDetailsOfDiscussion + uris: "{{ discussions_prefix }}/category" + upstream_url: "{{ discussions_mw_service_url }}/category" strip_uri: true plugins: - name: jwt @@ -8636,20 +3097,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - discussionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: getBotUCI - uris: "{{ uci_admin_prefix }}/admin/v1/bot/get" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/get" +- name: getUnreadTopicsOfDiscussion + uris: "{{ discussions_prefix }}/unread" + upstream_url: "{{ discussions_mw_service_url }}/unread" strip_uri: true plugins: - name: jwt @@ -8657,20 +3118,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - discussionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: startBotUCI - uris: "{{ uci_admin_prefix }}/admin/v1/bot/start" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/start" +- name: getRecentTopicsOfDiscussion + uris: "{{ discussions_prefix }}/recent" + upstream_url: "{{ discussions_mw_service_url }}/recent" strip_uri: true plugins: - name: jwt @@ -8678,20 +3139,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - discussionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: pauseBotUCI - uris: "{{ uci_admin_prefix }}/admin/v1/bot/pause" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/pause" +- name: getPopularTopicsOfDiscussion + uris: "{{ discussions_prefix }}/popular" + upstream_url: "{{ discussions_mw_service_url }}/popular" strip_uri: true plugins: - name: jwt @@ -8699,20 +3160,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - discussionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: searchBotUCI - uris: "{{ uci_admin_prefix }}/admin/v1/bot/search" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/search" +- name: getTopTopicsOfDiscussion + uris: "{{ discussions_prefix }}/top" + upstream_url: "{{ discussions_mw_service_url }}/top" strip_uri: true plugins: - name: jwt @@ -8720,20 +3181,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - discussionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: deleteBotUCI - uris: "{{ uci_admin_prefix }}/admin/v1/bot/delete" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/delete" +- name: getTopicsOfDiscussionById + uris: "{{ discussions_prefix }}/topic" + upstream_url: "{{ discussions_mw_service_url }}/topic" strip_uri: true plugins: - name: jwt @@ -8741,20 +3202,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - discussionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: updateBotUCI - uris: "{{ uci_admin_prefix }}/admin/v1/bot/update" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/update" +- name: getTotalUnreadTopicsOfDiscussion + uris: "{{ discussions_prefix }}/unread/total" + upstream_url: "{{ discussions_mw_service_url }}/unread/total" strip_uri: true plugins: - name: jwt @@ -8762,20 +3223,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - discussionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: getAllUserForBotUCI - uris: "{{ uci_admin_prefix }}/admin/v1/bot/getAllUsers" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/getAllUsers" +- name: getTopicsOfDiscussionByTeaserId + uris: "{{ discussions_prefix }}/topic/teaser" + upstream_url: "{{ discussions_mw_service_url }}/topic/teaser" strip_uri: true plugins: - name: jwt @@ -8783,20 +3244,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - discussionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: searchBotByStartingMessage - uris: "{{ uci_admin_prefix }}/admin/v1/bot/getByParam" - upstream_url: "{{ uci_admin_service_url }}/admin/v1/bot/getByParam" +- name: getTopicsPaginationByIdOfDiscussion + uris: "{{ discussions_prefix }}/topic/pagination" + upstream_url: "{{ discussions_mw_service_url }}/topic/pagination" strip_uri: true plugins: - name: jwt @@ -8804,20 +3265,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - discussionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: gqlUCI - uris: "{{ uci_admin_prefix }}/uci-api/gql" - upstream_url: "{{ uci_admin_service_url }}/v1/graphql" +- name: getGroupsListOfDiscussion + uris: "{{ discussions_prefix }}/groups" + upstream_url: "{{ discussions_mw_service_url }}/groups" strip_uri: true plugins: - name: jwt @@ -8825,20 +3286,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userAdmin + - discussionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: sendNotification - uris: "{{ notification_service_prefix }}/v2/send" - upstream_url: "{{ notification_service_url }}/v2/notification/send" +- name: getRecentPostsByDateOfDiscussions + uris: "{{ discussions_prefix }}/recent/posts" + upstream_url: "{{ discussions_mw_service_url }}/recent/posts" strip_uri: true plugins: - name: jwt @@ -8846,19 +3307,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - sendNotification + - discussionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: readNotificationFeed - uris: "{{ notification_service_prefix }}/v1/feed/read" - upstream_url: "{{ notification_service_url }}/v1/notification/feed/read" +- name: createTopicOfDiscussions + uris: "{{ discussions_prefix }}/v2/topics" + upstream_url: "{{ discussions_mw_service_url }}/v2/topics" strip_uri: true plugins: - name: jwt @@ -8866,20 +3328,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - readNotificationFeed + - discussionCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: true - config.enabled: true + config.required: false + config.enabled: false -- name: updateNotificationFeed - uris: "{{ notification_service_prefix }}/v1/feed/update" - upstream_url: "{{ notification_service_url }}/v1/notification/feed/update" +- name: createCategoryOfDiscussion + uris: "{{ discussions_prefix }}/v2/categories" + upstream_url: "{{ discussions_mw_service_url }}/v2/categories" strip_uri: true plugins: - name: jwt @@ -8887,20 +3349,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - updateNotificationFeed + - discussionCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: true - config.enabled: true + config.required: false + config.enabled: false -- name: deleteNotificationFeed - uris: "{{ notification_service_prefix }}/v1/feed/delete" - upstream_url: "{{ notification_service_url }}/v1/notification/feed/delete" +- name: createGroupsOfDiscussion + uris: "{{ discussions_prefix }}/v2/groups" + upstream_url: "{{ discussions_mw_service_url }}/v2/groups" strip_uri: true plugins: - name: jwt @@ -8908,20 +3370,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - deleteNotificationFeed + - discussionCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: true - config.enabled: true + config.required: false + config.enabled: false -- name: netcoreWhatsappInbound - uris: "{{ uci_admin_prefix }}/inbound/netcore/whatsApp" - upstream_url: "{{ uci_inbound_service_url }}/netcore/whatsApp" +- name: createNewPostOfDiscussion + uris: "{{ discussions_prefix }}/v2/posts" + upstream_url: "{{ discussions_mw_service_url }}/v2/posts" strip_uri: true plugins: - name: jwt @@ -8929,20 +3391,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - externalmessagingAccess + - discussionCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: VerifyLink - uris: "{{ solutions_service_prefix }}/mlcore/v1/verifyLink" - upstream_url: "{{ ml_core_service_url }}/v1/solutions/verifyLink" +- name: createNewUserOfDiscussion + uris: "{{ discussions_prefix }}/v2/users" + upstream_url: "{{ discussions_mw_service_url }}/v2/users" strip_uri: true plugins: - name: jwt @@ -8950,20 +3412,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - solutionAccess + - discussionCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: GetTemplateOrQuestions - uris: "{{ solutions_service_prefix }}/mlcore/v1/details" - upstream_url: "{{ ml_core_service_url }}/v1/solutions/details" +- name: getUserDetailsByUsername + uris: "{{ discussions_prefix }}/user/username" + upstream_url: "{{ discussions_mw_service_url }}/user/username" strip_uri: true plugins: - name: jwt @@ -8971,20 +3433,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - solutionAccess + - discussionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: CreateProjectFromTemplate - uris: "{{ userProjects_service_prefix }}/mlprojects/v1/importFromLibrary" - upstream_url: "{{ ml_project_service_url }}/v1/userProjects/importFromLibrary" +- name: getForumIdOfDiscussion + uris: "{{ discussions_prefix }}/forumId" + upstream_url: "{{ discussions_mw_service_url }}/forumId" strip_uri: true plugins: - name: jwt @@ -8992,20 +3454,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - projectUpdate + - discussionAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: updateUserV3 - uris: "{{ user_service_prefix }}/v3/update" - upstream_url: "{{ learning_service_url }}/v3/user/update" +- name: addForumOfDiscussion + uris: "{{ discussions_prefix }}/forum" + upstream_url: "{{ discussions_mw_service_url }}/forum" strip_uri: true plugins: - name: jwt @@ -9013,7 +3475,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userUpdate + - discussionCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -9021,12 +3483,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: true - config.enabled: true + config.required: false + config.enabled: false -- name: createContentV2 - uris: "{{ content_prefix }}/v2/create" - upstream_url: "{{ content_service_url }}/content/v4/create" +- name: copyPrivilegesFromParentCategory + uris: "{{ discussions_prefix }}/privileges/v2/copy" + upstream_url: "{{ discussions_mw_service_url }}/privileges/v2/copy" strip_uri: true plugins: - name: jwt @@ -9034,7 +3496,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - discussionCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -9045,9 +3507,9 @@ kong_apis: config.required: false config.enabled: false -- name: updateContentV2 - uris: "{{ content_prefix }}/v2/update" - upstream_url: "{{ content_service_url }}/content/v4/update" +- name: updateUserV2 + uris: "{{ user_service_prefix }}/v2/update" + upstream_url: "{{ learning_service_url }}/v2/user/update" strip_uri: true plugins: - name: jwt @@ -9055,37 +3517,41 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - userUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: readContentV2 - uris: "{{ content_prefix }}/v2/read" - upstream_url: "{{ content_service_url }}/content/v4/read" +- name: managedUserV1Create + uris: "{{ user_service_prefix }}/v1/managed/create" + upstream_url: "{{ learning_service_url }}/v1/manageduser/create" strip_uri: true plugins: + - name: jwt - name: cors - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - userAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: uploadUrlContentV2 - uris: "{{ content_prefix }}/v2/upload/url" - upstream_url: "{{ content_service_url }}/content/v4/upload/url" +- name: managedUserV2Create + uris: "{{ user_service_prefix }}/v2/managed/create" + upstream_url: "{{ learning_service_url }}/v2/manageduser/create" strip_uri: true plugins: - name: jwt @@ -9093,7 +3559,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - userAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -9104,9 +3570,9 @@ kong_apis: config.required: false config.enabled: false -- name: uploadContentV2 - uris: "{{ content_prefix }}/v2/upload" - upstream_url: "{{ content_service_url }}/content/v4/upload" +- name: ssoUserV1Create + uris: "{{ user_service_prefix }}/v1/sso/create" + upstream_url: "{{ learning_service_url }}/v1/ssouser/create" strip_uri: true plugins: - name: jwt @@ -9114,20 +3580,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - anonymousUserCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: copyContentV2 - uris: "{{ content_prefix }}/v2/copy" - upstream_url: "{{ content_service_url }}/content/v4/copy" +- name: ssoUserV2Create + uris: "{{ user_service_prefix }}/v2/signup" + upstream_url: "{{ learning_service_url }}/v2/user/signup" strip_uri: true plugins: - name: jwt @@ -9135,7 +3601,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - anonymousUserCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -9146,9 +3612,9 @@ kong_apis: config.required: false config.enabled: false -- name: importContentV2 - uris: "{{ content_prefix }}/v2/import" - upstream_url: "{{ content_service_url }}/content/v4/import" +- name: getUserProfileV4 + uris: "{{ user_service_prefix }}/v4/read" + upstream_url: "{{ learning_service_url }}/v4/user/read" strip_uri: true plugins: - name: jwt @@ -9156,20 +3622,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - userAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: flagContentV2 - uris: "{{ content_prefix }}/v2/flag" - upstream_url: "{{ content_service_url }}/content/v4/flag" +- name: getUserProfileV5 + uris: "{{ user_service_prefix }}/v5/read" + upstream_url: "{{ learning_service_url }}/v5/user/read" strip_uri: true plugins: - name: jwt @@ -9177,20 +3643,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - userAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: acceptFlagContentV2 - uris: "{{ content_prefix }}/v2/flag/accept" - upstream_url: "{{ content_service_url }}/content/v4/flag/accept" +- name: searchUserV2 + uris: "{{ user_service_prefix }}/v2/search" + upstream_url: "{{ learning_service_url }}/v2/user/search" strip_uri: true plugins: - name: jwt @@ -9198,7 +3664,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - userTempAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -9209,9 +3675,9 @@ kong_apis: config.required: false config.enabled: false -- name: discardContentV2 - uris: "{{ content_prefix }}/v2/discard" - upstream_url: "{{ content_service_url }}/content/v4/discard" +- name: searchUserV3 + uris: "{{ user_service_prefix }}/v3/search" + upstream_url: "{{ learning_service_url }}/v3/user/search" strip_uri: true plugins: - name: jwt @@ -9219,41 +3685,37 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - userTempAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: retireContentV2 - uris: "{{ content_prefix }}/v2/retire" - upstream_url: "{{ content_service_url }}/content/v4/retire" +- name: searchOrgV2 + uris: "{{ org_service_prefix }}/v2/search" + upstream_url: "{{ learning_service_url }}/v2/org/search" strip_uri: true plugins: - - name: jwt - name: cors - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential + config.limit_by: ip - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: reviewContentV2 - uris: "{{ content_prefix }}/v2/review" - upstream_url: "{{ content_service_url }}/content/v4/review" +- name: sendNotification + uris: "{{ notification_service_prefix }}/v2/send" + upstream_url: "{{ notification_service_url }}/v2/notification/send" strip_uri: true plugins: - name: jwt @@ -9261,20 +3723,19 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - sendNotification - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: rejectContentV2 - uris: "{{ content_prefix }}/v2/reject" - upstream_url: "{{ content_service_url }}/content/v4/reject" +- name: readNotificationFeed + uris: "{{ notification_service_prefix }}/v1/feed/read" + upstream_url: "{{ notification_service_url }}/v1/notification/feed/read" strip_uri: true plugins: - name: jwt @@ -9282,7 +3743,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - readNotificationFeed - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -9293,9 +3754,9 @@ kong_apis: config.required: true config.enabled: true -- name: collectionReview - uris: "{{ collection_prefix }}/v1/review" - upstream_url: "{{ content_service_url }}/collection/v4/review" +- name: updateNotificationFeed + uris: "{{ notification_service_prefix }}/v1/feed/update" + upstream_url: "{{ notification_service_url }}/v1/notification/feed/update" strip_uri: true plugins: - name: jwt @@ -9303,7 +3764,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - updateNotificationFeed - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -9311,12 +3772,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: collectionReject - uris: "{{ collection_prefix }}/v1/reject" - upstream_url: "{{ content_service_url }}/collection/v4/reject" +- name: deleteNotificationFeed + uris: "{{ notification_service_prefix }}/v1/feed/delete" + upstream_url: "{{ notification_service_url }}/v1/notification/feed/delete" strip_uri: true plugins: - name: jwt @@ -9324,7 +3785,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - deleteNotificationFeed - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -9332,12 +3793,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true -- name: acceptCollectionFlag - uris: "{{ collection_prefix }}/v1/flag/accept" - upstream_url: "{{ content_service_url }}/collection/v4/flag/accept" +- name: updateUserV3 + uris: "{{ user_service_prefix }}/v3/update" + upstream_url: "{{ learning_service_url }}/v3/user/update" strip_uri: true plugins: - name: jwt @@ -9345,16 +3806,16 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - userUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: listNotificationTemplate uris: "{{ notification_service_prefix }}/v1/template/list" @@ -9572,25 +4033,4 @@ kong_apis: config.remove.headers: Authorization - name: opa-checks config.required: true - config.enabled: true - -- name: getReportDatasets - uris: "{{ report_service_prefix }}/report/datasets/get" - upstream_url: "{{ report_service_url }}/report/datasets/get" - strip_uri: true - plugins: - - name: jwt - - name: cors - - "{{ statsd_pulgin }}" - - name: acl - config.whitelist: - - reportsAccess - - name: rate-limiting - config.policy: local - config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: credential - - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" - - name: opa-checks - config.required: true - config.enabled: true + config.enabled: true \ No newline at end of file From 0214a0074b3908ad24b6cee24dad3b6498a15500 Mon Sep 17 00:00:00 2001 From: Santhosh Kumar Date: Tue, 21 Jun 2022 13:13:41 +0530 Subject: [PATCH 015/434] Update nginx configs --- .../templates/configMap.yaml | 34 - .../templates/daemonset.yaml | 15 - .../core/nginx-public-ingress/values.j2 | 1086 +---------------- 3 files changed, 5 insertions(+), 1130 deletions(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/templates/configMap.yaml b/kubernetes/helm_charts/core/nginx-public-ingress/templates/configMap.yaml index 0f7f0dcc16..8d68df5d20 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/templates/configMap.yaml +++ b/kubernetes/helm_charts/core/nginx-public-ingress/templates/configMap.yaml @@ -8,37 +8,3 @@ data: {{ .Values.proxyconfig | indent 4 }} compression.conf: | {{ .Values.compressionConfig | indent 4 }} - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-conf - namespace: {{ .Values.namespace }} -data: - nginx.conf: | -{{ .Values.nginxconfig | indent 4 }} - ---- -{{- if .Values.merge_domain_status }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: keycloak-conf - namespace: {{ .Values.namespace }} -data: - keycloak.conf: | -{{ .Values.keycloakconf | indent 4 }} -{{- end }} - ---- -{{- if .Values.apple_universal_links }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: apple-universal-links - namespace: {{ .Values.namespace }} -data: - apple-app-site-association.json: | -{{ .Values.apple_universal_links | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml b/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml index 01bfd608d4..e873439b2a 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml +++ b/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml @@ -32,14 +32,6 @@ spec: - name: proxy-config configMap: name: proxy-default - - name: nginx-config - configMap: - name: nginx-conf -{{- if .Values.apple_universal_links }} - - name: apple-site-association - configMap: - name: apple-universal-links -{{- end }} {{- if .Values.volumes }} {{ toYaml .Values.volumes | indent 8 }} {{- end }} @@ -54,13 +46,6 @@ spec: readOnly: true - name: proxy-config mountPath: /etc/nginx/defaults.d - - name: nginx-config - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf -{{- if .Values.apple_universal_links }} - - name: apple-site-association - mountPath: /var/www/html -{{- end }} {{- if .Values.volumeMounts }} {{ toYaml .Values.volumeMounts | indent 10 }} {{- end }} diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index c1331e76a5..81502a6dcd 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -12,11 +12,11 @@ service: - port: 80 name: http targetPort: 80 - nodePort: 31380 + nodePort: 31780 - port: 443 name: https targetPort: 443 - nodePort: 31390 + nodePort: 31790 {% if nginx_volumes is defined and nginx_volumes %} {# @@ -117,219 +117,8 @@ proxyconfig: |- proxy_set_header X-Forwarded-Proto $scheme; ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. resolver {{ kube_dns_ip }} valid=30s; - # Mobile Devices Refresh token Endpoints - location ~* ^/auth/v1/refresh/token { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - # Admin API Endpoints for sunbird realm fpr forgot password flow - location ~ /auth/admin/realms/sunbird/users/ { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # Sunbird realm keycloak API endpoints - location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # Static Assets for keycloak endpoints with caching - location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) { - # Enabling caching - proxy_cache_key $proxy_host$request_uri; - proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}}; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # This is Caching mechanism for POST requests location search - location ~ /learner/data/v1/location/search { - # Enabling compression - include /etc/nginx/defaults.d/compression.conf; - # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; - } - # Caching for content consumption - location ~ /api/(content/v1/read|course/v1/hierarchy|course/v1/batch/read) { - # Enabling compression - include /etc/nginx/defaults.d/compression.conf; - # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.large_cache.keys_zone.split(':') | first}}; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.medium_validity}}; - # Increasing the proxy buffer size - proxy_buffer_size 16k; - proxy_busy_buffers_size 16k; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://kong; - } - # This is Caching mechanism for Content search - location ~ /api/content/v1/search { - # Enabling compression - include /etc/nginx/defaults.d/compression.conf; - # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.large_cache.keys_zone.split(':') | first}}; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.medium_validity}}; - # Increasing the proxy buffer size - proxy_buffer_size 16k; - proxy_busy_buffers_size 16k; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://kong; - } - # This is Caching mechanism for POST requests - location ~ /api/data/v1/form/read { - # Enabling compression - include /etc/nginx/defaults.d/compression.conf; - # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}}; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location ~ /api/(framework/v1/read|data/v1/system/settings/get|org/v1/search|org/v2/search|data/v1/location/search) { - # Enabling compression - include /etc/nginx/defaults.d/compression.conf; - # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; - rewrite ^/api/(.*) /$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_buffer_size 16k; - proxy_busy_buffers_size 16k; - proxy_pass http://kong; - } + + location /api/ { if ($request_method = OPTIONS ) { add_header Access-Control-Allow-Origin "*" ; @@ -360,872 +149,7 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } - # Oauth2 config - location /oauth2/ { - set $target http://oauth2-proxy.logging.svc.cluster.local; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Auth-Request-Redirect $request_uri; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location = /oauth2/auth { - set $target http://oauth2-proxy.logging.svc.cluster.local; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - # nginx auth_request includes headers but not body - proxy_set_header Content-Length ""; - proxy_pass_request_body off; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } -{% if graylog_open_to_public %} - location /graylog/ { - auth_request /oauth2/auth; - error_page 401 = /oauth2/sign_in; - # Setting target url - auth_request_set $target http://graylog.logging.svc.cluster.local; - # pass information via X-User and X-Email headers to backend, - # requires running with --set-xauthrequest flag - auth_request_set $user $upstream_http_x_auth_request_user; - auth_request_set $email $upstream_http_x_auth_request_email; - proxy_set_header X-User $user; - proxy_set_header X-Email $email; - # if you enabled --cookie-refresh, this is needed for it to work with auth_request - auth_request_set $auth_cookie $upstream_http_set_cookie; - add_header Set-Cookie $auth_cookie; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Scheme $scheme; - proxy_set_header Graylog-User viewer; - proxy_set_header X-Graylog-Server-URL {{proto}}://{{ proxy_server_name }}/graylog/; - rewrite ^/graylog/(.*)$ /$1 break; - proxy_pass $target; - } - location /dashboard { - return 301 /graylog/; - } -{% else %} - location /dashboard/ { - auth_request /oauth2/auth; - error_page 401 = /oauth2/sign_in; - # Setting target url - auth_request_set $target http://{{ kibana_service }}; - # pass information via X-User and X-Email headers to backend, - # requires running with --set-xauthrequest flag - auth_request_set $user $upstream_http_x_auth_request_user; - auth_request_set $email $upstream_http_x_auth_request_email; - proxy_set_header X-User $user; - proxy_set_header X-Email $email; - # if you enabled --cookie-refresh, this is needed for it to work with auth_request - auth_request_set $auth_cookie $upstream_http_set_cookie; - add_header Set-Cookie $auth_cookie; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } -{% endif %} - location /oauth3 { - set $target http://oauth2-proxy.monitoring.svc.cluster.local; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Auth-Request-Redirect $request_uri; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location = /oauth3/auth { - set $target http://oauth2-proxy.monitoring.svc.cluster.local; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header Content-Length ""; - proxy_pass_request_body off; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location /grafana/ { - auth_request /oauth3/auth; - error_page 401 = /oauth3/sign_in; - auth_request_set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; - include /etc/nginx/defaults.d/compression.conf; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; - rewrite ^/grafana/(.*) /$1 break; - proxy_pass $target; - } - location /encryption/ { - set $target http://encryption.{{ namespace }}.svc.cluster.local; - rewrite ^/encryption/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 1; - proxy_send_timeout 30; - proxy_read_timeout 40; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $http_x_forwarded_for; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $target; - } - location /discussions/ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - proxy_redirect off; - # Socket.IO Support - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - set $target http://nodebb-service.{{ namespace }}.svc.cluster.local:4567; - #rewrite ^/discussions/(.*) /$1 break; - proxy_pass $target; - } - location ~* ^/assets/public/(.*) { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $bucket "{{upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$bucket/$url_full; - } - location ~* ^/content/preview/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/v3/preview/$url_full; } - location ~ /content-editor/telemetry|collection-editor/telemetry { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; - } - location ~* ^/content-editor/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/content-editor/$url_full; - } - location ~* ^/discussion-ui/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - set $s3_bucket "{{discussion_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{discussion_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/discussion-ui/$url_full; - } - location ~* ^/collection-editor/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/collection-editor/$url_full; - } - location ~* ^/generic-editor/(.*) { - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/generic-editor/$url_full; - } - location ~* ^/content-plugins/(.*) { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $s3_bucket "{{plugin_upstream_url}}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/content-plugins/$url_full; - } - location /thirdparty { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; - } - location ~* ^/desktop/(.*) { - # Enabling cache for Response code 200 - expires 1M; - add_header Pragma public; - add_header Cache-Control "public"; - # Enabling compression - gzip on; - gzip_min_length 100000; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript text/css text/javascript; - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin "*" ; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; - # add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 200; - } - set $offline_bucket "{{ sunbird_offline_azure_storage_account_url }}"; - set $url_full '$1'; - proxy_http_version 1.1; - proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[0]|lower}}"; - proxy_set_header Authorization ''; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header Set-Cookie; - proxy_ignore_headers "Set-Cookie"; - proxy_buffering off; - proxy_intercept_errors on; - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods GET; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$offline_bucket/$url_full; - } - # compression for svg certs download - location /api/certreg/v2/certs/download { - rewrite ^/api/(.*) /$1 break; - include /etc/nginx/defaults.d/compression.conf; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location /learner/certreg/v2/certs/download { - # Compression - gzip on; - gzip_comp_level 5; - gzip_min_length 50000; # 50KB - gzip_proxied any; - gzip_vary on; - # Content types for compression - gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - add_header test hello; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; - } - location / { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; - } - location /v3/device/register { - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - proxy_set_header Connection ""; - rewrite ^/v3/device/register/(.*) /v3/device/register/$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - } - location /action/data/v3/metrics { - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - proxy_set_header Connection ""; - rewrite ^/action/data/v3/metrics/(.*) /data/v3/metrics/$1 break; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - } - location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info { - # Enabling compression - include /etc/nginx/defaults.d/compression.conf; - # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; - } - location /api/channel/v1/read { - # Enabling compression - include /etc/nginx/defaults.d/compression.conf; - # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; - rewrite ^/api/channel/v1/read/(.*) /channel/v1/read/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location ~ ^/chatapi/ { - set $target http://router-service.{{ namespace }}.svc.cluster.local:8000; - rewrite ^/chatapi/(.*) /$1 break; - proxy_pass $target; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - } - location /oauth2callback { - return 200 'OK'; - add_header Content-Type text/plain; - } - location /dial/ { - if ($dial_upstream_host = kong) { - rewrite ^/dial/(.*) /api/dialcode/v2/read/$1; - } - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://$dial_upstream_host; - } -{% if apple_app_site_association is defined %} - location /apple-app-site-association { - alias /var/www/html/; - index apple-app-site-association.json; - } -{% endif %} - {# Including custom configuration #} - {{ proxy_custom_config }}} - -nginxconfig: | - user nginx; - worker_processes {{nginx_worker_processes | d("auto")}}; - {# - Can add custom modules like - eg: - nginx_modules: | - load_module modules/ngx_http_geoip2_module.so; - load_module modules/ngx_stream_geoip2_module.so; - #} -{% if nginx_modules is defined and nginx_modules %} - {{ nginx_modules | indent( width=2, indentfirst=True) }} -{% endif %} - error_log /var/log/nginx/error.log warn; - pid /var/run/nginx.pid; - events { - worker_connections 10000; - } - http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - resolver {{ kube_dns_ip }} valid=30s; - {# - This is to define custom nginx_http_configs - for example - nginx_http_config: | - geoip2 /usr/local/share/GeoLite2-Country.mmdb { - $geoip2_data_country_iso_code country iso_code; - } - map $geoip2_data_country_iso_code $allowed_country { - default no; - IN no; - } - #} -{% if nginx_http_config is defined and nginx_http_config %} - {{ nginx_http_config | indent( width=7, indentfirst=True) }} -{% endif %} - lua_load_resty_core off; - log_format main '{{ nginx_client_public_ip_header | d('$remote_addr') }} - $remote_user [$time_local] ' - '"$request" $status $request_length $body_bytes_sent' - ' $request_time $upstream_response_time $pipe' - ' "$http_referer" "$http_user_agent" "$sb_request_id"' - ' "$http_x_device_id" "$http_x_channel_id" "$http_x_app_id"' - ' "$http_x_app_ver" "$http_x_session_id" {{nginx_additional_log_fields | default("")}}'; - access_log /var/log/nginx/access.log main; - # Shared dictionary to store metrics - lua_shared_dict prometheus_metrics 100M; - lua_package_path "/etc/nginx/lua_modules/?.lua"; - # Defining request_id - # If the client send request_id it should be preffered over the default one - map $http_x_request_id $sb_request_id { - default $http_x_request_id; - '' $request_id; - } - # Defining upstream cache status for nginx metrics - map $upstream_cache_status $cache_status { - default $upstream_cache_status; - '' "NONE"; - } - map $http_accept $dial_upstream_host { - default player; - application/ld+json kong; - } - # Defining metrics - init_worker_by_lua_block { - prometheus = require("prometheus").init("prometheus_metrics") - metric_requests = prometheus:counter( - "nginx_http_requests_total", "Number of HTTP requests", {"host", "status", "request_method", "cache_status"}) - metric_latency = prometheus:histogram( - "nginx_http_request_duration_seconds", "HTTP request latency", {"host"}) - metric_connections = prometheus:gauge( - "nginx_http_connections", "Number of HTTP connections", {"state"}) - } - log_by_lua_block { - metric_requests:inc(1, {ngx.var.server_name, ngx.var.status, ngx.var.request_method, ngx.var.cache_status }) - metric_latency:observe(tonumber(ngx.var.request_time), {ngx.var.server_name}) - } - header_filter_by_lua_block { - ngx.header["server"] = nil - } - sendfile on; - #tcp_nopush on; - client_max_body_size 60M; - keepalive_timeout 65s; - keepalive_requests 200; - # Nginx connection limit per ip - limit_conn_zone $binary_remote_addr zone=limitbyaddr:10m; - limit_conn_status 429; - upstream kong { - server kong:8000; - keepalive 1000; - } - upstream encryption { - server enc-service:8013; - keepalive 1000; - } - upstream keycloak { - server {{ keycloak_url.split('//')[-1] }}; - keepalive 1000; - } - upstream player { - server player:3000; - keepalive 1000; - } - include /etc/nginx/defaults.d/*.conf; - include /etc/nginx/conf.d/*.conf; - ################# - # Caching Block # - ################# - # - # Keywords - # - # proxy_cache_path: path to store the cache content - # level: how many directories we need, 1:2 means 1 parent directory, and another child directory before the cache content. - # keys_zone: name of the cache and size of the keys store in RAM; 1‑MB zone can store data for about 8,000 keys - # max_size: size of the cache content in disk - # inactive: specifies how long an item can remain in the cache without being accessed. This doesn't value expiry time of cache. So keep it more than the expiry. - # use_temp_path: do we have to write the cache to a temp path first? This will reduce the performance. - # - # caching for images and files - {% for key,value in proxy_cache_path.items() %} - proxy_cache_path {{value['path']}} levels={{value['levels']}} keys_zone={{value['keys_zone']}} max_size={{value['max_size']}} inactive={{value['inactive']}} use_temp_path=off; - {% endfor %} - - server { - listen 9145; - location /metrics { - content_by_lua_block { - metric_connections:set(ngx.var.connections_reading, {"reading"}) - metric_connections:set(ngx.var.connections_waiting, {"waiting"}) - metric_connections:set(ngx.var.connections_writing, {"writing"}) - prometheus:collect() - } - } - } - } - -keycloakconf: | - server { - listen 80; - listen [::]:80; - server_name {{ merge_proxy_server_name }}; - # Limitting open connection per ip - limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; - return 301 https://{{ merge_proxy_server_name }}$request_uri; - } - server { - listen 443 ssl; - ssl_certificate /etc/secrets-merge/tls.crt; - ssl_certificate_key /etc/secrets-merge/tls.key; - server_name {{ merge_proxy_server_name }}; - # Limitting open connection per ip - limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Proto $scheme; - ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. - resolver 127.0.0.11 valid=5s; - # Refresh token endpoint being routed to kong - location ~* ^/auth/v1/refresh/token { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - # Admin API Endpoints for sunbird realm fpr forgot password flow - location ~ /auth/admin/realms/sunbird/users/ { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # Sunbird realm keycloak API endpoints - location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # Static Assets for keycloak endpoints with caching - location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) { - # Enabling compression - include /etc/nginx/defaults.d/compression.conf; - # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}}; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - location / { - rewrite ^/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $request_id; - proxy_pass http://player; - } - } compressionConfig: |- # Compression @@ -1265,4 +189,4 @@ serviceMonitor: {# Add the apple site association json contents in a single line within single quotes as shown below in Core/common.yml #} {# apple_app_site_association: '{"applinks":{"apps":[],"details":[{"appID":"123456.dev.sunbird.app","paths":["/explore","/dial/*","/get/dial","/play/content","/play/collection","/learn/course","/explore-course/course","/explore-course","/search","/search/Library","/faq","/profile","/play/quiz","/explore","/learn","/resources"]}]}}' #} -apple_universal_links: '{{ apple_app_site_association | default("") }}' \ No newline at end of file +apple_universal_links: '{{ apple_app_site_association | default("") }}' From 95b04d35ab17a65f635e35cb69fcf66f5977ae01 Mon Sep 17 00:00:00 2001 From: amit-tarento Date: Wed, 22 Jun 2022 10:02:42 +0530 Subject: [PATCH 016/434] Issue #SB-30067 feat: fixed variable issue --- ansible/roles/kong-api/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index ac376828f9..b47505a94b 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -40,6 +40,7 @@ data_service_prefix: /data notes_service_prefix: /notes org_service_prefix: /org api_manager_perfix: /api-manager +textbook_service_prefix: /textbook otp_service_prefix: /otp sso_service_prefix: /sso cert_service_prefix: /cert From 14711034d8ce46904dcdcd0ae158e8336cb88d9d Mon Sep 17 00:00:00 2001 From: Santhosh Kumar Date: Mon, 27 Jun 2022 09:37:28 +0530 Subject: [PATCH 017/434] Update nginx-private ingress nodeport --- .../core/nginx-private-ingress/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/helm_charts/core/nginx-private-ingress/templates/deployment.yaml b/kubernetes/helm_charts/core/nginx-private-ingress/templates/deployment.yaml index f876dc850b..0465fc7c29 100644 --- a/kubernetes/helm_charts/core/nginx-private-ingress/templates/deployment.yaml +++ b/kubernetes/helm_charts/core/nginx-private-ingress/templates/deployment.yaml @@ -57,7 +57,7 @@ spec: {{- end }} ports: - port: 80 - nodePort: 31480 + nodePort: 31580 targetPort: 80 name: http selector: From 5158e21fadca5bca8ed2fe59de2ff3c3f6af760b Mon Sep 17 00:00:00 2001 From: Santhosh Kumar Date: Mon, 27 Jun 2022 13:22:56 +0530 Subject: [PATCH 018/434] Fix syntax --- .../core/nginx-public-ingress/templates/daemonset.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml b/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml index e873439b2a..7a491c8c69 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml +++ b/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml @@ -46,6 +46,7 @@ spec: readOnly: true - name: proxy-config mountPath: /etc/nginx/defaults.d +{{- end }} {{- if .Values.volumeMounts }} {{ toYaml .Values.volumeMounts | indent 10 }} {{- end }} From 691f3222db4b733f65a4a6f2ef3cd9ec6ece8cbd Mon Sep 17 00:00:00 2001 From: Santhosh Kumar Date: Mon, 27 Jun 2022 14:07:32 +0530 Subject: [PATCH 019/434] Fix syntax --- .../core/nginx-public-ingress/templates/daemonset.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml b/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml index 7a491c8c69..e873439b2a 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml +++ b/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml @@ -46,7 +46,6 @@ spec: readOnly: true - name: proxy-config mountPath: /etc/nginx/defaults.d -{{- end }} {{- if .Values.volumeMounts }} {{ toYaml .Values.volumeMounts | indent 10 }} {{- end }} From 34583a9c4b6211ac7b295bd11735b6774fe9edcf Mon Sep 17 00:00:00 2001 From: Santhosh Kumar Date: Mon, 27 Jun 2022 20:39:05 +0530 Subject: [PATCH 020/434] Update nginx volume --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 7 ------- 1 file changed, 7 deletions(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 81502a6dcd..0d3ba13573 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -30,9 +30,6 @@ nginx_volumes: - name: proxy-config configMap: name: proxy-default - - name: nginx-config - configMap: - name: nginx-conf volumemounts: - name: tls mountPath: /etc/secrets @@ -41,10 +38,6 @@ nginx_volumes: mountPath: /etc/nginx/conf.d/default.conf subPath: proxy.default.conf readOnly: true - - name: nginx-config - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - readOnly: true #} volumes: {{ nginx_volumes.volumes | to_json }} volumeMounts: {{ nginx_volumes.volumeMounts | to_json }} From 86dd78292797bb86bf07efed21f755590854b76c Mon Sep 17 00:00:00 2001 From: Santhosh Kumar Date: Tue, 28 Jun 2022 08:21:18 +0530 Subject: [PATCH 021/434] Add nginx secrets --- kubernetes/ansible/namespace.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/kubernetes/ansible/namespace.yml b/kubernetes/ansible/namespace.yml index bc62234c2c..d59cfb868e 100644 --- a/kubernetes/ansible/namespace.yml +++ b/kubernetes/ansible/namespace.yml @@ -32,6 +32,36 @@ when: imagepullsecrets|length > 0 with_items: - "{{ bootstrap_namespace.split(',') }}" + - name: Creating domain ssl + shell: + cmd: | + cat < Date: Tue, 28 Jun 2022 08:24:19 +0530 Subject: [PATCH 022/434] Fix syntax --- kubernetes/ansible/namespace.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/ansible/namespace.yml b/kubernetes/ansible/namespace.yml index d59cfb868e..093ac3f8c2 100644 --- a/kubernetes/ansible/namespace.yml +++ b/kubernetes/ansible/namespace.yml @@ -61,7 +61,7 @@ tls.crt: "{{ proxymerge_site_crt | b64encode }}" tls.key: "{{ proxymerge_site_key | b64encode }}" EOF - when: merge_proxy_server_name is not none and proxymerge_site_crt is defined and proxymerge_site_key is defined + when: merge_proxy_server_name is not none and proxymerge_site_crt is defined and proxymerge_site_key is defined - name: Installing reloader for configmaps reload shell: helm upgrade --install --atomic reloader "{{ playbook_dir }}"/../helm_charts/core/reloader --namespace "{{ item }}" -f "{{ helm_file.path }}" From 78a4773d1a930ec91346601894e0223c48ff8a74 Mon Sep 17 00:00:00 2001 From: Santhosh Kumar Date: Mon, 4 Jul 2022 12:29:42 +0530 Subject: [PATCH 023/434] Add back nginx-conf --- .../templates/configMap.yaml | 9 ++ .../templates/daemonset.yaml | 6 + .../core/nginx-public-ingress/values.j2 | 128 ++++++++++++++++++ 3 files changed, 143 insertions(+) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/templates/configMap.yaml b/kubernetes/helm_charts/core/nginx-public-ingress/templates/configMap.yaml index 8d68df5d20..a28f261529 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/templates/configMap.yaml +++ b/kubernetes/helm_charts/core/nginx-public-ingress/templates/configMap.yaml @@ -8,3 +8,12 @@ data: {{ .Values.proxyconfig | indent 4 }} compression.conf: | {{ .Values.compressionConfig | indent 4 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-conf + namespace: {{ .Values.namespace }} +data: + nginx.conf: | +{{ .Values.nginxconfig | indent 4 }} diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml b/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml index e873439b2a..9fc5ce4cf1 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml +++ b/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml @@ -32,6 +32,9 @@ spec: - name: proxy-config configMap: name: proxy-default + - name: nginx-config + configMap: + name: nginx-conf {{- if .Values.volumes }} {{ toYaml .Values.volumes | indent 8 }} {{- end }} @@ -46,6 +49,9 @@ spec: readOnly: true - name: proxy-config mountPath: /etc/nginx/defaults.d + - name: nginx-config + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf {{- if .Values.volumeMounts }} {{ toYaml .Values.volumeMounts | indent 10 }} {{- end }} diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 0d3ba13573..3976c50a5f 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -38,6 +38,10 @@ nginx_volumes: mountPath: /etc/nginx/conf.d/default.conf subPath: proxy.default.conf readOnly: true + - name: nginx-config + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + readOnly: true #} volumes: {{ nginx_volumes.volumes | to_json }} volumeMounts: {{ nginx_volumes.volumeMounts | to_json }} @@ -144,6 +148,130 @@ proxyconfig: |- } } + nginxconfig: | + user nginx; + worker_processes {{nginx_worker_processes | d("auto")}}; + {# + Can add custom modules like + eg: + nginx_modules: | + load_module modules/ngx_http_geoip2_module.so; + load_module modules/ngx_stream_geoip2_module.so; + #} + {% if nginx_modules is defined and nginx_modules %} + {{ nginx_modules | indent( width=2, indentfirst=True) }} + {% endif %} + error_log /var/log/nginx/error.log warn; + pid /var/run/nginx.pid; + events { + worker_connections 10000; + } + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + resolver {{ kube_dns_ip }} valid=30s; + {# + This is to define custom nginx_http_configs + for example + nginx_http_config: | + geoip2 /usr/local/share/GeoLite2-Country.mmdb { + $geoip2_data_country_iso_code country iso_code; + } + map $geoip2_data_country_iso_code $allowed_country { + default no; + IN no; + } + #} + {% if nginx_http_config is defined and nginx_http_config %} + {{ nginx_http_config | indent( width=7, indentfirst=True) }} + {% endif %} + lua_load_resty_core off; + log_format main '{{ nginx_client_public_ip_header | d('$remote_addr') }} - $remote_user [$time_local] ' + '"$request" $status $request_length $body_bytes_sent' + ' $request_time $upstream_response_time $pipe' + ' "$http_referer" "$http_user_agent" "$sb_request_id"' + ' "$http_x_device_id" "$http_x_channel_id" "$http_x_app_id"' + ' "$http_x_app_ver" "$http_x_session_id" {{nginx_additional_log_fields | default("")}}'; + access_log /var/log/nginx/access.log main; + # Shared dictionary to store metrics + lua_shared_dict prometheus_metrics 100M; + lua_package_path "/etc/nginx/lua_modules/?.lua"; + # Defining request_id + # If the client send request_id it should be preffered over the default one + map $http_x_request_id $sb_request_id { + default $http_x_request_id; + '' $request_id; + } + # Defining upstream cache status for nginx metrics + map $upstream_cache_status $cache_status { + default $upstream_cache_status; + '' "NONE"; + } + map $http_accept $dial_upstream_host { + default player; + application/ld+json kong; + } + # Defining metrics + init_worker_by_lua_block { + prometheus = require("prometheus").init("prometheus_metrics") + metric_requests = prometheus:counter( + "nginx_http_requests_total", "Number of HTTP requests", {"host", "status", "request_method", "cache_status"}) + metric_latency = prometheus:histogram( + "nginx_http_request_duration_seconds", "HTTP request latency", {"host"}) + metric_connections = prometheus:gauge( + "nginx_http_connections", "Number of HTTP connections", {"state"}) + } + log_by_lua_block { + metric_requests:inc(1, {ngx.var.server_name, ngx.var.status, ngx.var.request_method, ngx.var.cache_status }) + metric_latency:observe(tonumber(ngx.var.request_time), {ngx.var.server_name}) + } + header_filter_by_lua_block { + ngx.header["server"] = nil + } + sendfile on; + #tcp_nopush on; + client_max_body_size 60M; + keepalive_timeout 65s; + keepalive_requests 200; + # Nginx connection limit per ip + limit_conn_zone $binary_remote_addr zone=limitbyaddr:10m; + limit_conn_status 429; + upstream kong { + server kong:8000; + keepalive 1000; + } + include /etc/nginx/defaults.d/*.conf; + include /etc/nginx/conf.d/*.conf; + ################# + # Caching Block # + ################# + # + # Keywords + # + # proxy_cache_path: path to store the cache content + # level: how many directories we need, 1:2 means 1 parent directory, and another child directory before the cache content. + # keys_zone: name of the cache and size of the keys store in RAM; 1‑MB zone can store data for about 8,000 keys + # max_size: size of the cache content in disk + # inactive: specifies how long an item can remain in the cache without being accessed. This doesn't value expiry time of cache. So keep it more than the expiry. + # use_temp_path: do we have to write the cache to a temp path first? This will reduce the performance. + # + # caching for images and files + {% for key,value in proxy_cache_path.items() %} + proxy_cache_path {{value['path']}} levels={{value['levels']}} keys_zone={{value['keys_zone']}} max_size={{value['max_size']}} inactive={{value['inactive']}} use_temp_path=off; + {% endfor %} + + server { + listen 9145; + location /metrics { + content_by_lua_block { + metric_connections:set(ngx.var.connections_reading, {"reading"}) + metric_connections:set(ngx.var.connections_waiting, {"waiting"}) + metric_connections:set(ngx.var.connections_writing, {"writing"}) + prometheus:collect() + } + } + } + } compressionConfig: |- # Compression gzip on; From 152ff2a6be013d6077f980f0bfd3c369a20c4d6e Mon Sep 17 00:00:00 2001 From: Santhosh Kumar Date: Mon, 4 Jul 2022 14:00:43 +0530 Subject: [PATCH 024/434] Fix syntax --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 3976c50a5f..74d18a2d74 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -148,7 +148,7 @@ proxyconfig: |- } } - nginxconfig: | +nginxconfig: | user nginx; worker_processes {{nginx_worker_processes | d("auto")}}; {# From a3d726af83d98fecf2ac0d664223d34c6d3f9cf8 Mon Sep 17 00:00:00 2001 From: Santhosh Kumar Date: Tue, 5 Jul 2022 13:30:19 +0530 Subject: [PATCH 025/434] Add nodebb nginx config --- .../core/nginx-public-ingress/values.j2 | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 74d18a2d74..82f7f9d096 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -148,6 +148,22 @@ proxyconfig: |- } } + location /discussions/ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_redirect off; + # Socket.IO Support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + set $target http://nodebb-service.{{ namespace }}.svc.cluster.local:4567; + #rewrite ^/discussions/(.*) /$1 break; + proxy_pass $target; + } + nginxconfig: | user nginx; worker_processes {{nginx_worker_processes | d("auto")}}; From 175f218b1d86b6469a44f2e7638e9298ab395279 Mon Sep 17 00:00:00 2001 From: Santhosh Kumar Date: Tue, 5 Jul 2022 14:14:07 +0530 Subject: [PATCH 026/434] Fix syntax --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 82f7f9d096..9531add6bb 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -146,7 +146,6 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } - } location /discussions/ { proxy_set_header X-Real-IP $remote_addr; @@ -163,7 +162,7 @@ proxyconfig: |- #rewrite ^/discussions/(.*) /$1 break; proxy_pass $target; } - + } nginxconfig: | user nginx; worker_processes {{nginx_worker_processes | d("auto")}}; From c8355dd2a466ba9c7baea663017552afb57511fa Mon Sep 17 00:00:00 2001 From: Santhosh Kumar Date: Thu, 7 Jul 2022 09:45:02 +0530 Subject: [PATCH 027/434] Add keycloak configs --- .../core/nginx-public-ingress/values.j2 | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 9531add6bb..c67dda2aab 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -162,6 +162,48 @@ proxyconfig: |- #rewrite ^/discussions/(.*) /$1 break; proxy_pass $target; } + # Admin API Endpoints for sunbird realm fpr forgot password flow + location ~ /auth/admin/realms/sunbird/users/ { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Sunbird realm keycloak API endpoints + location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Refresh token endpoint being routed to kong + location ~* ^/auth/v1/refresh/token { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } } nginxconfig: | user nginx; From 31df0629a87b9923a54548f4913b4d527dcd66cb Mon Sep 17 00:00:00 2001 From: Santhosh Kumar Date: Wed, 13 Jul 2022 09:13:25 +0530 Subject: [PATCH 028/434] Add player and keycloak configs --- .../core/nginx-public-ingress/values.j2 | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index c67dda2aab..f68eee39ab 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -115,6 +115,20 @@ proxyconfig: |- ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. resolver {{ kube_dns_ip }} valid=30s; + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } location /api/ { if ($request_method = OPTIONS ) { @@ -297,6 +311,14 @@ nginxconfig: | server kong:8000; keepalive 1000; } + upstream keycloak { + server {{ keycloak_url.split('//')[-1] }}; + keepalive 1000; + } + upstream player { + server player:3000; + keepalive 1000; + } include /etc/nginx/defaults.d/*.conf; include /etc/nginx/conf.d/*.conf; ################# From 1931b21927e5d20a9fef2a04f93e591127b36fac Mon Sep 17 00:00:00 2001 From: Santhosh Kumar Date: Wed, 13 Jul 2022 10:12:31 +0530 Subject: [PATCH 029/434] Fix syntax --- .../helm_charts/core/nginx-public-ingress/values.j2 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index f68eee39ab..cd07be5626 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -115,7 +115,7 @@ proxyconfig: |- ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. resolver {{ kube_dns_ip }} valid=30s; - location / { + location / { rewrite ^/(.*) /$1 break; proxy_set_header Host $host; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; @@ -130,7 +130,7 @@ proxyconfig: |- proxy_pass http://player; } - location /api/ { + location /api/ { if ($request_method = OPTIONS ) { add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; @@ -176,7 +176,7 @@ proxyconfig: |- #rewrite ^/discussions/(.*) /$1 break; proxy_pass $target; } - # Admin API Endpoints for sunbird realm fpr forgot password flow + # Admin API Endpoints for sunbird realm fpr forgot password flow location ~ /auth/admin/realms/sunbird/users/ { rewrite ^/auth/(.*) /auth/$1 break; proxy_set_header X-Request-ID $sb_request_id; @@ -189,7 +189,7 @@ proxyconfig: |- proxy_http_version 1.1; proxy_pass http://keycloak; } - # Sunbird realm keycloak API endpoints + # Sunbird realm keycloak API endpoints location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) { rewrite ^/auth/(.*) /auth/$1 break; proxy_set_header X-Request-ID $sb_request_id; @@ -202,7 +202,7 @@ proxyconfig: |- proxy_http_version 1.1; proxy_pass http://keycloak; } - # Refresh token endpoint being routed to kong + # Refresh token endpoint being routed to kong location ~* ^/auth/v1/refresh/token { rewrite ^/auth/(.*) /auth/$1 break; proxy_set_header Connection ""; From abc808a367fc163a9179a353ab3cd59d1a6ac26c Mon Sep 17 00:00:00 2001 From: amit-tarento Date: Fri, 15 Jul 2022 12:13:36 +0530 Subject: [PATCH 030/434] Issue #SB-30067 feat:added knowlg apis for testing --- ansible/roles/kong-api/defaults/main.yml | 392 ++++++++++++++++++++++- 1 file changed, 391 insertions(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index b47505a94b..e8022050a3 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -52,6 +52,25 @@ users_service_prefix: /users notification_service_prefix: /notification registry_service_prefix: /rc +# knowlg service prefixes +license_api_prefix: /license +object_category_prefix: /object/category +object_category_definition_prefix: /object/category/definition +private_content_prefix: /private/content +asset_prefix: /asset +content_prefix: /content +itemset_prefix: /itemset +composite_service_prefix: /composite +collection_prefix: /collection +dialcode_service_prefix: /dialcode +channel_service_prefix: /channel +framework_service_prefix: /framework +plugin_service_prefix: /plugins +lock_service_prefix: /lock +integration_app_prefix: /app +cloud_service_prefix: /cloud-services +assessment_prefix: /assessment + # Service URLs learning_service_url: "http://learner-service:9000" am_util_url: "http://adminutil:4000" @@ -63,6 +82,16 @@ discussions_mw_service_url: "http://discussionsmw-service:3002/discussion" notification_service_url: "http://notification-service:9000" registry_service_url: "http://registry-service:8081" +#knowlg URLs +knowledge_mw_service_url: "http://knowledge-mw-service:5000" +vm_learning_service_url: "http://{{learningservice_ip}}:8080/learning-service" +telemetry_service_url: "http://telemetry-service:9001" +player_service_url: "http://player:3000" +content_service_url: "http://content-service:9000" +taxonomy_service_url: "http://taxonomy-service:9000" +assessment_service_url: "http://assessment-service:9000" +ml_core_service_url: "http://ml-core-service:3000" + premium_consumer_rate_limits: - api: createContent config.hour: "{{ premium_consumer_small_rate_limit_per_hour }}" @@ -4034,4 +4063,365 @@ kong_apis: config.remove.headers: Authorization - name: opa-checks config.required: true - config.enabled: true \ No newline at end of file + config.enabled: true + +- name: readFramework + uris: "{{ framework_service_prefix }}/v1/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/read" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ premium_consumer_large_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readFrameworkCategory + uris: "{{ framework_service_prefix }}/v1/category/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/category/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readFrameworkTerm + uris: "{{ framework_service_prefix }}/v1/term/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/term/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ x_large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: listFramework + uris: "{{ framework_service_prefix }}/v1/list" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/list" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ x_medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: searchFrameworkCategory + uris: "{{ framework_service_prefix }}/v1/category/search" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/category/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: searchFrameworkTerm + uris: "{{ framework_service_prefix }}/v1/term/search" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/term/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readContent + uris: "{{ content_prefix }}/v1/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/read" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: contentPrivateRead + uris: "{{ content_prefix }}/v1/private/read" + upstream_url: "{{ content_service_url }}/content/v4/private/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: searchContent + uris: "{{ content_prefix }}/v1/search" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/search" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readContentV2 + uris: "{{ content_prefix }}/v2/read" + upstream_url: "{{ content_service_url }}/content/v4/read" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: PrivateContentReadAPIs + uris: "{{ private_content_prefix }}/v3/read" + upstream_url: "{{ content_service_url }}/content/v3/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentSuperAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionRead + uris: "{{ collection_prefix }}/v1/read" + upstream_url: "{{ content_service_url }}/collection/v4/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - anonymousContentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionPrivateRead + uris: "{{ collection_prefix }}/v1/private/read" + upstream_url: "{{ content_service_url }}/collection/v4/private/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionHierarchyRead + uris: "{{ collection_prefix }}/v1/hierarchy" + upstream_url: "{{ content_service_url }}/collection/v4/hierarchy" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - anonymousContentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: compositeSearch + uris: "{{ composite_service_prefix }}/v1/search" + upstream_url: "{{ knowledge_mw_service_url }}/v1/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - contentTempAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: compositePrivateSearch + uris: "{{ composite_service_prefix }}/v1/private/search" + upstream_url: "{{ knowledge_mw_service_url }}/v3/private/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: getFileUploadUrls + uris: "{{ cloud_service_prefix }}/mlcore/v1/files/preSignedUrls" + upstream_url: "{{ ml_core_service_url }}/v1/cloud-services/files/preSignedUrls" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - cloudUrlsCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readForm + uris: "{{ data_service_prefix }}/v1/form/read" + upstream_url: "{{ player_service_url }}/plugin/v1/form/read" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + + From 8f4ea35b6f5ade84d0aaf9e5c69e0d25840168a9 Mon Sep 17 00:00:00 2001 From: AMIT KUMAR Date: Fri, 15 Jul 2022 12:50:15 +0530 Subject: [PATCH 031/434] Update main.yml added channel read api --- ansible/roles/kong-api/defaults/main.yml | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index e8022050a3..86160d3869 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -4423,5 +4423,22 @@ kong_apis: - name: opa-checks config.required: false config.enabled: false - + + +- name: readChannel + uris: "{{ channel_service_prefix }}/v1/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/read" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ x_large_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false From 7db71ecbf64e77f76a14888031f81da65e46d6a2 Mon Sep 17 00:00:00 2001 From: amit-tarento Date: Fri, 15 Jul 2022 13:12:26 +0530 Subject: [PATCH 032/434] Issue #SB-30067 feat:added knowlg apis for testing --- ansible/roles/kong-api/defaults/main.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 86160d3869..e6c1bae35c 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -4442,3 +4442,19 @@ kong_apis: config.required: false config.enabled: false +- name: getCourseHierarchy + uris: "{{ course_service_prefix }}/v1/hierarchy" + upstream_url: "{{ knowledge_mw_service_url }}/v1/course/hierarchy" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false \ No newline at end of file From 7d734cffbde97ce899fe43251df7f330dcd344e1 Mon Sep 17 00:00:00 2001 From: amit-tarento Date: Fri, 15 Jul 2022 14:17:54 +0530 Subject: [PATCH 033/434] Issue #SB-30067 feat:added category read api --- ansible/roles/kong-api/defaults/main.yml | 42 ++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index e6c1bae35c..b01cf86c01 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -4455,6 +4455,48 @@ kong_apis: config.limit_by: ip - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readObjectCategoryDefinition + uris: "{{ object_category_definition_prefix }}/v1/read" + upstream_url: "{{ taxonomy_service_url }}/object/category/definition/v4/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ x_medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readObjectCategory + uris: "{{ object_category_prefix }}/v1/read" + upstream_url: "{{ taxonomy_service_url }}/object/category/v4/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ x_medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false \ No newline at end of file From 6dbd2d64e1bdb5a4da8154143ce2c12b3f41e2bd Mon Sep 17 00:00:00 2001 From: Santhosh Kumar Date: Fri, 15 Jul 2022 16:42:51 +0530 Subject: [PATCH 034/434] Add back learner configs --- .../core/nginx-public-ingress/values.j2 | 112 ++++++++++++++++++ 1 file changed, 112 insertions(+) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index cd07be5626..e28cc82962 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -218,6 +218,118 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } + # Static Assets for keycloak endpoints with caching + location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # This is Caching mechanism for POST requests location search + location ~ /learner/data/v1/location/search { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + # compression for svg certs download + location /api/certreg/v2/certs/download { + rewrite ^/api/(.*) /$1 break; + include /etc/nginx/defaults.d/compression.conf; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location /learner/certreg/v2/certs/download { + # Compression + gzip on; + gzip_comp_level 5; + gzip_min_length 50000; # 50KB + gzip_proxied any; + gzip_vary on; + # Content types for compression + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + add_header test hello; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } } nginxconfig: | user nginx; From 4f1280db4374518d24f9f204f4e7fb9aa0824911 Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Mon, 1 Aug 2022 10:58:44 +0530 Subject: [PATCH 035/434] fix:SB-30068 kafka topic changes --- ansible/inventory/env/group_vars/all.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index dd3e9cfcd9..b5f8f76766 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -17,6 +17,7 @@ env_short_name: "{{env}}" sunbird_env: "{{env}}" #Ekstep environment to connect to. Use `qa` for non-prod deployments, and `prod` for prod deployment. sunbird_app_name: "{{env}}" env_prefix: "{{env}}" +bb: lern # Keycloak keycloak_api_management_user_first_name: "admin" @@ -442,11 +443,11 @@ enc_entry_password: "{{core_vault_enc_entry_password}}" # encryption password fo enc_master_pass: "{{core_vault_enc_master_pass}}" # encryption password for the keys enc_n_keys: 50 # Total number of keys required for encryption enc_n_reserved_keys: 15 # Number of keys which app reserves for usage -kafka_topics_instruction: "{{env_name}}.coursebatch.job.request" +kafka_topics_instruction: "{{env_name}}{{bb}}.coursebatch.job.request" kafka_urls: "{{groups['processing-cluster-kafka']|join(':9092,')}}:9092" -kafka_topics_certificate_instruction: "{{env_name}}.issue.certificate.request" -kafka_topics_contentstate_invalid: "{{env_name}}.contentstate.invalid" -kafka_enrolment_sync_topic: "{{env_name}}.batch.enrolment.sync.request" +kafka_topics_certificate_instruction: "{{env_name}}{{bb}}.issue.certificate.request" +kafka_topics_contentstate_invalid: "{{env_name}}{{bb}}.contentstate.invalid" +kafka_enrolment_sync_topic: "{{env_name}}{{bb}}.batch.enrolment.sync.request" cert_service_container_name: "{{env}}-e-credentials" cert_service_cloud_storage_type: "{{cert_service_cloud_storage_type}}" @@ -464,7 +465,7 @@ job_names: ### api call report mailing list #### api_report_mailing_list: "" ## This mailing list to send the daily api count report. if adaptor want to use they have to override in common.yml -kafka_assessment_topic: "{{env_name}}.telemetry.assess" +kafka_assessment_topic: "{{env_name}}{{bb}}.telemetry.assess" # Portal vars for reports #sunbird_portal_azure_storage_account: "{{sunbird_azure_storage_account}}" From 79547e47b19dafb8cd8a448bff9039cbe56f3e77 Mon Sep 17 00:00:00 2001 From: Santhosh Kumar Date: Mon, 1 Aug 2022 13:45:25 +0530 Subject: [PATCH 036/434] Fix syntax --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index e28cc82962..41f954be54 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -273,7 +273,7 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://player; } - # compression for svg certs download + # compression for svg certs download location /api/certreg/v2/certs/download { rewrite ^/api/(.*) /$1 break; include /etc/nginx/defaults.d/compression.conf; From 01efd83a5e347b7c4f2132d6114e7003b97e6811 Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Thu, 4 Aug 2022 12:39:29 +0530 Subject: [PATCH 037/434] feat:LR-124 modified consistency for cassandra --- .../templates/content-service_application.conf | 2 +- .../templates/sunbird_cert-registry-service.env | 2 +- .../stack-sunbird/templates/sunbird_groups-service.env | 2 +- .../templates/sunbird_knowledge-mw-service.env | 2 +- .../stack-sunbird/templates/sunbird_learner-service.env | 4 ++-- .../roles/stack-sunbird/templates/sunbird_lms-service.env | 2 +- .../templates/sunbird_notification-service.env | 6 +++--- ansible/roles/stack-sunbird/templates/sunbird_player.env | 2 +- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/content-service_application.conf b/ansible/roles/stack-sunbird/templates/content-service_application.conf index 9703fb47a7..e8e0af6180 100644 --- a/ansible/roles/stack-sunbird/templates/content-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/content-service_application.conf @@ -355,7 +355,7 @@ cassandra { # Consistency Level for Multi Node Cassandra cluster {% if (cassandra_cluster_size | int) > 1 %} -cassandra.lp.consistency.level=QUORUM +cassandra.lp.consistency.level=LOCAL_QUORUM {% else %} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% endif %} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_cert-registry-service.env b/ansible/roles/stack-sunbird/templates/sunbird_cert-registry-service.env index dcde35ae43..1726d2f5d7 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_cert-registry-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_cert-registry-service.env @@ -6,7 +6,7 @@ sunbird_es_port={{sunbird_es_port}} sunbird_cassandra_keyspace={{sunbird_cassandra_keyspace|d('sunbird')}} sunbird_cassandra_username={{sunbird_cassandra_username|d('cassandra')}} sunbird_cassandra_password={{sunbird_cassandra_password|d('password')}} -sunbird_cassandra_consistency_level=quorum +sunbird_cassandra_consistency_level=local_quorum {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_host={{groups['cassandra']|join(',')}} sunbird_cassandra_port=9042 diff --git a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env index 38e1c3cf8c..b71814d1b2 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env @@ -1,7 +1,7 @@ {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_host={{groups['cassandra']|join(',')}} sunbird_cassandra_port=9042,9042,9042 -sunbird_cassandra_consistency_level=quorum +sunbird_cassandra_consistency_level=local_quorum {% else %} sunbird_cassandra_host={{sunbird_cassandra_host}} sunbird_cassandra_port=9042 diff --git a/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env b/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env index 6a13ddadfd..0386cfaf87 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env @@ -49,7 +49,7 @@ sunbird_lock_expiry_time={{sunbird_lock_expiry_time}} sunbird_content_service_log_level={{sunbird_content_service_log_level}} {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_replication_strategy={{sunbird_cassandra_replication_strategy}} -sunbird_cassandra_consistency_level=quorum +sunbird_cassandra_consistency_level=local_quorum {% else %} sunbird_cassandra_replication_strategy={{sunbird_cassandra_replication_strategy}} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index 27b2569ba5..b94a9abfeb 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -39,7 +39,7 @@ sunbird_installation_email={{sunbird_installation_email}} {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_host={{groups['cassandra']|join(',')}} sunbird_cassandra_port=9042,9042,9042 -sunbird_cassandra_consistency_level=quorum +sunbird_cassandra_consistency_level=local_quorum {% else %} sunbird_cassandra_host={{sunbird_cassandra_host}} sunbird_cassandra_port=9042 @@ -98,7 +98,7 @@ sunbird_cache_enable={{sunbird_cache_enable | default(false)}} sunbird_redis_host={{sunbird_redis_host}} sunbird_redis_port={{sunbird_redis_port|default(6379)}} kafka_urls={{kafka_urls}} -sunbird_user_cert_kafka_topic={{env_name}}.lms.user.account.merge +sunbird_user_cert_kafka_topic={{env_name}}{{bb}}.lms.user.account.merge # Release-2.3.0 sunbird_reset_pass_msg={{sunbird_reset_pass_msg | d('You have requested to reset password. Click on the link to set a password: {0}')}} sunbird_fuzzy_search_threshold={{sunbird_fuzzy_search_threshold | d('0.5')}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 112c702f37..9c02b032e1 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -39,7 +39,7 @@ sunbird_installation_email={{sunbird_installation_email}} {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_host={{groups['cassandra']|join(',')}} sunbird_cassandra_port=9042,9042,9042 -sunbird_cassandra_consistency_level=quorum +sunbird_cassandra_consistency_level=local_quorum {% else %} sunbird_cassandra_host={{sunbird_cassandra_host}} sunbird_cassandra_port=9042 diff --git a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env index 6189bdafa5..1268e72b5d 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env @@ -1,17 +1,17 @@ {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_host={{groups['cassandra']|join(',')}} sunbird_cassandra_port=9042,9042,9042 -sunbird_cassandra_consistency_level=quorum +sunbird_cassandra_consistency_level=local_quorum {% else %} sunbird_cassandra_host={{ groups['cassandra'][0] }} sunbird_cassandra_port=9042 -sunbird_cassandra_consistency_level=quorum +sunbird_cassandra_consistency_level=local_quorum {% endif %} sunbird_cassandra_notification_keyspace=sunbird_notifications sunbird_cassandra_password={{sunbird_cassandra_password|d('password')}} sunbird_cassandra_username={{sunbird_cassandra_username|d('cassandra')}} sunbird_notification_kafka_servers_config={{sunbird_processing_kafka_host}} -sunbird_notification_kafka_topic={{env_name}}.lms.notification +sunbird_notification_kafka_topic={{env_name}}{{bb}}.lms.notification sunbird_notification_msg_default_sender={{sunbird_msg_sender}} sunbird_msg_91_auth={{sunbird_msg_91_auth}} sunbird_mail_server_from_email={{sunbird_mail_server_from_email}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_player.env b/ansible/roles/stack-sunbird/templates/sunbird_player.env index 7130ccf290..d3497c340c 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_player.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_player.env @@ -50,7 +50,7 @@ sunbird_portal_preview_cdn_url={{sunbird_portal_preview_cdn_url}} {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_replication_strategy={{sunbird_cassandra_replication_strategy}} -sunbird_cassandra_consistency_level=quorum +sunbird_cassandra_consistency_level=local_quorum {% else %} sunbird_cassandra_replication_strategy={{sunbird_cassandra_replication_strategy}} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} From 168a9e97a74ad9d286c7f0767aee7c06596c5b67 Mon Sep 17 00:00:00 2001 From: amit-tarento Date: Mon, 22 Aug 2022 15:03:43 +0530 Subject: [PATCH 038/434] Issue #LR-110 feat:variablize template url for csp changes --- .../sunbird-RC/registry/schemas/TrainingCertificate.json | 2 +- utils/sunbird-RC/schema/credential_template.json | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json b/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json index be84e538a3..2906929f2d 100644 --- a/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json +++ b/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json @@ -69,6 +69,6 @@ ], "systemFields": ["osCreatedAt", "osUpdatedAt", "osCreatedBy", "osUpdatedBy"], "enableLogin": false, - "credentialTemplate": "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/credential_template.json" + "credentialTemplate": "https://{{upstream_url}}/schema/credential_template.json" } } diff --git a/utils/sunbird-RC/schema/credential_template.json b/utils/sunbird-RC/schema/credential_template.json index 3f94054686..8f467986cc 100644 --- a/utils/sunbird-RC/schema/credential_template.json +++ b/utils/sunbird-RC/schema/credential_template.json @@ -1,7 +1,7 @@ { "@context": [ - "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/v1_context.json", - "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/sunbird_context.json" + "https://{{upstream_url}}/schema/v1_context.json", + "https://{{upstream_url}}/schema/sunbird_context.json" ], "type": [ "VerifiableCredential" From 37a95dffdc4e540a5a9958bd621965c93c9525d8 Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Tue, 30 Aug 2022 13:44:02 +0530 Subject: [PATCH 039/434] feat:LR-124 reverted back configurations for non lern --- .../stack-sunbird/templates/content-service_application.conf | 2 +- .../stack-sunbird/templates/sunbird_knowledge-mw-service.env | 2 +- ansible/roles/stack-sunbird/templates/sunbird_player.env | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/content-service_application.conf b/ansible/roles/stack-sunbird/templates/content-service_application.conf index e8e0af6180..9703fb47a7 100644 --- a/ansible/roles/stack-sunbird/templates/content-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/content-service_application.conf @@ -355,7 +355,7 @@ cassandra { # Consistency Level for Multi Node Cassandra cluster {% if (cassandra_cluster_size | int) > 1 %} -cassandra.lp.consistency.level=LOCAL_QUORUM +cassandra.lp.consistency.level=QUORUM {% else %} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% endif %} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env b/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env index 0386cfaf87..6a13ddadfd 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env @@ -49,7 +49,7 @@ sunbird_lock_expiry_time={{sunbird_lock_expiry_time}} sunbird_content_service_log_level={{sunbird_content_service_log_level}} {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_replication_strategy={{sunbird_cassandra_replication_strategy}} -sunbird_cassandra_consistency_level=local_quorum +sunbird_cassandra_consistency_level=quorum {% else %} sunbird_cassandra_replication_strategy={{sunbird_cassandra_replication_strategy}} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_player.env b/ansible/roles/stack-sunbird/templates/sunbird_player.env index d3497c340c..7130ccf290 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_player.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_player.env @@ -50,7 +50,7 @@ sunbird_portal_preview_cdn_url={{sunbird_portal_preview_cdn_url}} {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_replication_strategy={{sunbird_cassandra_replication_strategy}} -sunbird_cassandra_consistency_level=local_quorum +sunbird_cassandra_consistency_level=quorum {% else %} sunbird_cassandra_replication_strategy={{sunbird_cassandra_replication_strategy}} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} From 1d4fe153f3d805827aff1edbdebb1513099e36bb Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Tue, 6 Sep 2022 12:42:07 +0530 Subject: [PATCH 040/434] fix:LR-124 added consistency variable value instead of hard coded value --- ansible/roles/stack-sunbird/templates/sunbird_lms-service.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 9c02b032e1..32cdf0ebaa 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -39,7 +39,7 @@ sunbird_installation_email={{sunbird_installation_email}} {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_host={{groups['cassandra']|join(',')}} sunbird_cassandra_port=9042,9042,9042 -sunbird_cassandra_consistency_level=local_quorum +sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% else %} sunbird_cassandra_host={{sunbird_cassandra_host}} sunbird_cassandra_port=9042 From 522371927259ae45a2fc3e7a3e76bc585eb980a0 Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Tue, 6 Sep 2022 12:50:26 +0530 Subject: [PATCH 041/434] fix:LR-124 added consistency variable value instead of hard coded value --- .../stack-sunbird/templates/content-service_application.conf | 2 +- .../stack-sunbird/templates/sunbird_knowledge-mw-service.env | 2 +- ansible/roles/stack-sunbird/templates/sunbird_player.env | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/content-service_application.conf b/ansible/roles/stack-sunbird/templates/content-service_application.conf index 9703fb47a7..6a37bc0a34 100644 --- a/ansible/roles/stack-sunbird/templates/content-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/content-service_application.conf @@ -355,7 +355,7 @@ cassandra { # Consistency Level for Multi Node Cassandra cluster {% if (cassandra_cluster_size | int) > 1 %} -cassandra.lp.consistency.level=QUORUM +cassandra.lp.consistency.level={{sunbird_cassandra_consistency_level}} {% else %} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% endif %} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env b/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env index 6a13ddadfd..4e1123773a 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env @@ -49,7 +49,7 @@ sunbird_lock_expiry_time={{sunbird_lock_expiry_time}} sunbird_content_service_log_level={{sunbird_content_service_log_level}} {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_replication_strategy={{sunbird_cassandra_replication_strategy}} -sunbird_cassandra_consistency_level=quorum +sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% else %} sunbird_cassandra_replication_strategy={{sunbird_cassandra_replication_strategy}} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_player.env b/ansible/roles/stack-sunbird/templates/sunbird_player.env index 7130ccf290..282e0b99fa 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_player.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_player.env @@ -50,7 +50,7 @@ sunbird_portal_preview_cdn_url={{sunbird_portal_preview_cdn_url}} {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_replication_strategy={{sunbird_cassandra_replication_strategy}} -sunbird_cassandra_consistency_level=quorum +sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% else %} sunbird_cassandra_replication_strategy={{sunbird_cassandra_replication_strategy}} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} From e578ff19412174220b492e2a791a861f92007aec Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Tue, 6 Sep 2022 13:10:00 +0530 Subject: [PATCH 042/434] fix: LR-124 changes for consistency value --- .../stack-sunbird/templates/content-service_application.conf | 2 +- .../stack-sunbird/templates/sunbird_knowledge-mw-service.env | 2 +- ansible/roles/stack-sunbird/templates/sunbird_player.env | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/content-service_application.conf b/ansible/roles/stack-sunbird/templates/content-service_application.conf index 6a37bc0a34..9703fb47a7 100644 --- a/ansible/roles/stack-sunbird/templates/content-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/content-service_application.conf @@ -355,7 +355,7 @@ cassandra { # Consistency Level for Multi Node Cassandra cluster {% if (cassandra_cluster_size | int) > 1 %} -cassandra.lp.consistency.level={{sunbird_cassandra_consistency_level}} +cassandra.lp.consistency.level=QUORUM {% else %} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% endif %} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env b/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env index 4e1123773a..6a13ddadfd 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env @@ -49,7 +49,7 @@ sunbird_lock_expiry_time={{sunbird_lock_expiry_time}} sunbird_content_service_log_level={{sunbird_content_service_log_level}} {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_replication_strategy={{sunbird_cassandra_replication_strategy}} -sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} +sunbird_cassandra_consistency_level=quorum {% else %} sunbird_cassandra_replication_strategy={{sunbird_cassandra_replication_strategy}} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_player.env b/ansible/roles/stack-sunbird/templates/sunbird_player.env index 282e0b99fa..7130ccf290 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_player.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_player.env @@ -50,7 +50,7 @@ sunbird_portal_preview_cdn_url={{sunbird_portal_preview_cdn_url}} {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_replication_strategy={{sunbird_cassandra_replication_strategy}} -sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} +sunbird_cassandra_consistency_level=quorum {% else %} sunbird_cassandra_replication_strategy={{sunbird_cassandra_replication_strategy}} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} From 9c25262f69fb1d8bba0bfbeaad6f8c495bf6164f Mon Sep 17 00:00:00 2001 From: AMIT KUMAR Date: Tue, 6 Sep 2022 13:42:26 +0530 Subject: [PATCH 043/434] Issue #LR-110 feat:added env for cloud provider (#3481) --- .../roles/stack-sunbird/templates/sunbird_learner-service.env | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index b94a9abfeb..b602c8e1d5 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -129,3 +129,6 @@ user_index_alias={{user_index_alias | default('user_alias')}} org_index_alias={{org_index_alias | default('org_alias')}} sunbird_installation_display_name_for_sms=DIKSHA sunbird_sso_lb_ip={{keycloak_url}} + +sunbird_cloud_service_provider={{cloud_service_provider}} + From ee4edffa317eda025fc87241f254f6f61acb111a Mon Sep 17 00:00:00 2001 From: amit-tarento Date: Wed, 7 Sep 2022 15:20:40 +0530 Subject: [PATCH 044/434] Issue #LR-110 feat:added env for cloud provider --- .../stack-sunbird/templates/sunbird_cert-service.env | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env b/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env index 686df40e63..c43c23171b 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env @@ -1,13 +1,13 @@ CONTAINER_NAME={{cert_service_container_name}} -CLOUD_STORAGE_TYPE={{cert_service_cloud_storage_type}} -AZURE_STORAGE_SECRET={{sunbird_private_storage_account_key}} -AZURE_STORAGE_KEY={{sunbird_private_storage_account_name}} +CLOUD_STORAGE_TYPE={{cloud_service_provider}} +PRIVATE_CLOUD_STORAGE_SECRET={{sunbird_private_storage_account_key}} +PRIVATE_CLOUD_STORAGE_KEY={{sunbird_private_storage_account_name}} sunbird_cert_domain_url={{proto}}://{{proxy_server_name}} sunbird_cert_enc_service_url=http://enc-service:8013 download_link_expiry_timeout=600 es_conn_info={{groups['es']|join(':9200,')}}:9200 ITEXT_LICENSE_ENABLED={{itext_license_enabled}} ITEXT_LICENSE_PATH=/home/sunbird/itext_trail_license.xml -PUBLIC_AZURE_STORAGE_KEY={{sunbird_public_storage_account_name}} -PUBLIC_AZURE_STORAGE_SECRET={{sunbird_public_storage_account_key}} +PUBLIC_CLOUD_STORAGE_KEY={{sunbird_public_storage_account_name}} +PUBLIC_CLOUD_STORAGE_SECRET={{sunbird_public_storage_account_key}} PUBLIC_CONTAINER_NAME={{sunbird_cert_qr_container_name}} From 739ef0bdd4073cb4fdc4ae0fa971548aa6c8a323 Mon Sep 17 00:00:00 2001 From: amit-tarento Date: Wed, 7 Sep 2022 15:23:00 +0530 Subject: [PATCH 045/434] Issue #LR-110 feat:added env for cloud provider --- .../stack-sunbird/templates/sunbird_cert-service.env | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env b/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env index c43c23171b..686df40e63 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env @@ -1,13 +1,13 @@ CONTAINER_NAME={{cert_service_container_name}} -CLOUD_STORAGE_TYPE={{cloud_service_provider}} -PRIVATE_CLOUD_STORAGE_SECRET={{sunbird_private_storage_account_key}} -PRIVATE_CLOUD_STORAGE_KEY={{sunbird_private_storage_account_name}} +CLOUD_STORAGE_TYPE={{cert_service_cloud_storage_type}} +AZURE_STORAGE_SECRET={{sunbird_private_storage_account_key}} +AZURE_STORAGE_KEY={{sunbird_private_storage_account_name}} sunbird_cert_domain_url={{proto}}://{{proxy_server_name}} sunbird_cert_enc_service_url=http://enc-service:8013 download_link_expiry_timeout=600 es_conn_info={{groups['es']|join(':9200,')}}:9200 ITEXT_LICENSE_ENABLED={{itext_license_enabled}} ITEXT_LICENSE_PATH=/home/sunbird/itext_trail_license.xml -PUBLIC_CLOUD_STORAGE_KEY={{sunbird_public_storage_account_name}} -PUBLIC_CLOUD_STORAGE_SECRET={{sunbird_public_storage_account_key}} +PUBLIC_AZURE_STORAGE_KEY={{sunbird_public_storage_account_name}} +PUBLIC_AZURE_STORAGE_SECRET={{sunbird_public_storage_account_key}} PUBLIC_CONTAINER_NAME={{sunbird_cert_qr_container_name}} From 167faea3ea07dfc63f48b8d8d760b4695c671aa0 Mon Sep 17 00:00:00 2001 From: amit-tarento Date: Wed, 7 Sep 2022 15:25:24 +0530 Subject: [PATCH 046/434] Issue #LR-110 feat:added env for cloud provider --- .../stack-sunbird/templates/sunbird_cert-service.env | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env b/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env index 686df40e63..c43c23171b 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env @@ -1,13 +1,13 @@ CONTAINER_NAME={{cert_service_container_name}} -CLOUD_STORAGE_TYPE={{cert_service_cloud_storage_type}} -AZURE_STORAGE_SECRET={{sunbird_private_storage_account_key}} -AZURE_STORAGE_KEY={{sunbird_private_storage_account_name}} +CLOUD_STORAGE_TYPE={{cloud_service_provider}} +PRIVATE_CLOUD_STORAGE_SECRET={{sunbird_private_storage_account_key}} +PRIVATE_CLOUD_STORAGE_KEY={{sunbird_private_storage_account_name}} sunbird_cert_domain_url={{proto}}://{{proxy_server_name}} sunbird_cert_enc_service_url=http://enc-service:8013 download_link_expiry_timeout=600 es_conn_info={{groups['es']|join(':9200,')}}:9200 ITEXT_LICENSE_ENABLED={{itext_license_enabled}} ITEXT_LICENSE_PATH=/home/sunbird/itext_trail_license.xml -PUBLIC_AZURE_STORAGE_KEY={{sunbird_public_storage_account_name}} -PUBLIC_AZURE_STORAGE_SECRET={{sunbird_public_storage_account_key}} +PUBLIC_CLOUD_STORAGE_KEY={{sunbird_public_storage_account_name}} +PUBLIC_CLOUD_STORAGE_SECRET={{sunbird_public_storage_account_key}} PUBLIC_CONTAINER_NAME={{sunbird_cert_qr_container_name}} From 856b647a9cf9a02cc2b181d2ba6f03747632809f Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Thu, 8 Sep 2022 12:18:43 +0530 Subject: [PATCH 047/434] fix:LR-124 adding new variable for multi DC enabling --- ansible/inventory/env/group_vars/all.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index b5f8f76766..d9cd87d1c3 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -133,6 +133,8 @@ cassandra_rpc_address: 0.0.0.0 cassandra_restore_dir: "/home/{{ ansible_ssh_user }}/" cassandra_backup_azure_container_name: cassandra-backup cassandra_backup_dir: /data/cassandra/backup +### Release 5.0.0 ### +cassandra_isMutiDCEnabled: false keycloak_realm: sunbird sunbird_content_player_url: "http://kong:8000/" From 661787939907541c80ad26d3ef62ba4ec6a954f2 Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Thu, 8 Sep 2022 13:06:23 +0530 Subject: [PATCH 048/434] fix:LR-124 for bb specific environment name --- ansible/inventory/env/group_vars/all.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index d9cd87d1c3..29a84a9d4b 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -17,7 +17,8 @@ env_short_name: "{{env}}" sunbird_env: "{{env}}" #Ekstep environment to connect to. Use `qa` for non-prod deployments, and `prod` for prod deployment. sunbird_app_name: "{{env}}" env_prefix: "{{env}}" -bb: lern +##BB specific environment variable. Add bb for other integrators, and it should be left blank for Ekstep +env_name_bb: "{{env_name}}" # Keycloak keycloak_api_management_user_first_name: "admin" @@ -445,11 +446,11 @@ enc_entry_password: "{{core_vault_enc_entry_password}}" # encryption password fo enc_master_pass: "{{core_vault_enc_master_pass}}" # encryption password for the keys enc_n_keys: 50 # Total number of keys required for encryption enc_n_reserved_keys: 15 # Number of keys which app reserves for usage -kafka_topics_instruction: "{{env_name}}{{bb}}.coursebatch.job.request" +kafka_topics_instruction: "{{env_name_bb}}.coursebatch.job.request" kafka_urls: "{{groups['processing-cluster-kafka']|join(':9092,')}}:9092" -kafka_topics_certificate_instruction: "{{env_name}}{{bb}}.issue.certificate.request" -kafka_topics_contentstate_invalid: "{{env_name}}{{bb}}.contentstate.invalid" -kafka_enrolment_sync_topic: "{{env_name}}{{bb}}.batch.enrolment.sync.request" +kafka_topics_certificate_instruction: "{{env_name_bb}}.issue.certificate.request" +kafka_topics_contentstate_invalid: "{{env_name_bb}}.contentstate.invalid" +kafka_enrolment_sync_topic: "{{env_name_bb}}.batch.enrolment.sync.request" cert_service_container_name: "{{env}}-e-credentials" cert_service_cloud_storage_type: "{{cert_service_cloud_storage_type}}" @@ -467,7 +468,7 @@ job_names: ### api call report mailing list #### api_report_mailing_list: "" ## This mailing list to send the daily api count report. if adaptor want to use they have to override in common.yml -kafka_assessment_topic: "{{env_name}}{{bb}}.telemetry.assess" +kafka_assessment_topic: "{{env_name_bb}}.telemetry.assess" # Portal vars for reports #sunbird_portal_azure_storage_account: "{{sunbird_azure_storage_account}}" From c0b99c638e2fa52aa0c7fa74512a737dbbf558c3 Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Thu, 8 Sep 2022 13:16:14 +0530 Subject: [PATCH 049/434] Fix:LR-124 bb specific topic name changes --- .../roles/stack-sunbird/templates/sunbird_learner-service.env | 2 +- .../stack-sunbird/templates/sunbird_notification-service.env | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index b94a9abfeb..0aeb5f8c88 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -98,7 +98,7 @@ sunbird_cache_enable={{sunbird_cache_enable | default(false)}} sunbird_redis_host={{sunbird_redis_host}} sunbird_redis_port={{sunbird_redis_port|default(6379)}} kafka_urls={{kafka_urls}} -sunbird_user_cert_kafka_topic={{env_name}}{{bb}}.lms.user.account.merge +sunbird_user_cert_kafka_topic={{env_name_bb}}.lms.user.account.merge # Release-2.3.0 sunbird_reset_pass_msg={{sunbird_reset_pass_msg | d('You have requested to reset password. Click on the link to set a password: {0}')}} sunbird_fuzzy_search_threshold={{sunbird_fuzzy_search_threshold | d('0.5')}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env index 1268e72b5d..a5de97c8c0 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env @@ -11,7 +11,7 @@ sunbird_cassandra_notification_keyspace=sunbird_notifications sunbird_cassandra_password={{sunbird_cassandra_password|d('password')}} sunbird_cassandra_username={{sunbird_cassandra_username|d('cassandra')}} sunbird_notification_kafka_servers_config={{sunbird_processing_kafka_host}} -sunbird_notification_kafka_topic={{env_name}}{{bb}}.lms.notification +sunbird_notification_kafka_topic={{env_name_bb}}.lms.notification sunbird_notification_msg_default_sender={{sunbird_msg_sender}} sunbird_msg_91_auth={{sunbird_msg_91_auth}} sunbird_mail_server_from_email={{sunbird_mail_server_from_email}} From 2d4ef56c2bbad667d330195df4480babc6d99698 Mon Sep 17 00:00:00 2001 From: amit-tarento Date: Fri, 9 Sep 2022 13:36:30 +0530 Subject: [PATCH 050/434] Issue #LR-110 feat:added env for csp --- ansible/roles/stack-sunbird/templates/sunbird_lms-service.env | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 9c02b032e1..92d639fa67 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -142,4 +142,6 @@ druid_proxy_api_port=8082 druid_proxy_api_endpoint=/druid/v2/ collection_summary_agg_data_source={{ summary_agg_data_source | default('audit-rollup-syncts') }} collection_summary_agg_cache_ttl={{ summary_agg_ttl | default(21600) }} -enrollment_list_size={{ enrollment_list_size | default(1000) }} \ No newline at end of file +enrollment_list_size={{ enrollment_list_size | default(1000) }} + +sunbird_cloud_service_provider={{cloud_service_provider}} \ No newline at end of file From 0809a188d1e0cc2b5d9db92923a2d5aaa0e6a5f2 Mon Sep 17 00:00:00 2001 From: amit-tarento Date: Mon, 12 Sep 2022 12:50:22 +0530 Subject: [PATCH 051/434] Issue #LR-110 feat:added env for multi dc support --- .../stack-sunbird/templates/sunbird_cert-registry-service.env | 1 + .../roles/stack-sunbird/templates/sunbird_groups-service.env | 1 + .../roles/stack-sunbird/templates/sunbird_learner-service.env | 2 ++ ansible/roles/stack-sunbird/templates/sunbird_lms-service.env | 4 +++- .../stack-sunbird/templates/sunbird_notification-service.env | 1 + 5 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_cert-registry-service.env b/ansible/roles/stack-sunbird/templates/sunbird_cert-registry-service.env index 1726d2f5d7..ec8a6f8d6f 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_cert-registry-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_cert-registry-service.env @@ -14,3 +14,4 @@ sunbird_cassandra_port=9042 sunbird_cassandra_host={{sunbird_cassandra_host}} sunbird_cassandra_port=9042 {% endif %} +isMultiDCEnabled={{is_multidc_enabled}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env index b71814d1b2..46bddb2614 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env @@ -41,3 +41,4 @@ notification_service_api_url=/v2/notification/send #“OFF“: To disable for all states #To allow multiple channel . please write as comma separated : e.g : tn,cg value enable_tenant_config={{enable_tenant_config| default('*')}} +isMultiDCEnabled={{is_multidc_enabled}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index b602c8e1d5..d102731086 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -132,3 +132,5 @@ sunbird_sso_lb_ip={{keycloak_url}} sunbird_cloud_service_provider={{cloud_service_provider}} +isMultiDCEnabled={{is_multidc_enabled}} + diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 92d639fa67..a6543c822d 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -144,4 +144,6 @@ collection_summary_agg_data_source={{ summary_agg_data_source | default('audit-r collection_summary_agg_cache_ttl={{ summary_agg_ttl | default(21600) }} enrollment_list_size={{ enrollment_list_size | default(1000) }} -sunbird_cloud_service_provider={{cloud_service_provider}} \ No newline at end of file +sunbird_cloud_service_provider={{cloud_service_provider}} + +isMultiDCEnabled={{is_multidc_enabled}} \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env index 1268e72b5d..38e11e070d 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env @@ -35,3 +35,4 @@ LEARNER_SERVICE_PORT=http://learner-service:9000 sunbird_us_system_setting_url=/api/data/v1/system/settings/list sunbird_us_org_read_url=/v1/org/read notification_category_type_config=certificateUpdate +isMultiDCEnabled={{is_multidc_enabled}} From ddf43a56f3efbc2ed2dda8b41f2fbf67bbeedcc5 Mon Sep 17 00:00:00 2001 From: amit-tarento Date: Mon, 12 Sep 2022 13:19:47 +0530 Subject: [PATCH 052/434] Issue #LR-110 feat:added env for multi dc support --- ansible/inventory/env/group_vars/all.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index b5f8f76766..09e6b52549 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -133,6 +133,7 @@ cassandra_rpc_address: 0.0.0.0 cassandra_restore_dir: "/home/{{ ansible_ssh_user }}/" cassandra_backup_azure_container_name: cassandra-backup cassandra_backup_dir: /data/cassandra/backup +is_multidc_enabled: false keycloak_realm: sunbird sunbird_content_player_url: "http://kong:8000/" @@ -550,3 +551,7 @@ sunbird_trampoline_desktop_keycloak_client_id: trampoline-desktop # DIAL-service schema dial_plugin_container_name: "sunbird-dial-{{env}}" dial_service_schema_base_path: "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{dial_plugin_container_name}}/schemas/local" + +#cloud service provider changes +#cloud_service_provider value should be either (azure, aws, gcloud) as per cloud sdk dependency +cloud_service_provider: "azure" \ No newline at end of file From 6d2a884c0dae4d1440b194e25f8be69777d70afc Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Mon, 12 Sep 2022 14:36:47 +0530 Subject: [PATCH 053/434] fix:LR-124 removed unnecessary variable --- ansible/inventory/env/group_vars/all.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 29a84a9d4b..e3860488e5 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -134,8 +134,6 @@ cassandra_rpc_address: 0.0.0.0 cassandra_restore_dir: "/home/{{ ansible_ssh_user }}/" cassandra_backup_azure_container_name: cassandra-backup cassandra_backup_dir: /data/cassandra/backup -### Release 5.0.0 ### -cassandra_isMutiDCEnabled: false keycloak_realm: sunbird sunbird_content_player_url: "http://kong:8000/" From ac2ff50b4756600de2b11b21c3a2bd37494f3b94 Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Mon, 12 Sep 2022 15:14:42 +0530 Subject: [PATCH 054/434] fix: Added comment for lern bb specific variable --- ansible/inventory/env/group_vars/all.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index e3860488e5..eba63c8840 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -18,6 +18,7 @@ sunbird_env: "{{env}}" #Ekstep environment to connect to. Use sunbird_app_name: "{{env}}" env_prefix: "{{env}}" ##BB specific environment variable. Add bb for other integrators, and it should be left blank for Ekstep +## For ed it should be left as it is, but for others bb name lern should be added as "{{env_name}}lern" env_name_bb: "{{env_name}}" # Keycloak From 8b1e844a2f89b0c397d0725a79b2f662769d5d56 Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Thu, 15 Sep 2022 15:40:31 +0530 Subject: [PATCH 055/434] fix:LR-105 kafka topic changes --- ansible/inventory/env/group_vars/all.yml | 13 ++++----- ansible/roles/stack-sunbird/defaults/main.yml | 28 +++++++++++++++++++ .../templates/sunbird_learner-service.env | 2 +- .../sunbird_notification-service.env | 2 +- 4 files changed, 35 insertions(+), 10 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index eba63c8840..2a58bcc357 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -17,9 +17,6 @@ env_short_name: "{{env}}" sunbird_env: "{{env}}" #Ekstep environment to connect to. Use `qa` for non-prod deployments, and `prod` for prod deployment. sunbird_app_name: "{{env}}" env_prefix: "{{env}}" -##BB specific environment variable. Add bb for other integrators, and it should be left blank for Ekstep -## For ed it should be left as it is, but for others bb name lern should be added as "{{env_name}}lern" -env_name_bb: "{{env_name}}" # Keycloak keycloak_api_management_user_first_name: "admin" @@ -445,11 +442,11 @@ enc_entry_password: "{{core_vault_enc_entry_password}}" # encryption password fo enc_master_pass: "{{core_vault_enc_master_pass}}" # encryption password for the keys enc_n_keys: 50 # Total number of keys required for encryption enc_n_reserved_keys: 15 # Number of keys which app reserves for usage -kafka_topics_instruction: "{{env_name_bb}}.coursebatch.job.request" +kafka_topics_instruction: "{{ kafka_topic_course_batch_job_request }}" kafka_urls: "{{groups['processing-cluster-kafka']|join(':9092,')}}:9092" -kafka_topics_certificate_instruction: "{{env_name_bb}}.issue.certificate.request" -kafka_topics_contentstate_invalid: "{{env_name_bb}}.contentstate.invalid" -kafka_enrolment_sync_topic: "{{env_name_bb}}.batch.enrolment.sync.request" +kafka_topics_certificate_instruction: "{{ kafka_topic_certificate_request }}" +kafka_topics_contentstate_invalid: "{{ kafka_topic_contentstate_invalid }}" +kafka_enrolment_sync_topic: "{{ kafka_topic_enrolment_sync_request }}" cert_service_container_name: "{{env}}-e-credentials" cert_service_cloud_storage_type: "{{cert_service_cloud_storage_type}}" @@ -467,7 +464,7 @@ job_names: ### api call report mailing list #### api_report_mailing_list: "" ## This mailing list to send the daily api count report. if adaptor want to use they have to override in common.yml -kafka_assessment_topic: "{{env_name_bb}}.telemetry.assess" +kafka_assessment_topic: "{{ kafka_topic_assessment }}" # Portal vars for reports #sunbird_portal_azure_storage_account: "{{sunbird_azure_storage_account}}" diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index 12d98086b3..12c16cbba3 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -1052,3 +1052,31 @@ kong_desktop_device_consumer_names_for_opa: '["desktop"]' # Audience claim check is disabled as of now # List of keycloak clients as these can come in audience field of a JWT token # keycloak_allowed_aud: '"{{ keycloak_auth_server_url }}/realms/{{ keycloak_realm }}", "account", "realm-management"' + +# LERN BB specific kafka topics,have to be overridden in private devops repo to include BB Name for integrators. +kafka_topic_course_batch_job_request: "{{env_name}}.coursebatch.job.request" +kafka_topic_certificate_request: "{{env_name}}.issue.certificate.request" +kafka_topic_contentstate_invalid: "{{env_name}}.contentstate.invalid" +kafka_topic_enrolment_sync_request: "{{env_name}}.batch.enrolment.sync.request" +kafka_topic_assessment: "{{env_name}}.telemetry.assess" +kafka_topic_telemetry_raw: "{{env_name}}.telemetry.raw" +kafka_topic_activity_agg_failed: "{{env_name}}.activity.agg.failed" +kafka_topic_content_publish_request: "{{env_name}}.content.postpublish.request" +kafka_topic_generate_certificate_request: "{{env_name}}.generate.certificate.request" +kafka_topic_certificate_failed: "{{env_name}}.issue.certificate.failed" +kafka_topic_lms_user_account: "{{env_name}}.lms.user.account.merge" +kafka_topic_learning_failed: "{{env_name}}.learning.events.failed" +kafka_topic_assessment_failed: "{{env_name}}.telemetry.assess.failed" +kafka_topic_lms_notification: "{{env_name}}.lms.notification" +kafka_topic_enrolment_reconciliation_failed: "{{env_name}}.enrolment.reconciliation.failed" +kafka_topic_generate_certificate_failed: "{{env_name}}.generate.certificate.failed" + +## LERN BB specific kafka groups,have to be overridden in private devops repo to include BB Name for integrators. +kafka_group_activity_agg: "{{env_name}}-activity-aggregate-group" +kafka_group_relation_cache_updater: "{{env_name}}-relation-cache-updater-group" +kafka_group_enrolment_reconciliation: "{{env_name}}-enrolment-reconciliation-group" +kafka_group_collection_pre_processor: "{{env_name}}-collection-cert-pre-processor-group" +kafka_group_certificate_generator: "{{env_name}}-certificate-generator-group" +kafka_group_merge_courses: "{{env_name}}-merge-courses-group" +kafka_group_assessment_aggregator: "{{env_name}}-assessment-aggregator-group" +kafka_group_lms_notification: "{{env_name}}-lms-notification" \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index 0aeb5f8c88..a247362205 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -98,7 +98,7 @@ sunbird_cache_enable={{sunbird_cache_enable | default(false)}} sunbird_redis_host={{sunbird_redis_host}} sunbird_redis_port={{sunbird_redis_port|default(6379)}} kafka_urls={{kafka_urls}} -sunbird_user_cert_kafka_topic={{env_name_bb}}.lms.user.account.merge +sunbird_user_cert_kafka_topic={{kafka_topic_lms_user_account}} # Release-2.3.0 sunbird_reset_pass_msg={{sunbird_reset_pass_msg | d('You have requested to reset password. Click on the link to set a password: {0}')}} sunbird_fuzzy_search_threshold={{sunbird_fuzzy_search_threshold | d('0.5')}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env index a5de97c8c0..1a86c72c66 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env @@ -11,7 +11,7 @@ sunbird_cassandra_notification_keyspace=sunbird_notifications sunbird_cassandra_password={{sunbird_cassandra_password|d('password')}} sunbird_cassandra_username={{sunbird_cassandra_username|d('cassandra')}} sunbird_notification_kafka_servers_config={{sunbird_processing_kafka_host}} -sunbird_notification_kafka_topic={{env_name_bb}}.lms.notification +sunbird_notification_kafka_topic={{kafka_topic_lms_notification}} sunbird_notification_msg_default_sender={{sunbird_msg_sender}} sunbird_msg_91_auth={{sunbird_msg_91_auth}} sunbird_mail_server_from_email={{sunbird_mail_server_from_email}} From 9991a3701ccbc6b363963f1f1de4ad311f37098e Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Fri, 16 Sep 2022 11:43:44 +0530 Subject: [PATCH 056/434] fix:LR-105 removed unnecessary topics --- ansible/roles/stack-sunbird/defaults/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index 12c16cbba3..1f97e75393 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -1068,8 +1068,6 @@ kafka_topic_lms_user_account: "{{env_name}}.lms.user.account.merge" kafka_topic_learning_failed: "{{env_name}}.learning.events.failed" kafka_topic_assessment_failed: "{{env_name}}.telemetry.assess.failed" kafka_topic_lms_notification: "{{env_name}}.lms.notification" -kafka_topic_enrolment_reconciliation_failed: "{{env_name}}.enrolment.reconciliation.failed" -kafka_topic_generate_certificate_failed: "{{env_name}}.generate.certificate.failed" ## LERN BB specific kafka groups,have to be overridden in private devops repo to include BB Name for integrators. kafka_group_activity_agg: "{{env_name}}-activity-aggregate-group" From 99a25fcfb722afc40093d29f5e9ebf8f13768c4a Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Wed, 21 Sep 2022 15:24:15 +0530 Subject: [PATCH 057/434] fix:LR-105 kafka topic variables --- ansible/inventory/env/group_vars/all.yml | 14 ++++++---- ansible/roles/stack-sunbird/defaults/main.yml | 26 ------------------- .../sunbird_cert-registry-service.env | 2 +- .../templates/sunbird_groups-service.env | 2 +- .../templates/sunbird_learner-service.env | 2 +- .../sunbird_notification-service.env | 4 +-- 6 files changed, 14 insertions(+), 36 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 8ba64ee41d..f3f934d6f1 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -443,11 +443,11 @@ enc_entry_password: "{{core_vault_enc_entry_password}}" # encryption password fo enc_master_pass: "{{core_vault_enc_master_pass}}" # encryption password for the keys enc_n_keys: 50 # Total number of keys required for encryption enc_n_reserved_keys: 15 # Number of keys which app reserves for usage -kafka_topics_instruction: "{{ kafka_topic_course_batch_job_request }}" +kafka_topics_instruction: "{{env_name}}.coursebatch.job.request" kafka_urls: "{{groups['processing-cluster-kafka']|join(':9092,')}}:9092" -kafka_topics_certificate_instruction: "{{ kafka_topic_certificate_request }}" -kafka_topics_contentstate_invalid: "{{ kafka_topic_contentstate_invalid }}" -kafka_enrolment_sync_topic: "{{ kafka_topic_enrolment_sync_request }}" +kafka_topics_certificate_instruction: "{{env_name}}.issue.certificate.request" +kafka_topics_contentstate_invalid: "{{env_name}}.contentstate.invalid" +kafka_enrolment_sync_topic: "{{env_name}}.batch.enrolment.sync.request" cert_service_container_name: "{{env}}-e-credentials" cert_service_cloud_storage_type: "{{cert_service_cloud_storage_type}}" @@ -465,7 +465,11 @@ job_names: ### api call report mailing list #### api_report_mailing_list: "" ## This mailing list to send the daily api count report. if adaptor want to use they have to override in common.yml -kafka_assessment_topic: "{{ kafka_topic_assessment }}" +kafka_assessment_topic: "{{env_name}}.telemetry.assess" + +### Release-5.0.0 kafka topic variables for merge user course and notification job ### +kafka_topic_lms_user_account: "{{env_name}}.lms.user.account.merge" +kafka_topic_lms_notification: "{{env_name}}.lms.notification" # Portal vars for reports #sunbird_portal_azure_storage_account: "{{sunbird_azure_storage_account}}" diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index 1f97e75393..12d98086b3 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -1052,29 +1052,3 @@ kong_desktop_device_consumer_names_for_opa: '["desktop"]' # Audience claim check is disabled as of now # List of keycloak clients as these can come in audience field of a JWT token # keycloak_allowed_aud: '"{{ keycloak_auth_server_url }}/realms/{{ keycloak_realm }}", "account", "realm-management"' - -# LERN BB specific kafka topics,have to be overridden in private devops repo to include BB Name for integrators. -kafka_topic_course_batch_job_request: "{{env_name}}.coursebatch.job.request" -kafka_topic_certificate_request: "{{env_name}}.issue.certificate.request" -kafka_topic_contentstate_invalid: "{{env_name}}.contentstate.invalid" -kafka_topic_enrolment_sync_request: "{{env_name}}.batch.enrolment.sync.request" -kafka_topic_assessment: "{{env_name}}.telemetry.assess" -kafka_topic_telemetry_raw: "{{env_name}}.telemetry.raw" -kafka_topic_activity_agg_failed: "{{env_name}}.activity.agg.failed" -kafka_topic_content_publish_request: "{{env_name}}.content.postpublish.request" -kafka_topic_generate_certificate_request: "{{env_name}}.generate.certificate.request" -kafka_topic_certificate_failed: "{{env_name}}.issue.certificate.failed" -kafka_topic_lms_user_account: "{{env_name}}.lms.user.account.merge" -kafka_topic_learning_failed: "{{env_name}}.learning.events.failed" -kafka_topic_assessment_failed: "{{env_name}}.telemetry.assess.failed" -kafka_topic_lms_notification: "{{env_name}}.lms.notification" - -## LERN BB specific kafka groups,have to be overridden in private devops repo to include BB Name for integrators. -kafka_group_activity_agg: "{{env_name}}-activity-aggregate-group" -kafka_group_relation_cache_updater: "{{env_name}}-relation-cache-updater-group" -kafka_group_enrolment_reconciliation: "{{env_name}}-enrolment-reconciliation-group" -kafka_group_collection_pre_processor: "{{env_name}}-collection-cert-pre-processor-group" -kafka_group_certificate_generator: "{{env_name}}-certificate-generator-group" -kafka_group_merge_courses: "{{env_name}}-merge-courses-group" -kafka_group_assessment_aggregator: "{{env_name}}-assessment-aggregator-group" -kafka_group_lms_notification: "{{env_name}}-lms-notification" \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/sunbird_cert-registry-service.env b/ansible/roles/stack-sunbird/templates/sunbird_cert-registry-service.env index ec8a6f8d6f..a03aad47f4 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_cert-registry-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_cert-registry-service.env @@ -6,7 +6,7 @@ sunbird_es_port={{sunbird_es_port}} sunbird_cassandra_keyspace={{sunbird_cassandra_keyspace|d('sunbird')}} sunbird_cassandra_username={{sunbird_cassandra_username|d('cassandra')}} sunbird_cassandra_password={{sunbird_cassandra_password|d('password')}} -sunbird_cassandra_consistency_level=local_quorum +sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_host={{groups['cassandra']|join(',')}} sunbird_cassandra_port=9042 diff --git a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env index 46bddb2614..a4ed8456d6 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env @@ -1,7 +1,7 @@ {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_host={{groups['cassandra']|join(',')}} sunbird_cassandra_port=9042,9042,9042 -sunbird_cassandra_consistency_level=local_quorum +sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% else %} sunbird_cassandra_host={{sunbird_cassandra_host}} sunbird_cassandra_port=9042 diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index 479f3a5225..e1582fd049 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -39,7 +39,7 @@ sunbird_installation_email={{sunbird_installation_email}} {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_host={{groups['cassandra']|join(',')}} sunbird_cassandra_port=9042,9042,9042 -sunbird_cassandra_consistency_level=local_quorum +sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% else %} sunbird_cassandra_host={{sunbird_cassandra_host}} sunbird_cassandra_port=9042 diff --git a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env index 110c7a50a8..58bc0c00cc 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env @@ -1,11 +1,11 @@ {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_host={{groups['cassandra']|join(',')}} sunbird_cassandra_port=9042,9042,9042 -sunbird_cassandra_consistency_level=local_quorum +sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% else %} sunbird_cassandra_host={{ groups['cassandra'][0] }} sunbird_cassandra_port=9042 -sunbird_cassandra_consistency_level=local_quorum +sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% endif %} sunbird_cassandra_notification_keyspace=sunbird_notifications sunbird_cassandra_password={{sunbird_cassandra_password|d('password')}} From 43c4212394f2036ff70da71f130c8cd66750a957 Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Wed, 21 Sep 2022 18:51:29 +0530 Subject: [PATCH 058/434] fix:LR-104 consistency set to quorum --- ansible/inventory/env/group_vars/all.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index f3f934d6f1..0166794b63 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -364,7 +364,7 @@ content_service_whitelisted_mimetype: '' content_service_blacklisted_mimetype: '' sunbird_cloud_storage_urls: 'https://s3.ap-south-1.amazonaws.com/ekstep-public-{{ekstep_s3_env}}/,https://ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com/,https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/' sunbird_email_max_recipients_limit: 100 -sunbird_cassandra_consistency_level: one +sunbird_cassandra_consistency_level: quorum sunbird_cassandra_replication_strategy: '{"class":"SimpleStrategy","replication_factor":"1"}' sunbird_lock_expiry_time: 3600 app_es_heap_size: 1500m From b156252dd852f393218df3b2b8df3c5cd925c670 Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Thu, 22 Sep 2022 11:48:06 +0530 Subject: [PATCH 059/434] fix:LR-105 modified the variable names --- ansible/inventory/env/group_vars/all.yml | 7 ++++--- .../templates/sunbird_cert-registry-service.env | 3 ++- .../stack-sunbird/templates/sunbird_groups-service.env | 6 +++--- .../stack-sunbird/templates/sunbird_learner-service.env | 9 ++++----- .../stack-sunbird/templates/sunbird_lms-service.env | 8 +++----- .../templates/sunbird_notification-service.env | 7 ++++--- 6 files changed, 20 insertions(+), 20 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 0166794b63..b3ac73f078 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -132,7 +132,8 @@ cassandra_rpc_address: 0.0.0.0 cassandra_restore_dir: "/home/{{ ansible_ssh_user }}/" cassandra_backup_azure_container_name: cassandra-backup cassandra_backup_dir: /data/cassandra/backup -is_multidc_enabled: false +### Release 5.0.0 ### +cassandra_isMultiDCEnabled: false keycloak_realm: sunbird sunbird_content_player_url: "http://kong:8000/" @@ -555,6 +556,6 @@ sunbird_trampoline_desktop_keycloak_client_id: trampoline-desktop dial_plugin_container_name: "sunbird-dial-{{env}}" dial_service_schema_base_path: "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{dial_plugin_container_name}}/schemas/local" -#cloud service provider changes -#cloud_service_provider value should be either (azure, aws, gcloud) as per cloud sdk dependency +### Release-5.0.0 cloud service provider changes for supporting multiple providers ### +### cloud_service_provider value should be either (azure, aws, gcloud) as per cloud sdk dependency ### cloud_service_provider: "azure" \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/sunbird_cert-registry-service.env b/ansible/roles/stack-sunbird/templates/sunbird_cert-registry-service.env index a03aad47f4..80c77cbdc8 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_cert-registry-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_cert-registry-service.env @@ -14,4 +14,5 @@ sunbird_cassandra_port=9042 sunbird_cassandra_host={{sunbird_cassandra_host}} sunbird_cassandra_port=9042 {% endif %} -isMultiDCEnabled={{is_multidc_enabled}} +# Release-5.0.0 +isMultiDCEnabled={{cassandra_isMultiDCEnabled}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env index a4ed8456d6..c83cc61a7d 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env @@ -1,14 +1,13 @@ {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_host={{groups['cassandra']|join(',')}} sunbird_cassandra_port=9042,9042,9042 -sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% else %} sunbird_cassandra_host={{sunbird_cassandra_host}} sunbird_cassandra_port=9042 -sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% endif %} sunbird_cassandra_password={{sunbird_cassandra_password|d('password')}} sunbird_cassandra_username={{sunbird_cassandra_username|d('cassandra')}} +sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} LEARNER_SERVICE_PORT=http://learner-service:9000 sunbird_redis_host={{sunbird_redis_host}} sunbird_redis_port={{sunbird_redis_port|default(6379)}} @@ -41,4 +40,5 @@ notification_service_api_url=/v2/notification/send #“OFF“: To disable for all states #To allow multiple channel . please write as comma separated : e.g : tn,cg value enable_tenant_config={{enable_tenant_config| default('*')}} -isMultiDCEnabled={{is_multidc_enabled}} +# Release-5.0.0 +isMultiDCEnabled={{cassandra_isMultiDCEnabled}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index e1582fd049..f0f57bcaf8 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -39,13 +39,11 @@ sunbird_installation_email={{sunbird_installation_email}} {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_host={{groups['cassandra']|join(',')}} sunbird_cassandra_port=9042,9042,9042 -sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% else %} sunbird_cassandra_host={{sunbird_cassandra_host}} sunbird_cassandra_port=9042 -sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% endif %} - +sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} sunbird_mw_system_host=learner-service sunbird_mw_system_port=8088 background_actor_provider=local @@ -98,6 +96,7 @@ sunbird_cache_enable={{sunbird_cache_enable | default(false)}} sunbird_redis_host={{sunbird_redis_host}} sunbird_redis_port={{sunbird_redis_port|default(6379)}} kafka_urls={{kafka_urls}} +# Release-5.0.0 sunbird_user_cert_kafka_topic={{kafka_topic_lms_user_account}} # Release-2.3.0 sunbird_reset_pass_msg={{sunbird_reset_pass_msg | d('You have requested to reset password. Click on the link to set a password: {0}')}} @@ -130,7 +129,7 @@ org_index_alias={{org_index_alias | default('org_alias')}} sunbird_installation_display_name_for_sms=DIKSHA sunbird_sso_lb_ip={{keycloak_url}} +# Release-5.0.0 sunbird_cloud_service_provider={{cloud_service_provider}} - -isMultiDCEnabled={{is_multidc_enabled}} +isMultiDCEnabled={{cassandra_isMultiDCEnabled}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index e833390401..c6c8a2eee9 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -39,13 +39,11 @@ sunbird_installation_email={{sunbird_installation_email}} {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_host={{groups['cassandra']|join(',')}} sunbird_cassandra_port=9042,9042,9042 -sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% else %} sunbird_cassandra_host={{sunbird_cassandra_host}} sunbird_cassandra_port=9042 -sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% endif %} - +sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} sunbird_mw_system_host=lms-service sunbird_mw_system_port=8088 background_actor_provider=local @@ -144,6 +142,6 @@ collection_summary_agg_data_source={{ summary_agg_data_source | default('audit-r collection_summary_agg_cache_ttl={{ summary_agg_ttl | default(21600) }} enrollment_list_size={{ enrollment_list_size | default(1000) }} +# Release-5.0.0 sunbird_cloud_service_provider={{cloud_service_provider}} - -isMultiDCEnabled={{is_multidc_enabled}} \ No newline at end of file +isMultiDCEnabled={{cassandra_isMultiDCEnabled}} \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env index 58bc0c00cc..9af09d38d6 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env @@ -1,16 +1,16 @@ {% if (cassandra_cluster_size | int) > 1 %} sunbird_cassandra_host={{groups['cassandra']|join(',')}} sunbird_cassandra_port=9042,9042,9042 -sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% else %} sunbird_cassandra_host={{ groups['cassandra'][0] }} sunbird_cassandra_port=9042 -sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} {% endif %} +sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} sunbird_cassandra_notification_keyspace=sunbird_notifications sunbird_cassandra_password={{sunbird_cassandra_password|d('password')}} sunbird_cassandra_username={{sunbird_cassandra_username|d('cassandra')}} sunbird_notification_kafka_servers_config={{sunbird_processing_kafka_host}} +# Release-5.0.0 sunbird_notification_kafka_topic={{kafka_topic_lms_notification}} sunbird_notification_msg_default_sender={{sunbird_msg_sender}} sunbird_msg_91_auth={{sunbird_msg_91_auth}} @@ -35,4 +35,5 @@ LEARNER_SERVICE_PORT=http://learner-service:9000 sunbird_us_system_setting_url=/api/data/v1/system/settings/list sunbird_us_org_read_url=/v1/org/read notification_category_type_config=certificateUpdate -isMultiDCEnabled={{is_multidc_enabled}} +# Release-5.0.0 +isMultiDCEnabled={{cassandra_isMultiDCEnabled}} From 1ea46609721e96422086f611508270bd95303f95 Mon Sep 17 00:00:00 2001 From: G33tha Date: Fri, 23 Sep 2022 16:53:09 +0530 Subject: [PATCH 060/434] removed copy-to-helm-public tasks from mount-keys role (#3549) Co-authored-by: G33tha --- ansible/roles/stack-sunbird/defaults/main.yml | 2 +- .../ansible/roles/helm-deploy/defaults/main.yml | 2 +- .../ansible/roles/helm-deploy/tasks/main.yml | 2 +- .../roles/mount-keys/tasks/copy-to-helm-public.yml | 14 -------------- 4 files changed, 3 insertions(+), 17 deletions(-) delete mode 100644 kubernetes/ansible/roles/mount-keys/tasks/copy-to-helm-public.yml diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index 12d98086b3..3b5946e333 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -982,7 +982,7 @@ adminutil_access_values: role_to_run: - decrypt.yml - generate-keys.yml - - copy-to-helm-public.yml + - copy-to-helm.yml # analytics-service related vars cassandra: diff --git a/kubernetes/ansible/roles/helm-deploy/defaults/main.yml b/kubernetes/ansible/roles/helm-deploy/defaults/main.yml index 0dcb0e8d3a..ed2c7f5aca 100644 --- a/kubernetes/ansible/roles/helm-deploy/defaults/main.yml +++ b/kubernetes/ansible/roles/helm-deploy/defaults/main.yml @@ -238,7 +238,7 @@ adminutil_access_values: role_to_run: - decrypt.yml - generate-keys.yml - - copy-to-helm-public.yml + - copy-to-helm.yml opa_policies_path: ../../../opa # Cannot remove common.rego from common_opa_policy_files yet diff --git a/kubernetes/ansible/roles/helm-deploy/tasks/main.yml b/kubernetes/ansible/roles/helm-deploy/tasks/main.yml index a0dba8e709..bd40bcfb82 100644 --- a/kubernetes/ansible/roles/helm-deploy/tasks/main.yml +++ b/kubernetes/ansible/roles/helm-deploy/tasks/main.yml @@ -31,7 +31,7 @@ private_key_prefix: "{{ outer_item.0.values_to_pass.keyprefix }}" private_key_sign_start: "{{ outer_item.0.values_to_pass.keystart }}" private_key_sign_end: "{{ outer_item.0.values_to_pass.keycount if outer_item.0.values_to_pass.keycount > '0' else '1' }}" - when: release_name == "adminutils" or release_name == "gotenberg" + when: release_name == "adminutils" with_subelements: - "{{adminutil_keys_values}}" - role_to_run diff --git a/kubernetes/ansible/roles/mount-keys/tasks/copy-to-helm-public.yml b/kubernetes/ansible/roles/mount-keys/tasks/copy-to-helm-public.yml deleted file mode 100644 index 4320bccfd3..0000000000 --- a/kubernetes/ansible/roles/mount-keys/tasks/copy-to-helm-public.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Create the keys directory in case user is overriding the private_key_path - file: - path: "{{chart_path}}/keys" - state: directory - mode: 0755 - -- name: Copy keys directory to chart path - vars: - private_key_path: "{{private_key_path | regex_replace('^\\/|\\/$', '')}}" - copy: "src={{inventory_dir}}{{private_key_path}}{{private_key_prefix}}{{item}} dest={{chart_path}}/keys/" - with_sequence: start={{private_key_sign_start}} end={{private_key_sign_start|int + private_key_sign_end|int - 1}} stride={{private_key_sign_incr}} - when: (private_key_sign_start|int + private_key_sign_end|int - 1) > 0 - From 730798ca832c07ec937221b3d6fbbcdb502d65e0 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Thu, 8 Sep 2022 17:33:41 +0530 Subject: [PATCH 061/434] fix: install specific azure-cli version --- ansible/bootstrap.yml | 1 - ansible/roles/azure-cli/tasks/main.yml | 28 ++++++++++++++++++++------ 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml index 429d8b7127..aba26fbbd4 100644 --- a/ansible/bootstrap.yml +++ b/ansible/bootstrap.yml @@ -22,7 +22,6 @@ - all - hosts: "{{hosts}}" - gather_facts: no become: yes ignore_unreachable: yes vars_files: diff --git a/ansible/roles/azure-cli/tasks/main.yml b/ansible/roles/azure-cli/tasks/main.yml index 484bf1f4fb..0a1148f2c4 100644 --- a/ansible/roles/azure-cli/tasks/main.yml +++ b/ansible/roles/azure-cli/tasks/main.yml @@ -1,9 +1,25 @@ -- name: install azure cli - become: yes - shell: - which az || curl -sL https://aka.ms/InstallAzureCLIDeb | bash -- name: install azcopy - become: yes +--- +- name: Add Microsfot signing key + ansible.builtin.apt_key: + url: https://packages.microsoft.com/keys/microsoft.asc + state: present + +- name: Add Microsfot repository into sources list + ansible.builtin.apt_repository: + repo: "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ {{ ansible_distribution_release | lower }} main" + state: present + +- name: Install azue cli and dependent packages + ansible.builtin.apt: + pkg: + - ca-certificates + - curl + - apt-transport-https + - lsb-release + - gnupg + - "azure-cli=2.33.1-1~{{ ansible_distribution_release | lower }}" + +- name: Install azcopy shell: | which azcopy || ( \ mkdir /tmp/azcopy && cd /tmp/azcopy && \ From 4773ffc261b91899047190011228404f336a72e2 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Fri, 9 Sep 2022 23:58:59 +0530 Subject: [PATCH 062/434] feat: updated plays to use azure role taks based on cloud provider Signed-off-by: Keshav Prasad --- ansible/artifacts-download.yml | 17 +++- ansible/artifacts-upload.yml | 18 +++- ansible/assets-upload.yml | 28 +++++- ansible/cert-file-upload.yml | 10 -- ansible/deploy-plugins.yml | 99 +++++++++++-------- ansible/desktop-faq-upload.yml | 93 ++++++++--------- ansible/dial_upload-schema.yml | 21 ++-- ansible/grafana-backup.yml | 3 - ansible/jenkins-backup.yml | 4 - ansible/kp_upload-schema.yml | 20 ++-- ansible/mongodb-backup.yml | 3 - ansible/nodebbui-upload.yml | 34 ++++--- ansible/plugin.yml | 22 ----- ansible/plugins.yml | 28 ++++++ ansible/prometheus-backup.yml | 8 -- ansible/prometheus-restore.yml | 9 -- ansible/redis-backup.yml | 3 - .../artifacts-download-azure/tasks/main.yml | 8 -- .../artifacts-upload-azure/tasks/main.yml | 8 -- .../assets-upload-azure/defaults/main.yml | 5 - .../roles/assets-upload-azure/tasks/main.yml | 25 ----- ansible/roles/azure-cli/tasks/main.yml | 6 +- .../azure-cloud-storage/defaults/main.yml | 67 +++++++++++++ .../tasks/blob-delete-batch.yml | 5 + .../tasks/blob-download.yml | 5 + .../tasks/blob-upload-batch.yml | 10 ++ .../azure-cloud-storage/tasks/blob-upload.yml | 10 ++ .../tasks/container-create.yml | 8 ++ .../tasks/delete-using-azcopy.yml | 7 ++ .../roles/azure-cloud-storage/tasks/main.yml | 21 ++++ .../tasks/upload-using-azcopy.yml | 12 +++ .../blob-batch-delete-azure/tasks/main.yml | 8 -- ansible/roles/cassandra-backup/meta/main.yml | 2 - ansible/roles/cassandra-backup/tasks/main.yml | 34 +++---- ansible/roles/cassandra-restore/meta/main.yml | 2 - .../roles/cassandra-restore/tasks/main.yml | 45 ++++----- .../roles/cert-file-upload/defaults/main.yml | 2 - ansible/roles/cert-file-upload/tasks/main.yml | 7 -- ansible/roles/cert-templates/tasks/main.yml | 27 +++-- ansible/roles/desktop-deploy/tasks/main.yml | 48 ++++----- .../roles/es-azure-snapshot/defaults/main.yml | 2 +- .../roles/es-azure-snapshot/tasks/main.yml | 14 ++- ansible/roles/grafana-backup/meta/main.yml | 2 - ansible/roles/grafana-backup/tasks/main.yml | 20 ++-- .../jenkins-backup-upload/tasks/main.yml | 20 ++-- ansible/roles/mongodb-backup/meta/main.yml | 2 - ansible/roles/mongodb-backup/tasks/main.yml | 16 ++- .../roles/offline-installer/tasks/main.yml | 2 +- ...ploadToAzure.yml => upload_to_storage.yml} | 51 +++++----- .../meta/main.yml | 2 - .../tasks/main.yml | 27 +++-- .../tasks/main.yml | 17 ++-- ansible/roles/postgresql-backup/meta/main.yml | 2 - .../roles/postgresql-backup/tasks/main.yml | 28 +++--- .../roles/postgresql-restore/meta/main.yml | 2 - .../roles/postgresql-restore/tasks/main.yml | 18 ++-- .../roles/prometheus-backup-v2/tasks/main.yml | 15 ++- ansible/roles/prometheus-backup/meta/main.yml | 2 - .../roles/prometheus-backup/tasks/main.yml | 26 +++-- .../roles/prometheus-restore/tasks/main.yml | 22 +++-- ansible/roles/redis-backup/meta/main.yml | 2 - ansible/roles/redis-backup/tasks/main.yml | 20 ++-- ansible/roles/upload-batch/tasks/main.yml | 8 -- ansible/uploadFAQs.yml | 61 +++++------- pipelines/certs-templates/Jenkinsfile.upload | 61 ------------ .../org_sunbird_questionunit_quml/Jenkinsfile | 4 +- .../ansible/inventory/dev/Core/common.yml | 15 ++- .../ansible/inventory/dev/Core/secrets.yml | 14 ++- 68 files changed, 662 insertions(+), 605 deletions(-) delete mode 100644 ansible/cert-file-upload.yml delete mode 100644 ansible/plugin.yml create mode 100644 ansible/plugins.yml delete mode 100644 ansible/roles/artifacts-download-azure/tasks/main.yml delete mode 100644 ansible/roles/artifacts-upload-azure/tasks/main.yml delete mode 100644 ansible/roles/assets-upload-azure/defaults/main.yml delete mode 100755 ansible/roles/assets-upload-azure/tasks/main.yml create mode 100644 ansible/roles/azure-cloud-storage/defaults/main.yml create mode 100644 ansible/roles/azure-cloud-storage/tasks/blob-delete-batch.yml create mode 100644 ansible/roles/azure-cloud-storage/tasks/blob-download.yml create mode 100644 ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml create mode 100644 ansible/roles/azure-cloud-storage/tasks/blob-upload.yml create mode 100644 ansible/roles/azure-cloud-storage/tasks/container-create.yml create mode 100644 ansible/roles/azure-cloud-storage/tasks/delete-using-azcopy.yml create mode 100644 ansible/roles/azure-cloud-storage/tasks/main.yml create mode 100644 ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml delete mode 100755 ansible/roles/blob-batch-delete-azure/tasks/main.yml delete mode 100644 ansible/roles/cassandra-backup/meta/main.yml delete mode 100644 ansible/roles/cassandra-restore/meta/main.yml delete mode 100644 ansible/roles/cert-file-upload/defaults/main.yml delete mode 100644 ansible/roles/cert-file-upload/tasks/main.yml delete mode 100644 ansible/roles/grafana-backup/meta/main.yml delete mode 100644 ansible/roles/mongodb-backup/meta/main.yml rename ansible/roles/offline-installer/tasks/{uploadToAzure.yml => upload_to_storage.yml} (67%) delete mode 100644 ansible/roles/postgres-azure-managed-service-backup/meta/main.yml delete mode 100644 ansible/roles/postgresql-backup/meta/main.yml delete mode 100644 ansible/roles/postgresql-restore/meta/main.yml delete mode 100644 ansible/roles/prometheus-backup/meta/main.yml delete mode 100644 ansible/roles/redis-backup/meta/main.yml delete mode 100644 ansible/roles/upload-batch/tasks/main.yml delete mode 100644 pipelines/certs-templates/Jenkinsfile.upload diff --git a/ansible/artifacts-download.yml b/ansible/artifacts-download.yml index feb78219b8..2872fa1013 100644 --- a/ansible/artifacts-download.yml +++ b/ansible/artifacts-download.yml @@ -3,8 +3,15 @@ become: yes vars_files: - "{{inventory_dir}}/secrets.yml" - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_artifact_storage_account_name }}" - AZURE_STORAGE_SAS_TOKEN: "{{ sunbird_artifact_storage_account_sas }}" - roles: - - artifacts-download-azure + tasks: + - name: download artifact from azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-download.yml + vars: + blob_container_name: "{{ artifacts_container }}" + blob_file_name: "{{ artifact }}" + local_file_or_folder_path: "{{ artifact_path }}" + storage_account_name: "{{ azure_artifact_storage_account_name }}" + storage_account_key: "{{ azure_artifact_storage_account_key }}" + when: cloud_service_provider == "azure" \ No newline at end of file diff --git a/ansible/artifacts-upload.yml b/ansible/artifacts-upload.yml index 772ec2cca4..642a9aa111 100644 --- a/ansible/artifacts-upload.yml +++ b/ansible/artifacts-upload.yml @@ -3,8 +3,16 @@ become: yes vars_files: - "{{inventory_dir}}/secrets.yml" - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_artifact_storage_account_name }}" - AZURE_STORAGE_SAS_TOKEN: "{{ sunbird_artifact_storage_account_sas }}" - roles: - - artifacts-upload-azure + tasks: + - name: upload artifact to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload.yml + vars: + blob_container_name: "{{ artifacts_container }}" + container_public_access: "off" + blob_file_name: "{{ artifact }}" + local_file_or_folder_path: "{{ artifact_path }}" + storage_account_name: "{{ azure_artifact_storage_account_name }}" + storage_account_key: "{{ azure_artifact_storage_account_key }}" + when: cloud_service_provider == "azure" \ No newline at end of file diff --git a/ansible/assets-upload.yml b/ansible/assets-upload.yml index b356cf9362..8bc0ac9123 100644 --- a/ansible/assets-upload.yml +++ b/ansible/assets-upload.yml @@ -1,8 +1,28 @@ --- - hosts: localhost - vars: - ansible_connection: local vars_files: - ['{{inventory_dir}}/secrets.yml', 'secrets/{{env}}.yml'] - roles: - - assets-upload-azure + tasks: + - name: set common azure variables + set_fact: + blob_container_name: "{{ player_cdn_container }}" + container_public_access: "container" + blob_container_folder_path: "" + storage_account_name: "{{ azure_public_storage_account_name }}" + storage_account_key: "{{ azure_public_storage_account_key }}" + storage_account_sas_token: "{{ azure_public_storage_account_sas }}" + when: cloud_service_provider == "azure" + + - name: delete files and folders from azure storage using azcopy + include_role: + name: azure-cloud-storage + tasks_from: delete-using-azcopy.yml + when: cloud_service_provider == "azure" + + - name: upload batch of files to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload-batch.yml + vars: + local_file_or_folder_path: "{{ assets }}" + when: cloud_service_provider == "azure" diff --git a/ansible/cert-file-upload.yml b/ansible/cert-file-upload.yml deleted file mode 100644 index e29a7b6c2b..0000000000 --- a/ansible/cert-file-upload.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- hosts: localhost - become: yes - vars_files: - - "{{inventory_dir}}/secrets.yml" - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_public_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_public_storage_account_key }}" - roles: - - cert-file-upload diff --git a/ansible/deploy-plugins.yml b/ansible/deploy-plugins.yml index cd2b5b512b..7c4958a5f5 100644 --- a/ansible/deploy-plugins.yml +++ b/ansible/deploy-plugins.yml @@ -3,9 +3,6 @@ gather_facts: no vars_files: - "{{inventory_dir}}/secrets.yml" - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_public_storage_account_name }}" - AZURE_STORAGE_SAS_TOKEN: "{{ sunbird_public_storage_account_sas }}" tasks: - name: rename env_domain in preview_cdn.html for CDN shell: | @@ -15,40 +12,62 @@ tags: - preview - - name: delete batch - shell: | - azcopy rm "https://{{ sunbird_public_storage_account_name }}.blob.core.windows.net/{{ plugin_container_name }}/{{ folder_name }}{{sunbird_public_storage_account_sas}}" --recursive=true - async: 3600 - poll: 10 - tags: - - content-editor - - collection-editor - - generic-editor - - preview - - - name: upload batch - command: "az storage blob upload-batch --destination {{ plugin_container_name }}/{{ folder_name }} --source {{ source_name }}" - async: 3600 - poll: 10 - tags: - - content-editor - - collection-editor - - generic-editor - - preview - - editor - - core-plugins - - - - name: upload file - command: "az storage blob upload --container-name {{ plugin_container_name }} --file {{ source_file_name }} --name artefacts/content-player/content-player-{{ player_version_number }}.zip" - async: 3600 - poll: 10 - tags: - - preview - - - name: run az_copy.sh - shell: "bash {{ az_file_path }} {{ plugin_container_name }} {{ source_file }}" - async: 3600 - poll: 10 - tags: - - plugins + - name: this block consists of tasks related to azure storage + block: + - name: set common azure variables + set_fact: + blob_container_name: "{{ plugin_container_name }}" + container_public_access: "container" + blob_container_folder_path: "/{{ folder_name }}" + storage_account_name: "{{ azure_public_storage_account_name }}" + storage_account_key: "{{ azure_public_storage_account_key }}" + storage_account_sas_token: "{{ azure_public_storage_account_sas }}" + + - block: + - name: delete files and folders from azure storage using azcopy + include_role: + name: azure-cloud-storage + tasks_from: delete-using-azcopy.yml + tags: + - content-editor + - collection-editor + - generic-editor + - preview + + - block: + - name: upload batch of files to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload-batch.yml + vars: + local_file_or_folder_path: "{{ source_name }}" + tags: + - content-editor + - collection-editor + - generic-editor + - preview + - editor + - core-plugins + + - block: + - name: upload file to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload-batch.yml + vars: + blob_file_name: "artefacts/content-player/content-player-{{ player_version_number }}.zip" + local_file_or_folder_path: "{{ source_file_name }}" + tags: + - preview + + - block: + - name: run the az_copy.sh script + shell: "bash {{ az_file_path }} {{ plugin_container_name }} {{ source_file }}" + async: 3600 + poll: 10 + environment: + AZURE_STORAGE_ACCOUNT: "{{ azure_public_storage_account_name }}" + AZURE_STORAGE_SAS_TOKEN: "{{ azure_public_storage_account_sas }}" + tags: + - plugins + when: cloud_service_provider == "azure" diff --git a/ansible/desktop-faq-upload.yml b/ansible/desktop-faq-upload.yml index 9dbeddd1c0..7c7e992039 100644 --- a/ansible/desktop-faq-upload.yml +++ b/ansible/desktop-faq-upload.yml @@ -1,49 +1,50 @@ - hosts: localhost - become: yes vars_files: - "{{inventory_dir}}/secrets.yml" - vars: - artifacts_container: "{{desktop_container}}" - artifact: "{{destination_path}}" - artifact_path: "{{playbook_dir}}/../{{src_file_path}}" - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_public_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_public_storage_account_key }}" - roles: - - artifacts-upload-azure - tags: - - upload-desktop-faq - - -- hosts: localhost - become: yes - vars_files: - - "{{inventory_dir}}/secrets.yml" - vars: - artifacts_container: "{{desktop_container}}" - artifact: "{{destination_path}}" - artifact_path: "{{playbook_dir}}/../{{src_file_path}}" - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_private_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_private_storage_account_key }}" - roles: - - artifacts-upload-azure - tags: - - upload-label - -- hosts: localhost - become: yes - vars_files: - - "{{inventory_dir}}/secrets.yml" - vars: - source_path: "{{playbook_dir}}/../{{src_file_path}}" - destination_path: "{{destination_path}}" - container_name: "{{desktop_container}}" - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_public_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_public_storage_account_key }}" - roles: - - upload-batch - tags: - - upload-chatbot-config - - upload-batch + tasks: + - name: this block consists of tasks related to azure storage + block: + - name: set common azure variables + set_fact: + blob_container_name: "{{ desktop_container }}" + blob_file_name: "{{ destination_path }}" + blob_container_folder_path: "/{{ destination_path }}" + local_file_or_folder_path: "{{ playbook_dir }}/../{{ src_file_path }}" + + - block: + - name: upload file to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload.yml + vars: + container_public_access: "container" + storage_account_name: "{{ azure_public_storage_account_name }}" + storage_account_key: "{{ azure_public_storage_account_key }}" + tags: + - upload-desktop-faq + + - block: + - name: upload file to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload.yml + vars: + container_public_access: "off" + storage_account_name: "{{ azure_private_storage_account_name }}" + storage_account_key: "{{ azure_private_storage_account_key }}" + tags: + - upload-label + + - block: + - name: upload batch of files to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload-batch.yml + vars: + container_public_access: "container" + storage_account_name: "{{ azure_public_storage_account_name }}" + storage_account_key: "{{ azure_public_storage_account_key }}" + tags: + - upload-chatbot-config + - upload-batch + when: cloud_service_provider == "azure" \ No newline at end of file diff --git a/ansible/dial_upload-schema.yml b/ansible/dial_upload-schema.yml index 1f510c2c92..54b0672ed9 100644 --- a/ansible/dial_upload-schema.yml +++ b/ansible/dial_upload-schema.yml @@ -1,11 +1,7 @@ - hosts: local - become: yes gather_facts: no vars_files: - "{{inventory_dir}}/secrets.yml" - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_public_storage_account_name }}" - AZURE_STORAGE_SAS_TOKEN: "{{ sunbird_public_storage_account_sas }}" tasks: - name: Create directories file: @@ -22,9 +18,16 @@ dest: dial_schema_template_files/{{ item.path }} with_filetree: "{{ source_name }}" when: item.state == 'file' - - - name: upload batch - command: "az storage blob upload-batch --destination {{ dial_plugin_container_name }}/schemas/local --source dial_schema_template_files" - async: 3600 - poll: 10 + - name: upload batch of files to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload-batch.yml + vars: + blob_container_name: "{{ dial_plugin_container_name }}" + container_public_access: "blob" + blob_container_folder_path: "/schemas/local" + local_file_or_folder_path: "dial_schema_template_files" + storage_account_name: "{{ azure_public_storage_account_name }}" + storage_account_key: "{{ azure_public_storage_account_key }}" + when: cloud_service_provider == "azure" \ No newline at end of file diff --git a/ansible/grafana-backup.yml b/ansible/grafana-backup.yml index 9770875812..e5ee720b59 100644 --- a/ansible/grafana-backup.yml +++ b/ansible/grafana-backup.yml @@ -2,8 +2,5 @@ become: yes vars_files: - "{{inventory_dir}}/secrets.yml" - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_management_storage_account_name }}" roles: - grafana-backup diff --git a/ansible/jenkins-backup.yml b/ansible/jenkins-backup.yml index 4506a6bf62..acc4172c73 100644 --- a/ansible/jenkins-backup.yml +++ b/ansible/jenkins-backup.yml @@ -3,9 +3,5 @@ hosts: jenkins-master vars_files: - "{{inventory_dir}}/secrets.yml" - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_management_storage_account_key }}" - roles: - jenkins-backup-upload diff --git a/ansible/kp_upload-schema.yml b/ansible/kp_upload-schema.yml index 0ca52f5f02..843abfbd19 100644 --- a/ansible/kp_upload-schema.yml +++ b/ansible/kp_upload-schema.yml @@ -1,13 +1,17 @@ - hosts: local - become: yes gather_facts: no vars_files: - "{{inventory_dir}}/secrets.yml" - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_public_storage_account_name }}" - AZURE_STORAGE_SAS_TOKEN: "{{ sunbird_public_storage_account_sas }}" tasks: - - name: upload batch - command: "az storage blob upload-batch --destination {{ plugin_container_name }}/schemas/local --source {{ source_name }}" - async: 3600 - poll: 10 \ No newline at end of file + - name: upload batch of files to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload-batch.yml + vars: + blob_container_name: "{{ plugin_container_name }}" + container_public_access: "container" + blob_container_folder_path: "/schemas/local" + local_file_or_folder_path: "{{ source_name }}" + storage_account_name: "{{ azure_public_storage_account_name }}" + storage_account_key: "{{ azure_public_storage_account_key }}" + when: cloud_service_provider == "azure" \ No newline at end of file diff --git a/ansible/mongodb-backup.yml b/ansible/mongodb-backup.yml index 95ff1e7d61..2ab4091fc4 100644 --- a/ansible/mongodb-backup.yml +++ b/ansible/mongodb-backup.yml @@ -2,8 +2,5 @@ become: yes vars_files: - ['{{inventory_dir}}/secrets.yml'] - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_management_storage_account_key }}" roles: - mongodb-backup diff --git a/ansible/nodebbui-upload.yml b/ansible/nodebbui-upload.yml index 92b484a580..48f59dd327 100644 --- a/ansible/nodebbui-upload.yml +++ b/ansible/nodebbui-upload.yml @@ -3,17 +3,27 @@ gather_facts: no vars_files: - "{{inventory_dir}}/secrets.yml" - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_public_storage_account_name }}" - AZURE_STORAGE_SAS_TOKEN: "{{ sunbird_public_storage_account_sas }}" tasks: - - name: delete batch - shell: | - azcopy rm "https://{{ sunbird_public_storage_account_name }}.blob.core.windows.net/{{ nodebbui_container_name }}{{sunbird_public_storage_account_sas}}" --recursive=true - async: 3600 - poll: 10 + - name: delete files and folders from azure storage using azcopy + include_role: + name: azure-cloud-storage + tasks_from: delete-using-azcopy.yml + vars: + blob_container_name: "{{ nodebbui_container_name }}" + blob_container_folder_path: "" + storage_account_name: "{{ azure_public_storage_account_name }}" + storage_account_sas_token: "{{ azure_public_storage_account_sas }}" + when: cloud_service_provider == "azure" - - name: upload batch - command: "az storage blob upload-batch --destination {{ nodebbui_container_name }} --source {{ source_name }}" - async: 3600 - poll: 10 + - name: upload batch of files to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload-batch.yml + vars: + blob_container_name: "{{ nodebbui_container_name }}" + container_public_access: "container" + blob_container_folder_path: "" + local_file_or_folder_path: "{{ source_name }}" + storage_account_name: "{{ azure_public_storage_account_name }}" + storage_account_key: "{{ azure_public_storage_account_key }}" + when: cloud_service_provider == "azure" \ No newline at end of file diff --git a/ansible/plugin.yml b/ansible/plugin.yml deleted file mode 100644 index ac8f93b5cf..0000000000 --- a/ansible/plugin.yml +++ /dev/null @@ -1,22 +0,0 @@ -- hosts: local - become: yes - gather_facts: no - vars_files: - - "{{inventory_dir}}/secrets.yml" - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_public_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_public_storage_account_key }}" - tasks: - - name: delte plugin org_sunbird_questionunit_quml - command: "az storage blob delete-batch --source {{ plugin_container_name }} --pattern content-plugins/{{ plugins_name }}" - async: 3600 - poll: 10 - tags: - - org_sunbird_questionunit_quml - - - name: upload plugin org_sunbird_questionunit_quml - command: "az storage blob upload-batch --destination {{ plugin_container_name }}/content-plugins/{{ plugins_name }} --source {{ source_file }}" - async: 3600 - poll: 10 - tags: - - org_sunbird_questionunit_quml diff --git a/ansible/plugins.yml b/ansible/plugins.yml new file mode 100644 index 0000000000..0245f1801a --- /dev/null +++ b/ansible/plugins.yml @@ -0,0 +1,28 @@ +--- +- hosts: local + gather_facts: false + vars_files: + - "{{inventory_dir}}/secrets.yml" + tasks: + - name: this block consists of tasks related to azure storage + block: + - name: set common azure variables + set_fact: + blob_container_name: "{{ plugin_container_name }}" + container_public_access: "container" + blob_delete_pattern: "content-plugins/{{ plugins_name }}" + blob_container_folder_path: "/content-plugins/{{ plugins_name }}" + local_file_or_folder_path: "{{ source_file }}" + storage_account_name: "{{ azure_public_storage_account_name }}" + storage_account_key: "{{ azure_public_storage_account_key }}" + + - name: delete batch of files from azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-delete-batch.yml + + - name: upload batch of files to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload-batch.yml + when: cloud_service_provider == "azure" diff --git a/ansible/prometheus-backup.yml b/ansible/prometheus-backup.yml index d31adbd125..65a87b3061 100644 --- a/ansible/prometheus-backup.yml +++ b/ansible/prometheus-backup.yml @@ -6,9 +6,6 @@ prometheus_url: "http://localhost:9090/prometheus" vars_files: - ['{{ inventory_dir }}/secrets.yml'] - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_management_storage_account_key }}" roles: - prometheus-backup-v2 tags: @@ -23,8 +20,6 @@ vars_files: - ['{{inventory_dir}}/secrets.yml'] environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_management_storage_account_key }}" roles: - prometheus-backup-v2 tags: @@ -39,9 +34,6 @@ prometheus_url: "http://localhost:19090/prometheus" vars_files: - ['{{inventory_dir}}/secrets.yml'] - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_management_storage_account_key }}" roles: - prometheus-backup-v2 tags: diff --git a/ansible/prometheus-restore.yml b/ansible/prometheus-restore.yml index 5d4bba9731..1ddf6971d5 100644 --- a/ansible/prometheus-restore.yml +++ b/ansible/prometheus-restore.yml @@ -6,9 +6,6 @@ prometheus_service_name: "monitor_prometheus" vars_files: - ['{{ inventory_dir }}/secrets.yml'] - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_management_storage_account_key }}" roles: - prometheus-restore tags: @@ -22,9 +19,6 @@ prometheus_service_name: "prometheus_fed_prometheus" vars_files: - ['{{ inventory_dir }}/secrets.yml'] - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_management_storage_account_key }}" roles: - prometheus-restore tags: @@ -38,9 +32,6 @@ prometheus_service_name: "monitor_stateful_prometheus" vars_files: - ['{{ inventory_dir }}/secrets.yml'] - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_management_storage_account_key }}" roles: - prometheus-restore tags: diff --git a/ansible/redis-backup.yml b/ansible/redis-backup.yml index af7b1564ed..72ab28e584 100644 --- a/ansible/redis-backup.yml +++ b/ansible/redis-backup.yml @@ -3,9 +3,6 @@ gather_facts: false vars_files: - ['{{inventory_dir}}/secrets.yml'] - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_management_storage_account_key }}" roles: - redis-backup run_once: true diff --git a/ansible/roles/artifacts-download-azure/tasks/main.yml b/ansible/roles/artifacts-download-azure/tasks/main.yml deleted file mode 100644 index db79bc213f..0000000000 --- a/ansible/roles/artifacts-download-azure/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Ensure azure blob storage container exists - command: az storage container exists --name {{ artifacts_container }} - -- name: Download from azure blob storage - command: az storage blob download -c {{ artifacts_container }} --name {{ artifact }} -f {{ artifact_path }} - async: 3600 - poll: 10 diff --git a/ansible/roles/artifacts-upload-azure/tasks/main.yml b/ansible/roles/artifacts-upload-azure/tasks/main.yml deleted file mode 100644 index 785dc1a455..0000000000 --- a/ansible/roles/artifacts-upload-azure/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Ensure azure blob storage container exists - command: az storage container create --name {{ artifacts_container }} - -- name: Upload to azure blob storage - command: az storage blob upload -c {{ artifacts_container }} --name {{ artifact }} -f {{ artifact_path }} - async: 3600 - poll: 10 diff --git a/ansible/roles/assets-upload-azure/defaults/main.yml b/ansible/roles/assets-upload-azure/defaults/main.yml deleted file mode 100644 index 13cc322514..0000000000 --- a/ansible/roles/assets-upload-azure/defaults/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -delete: True -player_cdn_container: -player_cdn_account: -player_cdn_account_key: -assets: diff --git a/ansible/roles/assets-upload-azure/tasks/main.yml b/ansible/roles/assets-upload-azure/tasks/main.yml deleted file mode 100755 index 520641f5e3..0000000000 --- a/ansible/roles/assets-upload-azure/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: Deleting container before Uploding assets - command: az storage blob delete-batch -s {{player_cdn_container}} - environment: - AZURE_STORAGE_ACCOUNT: "{{sunbird_public_storage_account_name}}" - AZURE_STORAGE_SAS_TOKEN: "{{sunbird_public_storage_account_sas}}" - async: 3600 - poll: 10 - -- name: Ensure azure blob storage container exists - command: az storage container create --name {{player_cdn_container}} - ignore_errors: true - environment: - AZURE_STORAGE_ACCOUNT: "{{sunbird_public_storage_account_name}}" - AZURE_STORAGE_SAS_TOKEN: "{{sunbird_public_storage_account_sas}}" - - -# Upload the assets created by the job to azure -- name: Upload to azure blob storage - command: az storage blob upload-batch -d {{player_cdn_container}} -s {{assets}} - environment: - AZURE_STORAGE_ACCOUNT: "{{sunbird_public_storage_account_name}}" - AZURE_STORAGE_SAS_TOKEN: "{{sunbird_public_storage_account_sas}}" - async: 3600 - poll: 10 diff --git a/ansible/roles/azure-cli/tasks/main.yml b/ansible/roles/azure-cli/tasks/main.yml index 0a1148f2c4..0374f6a0ec 100644 --- a/ansible/roles/azure-cli/tasks/main.yml +++ b/ansible/roles/azure-cli/tasks/main.yml @@ -1,16 +1,16 @@ --- - name: Add Microsfot signing key - ansible.builtin.apt_key: + apt_key: url: https://packages.microsoft.com/keys/microsoft.asc state: present - name: Add Microsfot repository into sources list - ansible.builtin.apt_repository: + apt_repository: repo: "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ {{ ansible_distribution_release | lower }} main" state: present - name: Install azue cli and dependent packages - ansible.builtin.apt: + apt: pkg: - ca-certificates - curl diff --git a/ansible/roles/azure-cloud-storage/defaults/main.yml b/ansible/roles/azure-cloud-storage/defaults/main.yml new file mode 100644 index 0000000000..0e4e45bf95 --- /dev/null +++ b/ansible/roles/azure-cloud-storage/defaults/main.yml @@ -0,0 +1,67 @@ +# The name of the blob container in the azure storage account +# Example - +# blob_container_name: "my-container" +blob_container_name: "" + +# The delete pattern to delete files and folder +# Example - +# blob_delete_pattern: "my-drectory/*" +# blob_delete_pattern: "my-drectory/another-directory/*" +# blob_delete_pattern: "*" +blob_delete_pattern: "" + +# The storage account name +# Example - +# storage_account_name: "sunbird-dev-public" +storage_account_name: "" + +# The storage account key +# Example - +# storage_account_name: "cmFuZG9tcmFuZG9tcmFuZG9tcmFuZG9tCg==" +storage_account_key: "" + +# The path to local file which has to be uploaded to azure storage +# The local path to store the file after downloading from azure storage +# Example - +# local_file_or_folder_path: "/workspace/my-folder/myfile.json" +# local_file_or_folder_path: "/workspace/my-folder" +local_file_or_folder_path: "" + +# The name of the file in azure storage after uploading from local +# The name of the file in azure storage that has to be downloaded +# Example - +# blob_file_name: "myfile-blob.json" +# You can also pass folder path in order to upload / download the file from a speciic folder +# blob_file_name "my-folder/my-file.json" +blob_file_name: "" + +# The storage account sas token +# Example - +# storage_account_sas_token: "?sv=2022-01-01&ss=abc&srt=rws%3D" +storage_account_sas_token: "" + +# The folder path in azure storage to upload the files starting from the root of the container +# This path should alwasy start with a slash / as we are going to append this value as shown in below example +# Example - +# blob_container_name: "my-container" +# blob_container_folder_path: "/my-folder-path" +# {{ blob_container_name }}{{ blob_container_folder_path }} +# The above translates to "my-container/my-folder-path" + +# The variable can also be empty as shown below, which means we will upload directly at the root path of the container +# Example - +# blob_container_name: "my-container" +# blob_container_folder_path: "" +# The above translates to "my-container" +blob_container_folder_path: "" + +# At what access level the container should be created +# Example - +# container_public_access: "off" +# container_public_access: "blob" +# container_public_access: "container" +# Allowed values are - off, blob, container +# This variable affects only new containers and has no affect on a container if it already exists +# If the container already exists, the access level will not be changed +# You will need to change the access level from Azure portal or using az storage container set-permission command +container_public_access: "" \ No newline at end of file diff --git a/ansible/roles/azure-cloud-storage/tasks/blob-delete-batch.yml b/ansible/roles/azure-cloud-storage/tasks/blob-delete-batch.yml new file mode 100644 index 0000000000..4e8ad68a2d --- /dev/null +++ b/ansible/roles/azure-cloud-storage/tasks/blob-delete-batch.yml @@ -0,0 +1,5 @@ +--- +- name: delete files and folders from a blob container recursively + shell: "az storage blob delete-batch --source {{ blob_container_name }} --pattern '{{ blob_delete_pattern }}' --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" + async: 3600 + poll: 10 \ No newline at end of file diff --git a/ansible/roles/azure-cloud-storage/tasks/blob-download.yml b/ansible/roles/azure-cloud-storage/tasks/blob-download.yml new file mode 100644 index 0000000000..3bbf4b607a --- /dev/null +++ b/ansible/roles/azure-cloud-storage/tasks/blob-download.yml @@ -0,0 +1,5 @@ +--- +- name: download a file from azure storage + shell: "az storage blob download --container-name {{ blob_container_name }} --file {{ local_file_or_folder_path }} --name {{ blob_file_name }} --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" + async: 3600 + poll: 10 \ No newline at end of file diff --git a/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml b/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml new file mode 100644 index 0000000000..3043da46cc --- /dev/null +++ b/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml @@ -0,0 +1,10 @@ +--- +- name: create container in azure storage if it doesn't exist + include_role: + name: azure-cloud-storage + tasks_from: container-create.yml + +- name: upload files and folders from a local directory to azure storage container + shell: "az storage blob upload-batch --destination {{ blob_container_name }}{{ blob_container_folder_path }} --source {{ local_file_or_folder_path }} --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" + async: 3600 + poll: 10 \ No newline at end of file diff --git a/ansible/roles/azure-cloud-storage/tasks/blob-upload.yml b/ansible/roles/azure-cloud-storage/tasks/blob-upload.yml new file mode 100644 index 0000000000..4b493ffb73 --- /dev/null +++ b/ansible/roles/azure-cloud-storage/tasks/blob-upload.yml @@ -0,0 +1,10 @@ +--- +- name: create container in azure storage if it doesn't exist + include_role: + name: azure-cloud-storage + tasks_from: container-create.yml + +- name: upload file to azure storage container + shell: "az storage blob upload --container-name {{ blob_container_name }} --file {{ local_file_or_folder_path }} --name {{ blob_file_name }} --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" + async: 3600 + poll: 10 \ No newline at end of file diff --git a/ansible/roles/azure-cloud-storage/tasks/container-create.yml b/ansible/roles/azure-cloud-storage/tasks/container-create.yml new file mode 100644 index 0000000000..419510cc19 --- /dev/null +++ b/ansible/roles/azure-cloud-storage/tasks/container-create.yml @@ -0,0 +1,8 @@ +--- +- name: create container in azure storage if it doesn't exist + shell: "az storage container create --name {{ blob_container_name }} --public-access {{ container_public_access }} --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" + when: storage_account_key | length > 0 + +- name: create container in azure storage if it doesn't exist + shell: "az storage container create --name {{ blob_container_name }} --public-access {{ container_public_access }} --account-name {{ storage_account_name }} --sas-token '{{ storage_account_sas_token }}'" + when: storage_account_sas_token | length > 0 \ No newline at end of file diff --git a/ansible/roles/azure-cloud-storage/tasks/delete-using-azcopy.yml b/ansible/roles/azure-cloud-storage/tasks/delete-using-azcopy.yml new file mode 100644 index 0000000000..236169e86c --- /dev/null +++ b/ansible/roles/azure-cloud-storage/tasks/delete-using-azcopy.yml @@ -0,0 +1,7 @@ +--- +- name: delete files and folders from azure storage using azcopy + shell: "azcopy rm 'https://{{ storage_account_name }}.blob.core.windows.net/{{ blob_container_name }}{{ blob_container_folder_path }}{{ storage_account_sas_token }}' --recursive" + environment: + AZCOPY_CONCURRENT_FILES: "10" + async: 10800 + poll: 10 diff --git a/ansible/roles/azure-cloud-storage/tasks/main.yml b/ansible/roles/azure-cloud-storage/tasks/main.yml new file mode 100644 index 0000000000..eb435ecfe2 --- /dev/null +++ b/ansible/roles/azure-cloud-storage/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: delete files and folders from azure storage container recursively + include: blob-delete-batch.yml + +- name: download a file from azure storage + include: blob-download.yml + +- name: upload files and folders from a local directory to azure storage container + include: blob-upload-batch.yml + +- name: upload file to azure storage container + include: blob-upload.yml + +- name: create container in azure storage if it doesn't exist + include: container-create.yml + +- name: delete files and folders from azure storage using azcopy + include: delete-using-azcopy.yml + +- name: upload files and folders to azure storage using azcopy + include: upload-using-azcopy.yml diff --git a/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml b/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml new file mode 100644 index 0000000000..99ab3c2bf8 --- /dev/null +++ b/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml @@ -0,0 +1,12 @@ +--- +- name: create container in azure storage if it doesn't exist + include_role: + name: azure-cloud-storage + tasks_from: container-create.yml + +- name: upload files and folders to azure storage using azcopy + shell: "azcopy copy {{ local_file_or_folder_path }} 'https://{{ storage_account_name }}.blob.core.windows.net/{{ blob_container_name }}{{ blob_container_folder_path }}{{ storage_account_sas_token }}' --recursive" + environment: + AZCOPY_CONCURRENT_FILES: "10" + async: 10800 + poll: 10 \ No newline at end of file diff --git a/ansible/roles/blob-batch-delete-azure/tasks/main.yml b/ansible/roles/blob-batch-delete-azure/tasks/main.yml deleted file mode 100755 index 4d84085ed5..0000000000 --- a/ansible/roles/blob-batch-delete-azure/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -# Delete the assets in container -- name: Upload to azure blob storage - command: az storage blob delete-batch -s {{container}} --pattern {{blob_pattern}} --dryrun - environment: - AZURE_STORAGE_ACCOUNT: "{{blob_account}}" - AZURE_STORAGE_KEY: "{{blob_account_key}}" - async: 60 - poll: 10 diff --git a/ansible/roles/cassandra-backup/meta/main.yml b/ansible/roles/cassandra-backup/meta/main.yml deleted file mode 100644 index 23b18a800a..0000000000 --- a/ansible/roles/cassandra-backup/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - azure-cli \ No newline at end of file diff --git a/ansible/roles/cassandra-backup/tasks/main.yml b/ansible/roles/cassandra-backup/tasks/main.yml index a6611c8ebf..d6365315d6 100755 --- a/ansible/roles/cassandra-backup/tasks/main.yml +++ b/ansible/roles/cassandra-backup/tasks/main.yml @@ -3,11 +3,11 @@ ignore_errors: true - name: Create the directory - become: yes + become: true file: path=/data/cassandra/backup state=directory recurse=yes - name: copy the backup script - become: yes + become: true template: src: ../../../../deploy/cassandra_backup.py dest: /data/cassandra/backup/cassandra_backup.py @@ -17,7 +17,7 @@ cassandra_backup_gzip_file_name: "cassandra-backup-{{ lookup('pipe', 'date +%Y%m%d') }}-{{ ansible_hostname }}-new" - name: run the backup script - become: yes + become: true shell: python3 cassandra_backup.py --snapshotname "{{ cassandra_backup_gzip_file_name }}" --snapshotdirectory "{{ cassandra_backup_gzip_file_name }}" "{{additional_arguments|d('')}}" args: chdir: /data/cassandra/backup @@ -32,21 +32,17 @@ debug: var: doc_data -- name: Ensure azure blob storage container exists - command: az storage container create --name {{ cassandra_backup_azure_container_name }} - ignore_errors: true - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_management_storage_account_key }}" - -- name: Upload to azure blob storage - command: "azcopy copy {{cassandra_backup_gzip_file_name}} 'https://{{sunbird_management_storage_account_name}}.blob.core.windows.net/{{cassandra_backup_azure_container_name}}{{sunbird_management_storage_account_sas}}' --recursive" - environment: - AZCOPY_CONCURRENT_FILES: 10 # How many files azcopy should read concurrently. - args: - chdir: /data/cassandra/backup - async: 10800 - poll: 10 - +- name: upload file to azure storage using azcopy + include_role: + name: azure-cloud-storage + tasks_from: upload-using-azcopy.yml + vars: + blob_container_name: "{{ cassandra_backup_azure_container_name }}" + container_public_access: "off" + local_file_or_folder_path: "/data/cassandra/backup/{{ cassandra_backup_gzip_file_name }}" + storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_sas_token: "{{ azure_management_storage_account_sas }}" + when: cloud_service_provider == "azure" + - name: clean up backup dir after upload file: path="{{ cassandra_backup_dir }}" state=absent diff --git a/ansible/roles/cassandra-restore/meta/main.yml b/ansible/roles/cassandra-restore/meta/main.yml deleted file mode 100644 index 23b18a800a..0000000000 --- a/ansible/roles/cassandra-restore/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - azure-cli \ No newline at end of file diff --git a/ansible/roles/cassandra-restore/tasks/main.yml b/ansible/roles/cassandra-restore/tasks/main.yml index 6dcb7d97df..80b8f86863 100755 --- a/ansible/roles/cassandra-restore/tasks/main.yml +++ b/ansible/roles/cassandra-restore/tasks/main.yml @@ -1,52 +1,53 @@ - name: Stop the cassandra - become: yes + become: true service: name=cassandra state=stopped - set_fact: cassandra_restore_gzip_file_path: "{{ cassandra_restore_dir }}/{{ cassandra_restore_gzip_file_name }}" - -- name: Download to azure blob storage - command: az storage blob download --name {{ cassandra_restore_gzip_file_name }} --file {{ cassandra_restore_gzip_file_path }} --container-name {{ cassandra_backup_azure_container_name }} - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_management_storage_account_key }}" - async: 3600 - poll: 10 - + +- name: download a file from azure storage + become: true + include_role: + name: azure-cloud-storage + tasks_from: blob-download.yml + vars: + blob_container_name: "{{ cassandra_backup_azure_container_name }}" + blob_file_name: "{{ cassandra_restore_gzip_file_name }}" + local_file_or_folder_path: "{{ cassandra_restore_gzip_file_path }}" + storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_key: "{{ azure_management_storage_account_key }}" + when: cloud_service_provider == "azure" + - name: unarchieve restore artifact - become: yes + become: true unarchive: src={{user_home}}/{{ cassandra_restore_gzip_file_name }} dest={{user_home}}/ copy=no - name: Remove the restroe artefact - become: yes + become: true file: path={{user_home}}/cassandra* state=absent - name: Remove the old data - become: yes + become: true file: path=/var/lib/cassandra/data/sunbird state=absent - name: Replace the new data - become: yes + become: true command: mv {{user_home}}/data/sunbird /var/lib/cassandra/data/ - - name: remove data - become: yes + become: true file: path: "/home/{{ ansible_ssh_user }}/data" state: absent - name: change the permissions - become: yes + become: true file: path=/var/lib/cassandra/data owner=cassandra group=cassandra recurse=yes - name: copy the backup script - become: yes + become: true template: src=nodetool.j2 dest={{user_home}}/nodetool.sh mode=0755 - - name: Start the cassandra - become: yes + become: true service: name=cassandra state=started - - diff --git a/ansible/roles/cert-file-upload/defaults/main.yml b/ansible/roles/cert-file-upload/defaults/main.yml deleted file mode 100644 index b74bef14c9..0000000000 --- a/ansible/roles/cert-file-upload/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -file_name: "certUploadedfile" -cert_template_artifacts_container_name: "e-credentials" diff --git a/ansible/roles/cert-file-upload/tasks/main.yml b/ansible/roles/cert-file-upload/tasks/main.yml deleted file mode 100644 index 9fcaf6a679..0000000000 --- a/ansible/roles/cert-file-upload/tasks/main.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: rename the file to the correct name as required in blobstore - command: "mv /tmp/certUploadedfile /tmp/{{file_name}}" - -- name: Upload to azure blob storage - command: "az storage blob upload -c {{ cert_template_artifacts_container_name }} --name {{ file_name }} -f /tmp/{{file_name}}" - async: 3600 - poll: 10 diff --git a/ansible/roles/cert-templates/tasks/main.yml b/ansible/roles/cert-templates/tasks/main.yml index b41aaef0a8..321a91f139 100644 --- a/ansible/roles/cert-templates/tasks/main.yml +++ b/ansible/roles/cert-templates/tasks/main.yml @@ -31,21 +31,18 @@ chdir: "{{cert_location}}/cert-templates/certUtilScripts/" when: createPublicKey is defined -- name: Ensure azure blob storage container exists - command: az storage container create --name {{cert_service_container_name}} --public-access off - environment: - AZURE_STORAGE_ACCOUNT: "{{sunbird_private_storage_account_name}}" - AZURE_STORAGE_KEY: "{{sunbird_private_storage_account_key}}" - -- name: Upload to azure blob storage - command: az storage blob upload-batch --destination {{cert_service_container_name}} --source "out" - args: - chdir: "{{cert_location}}/cert-templates/certUtilScripts/" - environment: - AZURE_STORAGE_ACCOUNT: "{{sunbird_private_storage_account_name}}" - AZURE_STORAGE_KEY: "{{sunbird_private_storage_account_key}}" - async: 60 - poll: 10 +- name: upload batch of files to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload-batch.yml + vars: + blob_container_name: "{{ cert_service_container_name }}" + container_public_access: "off" + blob_container_folder_path: "" + local_file_or_folder_path: "{{ cert_location }}/cert-templates/certUtilScripts/out" + storage_account_name: "{{ azure_private_storage_account_name }}" + storage_account_key: "{{ azure_private_storage_account_key }}" + when: cloud_service_provider == "azure" - name: list all the files shell: "ls -lR {{cert_location}}" diff --git a/ansible/roles/desktop-deploy/tasks/main.yml b/ansible/roles/desktop-deploy/tasks/main.yml index 0d301fbed0..963189ad4d 100644 --- a/ansible/roles/desktop-deploy/tasks/main.yml +++ b/ansible/roles/desktop-deploy/tasks/main.yml @@ -49,28 +49,28 @@ - name: run the installer script shell: "bash -x {{offline_repo_location}}/build.sh" -- name: Ensure azure blob storage container exists - command: az storage container create --name {{offline_installer_container_name}} --public-access blob - environment: - AZURE_STORAGE_ACCOUNT: "{{sunbird_public_storage_account_name}}" - AZURE_STORAGE_KEY: "{{sunbird_public_storage_account_key}}" +- name: this block consists of tasks related to azure storage + block: + - name: set common azure variables + set_fact: + blob_container_name: "{{ offline_installer_container_name }}" + container_public_access: "blob" + storage_account_name: "{{ azure_public_storage_account_name }}" + storage_account_key: "{{ azure_public_storage_account_key }}" -- name: Upload to azure blob storage - command: az storage blob upload-batch --destination {{offline_installer_container_name}} --source "desktop_uploader_assets" - args: - chdir: "{{offline_repo_location}}/" - environment: - AZURE_STORAGE_ACCOUNT: "{{sunbird_public_storage_account_name}}" - AZURE_STORAGE_KEY: "{{sunbird_public_storage_account_key}}" - async: 60 - poll: 10 - -- name: Upload to latest.json file to blob - command: az storage blob upload-batch --destination "{{offline_installer_container_name}}/latest" --source "{{offline_repo_location}}/desktop_uploader_assets/{{time}}/" - args: - chdir: "{{offline_repo_location}}/" - environment: - AZURE_STORAGE_ACCOUNT: "{{sunbird_public_storage_account_name}}" - AZURE_STORAGE_KEY: "{{sunbird_public_storage_account_key}}" - async: 60 - poll: 10 + - name: upload batch of files to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload-batch.yml + vars: + blob_container_folder_path: "" + local_file_or_folder_path: "{{ offline_repo_location }}/desktop_uploader_assets" + + - name: upload batch of files to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload-batch.yml + vars: + blob_container_folder_path: "/latest" + local_file_or_folder_path: "{{ offline_repo_location }}/desktop_uploader_assets/{{ time }}/" + when: cloud_service_provider == "azure" \ No newline at end of file diff --git a/ansible/roles/es-azure-snapshot/defaults/main.yml b/ansible/roles/es-azure-snapshot/defaults/main.yml index 99787b0f89..9072442956 100644 --- a/ansible/roles/es-azure-snapshot/defaults/main.yml +++ b/ansible/roles/es-azure-snapshot/defaults/main.yml @@ -10,4 +10,4 @@ snapshot_create_request_body: { es_snapshot_host: "localhost" snapshot_base_path: "default" -es_azure_backup_folder_name: "elasticsearch-snapshots" \ No newline at end of file +es_azure_backup_container_name: "elasticsearch-snapshots" \ No newline at end of file diff --git a/ansible/roles/es-azure-snapshot/tasks/main.yml b/ansible/roles/es-azure-snapshot/tasks/main.yml index d2880013d5..2b7f23e576 100644 --- a/ansible/roles/es-azure-snapshot/tasks/main.yml +++ b/ansible/roles/es-azure-snapshot/tasks/main.yml @@ -4,11 +4,15 @@ - set_fact: snapshot_number="snapshot_{{ lookup('pipe','date +%s') }}" -- name: Ensure backup folder exists in azure blob - shell: "az storage container create --name {{ es_azure_backup_folder_name }}" - environment: - AZURE_STORAGE_ACCOUNT: "{{ azure_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ azure_management_storage_account_key }}" +- name: create container in azure storage if it doesn't exist + include_role: + name: azure-cloud-storage + tasks_from: container-create.yml + vars: + blob_container_name: "{{ es_azure_backup_container_name }}" + container_public_access: "off" + storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_key: "{{ azure_management_storage_account_key }}" - name: Create Azure Repository uri: diff --git a/ansible/roles/grafana-backup/meta/main.yml b/ansible/roles/grafana-backup/meta/main.yml deleted file mode 100644 index a124d4f7cb..0000000000 --- a/ansible/roles/grafana-backup/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - azure-cli diff --git a/ansible/roles/grafana-backup/tasks/main.yml b/ansible/roles/grafana-backup/tasks/main.yml index 62d4c4dfe2..786bd13442 100644 --- a/ansible/roles/grafana-backup/tasks/main.yml +++ b/ansible/roles/grafana-backup/tasks/main.yml @@ -19,14 +19,18 @@ async: 3600 poll: 10 -- name: Ensure azure blob storage container exists - command: az storage container create --name {{ grafana_backup_azure_container_name }} - ignore_errors: true - -- name: Upload to azure blob storage - command: az storage blob upload --name {{ grafana_backup_gzip_file_name }} --file {{ grafana_backup_gzip_file_path }} --container-name {{ grafana_backup_azure_container_name }} - async: 5000 - poll: 10 +- name: upload file to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload.yml + vars: + blob_container_name: "{{ grafana_backup_azure_container_name }}" + container_public_access: "off" + blob_file_name: "{{ grafana_backup_gzip_file_name }}" + local_file_or_folder_path: "{{ grafana_backup_gzip_file_path }}" + storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_key: "{{ azure_management_storage_account_key }}" + when: cloud_service_provider == "azure" - name: clean up backup dir after upload file: path="{{ grafana_backup_dir }}" state=absent diff --git a/ansible/roles/jenkins-backup-upload/tasks/main.yml b/ansible/roles/jenkins-backup-upload/tasks/main.yml index f5ec21c7bb..e430e57c1c 100644 --- a/ansible/roles/jenkins-backup-upload/tasks/main.yml +++ b/ansible/roles/jenkins-backup-upload/tasks/main.yml @@ -12,11 +12,15 @@ - name: Create archive of backup directory archive: path="{{ jenkins_backup_base_dir }}/{{ LATEST_BACKUP_DIR.stdout }}" dest="/tmp/{{ LATEST_BACKUP_DIR.stdout }}.zip" format=zip -- name: Ensure azure blob storage container exists - command: az storage container create --name {{ jenkins_backup_azure_container_name }} - -- name: Upload to azure blob storage - command: az storage blob upload -c {{ jenkins_backup_azure_container_name }} --name "{{ LATEST_BACKUP_DIR.stdout }}.zip" -f "/tmp/{{ LATEST_BACKUP_DIR.stdout }}.zip" - async: 3600 - poll: 10 - +- name: upload file to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload.yml + vars: + blob_container_name: "{{ jenkins_backup_azure_container_name }}" + container_public_access: "off" + blob_file_name: "{{ LATEST_BACKUP_DIR.stdout }}.zip" + local_file_or_folder_path: "/tmp/{{ LATEST_BACKUP_DIR.stdout }}.zip" + storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_key: "{{ azure_management_storage_account_key }}" + when: cloud_service_provider == "azure" \ No newline at end of file diff --git a/ansible/roles/mongodb-backup/meta/main.yml b/ansible/roles/mongodb-backup/meta/main.yml deleted file mode 100644 index a124d4f7cb..0000000000 --- a/ansible/roles/mongodb-backup/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - azure-cli diff --git a/ansible/roles/mongodb-backup/tasks/main.yml b/ansible/roles/mongodb-backup/tasks/main.yml index 219ced55ea..4235e52c32 100644 --- a/ansible/roles/mongodb-backup/tasks/main.yml +++ b/ansible/roles/mongodb-backup/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: Create the directory file: path={{ mongo_backup_dir }} state=directory recurse=yes @@ -13,13 +14,18 @@ - name: Compress the backup file shell: "tar -czf {{ mongo_backup_file_path }}.tar.gz {{ mongo_backup_file_path }}" -- name: upload to azure +- name: upload file to azure storage include_role: - name: artifacts-upload-azure + name: azure-cloud-storage + tasks_from: blob-upload.yml vars: - artifact: "{{ mongo_backup_file_name }}.tar.gz" - artifact_path: "{{ mongo_backup_file_path }}.tar.gz" - artifacts_container: "{{ mongo_backup_azure_container_name }}" + blob_container_name: "{{ mongo_backup_azure_container_name }}" + container_public_access: "off" + blob_file_name: "{{ mongo_backup_file_name }}.tar.gz" + local_file_or_folder_path: "{{ mongo_backup_file_path }}.tar.gz" + storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_key: "{{ azure_management_storage_account_key }}" + when: cloud_service_provider == "azure" - name: clean up backup dir after upload file: path={{ mongo_backup_dir }} state=absent diff --git a/ansible/roles/offline-installer/tasks/main.yml b/ansible/roles/offline-installer/tasks/main.yml index 31bc47f627..e110fd3116 100644 --- a/ansible/roles/offline-installer/tasks/main.yml +++ b/ansible/roles/offline-installer/tasks/main.yml @@ -41,7 +41,7 @@ when: uploadInstaller is not defined - name: upload to azure - include: uploadToAzure.yml + include: upload_to_storage.yml when: uploadInstaller is defined - name: Delete offline installer folder if any issue diff --git a/ansible/roles/offline-installer/tasks/uploadToAzure.yml b/ansible/roles/offline-installer/tasks/upload_to_storage.yml similarity index 67% rename from ansible/roles/offline-installer/tasks/uploadToAzure.yml rename to ansible/roles/offline-installer/tasks/upload_to_storage.yml index 62d4378d10..3c62d6fc03 100644 --- a/ansible/roles/offline-installer/tasks/uploadToAzure.yml +++ b/ansible/roles/offline-installer/tasks/upload_to_storage.yml @@ -1,9 +1,4 @@ -- name: Ensure azure blob storage container exists - command: az storage container create --name {{offline_installer_container_name}} --public-access blob - environment: - AZURE_STORAGE_ACCOUNT: "{{sunbird_public_storage_account_name}}" - AZURE_STORAGE_KEY: "{{sunbird_public_storage_account_key}}" - +--- - name: Get the environment name for the artifact name shell: "cat {{offline_repo_location}}/offline-installer-repo/src/package.json | jq -r '.name'" register: env_name @@ -56,25 +51,31 @@ - artifacts.sh - metadata.sh -- name: Upload to azure blob storage - command: az storage blob upload-batch --destination {{offline_installer_container_name}} --source "offline_artifacts" - args: - chdir: "{{offline_repo_location}}/offline-installer-repo/" - environment: - AZURE_STORAGE_ACCOUNT: "{{sunbird_public_storage_account_name}}" - AZURE_STORAGE_KEY: "{{sunbird_public_storage_account_key}}" - async: 60 - poll: 10 - -- name: Upload to latest.json file to blob - command: az storage blob upload-batch --destination "{{offline_installer_container_name}}/latest" --source "{{folderName.stdout}}" - args: - chdir: "{{offline_repo_location}}/offline-installer-repo/offline_artifacts/" - environment: - AZURE_STORAGE_ACCOUNT: "{{sunbird_public_storage_account_name}}" - AZURE_STORAGE_KEY: "{{sunbird_public_storage_account_key}}" - async: 60 - poll: 10 +- name: this block consists of tasks related to azure storage + block: + - name: set common azure variables + set_fact: + blob_container_name: "{{ offline_installer_container_name }}" + container_public_access: "blob" + storage_account_name: "{{ azure_public_storage_account_name }}" + storage_account_key: "{{ azure_public_storage_account_key }}" + + - name: upload batch of files to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload-batch.yml + vars: + blob_container_folder_path: "" + local_file_or_folder_path: "{{ offline_repo_location }}/offline-installer-repo/offline_artifacts" + + - name: upload batch of files to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload-batch.yml + vars: + blob_container_folder_path: "/latest" + local_file_or_folder_path: "{{ offline_repo_location }}/offline-installer-repo/offline_artifacts/{{ folderName.stdout }}" + when: cloud_service_provider == "azure" - name: Create a zip of the folder to archieve the artifact archive: diff --git a/ansible/roles/postgres-azure-managed-service-backup/meta/main.yml b/ansible/roles/postgres-azure-managed-service-backup/meta/main.yml deleted file mode 100644 index 5927f82724..0000000000 --- a/ansible/roles/postgres-azure-managed-service-backup/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - #- azure-cli \ No newline at end of file diff --git a/ansible/roles/postgres-azure-managed-service-backup/tasks/main.yml b/ansible/roles/postgres-azure-managed-service-backup/tasks/main.yml index cc5ede8e0e..a64f3639af 100644 --- a/ansible/roles/postgres-azure-managed-service-backup/tasks/main.yml +++ b/ansible/roles/postgres-azure-managed-service-backup/tasks/main.yml @@ -11,7 +11,6 @@ - set_fact: postgresql_backup_gzip_file_path: "{{ postgresql_backup_dir }}/{{ postgresql_backup_gzip_file_name }}.zip" - - name: Dump an existing database to a file postgresql_db: login_user: "{{ sunbird_pg_user }}" @@ -42,20 +41,18 @@ async: 500 poll: 10 -- name: Ensure azure blob storage container exists - command: az storage container create --name {{ postgresql_backup_azure_container_name }} - ignore_errors: true - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_management_storage_account_key }}" - -- name: Upload to azure blob storage - command: az storage blob upload --name {{ postgresql_backup_gzip_file_name }}.zip --file {{ postgresql_backup_gzip_file_path }} --container-name {{ postgresql_backup_azure_container_name }} - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_management_storage_account_key }}" - async: 3600 - poll: 10 +- name: upload file to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload.yml + vars: + blob_container_name: "{{ postgresql_backup_azure_container_name }}" + container_public_access: "off" + blob_file_name: "{{ postgresql_backup_gzip_file_name }}.zip" + local_file_or_folder_path: "{{ postgresql_backup_gzip_file_path }}" + storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_key: "{{ azure_management_storage_account_key }}" + when: cloud_service_provider == "azure" - name: clean up backup dir after upload file: path="{{ postgresql_backup_dir }}" state=absent diff --git a/ansible/roles/postgres-azure-managed-service-restore/tasks/main.yml b/ansible/roles/postgres-azure-managed-service-restore/tasks/main.yml index ba413e7943..135c29280c 100644 --- a/ansible/roles/postgres-azure-managed-service-restore/tasks/main.yml +++ b/ansible/roles/postgres-azure-managed-service-restore/tasks/main.yml @@ -9,12 +9,17 @@ - set_fact: postgres_backup_filepath: "{{ postgresql_restore_dir }}/{{ postgres_backup_filename }}" -- name: Download backup from azure - command: az storage blob download -c {{ postgres_backup_azure_container_name }} --name {{ postgres_backup_filename }} -f {{ postgres_backup_filepath }} - args: - chdir: "{{ postgres_restore_dir }}" - async: 100 - poll: 10 +- name: download a file from azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-download.yml + vars: + blob_container_name: "{{ postgres_backup_azure_container_name }}" + blob_file_name: "{{ postgres_backup_filename }}" + local_file_or_folder_path: "{{ postgres_restore_dir }}/{{ postgres_backup_filepath }}" + storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_key: "{{ azure_management_storage_account_key }}" + when: cloud_service_provider == "azure" - name: unarchive artifact unarchive: src={{ postgresql_restore_dir }}/{{ postgres_backup_filename }} dest={{ postgresql_restore_dir }}/ copy=no diff --git a/ansible/roles/postgresql-backup/meta/main.yml b/ansible/roles/postgresql-backup/meta/main.yml deleted file mode 100644 index 23b18a800a..0000000000 --- a/ansible/roles/postgresql-backup/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - azure-cli \ No newline at end of file diff --git a/ansible/roles/postgresql-backup/tasks/main.yml b/ansible/roles/postgresql-backup/tasks/main.yml index c71f15510f..2e25619a10 100644 --- a/ansible/roles/postgresql-backup/tasks/main.yml +++ b/ansible/roles/postgresql-backup/tasks/main.yml @@ -13,20 +13,18 @@ async: 3600 poll: 10 -- name: Ensure azure blob storage container exists - command: az storage container create --name {{ postgresql_backup_azure_container_name }} - ignore_errors: true - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_management_storage_account_key }}" - -- name: Upload to azure blob storage - command: az storage blob upload --name {{ postgresql_backup_gzip_file_name }} --file {{ postgresql_backup_gzip_file_path }} --container-name {{ postgresql_backup_azure_container_name }} - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_management_storage_account_key }}" - async: 3600 - poll: 10 +- name: upload file to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload.yml + vars: + blob_container_name: "{{ postgresql_backup_azure_container_name }}" + container_public_access: "off" + blob_file_name: "{{ postgresql_backup_gzip_file_name }}" + local_file_or_folder_path: "{{ postgresql_backup_gzip_file_path }}" + storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_key: "{{ azure_management_storage_account_key }}" + when: cloud_service_provider == "azure" - name: clean up backup dir after upload - file: path="{{ postgresql_backup_dir }}" state=absent + file: path="{{ postgresql_backup_dir }}" state=absent \ No newline at end of file diff --git a/ansible/roles/postgresql-restore/meta/main.yml b/ansible/roles/postgresql-restore/meta/main.yml deleted file mode 100644 index 23b18a800a..0000000000 --- a/ansible/roles/postgresql-restore/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - azure-cli \ No newline at end of file diff --git a/ansible/roles/postgresql-restore/tasks/main.yml b/ansible/roles/postgresql-restore/tasks/main.yml index 47f9aa0f05..4075baa596 100644 --- a/ansible/roles/postgresql-restore/tasks/main.yml +++ b/ansible/roles/postgresql-restore/tasks/main.yml @@ -4,13 +4,17 @@ - set_fact: postgresql_restore_gzip_file_path: "{{ postgresql_restore_dir }}/{{ postgresql_restore_gzip_file_name }}" -- name: Download restore file from azure - command: az storage blob download --container-name {{ postgresql_restore_azure_container_name }} --name {{ postgresql_restore_gzip_file_name }} --file {{ postgresql_restore_gzip_file_path }} - environment: - AZURE_STORAGE_ACCOUNT: "{{ postgresql_restore_azure_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ postgresql_restore_azure_storage_access_key }}" - async: 3600 - poll: 10 +- name: download a file from azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-download.yml + vars: + blob_container_name: "{{ postgresql_restore_azure_container_name }}" + blob_file_name: "{{ postgresql_restore_gzip_file_name }}" + local_file_or_folder_path: "{{ postgresql_restore_gzip_file_path }}" + storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_key: "{{ azure_management_storage_account_key }}" + when: cloud_service_provider == "azure" - name: ensure postgresql service is stopped service: name=postgresql state=stopped diff --git a/ansible/roles/prometheus-backup-v2/tasks/main.yml b/ansible/roles/prometheus-backup-v2/tasks/main.yml index af34edddad..6286f31ebb 100644 --- a/ansible/roles/prometheus-backup-v2/tasks/main.yml +++ b/ansible/roles/prometheus-backup-v2/tasks/main.yml @@ -16,13 +16,18 @@ path: "{{ prometheus_data_dir }}/snapshots/{{ snapshot_name }}" dest: "/tmp/{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" -- name: upload to azure +- name: upload file to azure storage include_role: - name: artifacts-upload-azure + name: azure-cloud-storage + tasks_from: blob-upload.yml vars: - artifact: "{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" - artifact_path: "/tmp/{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" - artifacts_container: "{{ prometheus_backup_azure_container_name }}" + blob_container_name: "{{ prometheus_backup_azure_container_name }}" + container_public_access: "off" + blob_file_name: "{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" + local_file_or_folder_path: "/tmp/{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" + storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_key: "{{ azure_management_storage_account_key }}" + when: cloud_service_provider == "azure" - name: Deleting snapshot file: diff --git a/ansible/roles/prometheus-backup/meta/main.yml b/ansible/roles/prometheus-backup/meta/main.yml deleted file mode 100644 index bb605fa878..0000000000 --- a/ansible/roles/prometheus-backup/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - azure-cli diff --git a/ansible/roles/prometheus-backup/tasks/main.yml b/ansible/roles/prometheus-backup/tasks/main.yml index 712dd6faf3..1a71443c28 100644 --- a/ansible/roles/prometheus-backup/tasks/main.yml +++ b/ansible/roles/prometheus-backup/tasks/main.yml @@ -25,20 +25,18 @@ shell: "docker service scale monitor_prometheus=1" delegate_to: "{{groups['swarm-bootstrap-manager'][0]}}" -- name: Ensure azure blob storage container exists - command: az storage container create --name {{ prometheus_backup_azure_container_name }} - ignore_errors: true - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_management_storage_account_key }}" - -- name: Upload to azure blob storage - command: az storage blob upload --name {{ prometheus_backup_gzip_file_name }} --file {{ prometheus_backup_gzip_file_path }} --container-name {{ prometheus_backup_azure_container_name }} - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_management_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_management_storage_account_key }}" - async: 3600 - poll: 10 +- name: upload file to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload.yml + vars: + blob_container_name: "{{ prometheus_backup_azure_container_name }}" + container_public_access: "off" + blob_file_name: "{{ prometheus_backup_gzip_file_name }}" + local_file_or_folder_path: "{{ prometheus_backup_gzip_file_path }}" + storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_key: "{{ azure_management_storage_account_key }}" + when: cloud_service_provider == "azure" - name: clean up backup dir after upload file: path="{{ prometheus_backup_dir }}" state=absent diff --git a/ansible/roles/prometheus-restore/tasks/main.yml b/ansible/roles/prometheus-restore/tasks/main.yml index 686d60e195..9b2a176882 100644 --- a/ansible/roles/prometheus-restore/tasks/main.yml +++ b/ansible/roles/prometheus-restore/tasks/main.yml @@ -1,20 +1,25 @@ - name: ensure backup dir exists file: path="{{ prometheus_backup_dir }}" state=directory -- name: Download backup from azure - command: az storage blob download -c {{ prometheus_backup_azure_container_name }} --name {{ prometheus_backup_filename }} -f {{ prometheus_backup_filepath }} - args: - chdir: "{{ prometheus_backup_dir }}" - async: 100 - poll: 10 +- name: download a file from azure storage + become: true + include_role: + name: azure-cloud-storage + tasks_from: blob-download.yml + vars: + blob_container_name: "{{ prometheus_backup_azure_container_name }}" + blob_file_name: "{{ prometheus_backup_filename }}" + local_file_or_folder_path: "{{ prometheus_backup_dir }}/{{ prometheus_backup_filepath }}" + storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_key: "{{ azure_management_storage_account_key }}" + when: cloud_service_provider == "azure" - name: ensure prometheus is stopped shell: "docker service scale {{prometheus_service_name}}=0 && sleep 10" delegate_to: "{{manager_host}}" #variable is passed as extra vars from jenkins - - name: Unarchive backup - become: yes + become: true unarchive: src: "{{ prometheus_backup_dir }}/{{ prometheus_backup_filename }}" dest: "{{prometheus_data_dir}}/" @@ -29,4 +34,3 @@ - name: clean up backup dir file: path="{{ prometheus_backup_dir }}" state=absent - diff --git a/ansible/roles/redis-backup/meta/main.yml b/ansible/roles/redis-backup/meta/main.yml deleted file mode 100644 index a124d4f7cb..0000000000 --- a/ansible/roles/redis-backup/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - azure-cli diff --git a/ansible/roles/redis-backup/tasks/main.yml b/ansible/roles/redis-backup/tasks/main.yml index 3519bb1ea9..fa621b4d6d 100644 --- a/ansible/roles/redis-backup/tasks/main.yml +++ b/ansible/roles/redis-backup/tasks/main.yml @@ -1,6 +1,5 @@ - name: Create the directory file: path={{ redis_backup_dir }} state=directory recurse=yes - - set_fact: redis_backup_file_name: "redis-backup-{{ lookup('pipe', 'date +%Y-%m-%d-%T') }}.rdb" @@ -8,22 +7,25 @@ - set_fact: redis_backup_file_path: "{{ redis_backup_dir }}/{{ redis_backup_file_name }}" - - name: copy dump.rdb file copy: src: /home/learning/redis-stable/dump.rdb dest: "{{ redis_backup_dir }}/{{ redis_backup_file_name }}" remote_src: yes - -- name: upload to azure +- name: upload file to azure storage include_role: - name: artifacts-upload-azure + name: azure-cloud-storage + tasks_from: blob-upload.yml vars: - artifact: "{{ redis_backup_file_name }}" - artifact_path: "{{ redis_backup_file_path }}" - artifacts_container: "{{ nodebb_redis_backup_azure_container_name }}" - + blob_container_name: "{{ nodebb_redis_backup_azure_container_name }}" + container_public_access: "off" + blob_file_name: "{{ redis_backup_file_name }}" + local_file_or_folder_path: "{{ redis_backup_file_path }}" + storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_key: "{{ azure_management_storage_account_key }}" + when: cloud_service_provider == "azure" + - name: clean up backup dir after upload file: path={{ redis_backup_dir }} state=absent diff --git a/ansible/roles/upload-batch/tasks/main.yml b/ansible/roles/upload-batch/tasks/main.yml deleted file mode 100644 index 1055bdb7f4..0000000000 --- a/ansible/roles/upload-batch/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Ensure azure blob storage container exists - command: az storage container create --name {{ container_name }} --public-access container - -- name: Upload to azure blob storage - command: az storage blob upload-batch --destination {{ destination_path }} --source {{ source_path }} - async: 3600 - poll: 10 diff --git a/ansible/uploadFAQs.yml b/ansible/uploadFAQs.yml index 1cc8fdbe8f..a4da2d4ede 100644 --- a/ansible/uploadFAQs.yml +++ b/ansible/uploadFAQs.yml @@ -1,47 +1,34 @@ - hosts: localhost - become: yes vars_files: - "{{inventory_dir}}/secrets.yml" - vars: - container_name: "{{ blob_container }}" - destination_path: "{{ blob_container }}" - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_public_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_public_storage_account_key }}" tasks: - - name: upload files - include_role: - name: upload-batch - vars: - source_path: "{{ playbook_dir }}/../utils/{{ item }}" - with_items: - - "{{ source_folder.split(',') }}" + - name: template schema files + template: + src: "{{ item }}" + dest: "{{ item }}" + with_fileglob: + - "{{ playbook_dir }}/../utils/sunbird-RC/schema/*.json" tags: - - upload-faqs - + - upload-RC-schema + - hosts: localhost - become: yes vars_files: - "{{inventory_dir}}/secrets.yml" - vars: - container_name: "{{ blob_container }}" - destination_path: "{{ blob_container }}" - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_public_storage_account_name }}" - AZURE_STORAGE_KEY: "{{ sunbird_public_storage_account_key }}" tasks: - - name: template schema files - template: - src: "{{ item }}" - dest: "{{ item }}" - with_fileglob: - - "{{ playbook_dir }}/../utils/sunbird-RC/schema/*.json" - - name: upload files - include_role: - name: upload-batch - vars: - source_path: "{{ playbook_dir }}/../utils/{{ item }}" - with_items: - - "{{ source_folder.split(',') }}" + - name: upload batch of files to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload-batch.yml + vars: + blob_container_name: "{{ blob_container }}" + container_public_access: "container" + blob_container_folder_path: "" + local_file_or_folder_path: "{{ playbook_dir }}/../utils/{{ item }}" + storage_account_name: "{{ azure_public_storage_account_name }}" + storage_account_key: "{{ azure_public_storage_account_key }}" + with_items: + - "{{ source_folder.split(',') }}" + when: cloud_service_provider == "azure" tags: - - upload-RC-schema + - upload-faqs + - upload-RC-schema diff --git a/pipelines/certs-templates/Jenkinsfile.upload b/pipelines/certs-templates/Jenkinsfile.upload deleted file mode 100644 index 8b0ef0a6bd..0000000000 --- a/pipelines/certs-templates/Jenkinsfile.upload +++ /dev/null @@ -1,61 +0,0 @@ -@Library('deploy-conf') _ -node() { - try { - String ANSI_GREEN = "\u001B[32m" - String ANSI_NORMAL = "\u001B[0m" - String ANSI_BOLD = "\u001B[1m" - String ANSI_RED = "\u001B[31m" - String ANSI_YELLOW = "\u001B[33m" - - stage("upload") { - def inputFile = input message: 'Upload file', parameters: [file(name: 'certUploadedfile')] - new hudson.FilePath(new File("tmp/certUploadedfile")).copyFrom(inputFile) - } - - stage('checkout public repo') { - folder = new File("$WORKSPACE/.git") - if (folder.exists()) - { - println "Found .git folder. Clearing it.." - sh'git clean -fxd' - } - checkout scm - } - - ansiColor('xterm') { - stage('deploy'){ - values = [:] - envDir = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-3].trim() - module = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-2].trim() - jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() - currentWs = sh(returnStdout: true, script: 'pwd').trim() - ansiblePlaybook = "${currentWs}/ansible/cert-file-upload.yml" - ansibleExtraArgs = "--extra-vars \"file_name=${params.file_name}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" - values.put('currentWs', currentWs) - values.put('env', envDir) - values.put('module', module) - values.put('jobName', jobName) - values.put('ansiblePlaybook', ansiblePlaybook) - values.put('ansibleExtraArgs', ansibleExtraArgs) - println values - ansible_playbook_run(values) - currentBuild.result = "SUCCESS" - currentBuild.description = "Artifact: ${values.artifact_version}, Private: ${params.private_branch}, Public: ${params.branch_or_tag}" - } - } - - stage('remove tmp file'){ - sh """ - rm -rf /tmp/certUploadedfile - """ - } - } - catch (err) { - currentBuild.result = "FAILURE" - throw err - } - finally { - slack_notify(currentBuild.result) - email_notify() - } -} diff --git a/pipelines/deploy/org_sunbird_questionunit_quml/Jenkinsfile b/pipelines/deploy/org_sunbird_questionunit_quml/Jenkinsfile index b8173de1a0..9d4521b956 100644 --- a/pipelines/deploy/org_sunbird_questionunit_quml/Jenkinsfile +++ b/pipelines/deploy/org_sunbird_questionunit_quml/Jenkinsfile @@ -34,8 +34,8 @@ node() { chmod a+x content-plugins/az_copy.sh mv content-plugins ansible """ - ansiblePlaybook = "${currentWs}/ansible/plugin.yml" - ansibleExtraArgs = "--tags org_sunbird_questionunit_quml --extra-vars \" plugins_name=${params.plugin_name} source_file=${currentWs}/ansible/content-plugins/${params.plugin_name}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansiblePlaybook = "${currentWs}/ansible/plugins.yml" + ansibleExtraArgs = "--extra-vars \" plugins_name=${params.plugin_name} source_file=${currentWs}/ansible/content-plugins/${params.plugin_name}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) println values diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index e54937985e..fc439777b4 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -18,15 +18,20 @@ mail_server_username: "apikey" # Email provider userna sunbird_mail_server_from_email: "support@myorg.com" # Email ID that should be as from address in mails # List of mail ids to whome the monitoring alerts should be sent. alerts_mailing_list : "devops@myorg.com" # Comma separated mail list for Alerts; eg: user1@mail.com, user2@mail.com -# Note - You can use the same azure account for the below variables or have separate azure accounts -sunbird_public_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing public data (like contents) -sunbird_private_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing private data (like reports, telemetry data) -sunbird_artifact_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing artifacts data (like jenkins build zip files) -sunbird_management_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing backup data (like cassandra backups) + # Define the below if you are using Azure Cloud # Management Storage Account +# Note - You can use the same azure account for the below variables or have separate azure accounts +sunbird_public_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing public data (like contents) +sunbird_private_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing private data (like reports, telemetry data) +sunbird_management_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing backup data (like cassandra backups) +sunbird_artifact_storage_account_name: "{{ sunbird_management_storage_account_name }}" # Azure account name for storing artifacts data (like jenkins build zip files) + +azure_public_storage_account_name: "{{ sunbird_public_storage_account_name }}" +azure_private_storage_account_name: "{{ sunbird_private_storage_account_name }}" azure_management_storage_account_name: "{{ sunbird_management_storage_account_name }}" +azure_artifact_storage_account_name: "{{ sunbird_artifact_storage_account_name }}" # Define the below if you are using AWS Cloud # Management Storage Bucket diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml index 798aceb7e0..c373fa8c4f 100644 --- a/private_repo/ansible/inventory/dev/Core/secrets.yml +++ b/private_repo/ansible/inventory/dev/Core/secrets.yml @@ -8,27 +8,33 @@ core_vault_docker_registry_url: "change.docker.url" # for docker hub "https core_vault_docker_registry_user: "change.docker.username" core_vault_docker_registry_password: "change.docker.password" +# Define the below if you are using Azure Cloud +# Management Storage Account # Run the below command in shell # date +'%Y-%m-%dT%H:%m:%SZ' -d '+1 year' # sas_token=?`az storage account generate-sas --account-name "{{ azure_plugin_storage_account_name }}" --account-key "{{ azure_plugin_storage_account_key }}" --expiry $sas_expire_time --https-only --permissions acdlpruw --resource-types sco --services bfqt | xargs` # generate a sas for the blob for entire storage accout with write and read access -artifact_azure_account_sas: "change.azure.storage.account.sas" # SAS token value generated from above command sunbird_artifact_storage_account_sas: "change.azure.storage.account.sas" # SAS token value generated from above command sunbird_public_storage_account_sas: "change.azure.storage.account.sas" # SAS token value generated from above command +sunbird_management_storage_account_sas: "change.azure.storage.account.sas" # SAS token value generated from above command + sunbird_public_storage_account_key: "change.azure.storage.account.key" sunbird_private_storage_account_key: "change.azure.storage.account.key" sunbird_management_storage_account_key: "change.azure.storage.account.key" +sunbird_artifact_storage_account_key: "{{ sunbird_management_storage_account_key }}" -# Define the below if you are using Azure Cloud -# Management Storage Account +azure_public_storage_account_key: "{{ sunbird_public_storage_account_key }}" +azure_private_storage_account_key: "{{ sunbird_private_storage_account_key }}" azure_management_storage_account_key: "{{ sunbird_management_storage_account_key }}" +azure_artifact_storage_account_key: "{{ sunbird_artifact_storage_account_key }}" +azure_public_storage_account_sas: "{{ sunbird_public_storage_account_sas }}" +azure_management_storage_account_sas: "{{ sunbird_management_storage_account_sas }}" # Define the below if you are using AWS Cloud # Management Storage Bucket aws_management_bucket_user_access_key: "" aws_management_bucket_user_secret_key: "" - # Define the below if you are using Google Cloud # Management Storage Bucket gcs_management_bucket_service_account: | From 85f8e5c20c9339cfbb8e0e39d2100cc5763b1807 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Wed, 21 Sep 2022 14:36:30 +0530 Subject: [PATCH 063/434] fix: adding mandatore var cloud_service_provider Signed-off-by: Keshav Prasad --- private_repo/ansible/inventory/dev/Core/common.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index fc439777b4..8277399b44 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -1,6 +1,7 @@ # ------------------------------------------------------------------------------------------------------------ # # Mandatorty variables - DO NOT LEAVE ANYTHING BLANK # # ------------------------------------------------------------------------------------------------------------ # +cloud_service_provider: "" # Your cloud service provider name. Supported values are aws, azure, gcloud domain_name: "" # your domain name like example.com dockerhub: "change.docker.url" # docker hub username or url incase of private registry # This ip should be in the kubenetes subnet range. For example, if your kube cluster is running in `10.0.0.0/24, then it can be 10.0.0.5. Make sure this ip is not allocated to any other things.` From 847f536094008a2e7fef2bf994239a1c2e048ea1 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Fri, 23 Sep 2022 19:20:40 +0530 Subject: [PATCH 064/434] feat: modified vars for generic naming convention Signed-off-by: Keshav Prasad --- ansible/assets-upload.yml | 9 ++++++++- ansible/deploy-plugins.yml | 15 +++++++++++---- ansible/desktop-faq-upload.yml | 9 ++++++++- ansible/dial_upload-schema.yml | 9 ++++++++- ansible/kp_upload-schema.yml | 9 ++++++++- ansible/nodebbui-upload.yml | 11 +++++++++-- ansible/plugins.yml | 7 +++++++ ansible/roles/cassandra-backup/defaults/main.yml | 9 ++++++++- ansible/roles/cassandra-backup/tasks/main.yml | 2 +- ansible/roles/cassandra-restore/defaults/main.yml | 7 +++++++ ansible/roles/cassandra-restore/tasks/main.yml | 2 +- ansible/roles/cert-templates/defaults/main.yml | 7 +++++++ ansible/roles/cert-templates/tasks/main.yml | 2 +- ansible/roles/desktop-deploy/defaults/main.yml | 7 +++++++ ansible/roles/desktop-deploy/tasks/main.yml | 2 +- ansible/roles/es-azure-snapshot/defaults/main.yml | 9 ++++++++- ansible/roles/es-azure-snapshot/tasks/main.yml | 2 +- ansible/roles/es-gcs-snapshot/defaults/main.yml | 4 ++-- ansible/roles/es-s3-snapshot/defaults/main.yml | 4 ++-- ansible/roles/grafana-backup/defaults/main.yml | 7 +++++++ ansible/roles/grafana-backup/tasks/main.yml | 2 +- .../roles/jenkins-backup-upload/defaults/main.yml | 7 +++++++ .../roles/jenkins-backup-upload/tasks/main.yml | 2 +- ansible/roles/mongodb-backup/defaults/main.yml | 7 +++++++ ansible/roles/mongodb-backup/tasks/main.yml | 2 +- ansible/roles/offline-installer/defaults/main.yml | 7 +++++++ .../offline-installer/tasks/upload_to_storage.yml | 2 +- .../defaults/main.yml | 7 +++++++ .../tasks/main.yml | 2 +- .../defaults/main.yml | 7 +++++++ .../tasks/main.yml | 2 +- ansible/roles/postgresql-backup/defaults/main.yml | 7 ++++++- ansible/roles/postgresql-backup/tasks/main.yml | 2 +- .../roles/postgresql-restore/defaults/main.yml | 11 ++++++----- ansible/roles/postgresql-restore/tasks/main.yml | 2 +- .../roles/prometheus-backup-v2/defaults/main.yml | 9 ++++++++- ansible/roles/prometheus-backup-v2/tasks/main.yml | 2 +- ansible/roles/prometheus-backup/defaults/main.yml | 9 ++++++++- ansible/roles/prometheus-backup/tasks/main.yml | 2 +- .../roles/prometheus-restore/defaults/main.yml | 9 ++++++++- ansible/roles/prometheus-restore/tasks/main.yml | 2 +- ansible/roles/redis-backup/defaults/main.yml | 7 +++++++ ansible/roles/redis-backup/tasks/main.yml | 2 +- ansible/uploadFAQs.yml | 2 +- .../jobs/Kubernetes/jobs/UploadFAQs/config.xml | 2 +- .../Sunbird-RC/jobs/Upload_RC_Schema/config.xml | 2 +- pipelines/upload/faqs/Jenkinsfile | 2 +- 47 files changed, 206 insertions(+), 46 deletions(-) diff --git a/ansible/assets-upload.yml b/ansible/assets-upload.yml index 8bc0ac9123..db14234e4a 100644 --- a/ansible/assets-upload.yml +++ b/ansible/assets-upload.yml @@ -2,10 +2,17 @@ - hosts: localhost vars_files: - ['{{inventory_dir}}/secrets.yml', 'secrets/{{env}}.yml'] + # The vars: section is added for the below reason + # 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name + # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo + # or other default files and just assign the value to the newly introduced common variable + # 3. After few releases, we will remove the older variables and use only the new variables across the repos + vars: + player_cdn_storage: "{{ player_cdn_container }}" tasks: - name: set common azure variables set_fact: - blob_container_name: "{{ player_cdn_container }}" + blob_container_name: "{{ player_cdn_storage }}" container_public_access: "container" blob_container_folder_path: "" storage_account_name: "{{ azure_public_storage_account_name }}" diff --git a/ansible/deploy-plugins.yml b/ansible/deploy-plugins.yml index 7c4958a5f5..d1a0be8796 100644 --- a/ansible/deploy-plugins.yml +++ b/ansible/deploy-plugins.yml @@ -3,11 +3,18 @@ gather_facts: no vars_files: - "{{inventory_dir}}/secrets.yml" + # The vars: section is added for the below reason + # 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name + # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo + # or other default files and just assign the value to the newly introduced common variable + # 3. After few releases, we will remove the older variables and use only the new variables across the repos + vars: + plugin_storage: "{{ plugin_container_name }}" tasks: - name: rename env_domain in preview_cdn.html for CDN shell: | - echo "{{sunbird_portal_preview_cdn_url}}" - sed -i 's|cdn_url|{{sunbird_portal_preview_cdn_url}}|g' "{{currentws}}"/ansible/preview/preview_cdn.html + echo "{{ sunbird_portal_preview_cdn_url }}" + sed -i 's|cdn_url|{{ sunbird_portal_preview_cdn_url }}|g' "{{ currentws }}"/ansible/preview/preview_cdn.html when: sunbird_portal_preview_cdn_url is defined tags: - preview @@ -16,7 +23,7 @@ block: - name: set common azure variables set_fact: - blob_container_name: "{{ plugin_container_name }}" + blob_container_name: "{{ plugin_storage }}" container_public_access: "container" blob_container_folder_path: "/{{ folder_name }}" storage_account_name: "{{ azure_public_storage_account_name }}" @@ -62,7 +69,7 @@ - block: - name: run the az_copy.sh script - shell: "bash {{ az_file_path }} {{ plugin_container_name }} {{ source_file }}" + shell: "bash {{ az_file_path }} {{ plugin_storage }} {{ source_file }}" async: 3600 poll: 10 environment: diff --git a/ansible/desktop-faq-upload.yml b/ansible/desktop-faq-upload.yml index 7c7e992039..43d1789b00 100644 --- a/ansible/desktop-faq-upload.yml +++ b/ansible/desktop-faq-upload.yml @@ -1,12 +1,19 @@ - hosts: localhost vars_files: - "{{inventory_dir}}/secrets.yml" + # The vars: section is added for the below reason + # 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name + # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo + # or other default files and just assign the value to the newly introduced common variable + # 3. After few releases, we will remove the older variables and use only the new variables across the repos + vars: + desktop_container: "{{ desktop_container_storage }}" tasks: - name: this block consists of tasks related to azure storage block: - name: set common azure variables set_fact: - blob_container_name: "{{ desktop_container }}" + blob_container_name: "{{ desktop_container_storage }}" blob_file_name: "{{ destination_path }}" blob_container_folder_path: "/{{ destination_path }}" local_file_or_folder_path: "{{ playbook_dir }}/../{{ src_file_path }}" diff --git a/ansible/dial_upload-schema.yml b/ansible/dial_upload-schema.yml index 54b0672ed9..c846ecb95e 100644 --- a/ansible/dial_upload-schema.yml +++ b/ansible/dial_upload-schema.yml @@ -2,6 +2,13 @@ gather_facts: no vars_files: - "{{inventory_dir}}/secrets.yml" + # The vars: section is added for the below reason + # 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name + # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo + # or other default files and just assign the value to the newly introduced common variable + # 3. After few releases, we will remove the older variables and use only the new variables across the repos + vars: + dial_plugin_container_name: "{{ dial_plugin_storage }}" tasks: - name: Create directories file: @@ -24,7 +31,7 @@ name: azure-cloud-storage tasks_from: blob-upload-batch.yml vars: - blob_container_name: "{{ dial_plugin_container_name }}" + blob_container_name: "{{ dial_plugin_storage }}" container_public_access: "blob" blob_container_folder_path: "/schemas/local" local_file_or_folder_path: "dial_schema_template_files" diff --git a/ansible/kp_upload-schema.yml b/ansible/kp_upload-schema.yml index 843abfbd19..c13633e8ab 100644 --- a/ansible/kp_upload-schema.yml +++ b/ansible/kp_upload-schema.yml @@ -2,13 +2,20 @@ gather_facts: no vars_files: - "{{inventory_dir}}/secrets.yml" + # The vars: section is added for the below reason + # 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name + # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo + # or other default files and just assign the value to the newly introduced common variable + # 3. After few releases, we will remove the older variables and use only the new variables across the repos + vars: + plugin_container_name: "{{ plugin_storage }}" tasks: - name: upload batch of files to azure storage include_role: name: azure-cloud-storage tasks_from: blob-upload-batch.yml vars: - blob_container_name: "{{ plugin_container_name }}" + blob_container_name: "{{ plugin_storage }}" container_public_access: "container" blob_container_folder_path: "/schemas/local" local_file_or_folder_path: "{{ source_name }}" diff --git a/ansible/nodebbui-upload.yml b/ansible/nodebbui-upload.yml index 48f59dd327..809d67b914 100644 --- a/ansible/nodebbui-upload.yml +++ b/ansible/nodebbui-upload.yml @@ -3,13 +3,20 @@ gather_facts: no vars_files: - "{{inventory_dir}}/secrets.yml" + # The vars: section is added for the below reason + # 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name + # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo + # or other default files and just assign the value to the newly introduced common variable + # 3. After few releases, we will remove the older variables and use only the new variables across the repos + vars: + nodebbui_container_name: "{{ nodebbui_storage }}" tasks: - name: delete files and folders from azure storage using azcopy include_role: name: azure-cloud-storage tasks_from: delete-using-azcopy.yml vars: - blob_container_name: "{{ nodebbui_container_name }}" + blob_container_name: "{{ nodebbui_storage }}" blob_container_folder_path: "" storage_account_name: "{{ azure_public_storage_account_name }}" storage_account_sas_token: "{{ azure_public_storage_account_sas }}" @@ -20,7 +27,7 @@ name: azure-cloud-storage tasks_from: blob-upload-batch.yml vars: - blob_container_name: "{{ nodebbui_container_name }}" + blob_container_name: "{{ nodebbui_storage }}" container_public_access: "container" blob_container_folder_path: "" local_file_or_folder_path: "{{ source_name }}" diff --git a/ansible/plugins.yml b/ansible/plugins.yml index 0245f1801a..487f5c780d 100644 --- a/ansible/plugins.yml +++ b/ansible/plugins.yml @@ -3,6 +3,13 @@ gather_facts: false vars_files: - "{{inventory_dir}}/secrets.yml" + # The vars: section is added for the below reason + # 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name + # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo + # or other default files and just assign the value to the newly introduced common variable + # 3. After few releases, we will remove the older variables and use only the new variables across the repos + vars: + plugin_container_name: "{{ plugin_storage }}" tasks: - name: this block consists of tasks related to azure storage block: diff --git a/ansible/roles/cassandra-backup/defaults/main.yml b/ansible/roles/cassandra-backup/defaults/main.yml index 148bcf83b2..139fd1d810 100644 --- a/ansible/roles/cassandra-backup/defaults/main.yml +++ b/ansible/roles/cassandra-backup/defaults/main.yml @@ -1,3 +1,10 @@ cassandra_root_dir: '/etc/cassandra' data_dir: '/var/lib/cassandra/data' -cassandra_backup_azure_container_name: core-cassandra \ No newline at end of file +cassandra_backup_azure_container_name: core-cassandra + +# This variable is added for the below reason - +# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name +# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo +# or other default files and just assign the value to the newly introduced common variable +# 3. After few releases, we will remove the older variables and use only the new variables across the repos +cassandra_backup_storage: "{{ cassandra_backup_azure_container_name }}" \ No newline at end of file diff --git a/ansible/roles/cassandra-backup/tasks/main.yml b/ansible/roles/cassandra-backup/tasks/main.yml index d6365315d6..ac0682c58a 100755 --- a/ansible/roles/cassandra-backup/tasks/main.yml +++ b/ansible/roles/cassandra-backup/tasks/main.yml @@ -37,7 +37,7 @@ name: azure-cloud-storage tasks_from: upload-using-azcopy.yml vars: - blob_container_name: "{{ cassandra_backup_azure_container_name }}" + blob_container_name: "{{ cassandra_backup_storage }}" container_public_access: "off" local_file_or_folder_path: "/data/cassandra/backup/{{ cassandra_backup_gzip_file_name }}" storage_account_name: "{{ azure_management_storage_account_name }}" diff --git a/ansible/roles/cassandra-restore/defaults/main.yml b/ansible/roles/cassandra-restore/defaults/main.yml index 6353e09287..4a4828144e 100644 --- a/ansible/roles/cassandra-restore/defaults/main.yml +++ b/ansible/roles/cassandra-restore/defaults/main.yml @@ -1 +1,8 @@ user_home: "/home/{{ ansible_ssh_user }}/" + +# This variable is added for the below reason - +# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name +# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo +# or other default files and just assign the value to the newly introduced common variable +# 3. After few releases, we will remove the older variables and use only the new variables across the repos +cassandra_backup_storage: "{{ cassandra_backup_azure_container_name }}" \ No newline at end of file diff --git a/ansible/roles/cassandra-restore/tasks/main.yml b/ansible/roles/cassandra-restore/tasks/main.yml index 80b8f86863..717e2fe113 100755 --- a/ansible/roles/cassandra-restore/tasks/main.yml +++ b/ansible/roles/cassandra-restore/tasks/main.yml @@ -11,7 +11,7 @@ name: azure-cloud-storage tasks_from: blob-download.yml vars: - blob_container_name: "{{ cassandra_backup_azure_container_name }}" + blob_container_name: "{{ cassandra_backup_storage }}" blob_file_name: "{{ cassandra_restore_gzip_file_name }}" local_file_or_folder_path: "{{ cassandra_restore_gzip_file_path }}" storage_account_name: "{{ azure_management_storage_account_name }}" diff --git a/ansible/roles/cert-templates/defaults/main.yml b/ansible/roles/cert-templates/defaults/main.yml index c8710dd9d9..c621d6ddb8 100644 --- a/ansible/roles/cert-templates/defaults/main.yml +++ b/ansible/roles/cert-templates/defaults/main.yml @@ -2,3 +2,10 @@ certs_badge_upload_retry_count: 3 certs_badge_criteria: "" certs_badge_batch_id: "" certs_badge_key_id: "" + +# This variable is added for the below reason - +# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name +# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo +# or other default files and just assign the value to the newly introduced common variable +# 3. After few releases, we will remove the older variables and use only the new variables across the repos +cert_service_storage: "{{ cert_service_container_name }}" \ No newline at end of file diff --git a/ansible/roles/cert-templates/tasks/main.yml b/ansible/roles/cert-templates/tasks/main.yml index 321a91f139..dcbdeebadc 100644 --- a/ansible/roles/cert-templates/tasks/main.yml +++ b/ansible/roles/cert-templates/tasks/main.yml @@ -36,7 +36,7 @@ name: azure-cloud-storage tasks_from: blob-upload-batch.yml vars: - blob_container_name: "{{ cert_service_container_name }}" + blob_container_name: "{{ cert_service_storage }}" container_public_access: "off" blob_container_folder_path: "" local_file_or_folder_path: "{{ cert_location }}/cert-templates/certUtilScripts/out" diff --git a/ansible/roles/desktop-deploy/defaults/main.yml b/ansible/roles/desktop-deploy/defaults/main.yml index d71509fd05..ad3803dcd1 100644 --- a/ansible/roles/desktop-deploy/defaults/main.yml +++ b/ansible/roles/desktop-deploy/defaults/main.yml @@ -1,2 +1,9 @@ --- time: "YEAR-MONTH-DATE-HOUR-MINUTE-SECOND-INSTALLERTYPE" + +# This variable is added for the below reason - +# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name +# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo +# or other default files and just assign the value to the newly introduced common variable +# 3. After few releases, we will remove the older variables and use only the new variables across the repos +offline_installer_storage: "{{ offline_installer_container_name }}" \ No newline at end of file diff --git a/ansible/roles/desktop-deploy/tasks/main.yml b/ansible/roles/desktop-deploy/tasks/main.yml index 963189ad4d..e7763604c1 100644 --- a/ansible/roles/desktop-deploy/tasks/main.yml +++ b/ansible/roles/desktop-deploy/tasks/main.yml @@ -53,7 +53,7 @@ block: - name: set common azure variables set_fact: - blob_container_name: "{{ offline_installer_container_name }}" + blob_container_name: "{{ offline_installer_storage }}" container_public_access: "blob" storage_account_name: "{{ azure_public_storage_account_name }}" storage_account_key: "{{ azure_public_storage_account_key }}" diff --git a/ansible/roles/es-azure-snapshot/defaults/main.yml b/ansible/roles/es-azure-snapshot/defaults/main.yml index 9072442956..f527096f18 100644 --- a/ansible/roles/es-azure-snapshot/defaults/main.yml +++ b/ansible/roles/es-azure-snapshot/defaults/main.yml @@ -10,4 +10,11 @@ snapshot_create_request_body: { es_snapshot_host: "localhost" snapshot_base_path: "default" -es_azure_backup_container_name: "elasticsearch-snapshots" \ No newline at end of file +es_azure_backup_container_name: "elasticsearch-snapshots" + +# This variable is added for the below reason - +# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name +# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo +# or other default files and just assign the value to the newly introduced common variable +# 3. After few releases, we will remove the older variables and use only the new variables across the repos +es_backup_storage: "{{ es_azure_backup_container_name }}" \ No newline at end of file diff --git a/ansible/roles/es-azure-snapshot/tasks/main.yml b/ansible/roles/es-azure-snapshot/tasks/main.yml index 2b7f23e576..e804b4344d 100644 --- a/ansible/roles/es-azure-snapshot/tasks/main.yml +++ b/ansible/roles/es-azure-snapshot/tasks/main.yml @@ -9,7 +9,7 @@ name: azure-cloud-storage tasks_from: container-create.yml vars: - blob_container_name: "{{ es_azure_backup_container_name }}" + blob_container_name: "{{ es_backup_storage }}" container_public_access: "off" storage_account_name: "{{ azure_management_storage_account_name }}" storage_account_key: "{{ azure_management_storage_account_key }}" diff --git a/ansible/roles/es-gcs-snapshot/defaults/main.yml b/ansible/roles/es-gcs-snapshot/defaults/main.yml index 3c2efa9a7f..5e3cbece6f 100644 --- a/ansible/roles/es-gcs-snapshot/defaults/main.yml +++ b/ansible/roles/es-gcs-snapshot/defaults/main.yml @@ -2,11 +2,11 @@ snapshot_create_request_body: { type: gcs, settings: { bucket: "{{ gcs_management_bucket_name }}", - base_path: "{{ es_gcs_backup_folder_name }}/{{ snapshot_base_path }}_{{ base_path_date }}" + base_path: "{{ es_backup_storage }}/{{ snapshot_base_path }}_{{ base_path_date }}" } } # Override these values es_snapshot_host: "localhost" snapshot_base_path: "default" -es_gcs_backup_folder_name: "elasticsearch-snapshots" \ No newline at end of file +es_backup_storage: "elasticsearch-snapshots" \ No newline at end of file diff --git a/ansible/roles/es-s3-snapshot/defaults/main.yml b/ansible/roles/es-s3-snapshot/defaults/main.yml index 2ca18929b4..7ddda6ebd0 100644 --- a/ansible/roles/es-s3-snapshot/defaults/main.yml +++ b/ansible/roles/es-s3-snapshot/defaults/main.yml @@ -2,11 +2,11 @@ snapshot_create_request_body: { type: s3, settings: { bucket: "{{ aws_management_bucket_name }}", - base_path: "{{ es_s3_backup_folder_name }}/{{ snapshot_base_path }}_{{ base_path_date }}" + base_path: "{{ es_backup_storage }}/{{ snapshot_base_path }}_{{ base_path_date }}" } } # Override these values es_snapshot_host: "localhost" snapshot_base_path: "default" -es_s3_backup_folder_name: "elasticsearch-snapshots" \ No newline at end of file +es_backup_storage: "elasticsearch-snapshots" \ No newline at end of file diff --git a/ansible/roles/grafana-backup/defaults/main.yml b/ansible/roles/grafana-backup/defaults/main.yml index b32dea6dde..fc62843964 100644 --- a/ansible/roles/grafana-backup/defaults/main.yml +++ b/ansible/roles/grafana-backup/defaults/main.yml @@ -5,3 +5,10 @@ grafana_data_dir: /var/dockerdata/grafana/grafana.db sunbird_management_storage_account_name: sunbird_management_storage_account_key: '' grafana_backup_azure_container_name: grafana-backup + +# This variable is added for the below reason - +# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name +# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo +# or other default files and just assign the value to the newly introduced common variable +# 3. After few releases, we will remove the older variables and use only the new variables across the repos +grafana_backup_storage: "{{ grafana_backup_azure_container_name }}" \ No newline at end of file diff --git a/ansible/roles/grafana-backup/tasks/main.yml b/ansible/roles/grafana-backup/tasks/main.yml index 786bd13442..c898ada0d5 100644 --- a/ansible/roles/grafana-backup/tasks/main.yml +++ b/ansible/roles/grafana-backup/tasks/main.yml @@ -24,7 +24,7 @@ name: azure-cloud-storage tasks_from: blob-upload.yml vars: - blob_container_name: "{{ grafana_backup_azure_container_name }}" + blob_container_name: "{{ grafana_backup_storage }}" container_public_access: "off" blob_file_name: "{{ grafana_backup_gzip_file_name }}" local_file_or_folder_path: "{{ grafana_backup_gzip_file_path }}" diff --git a/ansible/roles/jenkins-backup-upload/defaults/main.yml b/ansible/roles/jenkins-backup-upload/defaults/main.yml index 18ab7e816d..40a231d3d5 100644 --- a/ansible/roles/jenkins-backup-upload/defaults/main.yml +++ b/ansible/roles/jenkins-backup-upload/defaults/main.yml @@ -3,3 +3,10 @@ jenkins_group: jenkins jenkins_backup_base_dir: /var/lib/jenkins/jenkins-backup jenkins_backup_azure_container_name: jenkins-backup jenkins_backup_max_delay_in_days: 1 + +# This variable is added for the below reason - +# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name +# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo +# or other default files and just assign the value to the newly introduced common variable +# 3. After few releases, we will remove the older variables and use only the new variables across the repos +jenkins_backup_storage: "{{ jenkins_backup_azure_container_name }}" \ No newline at end of file diff --git a/ansible/roles/jenkins-backup-upload/tasks/main.yml b/ansible/roles/jenkins-backup-upload/tasks/main.yml index e430e57c1c..d003bed89f 100644 --- a/ansible/roles/jenkins-backup-upload/tasks/main.yml +++ b/ansible/roles/jenkins-backup-upload/tasks/main.yml @@ -17,7 +17,7 @@ name: azure-cloud-storage tasks_from: blob-upload.yml vars: - blob_container_name: "{{ jenkins_backup_azure_container_name }}" + blob_container_name: "{{ jenkins_backup_storage }}" container_public_access: "off" blob_file_name: "{{ LATEST_BACKUP_DIR.stdout }}.zip" local_file_or_folder_path: "/tmp/{{ LATEST_BACKUP_DIR.stdout }}.zip" diff --git a/ansible/roles/mongodb-backup/defaults/main.yml b/ansible/roles/mongodb-backup/defaults/main.yml index 82a51650a5..d7b56ebefd 100644 --- a/ansible/roles/mongodb-backup/defaults/main.yml +++ b/ansible/roles/mongodb-backup/defaults/main.yml @@ -1,2 +1,9 @@ mongo_backup_dir: '/tmp/mongo-backup' mongo_backup_azure_container_name: "{{ mongo_backup_azure_container_name }}" + +# This variable is added for the below reason - +# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name +# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo +# or other default files and just assign the value to the newly introduced common variable +# 3. After few releases, we will remove the older variables and use only the new variables across the repos +mongo_backup_storage: "{{ mongo_backup_azure_container_name }}" \ No newline at end of file diff --git a/ansible/roles/mongodb-backup/tasks/main.yml b/ansible/roles/mongodb-backup/tasks/main.yml index 4235e52c32..1eefe6b077 100644 --- a/ansible/roles/mongodb-backup/tasks/main.yml +++ b/ansible/roles/mongodb-backup/tasks/main.yml @@ -19,7 +19,7 @@ name: azure-cloud-storage tasks_from: blob-upload.yml vars: - blob_container_name: "{{ mongo_backup_azure_container_name }}" + blob_container_name: "{{ mongo_backup_storage }}" container_public_access: "off" blob_file_name: "{{ mongo_backup_file_name }}.tar.gz" local_file_or_folder_path: "{{ mongo_backup_file_path }}.tar.gz" diff --git a/ansible/roles/offline-installer/defaults/main.yml b/ansible/roles/offline-installer/defaults/main.yml index d71509fd05..ad3803dcd1 100644 --- a/ansible/roles/offline-installer/defaults/main.yml +++ b/ansible/roles/offline-installer/defaults/main.yml @@ -1,2 +1,9 @@ --- time: "YEAR-MONTH-DATE-HOUR-MINUTE-SECOND-INSTALLERTYPE" + +# This variable is added for the below reason - +# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name +# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo +# or other default files and just assign the value to the newly introduced common variable +# 3. After few releases, we will remove the older variables and use only the new variables across the repos +offline_installer_storage: "{{ offline_installer_container_name }}" \ No newline at end of file diff --git a/ansible/roles/offline-installer/tasks/upload_to_storage.yml b/ansible/roles/offline-installer/tasks/upload_to_storage.yml index 3c62d6fc03..b8a68ba164 100644 --- a/ansible/roles/offline-installer/tasks/upload_to_storage.yml +++ b/ansible/roles/offline-installer/tasks/upload_to_storage.yml @@ -55,7 +55,7 @@ block: - name: set common azure variables set_fact: - blob_container_name: "{{ offline_installer_container_name }}" + blob_container_name: "{{ offline_installer_storage }}" container_public_access: "blob" storage_account_name: "{{ azure_public_storage_account_name }}" storage_account_key: "{{ azure_public_storage_account_key }}" diff --git a/ansible/roles/postgres-azure-managed-service-backup/defaults/main.yml b/ansible/roles/postgres-azure-managed-service-backup/defaults/main.yml index bf43091813..6e637bf3ce 100644 --- a/ansible/roles/postgres-azure-managed-service-backup/defaults/main.yml +++ b/ansible/roles/postgres-azure-managed-service-backup/defaults/main.yml @@ -8,3 +8,10 @@ db_name: postgres_admin_user: "{{sunbird_pg_user}}" postgres_hostname: "{{groups['postgresql-master-1'][0]}}" postgres_password: "{{postgres_password}}" + +# This variable is added for the below reason - +# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name +# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo +# or other default files and just assign the value to the newly introduced common variable +# 3. After few releases, we will remove the older variables and use only the new variables across the repos +postgresql_backup_storage: "{{ postgresql_backup_azure_container_name }}" \ No newline at end of file diff --git a/ansible/roles/postgres-azure-managed-service-backup/tasks/main.yml b/ansible/roles/postgres-azure-managed-service-backup/tasks/main.yml index a64f3639af..a8261d91a3 100644 --- a/ansible/roles/postgres-azure-managed-service-backup/tasks/main.yml +++ b/ansible/roles/postgres-azure-managed-service-backup/tasks/main.yml @@ -46,7 +46,7 @@ name: azure-cloud-storage tasks_from: blob-upload.yml vars: - blob_container_name: "{{ postgresql_backup_azure_container_name }}" + blob_container_name: "{{ postgresql_backup_storage }}" container_public_access: "off" blob_file_name: "{{ postgresql_backup_gzip_file_name }}.zip" local_file_or_folder_path: "{{ postgresql_backup_gzip_file_path }}" diff --git a/ansible/roles/postgres-azure-managed-service-restore/defaults/main.yml b/ansible/roles/postgres-azure-managed-service-restore/defaults/main.yml index 6a634e3bfd..4ac0d62151 100644 --- a/ansible/roles/postgres-azure-managed-service-restore/defaults/main.yml +++ b/ansible/roles/postgres-azure-managed-service-restore/defaults/main.yml @@ -12,3 +12,10 @@ postgres_user: postgres_password: postgres_hostname: postgres_env: + +# This variable is added for the below reason - +# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name +# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo +# or other default files and just assign the value to the newly introduced common variable +# 3. After few releases, we will remove the older variables and use only the new variables across the repos +postgres_backup_storage: "{{ postgres_backup_azure_container_name }}" \ No newline at end of file diff --git a/ansible/roles/postgres-azure-managed-service-restore/tasks/main.yml b/ansible/roles/postgres-azure-managed-service-restore/tasks/main.yml index 135c29280c..61b1fe3eca 100644 --- a/ansible/roles/postgres-azure-managed-service-restore/tasks/main.yml +++ b/ansible/roles/postgres-azure-managed-service-restore/tasks/main.yml @@ -14,7 +14,7 @@ name: azure-cloud-storage tasks_from: blob-download.yml vars: - blob_container_name: "{{ postgres_backup_azure_container_name }}" + blob_container_name: "{{ postgres_backup_storage }}" blob_file_name: "{{ postgres_backup_filename }}" local_file_or_folder_path: "{{ postgres_restore_dir }}/{{ postgres_backup_filepath }}" storage_account_name: "{{ azure_management_storage_account_name }}" diff --git a/ansible/roles/postgresql-backup/defaults/main.yml b/ansible/roles/postgresql-backup/defaults/main.yml index d64be512d8..f358e4f4f3 100644 --- a/ansible/roles/postgresql-backup/defaults/main.yml +++ b/ansible/roles/postgresql-backup/defaults/main.yml @@ -2,4 +2,9 @@ postgresql_backup_dir: /tmp/postgresql-backup postgresql_user: postgres postgresql_backup_azure_container_name: postgresql-backup -# Set these vars per environment as show in example below +# This variable is added for the below reason - +# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name +# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo +# or other default files and just assign the value to the newly introduced common variable +# 3. After few releases, we will remove the older variables and use only the new variables across the repos +postgresql_backup_storage: "{{ postgresql_backup_azure_container_name }}" \ No newline at end of file diff --git a/ansible/roles/postgresql-backup/tasks/main.yml b/ansible/roles/postgresql-backup/tasks/main.yml index 2e25619a10..81ce384afa 100644 --- a/ansible/roles/postgresql-backup/tasks/main.yml +++ b/ansible/roles/postgresql-backup/tasks/main.yml @@ -18,7 +18,7 @@ name: azure-cloud-storage tasks_from: blob-upload.yml vars: - blob_container_name: "{{ postgresql_backup_azure_container_name }}" + blob_container_name: "{{ postgresql_backup_storage }}" container_public_access: "off" blob_file_name: "{{ postgresql_backup_gzip_file_name }}" local_file_or_folder_path: "{{ postgresql_backup_gzip_file_path }}" diff --git a/ansible/roles/postgresql-restore/defaults/main.yml b/ansible/roles/postgresql-restore/defaults/main.yml index 0c6b17f851..5f0708ed34 100644 --- a/ansible/roles/postgresql-restore/defaults/main.yml +++ b/ansible/roles/postgresql-restore/defaults/main.yml @@ -5,8 +5,9 @@ postgresql_cluster_version: 9.5 postgresql_cluster_name: main postgresql_restore_azure_container_name: postgresql-backup -# Set these vars per environment as show in example below -# postgresql_restore_azure_storage_account_name: ntpbackupsstaging - -# Pass the parameter -# postgresql_restore_gzip_file_name: +# This variable is added for the below reason - +# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name +# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo +# or other default files and just assign the value to the newly introduced common variable +# 3. After few releases, we will remove the older variables and use only the new variables across the repos +postgresql_restore_storage: "{{ postgresql_restore_azure_container_name }}" \ No newline at end of file diff --git a/ansible/roles/postgresql-restore/tasks/main.yml b/ansible/roles/postgresql-restore/tasks/main.yml index 4075baa596..b95eff5751 100644 --- a/ansible/roles/postgresql-restore/tasks/main.yml +++ b/ansible/roles/postgresql-restore/tasks/main.yml @@ -9,7 +9,7 @@ name: azure-cloud-storage tasks_from: blob-download.yml vars: - blob_container_name: "{{ postgresql_restore_azure_container_name }}" + blob_container_name: "{{ postgresql_restore_storage }}" blob_file_name: "{{ postgresql_restore_gzip_file_name }}" local_file_or_folder_path: "{{ postgresql_restore_gzip_file_path }}" storage_account_name: "{{ azure_management_storage_account_name }}" diff --git a/ansible/roles/prometheus-backup-v2/defaults/main.yml b/ansible/roles/prometheus-backup-v2/defaults/main.yml index 0cd66df647..e3752a693f 100644 --- a/ansible/roles/prometheus-backup-v2/defaults/main.yml +++ b/ansible/roles/prometheus-backup-v2/defaults/main.yml @@ -1,3 +1,10 @@ --- # defaults file for ansible/roles/prometheus-backup-v2 -prometheus_backup_azure_container_name: prometheus-backup \ No newline at end of file +prometheus_backup_azure_container_name: prometheus-backup + +# This variable is added for the below reason - +# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name +# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo +# or other default files and just assign the value to the newly introduced common variable +# 3. After few releases, we will remove the older variables and use only the new variables across the repos +prometheus_backup_storage: "{{ prometheus_backup_azure_container_name }}" \ No newline at end of file diff --git a/ansible/roles/prometheus-backup-v2/tasks/main.yml b/ansible/roles/prometheus-backup-v2/tasks/main.yml index 6286f31ebb..071ed395e1 100644 --- a/ansible/roles/prometheus-backup-v2/tasks/main.yml +++ b/ansible/roles/prometheus-backup-v2/tasks/main.yml @@ -21,7 +21,7 @@ name: azure-cloud-storage tasks_from: blob-upload.yml vars: - blob_container_name: "{{ prometheus_backup_azure_container_name }}" + blob_container_name: "{{ prometheus_backup_storage }}" container_public_access: "off" blob_file_name: "{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" local_file_or_folder_path: "/tmp/{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" diff --git a/ansible/roles/prometheus-backup/defaults/main.yml b/ansible/roles/prometheus-backup/defaults/main.yml index dd43fbf572..17425092ee 100644 --- a/ansible/roles/prometheus-backup/defaults/main.yml +++ b/ansible/roles/prometheus-backup/defaults/main.yml @@ -4,4 +4,11 @@ prometheus_backup_azure_container_name: prometheus-backup # Set these vars per environment as show in example below # Override these values in group_vars backup_storage_name: backups -backup_storage_key: '' \ No newline at end of file +backup_storage_key: '' + +# This variable is added for the below reason - +# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name +# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo +# or other default files and just assign the value to the newly introduced common variable +# 3. After few releases, we will remove the older variables and use only the new variables across the repos +prometheus_backup_storage: "{{ prometheus_backup_azure_container_name }}" \ No newline at end of file diff --git a/ansible/roles/prometheus-backup/tasks/main.yml b/ansible/roles/prometheus-backup/tasks/main.yml index 1a71443c28..f9aaa54073 100644 --- a/ansible/roles/prometheus-backup/tasks/main.yml +++ b/ansible/roles/prometheus-backup/tasks/main.yml @@ -30,7 +30,7 @@ name: azure-cloud-storage tasks_from: blob-upload.yml vars: - blob_container_name: "{{ prometheus_backup_azure_container_name }}" + blob_container_name: "{{ prometheus_backup_storage }}" container_public_access: "off" blob_file_name: "{{ prometheus_backup_gzip_file_name }}" local_file_or_folder_path: "{{ prometheus_backup_gzip_file_path }}" diff --git a/ansible/roles/prometheus-restore/defaults/main.yml b/ansible/roles/prometheus-restore/defaults/main.yml index eba83809ca..bee405457a 100644 --- a/ansible/roles/prometheus-restore/defaults/main.yml +++ b/ansible/roles/prometheus-restore/defaults/main.yml @@ -1,2 +1,9 @@ prometheus_backup_dir: /tmp/prometheus-backup -prometheus_backup_azure_container_name: prometheus-backup \ No newline at end of file +prometheus_backup_azure_container_name: prometheus-backup + +# This variable is added for the below reason - +# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name +# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo +# or other default files and just assign the value to the newly introduced common variable +# 3. After few releases, we will remove the older variables and use only the new variables across the repos +prometheus_backup_storage: "{{ prometheus_backup_azure_container_name }}" \ No newline at end of file diff --git a/ansible/roles/prometheus-restore/tasks/main.yml b/ansible/roles/prometheus-restore/tasks/main.yml index 9b2a176882..40c9bd9225 100644 --- a/ansible/roles/prometheus-restore/tasks/main.yml +++ b/ansible/roles/prometheus-restore/tasks/main.yml @@ -7,7 +7,7 @@ name: azure-cloud-storage tasks_from: blob-download.yml vars: - blob_container_name: "{{ prometheus_backup_azure_container_name }}" + blob_container_name: "{{ prometheus_backup_storage }}" blob_file_name: "{{ prometheus_backup_filename }}" local_file_or_folder_path: "{{ prometheus_backup_dir }}/{{ prometheus_backup_filepath }}" storage_account_name: "{{ azure_management_storage_account_name }}" diff --git a/ansible/roles/redis-backup/defaults/main.yml b/ansible/roles/redis-backup/defaults/main.yml index e00b84ce4b..9f6055682a 100644 --- a/ansible/roles/redis-backup/defaults/main.yml +++ b/ansible/roles/redis-backup/defaults/main.yml @@ -1,3 +1,10 @@ redis_backup_dir: /tmp/redis-backup nodebb_redis_backup_azure_container_name: nodebb-redis-backup learner_user: learning + +# This variable is added for the below reason - +# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name +# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo +# or other default files and just assign the value to the newly introduced common variable +# 3. After few releases, we will remove the older variables and use only the new variables across the repos +nodebb_redis_backup_storage: "{{ nodebb_redis_backup_azure_container_name }}" \ No newline at end of file diff --git a/ansible/roles/redis-backup/tasks/main.yml b/ansible/roles/redis-backup/tasks/main.yml index fa621b4d6d..be66ea5292 100644 --- a/ansible/roles/redis-backup/tasks/main.yml +++ b/ansible/roles/redis-backup/tasks/main.yml @@ -18,7 +18,7 @@ name: azure-cloud-storage tasks_from: blob-upload.yml vars: - blob_container_name: "{{ nodebb_redis_backup_azure_container_name }}" + blob_container_name: "{{ nodebb_redis_backup_storage }}" container_public_access: "off" blob_file_name: "{{ redis_backup_file_name }}" local_file_or_folder_path: "{{ redis_backup_file_path }}" diff --git a/ansible/uploadFAQs.yml b/ansible/uploadFAQs.yml index a4da2d4ede..7109a65f68 100644 --- a/ansible/uploadFAQs.yml +++ b/ansible/uploadFAQs.yml @@ -20,7 +20,7 @@ name: azure-cloud-storage tasks_from: blob-upload-batch.yml vars: - blob_container_name: "{{ blob_container }}" + blob_container_name: "{{ container_name }}" container_public_access: "container" blob_container_folder_path: "" local_file_or_folder_path: "{{ playbook_dir }}/../utils/{{ item }}" diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadFAQs/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadFAQs/config.xml index c476a3de0f..b4ae2238c9 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadFAQs/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadFAQs/config.xml @@ -72,7 +72,7 @@ return """<b>This parameter is not used</b>""" true - blob_container + storage diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Sunbird-RC/jobs/Upload_RC_Schema/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Sunbird-RC/jobs/Upload_RC_Schema/config.xml index 997794c6dc..816c4f9f49 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Sunbird-RC/jobs/Upload_RC_Schema/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Sunbird-RC/jobs/Upload_RC_Schema/config.xml @@ -72,7 +72,7 @@ return """<b>This parameter is not used</b>""" true - blob_container + storage diff --git a/pipelines/upload/faqs/Jenkinsfile b/pipelines/upload/faqs/Jenkinsfile index 00588a8dd7..ee68678781 100644 --- a/pipelines/upload/faqs/Jenkinsfile +++ b/pipelines/upload/faqs/Jenkinsfile @@ -25,7 +25,7 @@ node() { jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "${currentWs}/ansible/uploadFAQs.yml" - ansibleExtraArgs = "--tags ${params.tag} --extra-vars \"container_name=${params.blob_container} source_folder=${params.source_folder} destination_path=${params.blob_container}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansibleExtraArgs = "--tags ${params.tag} --extra-vars \"container_name=${params.storage} source_folder=${params.source_folder}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('currentWs', currentWs) values.put('env', envDir) values.put('module', module) From e4d9a4a255502a35658d7fa409f596b8848c095d Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Fri, 23 Sep 2022 19:25:41 +0530 Subject: [PATCH 065/434] fix: modified vars to use generic names Signed-off-by: Keshav Prasad --- ansible/uploadFAQs.yml | 2 +- .../Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadFAQs/config.xml | 2 +- .../jobs/dev/jobs/Sunbird-RC/jobs/Upload_RC_Schema/config.xml | 2 +- pipelines/upload/faqs/Jenkinsfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/uploadFAQs.yml b/ansible/uploadFAQs.yml index 7109a65f68..8447fe4e47 100644 --- a/ansible/uploadFAQs.yml +++ b/ansible/uploadFAQs.yml @@ -20,7 +20,7 @@ name: azure-cloud-storage tasks_from: blob-upload-batch.yml vars: - blob_container_name: "{{ container_name }}" + blob_container_name: "{{ upload_storage }}" container_public_access: "container" blob_container_folder_path: "" local_file_or_folder_path: "{{ playbook_dir }}/../utils/{{ item }}" diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadFAQs/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadFAQs/config.xml index b4ae2238c9..85b7c81efb 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadFAQs/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadFAQs/config.xml @@ -72,7 +72,7 @@ return """<b>This parameter is not used</b>""" true - storage + upload_storage diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Sunbird-RC/jobs/Upload_RC_Schema/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Sunbird-RC/jobs/Upload_RC_Schema/config.xml index 816c4f9f49..ea47b8d14e 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Sunbird-RC/jobs/Upload_RC_Schema/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Sunbird-RC/jobs/Upload_RC_Schema/config.xml @@ -72,7 +72,7 @@ return """<b>This parameter is not used</b>""" true - storage + upload_storage diff --git a/pipelines/upload/faqs/Jenkinsfile b/pipelines/upload/faqs/Jenkinsfile index ee68678781..4f18801b4e 100644 --- a/pipelines/upload/faqs/Jenkinsfile +++ b/pipelines/upload/faqs/Jenkinsfile @@ -25,7 +25,7 @@ node() { jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "${currentWs}/ansible/uploadFAQs.yml" - ansibleExtraArgs = "--tags ${params.tag} --extra-vars \"container_name=${params.storage} source_folder=${params.source_folder}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansibleExtraArgs = "--tags ${params.tag} --extra-vars \"upload_storage=${params.upload_storage} source_folder=${params.source_folder}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('currentWs', currentWs) values.put('env', envDir) values.put('module', module) From 89877d8c217c9e0b1b05611fcfaf4bbfe8114222 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Sat, 24 Sep 2022 18:17:11 +0530 Subject: [PATCH 066/434] fix: incorrect variable assignments Signed-off-by: Keshav Prasad --- ansible/desktop-faq-upload.yml | 2 +- ansible/dial_upload-schema.yml | 2 +- ansible/kp_upload-schema.yml | 2 +- ansible/nodebbui-upload.yml | 2 +- ansible/plugins.yml | 4 ++-- ansible/roles/es-azure-snapshot/defaults/main.yml | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ansible/desktop-faq-upload.yml b/ansible/desktop-faq-upload.yml index 43d1789b00..c17f7e9b9a 100644 --- a/ansible/desktop-faq-upload.yml +++ b/ansible/desktop-faq-upload.yml @@ -7,7 +7,7 @@ # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos vars: - desktop_container: "{{ desktop_container_storage }}" + desktop_container_storage: "{{ desktop_container }}" tasks: - name: this block consists of tasks related to azure storage block: diff --git a/ansible/dial_upload-schema.yml b/ansible/dial_upload-schema.yml index c846ecb95e..ba7abf627b 100644 --- a/ansible/dial_upload-schema.yml +++ b/ansible/dial_upload-schema.yml @@ -8,7 +8,7 @@ # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos vars: - dial_plugin_container_name: "{{ dial_plugin_storage }}" + dial_plugin_storage: "{{ dial_plugin_container_name }}" tasks: - name: Create directories file: diff --git a/ansible/kp_upload-schema.yml b/ansible/kp_upload-schema.yml index c13633e8ab..7d7163437b 100644 --- a/ansible/kp_upload-schema.yml +++ b/ansible/kp_upload-schema.yml @@ -8,7 +8,7 @@ # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos vars: - plugin_container_name: "{{ plugin_storage }}" + plugin_storage: "{{ plugin_container_name }}" tasks: - name: upload batch of files to azure storage include_role: diff --git a/ansible/nodebbui-upload.yml b/ansible/nodebbui-upload.yml index 809d67b914..3c0bf414ae 100644 --- a/ansible/nodebbui-upload.yml +++ b/ansible/nodebbui-upload.yml @@ -9,7 +9,7 @@ # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos vars: - nodebbui_container_name: "{{ nodebbui_storage }}" + nodebbui_storage: "{{ nodebbui_container_name }}" tasks: - name: delete files and folders from azure storage using azcopy include_role: diff --git a/ansible/plugins.yml b/ansible/plugins.yml index 487f5c780d..35e34578d0 100644 --- a/ansible/plugins.yml +++ b/ansible/plugins.yml @@ -9,13 +9,13 @@ # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos vars: - plugin_container_name: "{{ plugin_storage }}" + plugin_storage: "{{ plugin_container_name }}" tasks: - name: this block consists of tasks related to azure storage block: - name: set common azure variables set_fact: - blob_container_name: "{{ plugin_container_name }}" + blob_container_name: "{{ plugin_storage }}" container_public_access: "container" blob_delete_pattern: "content-plugins/{{ plugins_name }}" blob_container_folder_path: "/content-plugins/{{ plugins_name }}" diff --git a/ansible/roles/es-azure-snapshot/defaults/main.yml b/ansible/roles/es-azure-snapshot/defaults/main.yml index f527096f18..396746aa32 100644 --- a/ansible/roles/es-azure-snapshot/defaults/main.yml +++ b/ansible/roles/es-azure-snapshot/defaults/main.yml @@ -1,7 +1,7 @@ snapshot_create_request_body: { type: azure, settings: { - container: "{{ es_azure_backup_folder_name }}", + container: "{{ es_backup_storage }}", base_path: "{{ snapshot_base_path }}_{{ base_path_date }}" } } From 4c373b9d2d05eb3ea7e81b62fa4541333c9c5860 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Sat, 24 Sep 2022 18:41:12 +0530 Subject: [PATCH 067/434] fix: moving comments section Signed-off-by: Keshav Prasad --- private_repo/ansible/inventory/dev/Core/secrets.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml index c373fa8c4f..f157d85862 100644 --- a/private_repo/ansible/inventory/dev/Core/secrets.yml +++ b/private_repo/ansible/inventory/dev/Core/secrets.yml @@ -8,8 +8,6 @@ core_vault_docker_registry_url: "change.docker.url" # for docker hub "https core_vault_docker_registry_user: "change.docker.username" core_vault_docker_registry_password: "change.docker.password" -# Define the below if you are using Azure Cloud -# Management Storage Account # Run the below command in shell # date +'%Y-%m-%dT%H:%m:%SZ' -d '+1 year' # sas_token=?`az storage account generate-sas --account-name "{{ azure_plugin_storage_account_name }}" --account-key "{{ azure_plugin_storage_account_key }}" --expiry $sas_expire_time --https-only --permissions acdlpruw --resource-types sco --services bfqt | xargs` @@ -23,6 +21,8 @@ sunbird_private_storage_account_key: "change.azure.storage.account.key" sunbird_management_storage_account_key: "change.azure.storage.account.key" sunbird_artifact_storage_account_key: "{{ sunbird_management_storage_account_key }}" +# Define the below if you are using Azure Cloud +# Management Storage Account azure_public_storage_account_key: "{{ sunbird_public_storage_account_key }}" azure_private_storage_account_key: "{{ sunbird_private_storage_account_key }}" azure_management_storage_account_key: "{{ sunbird_management_storage_account_key }}" From 516a76f92797a9e3529ebbc0520064862ca29ed0 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Sat, 24 Sep 2022 19:09:40 +0530 Subject: [PATCH 068/434] fix: add tags for set_fact task Signed-off-by: Keshav Prasad --- ansible/deploy-plugins.yml | 4 +++- ansible/desktop-faq-upload.yml | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ansible/deploy-plugins.yml b/ansible/deploy-plugins.yml index d1a0be8796..be7a6054be 100644 --- a/ansible/deploy-plugins.yml +++ b/ansible/deploy-plugins.yml @@ -29,12 +29,14 @@ storage_account_name: "{{ azure_public_storage_account_name }}" storage_account_key: "{{ azure_public_storage_account_key }}" storage_account_sas_token: "{{ azure_public_storage_account_sas }}" + tags: + - always - block: - name: delete files and folders from azure storage using azcopy include_role: name: azure-cloud-storage - tasks_from: delete-using-azcopy.yml + tasks_from: delete-using-azcopy.yml tags: - content-editor - collection-editor diff --git a/ansible/desktop-faq-upload.yml b/ansible/desktop-faq-upload.yml index c17f7e9b9a..02f29db01d 100644 --- a/ansible/desktop-faq-upload.yml +++ b/ansible/desktop-faq-upload.yml @@ -17,6 +17,8 @@ blob_file_name: "{{ destination_path }}" blob_container_folder_path: "/{{ destination_path }}" local_file_or_folder_path: "{{ playbook_dir }}/../{{ src_file_path }}" + tags: + - always - block: - name: upload file to azure storage From 99d47256e22674380a93bb9e9a3a753b4044f6a7 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 26 Sep 2022 12:23:38 +0530 Subject: [PATCH 069/434] fix: invoke blob upload role, moved few vars Signed-off-by: Keshav Prasad --- ansible/deploy-plugins.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ansible/deploy-plugins.yml b/ansible/deploy-plugins.yml index be7a6054be..ef3ea0b44a 100644 --- a/ansible/deploy-plugins.yml +++ b/ansible/deploy-plugins.yml @@ -25,7 +25,6 @@ set_fact: blob_container_name: "{{ plugin_storage }}" container_public_access: "container" - blob_container_folder_path: "/{{ folder_name }}" storage_account_name: "{{ azure_public_storage_account_name }}" storage_account_key: "{{ azure_public_storage_account_key }}" storage_account_sas_token: "{{ azure_public_storage_account_sas }}" @@ -37,6 +36,8 @@ include_role: name: azure-cloud-storage tasks_from: delete-using-azcopy.yml + vars: + blob_container_folder_path: "/{{ folder_name }}" tags: - content-editor - collection-editor @@ -49,6 +50,7 @@ name: azure-cloud-storage tasks_from: blob-upload-batch.yml vars: + blob_container_folder_path: "/{{ folder_name }}" local_file_or_folder_path: "{{ source_name }}" tags: - content-editor @@ -62,7 +64,7 @@ - name: upload file to azure storage include_role: name: azure-cloud-storage - tasks_from: blob-upload-batch.yml + tasks_from: blob-upload.yml vars: blob_file_name: "artefacts/content-player/content-player-{{ player_version_number }}.zip" local_file_or_folder_path: "{{ source_file_name }}" From d7d98695bd236685d24106c3b912d8624a30b660 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 26 Sep 2022 12:48:52 +0530 Subject: [PATCH 070/434] fix: adding build description Signed-off-by: Keshav Prasad --- pipelines/upload/chatbot/Jenkinsfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pipelines/upload/chatbot/Jenkinsfile b/pipelines/upload/chatbot/Jenkinsfile index 6aaf6d0c39..70910ef261 100644 --- a/pipelines/upload/chatbot/Jenkinsfile +++ b/pipelines/upload/chatbot/Jenkinsfile @@ -47,6 +47,8 @@ node() { values.put('ansibleExtraArgs', ansibleExtraArgs) println values ansible_playbook_run(values) + currentBuild.result = 'SUCCESS' + currentBuild.description = "Private: ${params.private_branch}, Public: ${params.branch_or_tag}" } } summary() From 498dbf13d73b8bc9e941df0242d94408e7a4495f Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 26 Sep 2022 13:29:57 +0530 Subject: [PATCH 071/434] fix: updated jenkins job param for container path Signed-off-by: Keshav Prasad --- ansible/desktop-faq-upload.yml | 4 ++-- .../dev/jobs/Kubernetes/jobs/UploadChatbotConfig/config.xml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/desktop-faq-upload.yml b/ansible/desktop-faq-upload.yml index 02f29db01d..a2789218c2 100644 --- a/ansible/desktop-faq-upload.yml +++ b/ansible/desktop-faq-upload.yml @@ -7,13 +7,13 @@ # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos vars: - desktop_container_storage: "{{ desktop_container }}" + desktop_storage: "{{ desktop_container }}" tasks: - name: this block consists of tasks related to azure storage block: - name: set common azure variables set_fact: - blob_container_name: "{{ desktop_container_storage }}" + blob_container_name: "{{ desktop_storage }}" blob_file_name: "{{ destination_path }}" blob_container_folder_path: "/{{ destination_path }}" local_file_or_folder_path: "{{ playbook_dir }}/../{{ src_file_path }}" diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadChatbotConfig/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadChatbotConfig/config.xml index c0289cf30f..ec3dbfe716 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadChatbotConfig/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadChatbotConfig/config.xml @@ -102,7 +102,7 @@ return """<b>This parameter is not used</b>""" destination_path - chatbot/router/config + router/config false From 10dec83ed4999e809c7569ce63fd33cd22a11fc2 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 26 Sep 2022 13:53:23 +0530 Subject: [PATCH 072/434] fix: updated jenkins jobs and params Signed-off-by: Keshav Prasad --- .../config.xml | 2 +- pipelines/upload/chatbot/Jenkinsfile | 5 +++++ pipelines/upload/portal-csv/Jenkinsfile | 7 +++++++ 3 files changed, 13 insertions(+), 1 deletion(-) rename deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/{Upload_CollectionHierarchy_CSV => UploadCollectionHierarchyCSV}/config.xml (99%) diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Upload_CollectionHierarchy_CSV/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml similarity index 99% rename from deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Upload_CollectionHierarchy_CSV/config.xml rename to deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml index 4818cfc99b..314e1bcd74 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Upload_CollectionHierarchy_CSV/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml @@ -125,7 +125,7 @@ return """<b>This parameter is not used</b>""" - sourcing/collection-hierarchy + collection-hierarchy diff --git a/pipelines/upload/chatbot/Jenkinsfile b/pipelines/upload/chatbot/Jenkinsfile index 70910ef261..764e73c9ba 100644 --- a/pipelines/upload/chatbot/Jenkinsfile +++ b/pipelines/upload/chatbot/Jenkinsfile @@ -54,7 +54,12 @@ node() { summary() } catch (err) { + currentBuild.result = 'FAILURE' throw err + } + finally { + slack_notify(currentBuild.result) + email_notify() } } diff --git a/pipelines/upload/portal-csv/Jenkinsfile b/pipelines/upload/portal-csv/Jenkinsfile index c8194f6694..19a0782e81 100644 --- a/pipelines/upload/portal-csv/Jenkinsfile +++ b/pipelines/upload/portal-csv/Jenkinsfile @@ -36,11 +36,18 @@ node() { values.put('ansibleExtraArgs', ansibleExtraArgs) println values ansible_playbook_run(values) + currentBuild.result = 'SUCCESS' + currentBuild.description = "Private: ${params.private_branch}, Public: ${params.branch_or_tag}" } } summary() } catch (err) { + currentBuild.result = 'FAILURE' throw err + } + finally { + slack_notify(currentBuild.result) + email_notify() } } From d1afa413d1aaac161c13457d48db7ddb6e738651 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 26 Sep 2022 15:09:06 +0530 Subject: [PATCH 073/434] fix: renamed jenkins parameters, added missing jenkins job Signed-off-by: Keshav Prasad --- ansible/desktop-faq-upload.yml | 9 +- .../UploadCollectionHierarchyCSV/config.xml | 2 +- .../jobs/UploadChatbotConfig/config.xml | 2 +- .../UploadCollectionHierarchyCSV/config.xml | 2 +- .../jobs/UploadDiscussionUIDocs/config.xml | 244 ++++++++++++++++++ pipelines/deploy/desktop-faq/Jenkinsfile | 2 +- pipelines/upload/chatbot/Jenkinsfile | 2 +- pipelines/upload/discussion-UI/Jenkinsfile | 2 +- pipelines/upload/portal-csv/Jenkinsfile | 2 +- 9 files changed, 252 insertions(+), 15 deletions(-) create mode 100644 deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadDiscussionUIDocs/config.xml diff --git a/ansible/desktop-faq-upload.yml b/ansible/desktop-faq-upload.yml index a2789218c2..0cdb89a07d 100644 --- a/ansible/desktop-faq-upload.yml +++ b/ansible/desktop-faq-upload.yml @@ -1,19 +1,12 @@ - hosts: localhost vars_files: - "{{inventory_dir}}/secrets.yml" - # The vars: section is added for the below reason - # 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name - # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo - # or other default files and just assign the value to the newly introduced common variable - # 3. After few releases, we will remove the older variables and use only the new variables across the repos - vars: - desktop_storage: "{{ desktop_container }}" tasks: - name: this block consists of tasks related to azure storage block: - name: set common azure variables set_fact: - blob_container_name: "{{ desktop_storage }}" + blob_container_name: "{{ upload_storage }}" blob_file_name: "{{ destination_path }}" blob_container_folder_path: "/{{ destination_path }}" local_file_or_folder_path: "{{ playbook_dir }}/../{{ src_file_path }}" diff --git a/deploy/jenkins/jobs/Deploy/jobs/Vidyadaan/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml b/deploy/jenkins/jobs/Deploy/jobs/Vidyadaan/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml index 0272d155c6..0236cab0eb 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/Vidyadaan/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/Vidyadaan/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml @@ -103,7 +103,7 @@ return """<b>This parameter is not used</b>""" false - container_name + upload_storage diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadChatbotConfig/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadChatbotConfig/config.xml index ec3dbfe716..defc3a0ddd 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadChatbotConfig/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadChatbotConfig/config.xml @@ -85,7 +85,7 @@ return """<b>This parameter is not used</b>""" false - container_name + upload_storage diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml index 314e1bcd74..d87aac4ee3 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml @@ -103,7 +103,7 @@ return """<b>This parameter is not used</b>""" false - container_name + upload_storage diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadDiscussionUIDocs/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadDiscussionUIDocs/config.xml new file mode 100644 index 0000000000..94f6f3a64d --- /dev/null +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadDiscussionUIDocs/config.xml @@ -0,0 +1,244 @@ + + + + false + + + + -1 + 10 + -1 + 2 + + + + + false + false + + + + + absolute_job_path + <font color=dimgray size=2><b>Do not change this value! The metadata.json will be copied from this job.</b></font> + ArtifactUpload/dev/Core/DiscussionsUI + false + + + artifact_source + <font color=dimgray size=2><b> +ArtifactRepo - Download the artifact from azure blob, JenkinsJob - Use the atrifact from Jenkins job.</b></font> + choice-parameter-9600649228560 + 1 + + true + + + + UploadDiscussionUIDocs + Deploy/dev/Kubernetes/UploadDiscussionUIDocs + + + PT_SINGLE_SELECT + false + 1 + + + build_number + + choice-parameter-9600651313765 + 1 + + true + + + + UploadDiscussionUIDocs + Deploy/dev/Kubernetes/UploadDiscussionUIDocs + + artifact_source + ET_FORMATTED_HTML + true + + + artifact_version + + choice-parameter-9600653373369 + 1 + + true + + + + UploadDiscussionUIDocs + Deploy/dev/Kubernetes/UploadDiscussionUIDocs + + artifact_source + ET_FORMATTED_HTML + true + + + private_branch + + choice-parameter-2544395024638227 + 1 + + true + + + + true + + + UploadDiscussionUIDocs + Deploy/dev/Kubernetes/UploadDiscussionUIDocs + + + ET_FORMATTED_HTML + true + + + branch_or_tag + + choice-parameter-2620434998790477 + 1 + + true + + + + true + + + UploadDiscussionUIDocs + Deploy/dev/Kubernetes/UploadDiscussionUIDocs + + + ET_FORMATTED_HTML + true + + + upload_storage + + + + discussion-ui + + + + + source_path + + + + documentation + + + + + destination_path + + + + discussion-ui/documentation + + + + + tag + + + + upload-batch + + + + + + + 0 + 0 + + false + project + false + + + + + + + + + + 2 + + + https://github.com/project-sunbird/sunbird-devops.git + + + + + ${branch_or_tag} + + + false + + + + true + false + + 0 + false + + + + pipelines/upload/discussion-UI/Jenkinsfile + false + + + false + diff --git a/pipelines/deploy/desktop-faq/Jenkinsfile b/pipelines/deploy/desktop-faq/Jenkinsfile index 620c5c2f5f..d282ec2884 100644 --- a/pipelines/deploy/desktop-faq/Jenkinsfile +++ b/pipelines/deploy/desktop-faq/Jenkinsfile @@ -25,7 +25,7 @@ node() { jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "${currentWs}/ansible/desktop-faq-upload.yml" - ansibleExtraArgs = "--extra-vars \" desktop_container=${params.desktop_container} src_file_path=${params.src_file_path} destination_path=${params.destination_path} env_name=$envDir\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag}" + ansibleExtraArgs = "--extra-vars \" upload_storage=${params.upload_storage} src_file_path=${params.src_file_path} destination_path=${params.destination_path} env_name=$envDir\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag}" values.put('currentWs', currentWs) values.put('env', envDir) values.put('module', module) diff --git a/pipelines/upload/chatbot/Jenkinsfile b/pipelines/upload/chatbot/Jenkinsfile index 764e73c9ba..c97597c44c 100644 --- a/pipelines/upload/chatbot/Jenkinsfile +++ b/pipelines/upload/chatbot/Jenkinsfile @@ -38,7 +38,7 @@ node() { jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "${currentWs}/ansible/desktop-faq-upload.yml" - ansibleExtraArgs = "--extra-vars \" desktop_container=${params.container_name} src_file_path=${params.source_path} destination_path=${params.destination_path}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag}" + ansibleExtraArgs = "--extra-vars \" upload_storage=${params.upload_storage} src_file_path=${params.source_path} destination_path=${params.destination_path}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag}" values.put('currentWs', currentWs) values.put('env', envDir) values.put('module', module) diff --git a/pipelines/upload/discussion-UI/Jenkinsfile b/pipelines/upload/discussion-UI/Jenkinsfile index 4de3383796..c4d794fb3e 100644 --- a/pipelines/upload/discussion-UI/Jenkinsfile +++ b/pipelines/upload/discussion-UI/Jenkinsfile @@ -30,7 +30,7 @@ node() { unzip ${artifact} """ ansiblePlaybook = "${currentWs}/ansible/desktop-faq-upload.yml" - ansibleExtraArgs = "--extra-vars \" desktop_container=${params.container_name} src_file_path=${params.source_path} destination_path=${params.destination_path}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag}" + ansibleExtraArgs = "--extra-vars \" upload_storage=${params.upload_storage} src_file_path=${params.source_path} destination_path=${params.destination_path}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag}" values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) println values diff --git a/pipelines/upload/portal-csv/Jenkinsfile b/pipelines/upload/portal-csv/Jenkinsfile index 19a0782e81..6e8453d3e2 100644 --- a/pipelines/upload/portal-csv/Jenkinsfile +++ b/pipelines/upload/portal-csv/Jenkinsfile @@ -27,7 +27,7 @@ node() { jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "${currentWs}/ansible/desktop-faq-upload.yml" - ansibleExtraArgs = "--extra-vars \" desktop_container=${params.container_name} src_file_path=${params.source_path} destination_path=${params.destination_path}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag}" + ansibleExtraArgs = "--extra-vars \" upload_storage=${params.upload_storage} src_file_path=${params.source_path} destination_path=${params.destination_path}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag}" values.put('currentWs', currentWs) values.put('env', envDir) values.put('module', module) From 9887254ffcdb64601c2f190b408e34021b09525a Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 26 Sep 2022 15:38:00 +0530 Subject: [PATCH 074/434] fix: added missing jobs Signed-off-by: Keshav Prasad --- .../jobs/UploadDiscussionUIDocs/config.xml | 2 +- .../jobs/UploadPortalLabel/config.xml | 189 ++++++++++++++++++ 2 files changed, 190 insertions(+), 1 deletion(-) create mode 100644 deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadPortalLabel/config.xml diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadDiscussionUIDocs/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadDiscussionUIDocs/config.xml index 94f6f3a64d..a801645925 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadDiscussionUIDocs/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadDiscussionUIDocs/config.xml @@ -182,7 +182,7 @@ return """<b>This parameter is not used</b>""" - discussion-ui/documentation + documentation diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadPortalLabel/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadPortalLabel/config.xml new file mode 100644 index 0000000000..a75d9ee220 --- /dev/null +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadPortalLabel/config.xml @@ -0,0 +1,189 @@ + + + + false + + + + -1 + -1 + -1 + 5 + + + + + false + false + + + + + private_branch + + choice-parameter-2544395024638227 + 1 + + true + + + + true + + + UploadPortalLabel + Deploy/dev/Kubernetes/UploadPortalLabel + + + ET_FORMATTED_HTML + true + + + branch_or_tag + + choice-parameter-2620434998790477 + 1 + + true + + + + true + + + UploadPortalLabel + Deploy/dev/Kubernetes/UploadPortalLabel + + + ET_FORMATTED_HTML + true + + + upload_storage + + + + label + + + + + destination_path + + + + all_labels_ta.json + all_labels_bn.json + all_labels_en.json + all_labels_hi.json + all_labels_kn.json + all_labels_mr.json + all_labels_te.json + all_labels_ur.json + all_labels_gu.json + all_labels_ml.json + all_labels_as.json + all_labels_or.json + + + + + src_file_path + + + + utils/portal/labels/all_labels_ta.json + utils/portal/labels/all_labels_bn.json + utils/portal/labels/all_labels_en.json + utils/portal/labels/all_labels_hi.json + utils/portal/labels/all_labels_kn.json + utils/portal/labels/all_labels_mr.json + utils/portal/labels/all_labels_te.json + utils/portal/labels/all_labels_ur.json + utils/portal/labels/all_labels_gu.json + utils/portal/labels/all_labels_ml.json + utils/portal/labels/all_labels_as.json + utils/portal/labels/all_labels_or.json + + + + + tag + + + + upload-label + + + + + + + 0 + 0 + + false + project + false + + + + + + + + + + SUCCESS + 0 + BLUE + true + + + + + + + + 2 + + + https://github.com/project-sunbird/sunbird-devops.git + + + + + ${branch_or_tag} + + + false + + + + true + false + + 0 + false + + + + pipelines/deploy/desktop-faq/Jenkinsfile + false + + + false + From 01975c547fdc37826bf51ffee0fb78caf4102ff9 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 26 Sep 2022 15:48:38 +0530 Subject: [PATCH 075/434] fix: updated schema folder name Signed-off-by: Keshav Prasad --- pipelines/upload/schema/dial/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pipelines/upload/schema/dial/Jenkinsfile b/pipelines/upload/schema/dial/Jenkinsfile index 1a0216c740..44cf0bca8b 100644 --- a/pipelines/upload/schema/dial/Jenkinsfile +++ b/pipelines/upload/schema/dial/Jenkinsfile @@ -29,7 +29,7 @@ node() { git clone https://github.com/project-sunbird/sunbird-dial-service.git -b ${params.dial_branch_or_tag} """ ansiblePlaybook = "${currentWs}/ansible/dial_upload-schema.yml" - ansibleExtraArgs = "--extra-vars \" source_name=${currentWs}/sunbird-dial-service/schemas \" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansibleExtraArgs = "--extra-vars \" source_name=${currentWs}/sunbird-dial-service/jsonld-schema \" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('currentWs', currentWs) values.put('env', envDir) values.put('module', module) From 1406ea07d710241f779bbfe4a5cdbd651c5dfe7d Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 26 Sep 2022 19:36:38 +0530 Subject: [PATCH 076/434] fix: revert source folder changes Signed-off-by: Keshav Prasad --- pipelines/upload/schema/dial/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pipelines/upload/schema/dial/Jenkinsfile b/pipelines/upload/schema/dial/Jenkinsfile index 44cf0bca8b..dd74b2f23f 100644 --- a/pipelines/upload/schema/dial/Jenkinsfile +++ b/pipelines/upload/schema/dial/Jenkinsfile @@ -29,7 +29,7 @@ node() { git clone https://github.com/project-sunbird/sunbird-dial-service.git -b ${params.dial_branch_or_tag} """ ansiblePlaybook = "${currentWs}/ansible/dial_upload-schema.yml" - ansibleExtraArgs = "--extra-vars \" source_name=${currentWs}/sunbird-dial-service/jsonld-schema \" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansibleExtraArgs = "--extra-vars \" source_name=${currentWs}/sunbird-dial-service/schemas\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('currentWs', currentWs) values.put('env', envDir) values.put('module', module) From 8c4d0297587c1931bf5c7f83c17bbe3b846a0e65 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Tue, 27 Sep 2022 11:19:18 +0530 Subject: [PATCH 077/434] fix: renamed jobs, formatted lines, deleted unsued plays Signed-off-by: Keshav Prasad --- ansible/nodebbui-upload.yml | 36 ----------- .../config.xml | 0 pipelines/certs-templates/Jenkinsfile | 59 ++++++++++--------- pipelines/deploy/NodebbUI/Jenkinsfile | 58 ------------------ 4 files changed, 30 insertions(+), 123 deletions(-) delete mode 100644 ansible/nodebbui-upload.yml rename deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Sunbird-RC/jobs/{Upload_RC_Schema => UploadRCSchema}/config.xml (100%) delete mode 100644 pipelines/deploy/NodebbUI/Jenkinsfile diff --git a/ansible/nodebbui-upload.yml b/ansible/nodebbui-upload.yml deleted file mode 100644 index 3c0bf414ae..0000000000 --- a/ansible/nodebbui-upload.yml +++ /dev/null @@ -1,36 +0,0 @@ -- hosts: local - become: yes - gather_facts: no - vars_files: - - "{{inventory_dir}}/secrets.yml" - # The vars: section is added for the below reason - # 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name - # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo - # or other default files and just assign the value to the newly introduced common variable - # 3. After few releases, we will remove the older variables and use only the new variables across the repos - vars: - nodebbui_storage: "{{ nodebbui_container_name }}" - tasks: - - name: delete files and folders from azure storage using azcopy - include_role: - name: azure-cloud-storage - tasks_from: delete-using-azcopy.yml - vars: - blob_container_name: "{{ nodebbui_storage }}" - blob_container_folder_path: "" - storage_account_name: "{{ azure_public_storage_account_name }}" - storage_account_sas_token: "{{ azure_public_storage_account_sas }}" - when: cloud_service_provider == "azure" - - - name: upload batch of files to azure storage - include_role: - name: azure-cloud-storage - tasks_from: blob-upload-batch.yml - vars: - blob_container_name: "{{ nodebbui_storage }}" - container_public_access: "container" - blob_container_folder_path: "" - local_file_or_folder_path: "{{ source_name }}" - storage_account_name: "{{ azure_public_storage_account_name }}" - storage_account_key: "{{ azure_public_storage_account_key }}" - when: cloud_service_provider == "azure" \ No newline at end of file diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Sunbird-RC/jobs/Upload_RC_Schema/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Sunbird-RC/jobs/UploadRCSchema/config.xml similarity index 100% rename from deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Sunbird-RC/jobs/Upload_RC_Schema/config.xml rename to deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Sunbird-RC/jobs/UploadRCSchema/config.xml diff --git a/pipelines/certs-templates/Jenkinsfile b/pipelines/certs-templates/Jenkinsfile index ea4617aa53..74fea3b5e6 100644 --- a/pipelines/certs-templates/Jenkinsfile +++ b/pipelines/certs-templates/Jenkinsfile @@ -10,39 +10,40 @@ node() { stage('checkout utils repo') { cleanWs() checkout scm - sh """ - git clone https://github.com/project-sunbird/sunbird-utils.git -b ${sunbird_util_branch_or_tag} cert-templates - """ + sh "git clone https://github.com/project-sunbird/sunbird-utils.git -b ${sunbird_util_branch_or_tag} cert-templates" } - ansiColor('xterm') { - stage('inject vars') { - values = [:] - currentWs = sh(returnStdout: true, script: 'pwd').trim() - envDir = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-3].trim() - module = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-2].trim() - jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() - - ansiblePlaybook = "${currentWs}/ansible/cert-templates.yml --vault-password-file /var/lib/jenkins/secrets/vault-pass " - if (params.badgeType == "createBadge") { - ansibleExtraArgs = " --extra-vars \"cert_location=$currentWs createBadge=True\"" - } else if (params.badgeType == "createIssuer") { - ansibleExtraArgs = " --extra-vars \"cert_location=$currentWs createIssuer=True\"" - }else if (params.badgeType == "createPublicKey") { - ansibleExtraArgs = " --extra-vars \"cert_location=$currentWs createPublicKey=True\"" - }else { - ansibleExtraArgs = " --extra-vars \"cert_location=$currentWs\"" - } - + ansiColor('xterm') { + stage('inject vars') { + values = [:] + currentWs = sh(returnStdout: true, script: 'pwd').trim() + envDir = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-3].trim() + module = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-2].trim() + jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() + ansiblePlaybook = "${currentWs}/ansible/cert-templates.yml --vault-password-file /var/lib/jenkins/secrets/vault-pass" + if (params.badgeType == "createBadge") { + ansibleExtraArgs = " --extra-vars \"cert_location=$currentWs createBadge=True\"" + } + else if (params.badgeType == "createIssuer") { + ansibleExtraArgs = " --extra-vars \"cert_location=$currentWs createIssuer=True\"" + } + else if (params.badgeType == "createPublicKey") { + ansibleExtraArgs = " --extra-vars \"cert_location=$currentWs createPublicKey=True\"" + } + else { + ansibleExtraArgs = " --extra-vars \"cert_location=$currentWs\"" + } values.put('currentWs', currentWs) values.put('env', envDir) - values.put('module', module) - values.put('jobName', jobName) - values.put('ansiblePlaybook', ansiblePlaybook) - values.put('ansibleExtraArgs', ansibleExtraArgs) - println values - ansible_playbook_run(values) - } + values.put('module', module) + values.put('jobName', jobName) + values.put('ansiblePlaybook', ansiblePlaybook) + values.put('ansibleExtraArgs', ansibleExtraArgs) + println values + ansible_playbook_run(values) + currentBuild.result = 'SUCCESS' + currentBuild.description = "Private: ${params.private_branch}, Public: ${params.branch_or_tag}" } + } } catch (err) { currentBuild.result = "FAILURE" diff --git a/pipelines/deploy/NodebbUI/Jenkinsfile b/pipelines/deploy/NodebbUI/Jenkinsfile deleted file mode 100644 index 150a57f442..0000000000 --- a/pipelines/deploy/NodebbUI/Jenkinsfile +++ /dev/null @@ -1,58 +0,0 @@ -@Library('deploy-conf') _ -node() { - try { - String ANSI_GREEN = "\u001B[32m" - String ANSI_NORMAL = "\u001B[0m" - String ANSI_BOLD = "\u001B[1m" - String ANSI_RED = "\u001B[31m" - String ANSI_YELLOW = "\u001B[33m" - - stage('checkout public repo') { - folder = new File("$WORKSPACE/.git") - if (folder.exists()) - { - println "Found .git folder. Clearing it.." - sh'git clean -fxd' - } - checkout scm - } - - ansiColor('xterm') { - values = lp_dp_params() - values.put('module', 'Core') - stage('get artifact') { - currentWs = sh(returnStdout: true, script: 'pwd').trim() - artifact = values.artifact_name + ":" + values.artifact_version - values.put('currentWs', currentWs) - values.put('artifact', artifact) - artifact_download(values) - } - stage('deploy artifact'){ - sh """ - unzip -o ${artifact} -d discussion-ui - """ - - ansiblePlaybook = "${currentWs}/ansible/nodebbui-upload.yml" - ansibleExtraArgs = "--extra-vars \"source_name=${currentWs}/discussion-ui\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" - values.put('ansiblePlaybook', ansiblePlaybook) - values.put('ansibleExtraArgs', ansibleExtraArgs) - println values - ansible_playbook_run(values) - - currentBuild.result = 'SUCCESS' - archiveArtifacts artifacts: "${artifact}", fingerprint: true, onlyIfSuccessful: true - archiveArtifacts artifacts: 'metadata.json', onlyIfSuccessful: true - currentBuild.description = "Artifact: ${values.artifact_version}, Private: ${params.private_branch}, Public: ${params.branch_or_tag}" - } - } - summary() - } - catch (err) { - currentBuild.result = 'FAILURE' - throw err - } - finally { - slack_notify(currentBuild.result) - email_notify() - } -} From 95de617943d898651349109f64fdf7741444fa2f Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Tue, 27 Sep 2022 14:59:33 +0530 Subject: [PATCH 078/434] fix: remove debug statements Signed-off-by: Keshav Prasad --- ansible/roles/cert-templates/tasks/main.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/ansible/roles/cert-templates/tasks/main.yml b/ansible/roles/cert-templates/tasks/main.yml index dcbdeebadc..93619c9394 100644 --- a/ansible/roles/cert-templates/tasks/main.yml +++ b/ansible/roles/cert-templates/tasks/main.yml @@ -44,13 +44,6 @@ storage_account_key: "{{ azure_private_storage_account_key }}" when: cloud_service_provider == "azure" -- name: list all the files - shell: "ls -lR {{cert_location}}" - register: allfiles - -- debug: - var: allfiles - - name: Remove unwanted files file: path: "{{cert_location}}/cert-templates" From 4c20bc6d3837ae31b3e5c4b44fb9719688fac094 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Tue, 27 Sep 2022 15:15:36 +0530 Subject: [PATCH 079/434] fix: formatting, don't remove files to make debug easy Signed-off-by: Keshav Prasad --- ansible/roles/cert-templates/tasks/main.yml | 7 +------ pipelines/certs-templates/Jenkinsfile | 8 ++++---- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/ansible/roles/cert-templates/tasks/main.yml b/ansible/roles/cert-templates/tasks/main.yml index 93619c9394..ee05f2adb3 100644 --- a/ansible/roles/cert-templates/tasks/main.yml +++ b/ansible/roles/cert-templates/tasks/main.yml @@ -42,9 +42,4 @@ local_file_or_folder_path: "{{ cert_location }}/cert-templates/certUtilScripts/out" storage_account_name: "{{ azure_private_storage_account_name }}" storage_account_key: "{{ azure_private_storage_account_key }}" - when: cloud_service_provider == "azure" - -- name: Remove unwanted files - file: - path: "{{cert_location}}/cert-templates" - state: absent + when: cloud_service_provider == "azure" \ No newline at end of file diff --git a/pipelines/certs-templates/Jenkinsfile b/pipelines/certs-templates/Jenkinsfile index 74fea3b5e6..eebc455109 100644 --- a/pipelines/certs-templates/Jenkinsfile +++ b/pipelines/certs-templates/Jenkinsfile @@ -21,16 +21,16 @@ node() { jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() ansiblePlaybook = "${currentWs}/ansible/cert-templates.yml --vault-password-file /var/lib/jenkins/secrets/vault-pass" if (params.badgeType == "createBadge") { - ansibleExtraArgs = " --extra-vars \"cert_location=$currentWs createBadge=True\"" + ansibleExtraArgs = " --extra-vars \"cert_location=$currentWs createBadge=True\"" } else if (params.badgeType == "createIssuer") { - ansibleExtraArgs = " --extra-vars \"cert_location=$currentWs createIssuer=True\"" + ansibleExtraArgs = " --extra-vars \"cert_location=$currentWs createIssuer=True\"" } else if (params.badgeType == "createPublicKey") { - ansibleExtraArgs = " --extra-vars \"cert_location=$currentWs createPublicKey=True\"" + ansibleExtraArgs = " --extra-vars \"cert_location=$currentWs createPublicKey=True\"" } else { - ansibleExtraArgs = " --extra-vars \"cert_location=$currentWs\"" + ansibleExtraArgs = " --extra-vars \"cert_location=$currentWs\"" } values.put('currentWs', currentWs) values.put('env', envDir) From 16db27a09088927388f024c82266542dafa6a9ac Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Tue, 27 Sep 2022 16:22:27 +0530 Subject: [PATCH 080/434] fix: added missing jobs, clean up unused files Signed-off-by: Keshav Prasad --- .../Core/jobs/OfflineInstaller/config.xml | 108 ++++++++ .../jobs/OfflineInstaller/config.xml | 235 ++++++++++++++++++ pipelines/offlineinstaller/Jenkinsfile.Deploy | 80 ------ 3 files changed, 343 insertions(+), 80 deletions(-) create mode 100644 deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/Core/jobs/OfflineInstaller/config.xml create mode 100644 deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/OfflineInstaller/config.xml delete mode 100644 pipelines/offlineinstaller/Jenkinsfile.Deploy diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/Core/jobs/OfflineInstaller/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/Core/jobs/OfflineInstaller/config.xml new file mode 100644 index 0000000000..cbff43d2d0 --- /dev/null +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/Core/jobs/OfflineInstaller/config.xml @@ -0,0 +1,108 @@ + + + + + hudson.model.ParametersDefinitionProperty + com.sonyericsson.rebuild.RebuildSettings + + + + + false + + + + -1 + -1 + -1 + 5 + + + + + false + false + + + + + absolute_job_path + <font color=dimgray size=2><b>Do not change this value! The metadata.json will be copied from this job.</b></font> + Build/Core/OfflineInstaller + false + + + build_number + <font color=darkgreen size=2><b>OPTIONAL: Specify the build job number to upload / copy the artifact built in that job.</b></font> + lastSuccessfulBuild + false + + + artifact_source + <font color=dimgray size=2><b> +ArtifactRepo - Upload and keep a copy of the artifact in Jenkins, JenkinsJob - Just keep a copy of the artifact in Jenkins.</b></font> + + + ArtifactRepo + JenkinsJob + + + + + + + 0 + 0 + + false + project + false + + + + + + + + Build/Core/OfflineInstaller + + SUCCESS + 0 + BLUE + true + + + + + + + + 2 + + + https://github.com/project-sunbird/sunbird-devops.git + + + + + ${public_repo_branch} + + + false + + + + true + false + + 0 + false + + + + pipelines/upload/artifacts/Jenkinsfile + false + + + false + diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/OfflineInstaller/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/OfflineInstaller/config.xml new file mode 100644 index 0000000000..0544e9948d --- /dev/null +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/OfflineInstaller/config.xml @@ -0,0 +1,235 @@ + + + + false + + + + -1 + -1 + -1 + 5 + + + + + + ArtifactUpload/dev/Core/OfflineInstaller + + + + false + false + + + + + absolute_job_path + <font color=dimgray size=2><b>Do not change this value! The metadata.json will be copied from this job.</b></font> + ArtifactUpload/dev/Core/OfflineInstaller + false + + + private_branch + + choice-parameter-2544395024638227 + 1 + + true + + + + true + + + OfflineInstaller + Deploy/dev/Kubernetes/OfflineInstaller + + + ET_FORMATTED_HTML + true + + + branch_or_tag + + choice-parameter-2620434998790477 + 1 + + true + + + + true + + + OfflineInstaller + Deploy/dev/Kubernetes/OfflineInstaller + + + ET_FORMATTED_HTML + true + + + offline_installer_type + <font color=dimgray size=2><b>Choose the type of installer you wanted to build</b></font> + + + windows64bit + linux64bit + windows32bit + + + + + artifact_source + <font color=dimgray size=2><b> +ArtifactRepo - Download the artifact from azure blob, JenkinsJob - Use the atrifact from Jenkins job.</b></font> + choice-parameter-1754928650096303 + 1 + + true + + + + OfflineInstaller + Deploy/dev/Kubernetes/OfflineInstaller + + + PT_SINGLE_SELECT + false + 1 + + + build_number + + choice-parameter-1754928651800681 + 1 + + true + + + + OfflineInstaller + Deploy/dev/Kubernetes/OfflineInstaller + + artifact_source + ET_FORMATTED_HTML + true + + + artifact_version + + choice-parameter-1754928653885653 + 1 + + true + + + + OfflineInstaller + Deploy/dev/Kubernetes/OfflineInstaller + + artifact_source + ET_FORMATTED_HTML + true + + + + + 0 + 0 + + false + project + false + + + + + + + + ArtifactUpload/dev/Core/OfflineInstaller + + SUCCESS + 0 + BLUE + true + + + + + + + + 2 + + + https://github.com/project-sunbird/sunbird-devops.git + + + + + ${branch_or_tag} + + + false + + + + true + false + + 1 + false + + + + pipelines/offlineinstaller/Jenkinsfile + false + + + false + diff --git a/pipelines/offlineinstaller/Jenkinsfile.Deploy b/pipelines/offlineinstaller/Jenkinsfile.Deploy deleted file mode 100644 index 710cfebc48..0000000000 --- a/pipelines/offlineinstaller/Jenkinsfile.Deploy +++ /dev/null @@ -1,80 +0,0 @@ -@Library('deploy-conf') _ -node() { - try { - String ANSI_GREEN = "\u001B[32m" - String ANSI_NORMAL = "\u001B[0m" - String ANSI_BOLD = "\u001B[1m" - String ANSI_RED = "\u001B[31m" - String ANSI_YELLOW = "\u001B[33m" - - stage('checkout public repo') { - cleanWs() - checkout scm - } - ansiColor('xterm') { - values = lp_dp_params() - stage('get artifact') { - currentWs = sh(returnStdout: true, script: 'pwd').trim() - artifact = values.artifact_name + ":" + values.artifact_version - values.put('currentWs', currentWs) - values.put('artifact', artifact) - artifact_download(values) - } - stage('deploy artifact') { - sh """ - unzip ${artifact} - mkdir offline-installer-repo - tar -xvzf src.tar.gz -C offline-installer-repo/ - """ - - ansiblePlaybook = "${currentWs}/ansible/offline-installer.yml" - ansibleExtraArgs = "--extra-vars \"offline_repo_location=$currentWs offline_installer_type=${params.offline_installer_type}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" - values.put('ansiblePlaybook', ansiblePlaybook) - values.put('ansibleExtraArgs', ansibleExtraArgs) - println values - ansible_playbook_run(values) - currentBuild.result = "SUCCESS" - currentBuild.description = "Artifact: ${values.artifact_version}, Private: ${params.private_branch}, Public: ${params.branch_or_tag}" - archiveArtifacts artifacts: "${artifact}", fingerprint: true, onlyIfSuccessful: true - archiveArtifacts artifacts: 'metadata.json', onlyIfSuccessful: true - } - - try { - stage('Build Installer, create and upload it to azure') { - dir('offline-installer-repo') { - sh """ - bash -x build.sh - """ - } - ansiblePlaybook = "${currentWs}/ansible/offline-installer.yml --vault-password-file /var/lib/jenkins/secrets/vault-pass " - ansibleExtraArgs = " --extra-vars \"offline_repo_location=$currentWs uploadInstaller=True offline_installer_type=${offline_installer_type}\"" - values.put('currentWs', currentWs) - values.put('ansiblePlaybook', ansiblePlaybook) - values.put('ansibleExtraArgs', ansibleExtraArgs) - println values - ansible_playbook_run(values) - archiveArtifacts artifacts: '*.zip', onlyIfSuccessful: true - archiveArtifacts artifacts: 'latest.json', onlyIfSuccessful: true - } - } - catch (err) { - ansiblePlaybook = "${currentWs}/ansible/offline-installer.yml --vault-password-file /var/lib/jenkins/secrets/vault-pass " - ansibleExtraArgs = " --extra-vars \"offline_repo_location=$currentWs removeOfflineInstallerFolder=True offline_installer_type=${offline_installer_type}\"" - values.put('currentWs', currentWs) - values.put('ansiblePlaybook', ansiblePlaybook) - values.put('ansibleExtraArgs', ansibleExtraArgs) - println values - ansible_playbook_run(values) - currentBuild.result = 'SUCCESS' - } - } - } - catch (err) { - currentBuild.result = "FAILURE" - throw err - } - finally { - slack_notify(currentBuild.result) - email_notify() - } -} From ea59c10aae333b9bea41fc97d38595327b4831a5 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Tue, 27 Sep 2022 16:28:16 +0530 Subject: [PATCH 081/434] fix: adding default offline store value Signed-off-by: Keshav Prasad --- ansible/inventory/env/group_vars/all.yml | 2 -- ansible/roles/desktop-deploy/defaults/main.yml | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 1f7bc11430..deec3a4a2a 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -502,8 +502,6 @@ content_import_remove_props: '["downloadUrl","variants","previewUrl","streamingU sunbird_portal_updateLoginTimeEnabled: false # Desktop app vars -#sunbird_offline_azure_storage_account: "" #added this var for adopter usecase -offline_installer_container_name: "" #added this var for adopter usecase cloud_storage_url: "{{ sunbird_public_storage_account_name }}.blob.core.windows.net" # Search-service diff --git a/ansible/roles/desktop-deploy/defaults/main.yml b/ansible/roles/desktop-deploy/defaults/main.yml index ad3803dcd1..3010db2349 100644 --- a/ansible/roles/desktop-deploy/defaults/main.yml +++ b/ansible/roles/desktop-deploy/defaults/main.yml @@ -1,5 +1,6 @@ --- time: "YEAR-MONTH-DATE-HOUR-MINUTE-SECOND-INSTALLERTYPE" +offline_installer_container_name: "{{env}}-offlineinstaller" # This variable is added for the below reason - # 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name From 306923f43f422ab4f5716c35fb2301b808fbd7ec Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Tue, 27 Sep 2022 17:01:49 +0530 Subject: [PATCH 082/434] fix: clean up unused roles Signed-off-by: Keshav Prasad --- .../roles/offline-installer/defaults/main.yml | 9 -- .../roles/offline-installer/tasks/main.yml | 50 --------- .../roles/offline-installer/tasks/remove.yml | 8 -- .../tasks/upload_to_storage.yml | 103 ------------------ .../templates/32-bit-prerequisite.sh.j2 | 7 -- .../offline-installer/templates/Dockerfile.j2 | 13 --- .../templates/artifacts.sh.j2 | 15 --- .../offline-installer/templates/build.sh.j2 | 18 --- .../offline-installer/templates/env.json.j2 | 10 -- .../offline-installer/templates/envfile.j2 | 3 - .../templates/metadata.sh.j2 | 8 -- .../templates/setupOfflineInstaller.sh.j2 | 25 ----- pipelines/offlineinstaller/Jenkinsfile | 2 +- 13 files changed, 1 insertion(+), 270 deletions(-) delete mode 100644 ansible/roles/offline-installer/defaults/main.yml delete mode 100644 ansible/roles/offline-installer/tasks/main.yml delete mode 100644 ansible/roles/offline-installer/tasks/remove.yml delete mode 100644 ansible/roles/offline-installer/tasks/upload_to_storage.yml delete mode 100644 ansible/roles/offline-installer/templates/32-bit-prerequisite.sh.j2 delete mode 100644 ansible/roles/offline-installer/templates/Dockerfile.j2 delete mode 100644 ansible/roles/offline-installer/templates/artifacts.sh.j2 delete mode 100644 ansible/roles/offline-installer/templates/build.sh.j2 delete mode 100644 ansible/roles/offline-installer/templates/env.json.j2 delete mode 100644 ansible/roles/offline-installer/templates/envfile.j2 delete mode 100644 ansible/roles/offline-installer/templates/metadata.sh.j2 delete mode 100644 ansible/roles/offline-installer/templates/setupOfflineInstaller.sh.j2 diff --git a/ansible/roles/offline-installer/defaults/main.yml b/ansible/roles/offline-installer/defaults/main.yml deleted file mode 100644 index ad3803dcd1..0000000000 --- a/ansible/roles/offline-installer/defaults/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -time: "YEAR-MONTH-DATE-HOUR-MINUTE-SECOND-INSTALLERTYPE" - -# This variable is added for the below reason - -# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name -# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo -# or other default files and just assign the value to the newly introduced common variable -# 3. After few releases, we will remove the older variables and use only the new variables across the repos -offline_installer_storage: "{{ offline_installer_container_name }}" \ No newline at end of file diff --git a/ansible/roles/offline-installer/tasks/main.yml b/ansible/roles/offline-installer/tasks/main.yml deleted file mode 100644 index e110fd3116..0000000000 --- a/ansible/roles/offline-installer/tasks/main.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- name: get the date and time for the artifact - set_fact: - time: "{{ lookup('pipe', 'date +\"%Y-%b-%d-%H-%M-%S\"') }}-{{offline_installer_type}}" - when: uploadInstaller is not defined - -- name: copy the env.json file to the repo - template: - src: "{{item}}.j2" - dest: "{{offline_repo_location}}/offline-installer-repo/src/{{item}}" - mode: '0755' - with_items: - - env.json - when: uploadInstaller is not defined - -- name: copy the installer script file and build script for building offline installer - template: - src: "{{item}}.j2" - dest: "{{offline_repo_location}}/offline-installer-repo/{{item}}" - mode: '0755' - with_items: - - build.sh - - envfile - - 32-bit-prerequisite.sh - when: uploadInstaller is not defined - -- name: create a directory to store artifacts - file: - path: "{{offline_repo_location}}/offline-installer-repo/offline_artifacts/{{time}}" - state: directory - recurse: yes - when: uploadInstaller is not defined - -- name: copy the installer script file and build script for building offline installer - template: - src: "{{item}}.j2" - dest: "{{offline_repo_location}}/offline-installer-repo/{{item}}" - mode: '0755' - with_items: - - setupOfflineInstaller.sh - when: uploadInstaller is not defined - -- name: upload to azure - include: upload_to_storage.yml - when: uploadInstaller is defined - -- name: Delete offline installer folder if any issue - include: remove.yml - when: removeOfflineInstallerFolder is defined - diff --git a/ansible/roles/offline-installer/tasks/remove.yml b/ansible/roles/offline-installer/tasks/remove.yml deleted file mode 100644 index da1512de90..0000000000 --- a/ansible/roles/offline-installer/tasks/remove.yml +++ /dev/null @@ -1,8 +0,0 @@ -- name: Delete offline installer repo - file: - path: "{{offline_repo_location}}/offline-installer-repo/" - state: absent - -- name: Notify build failure - fail: - msg: "Please check the build script, it had been failed" diff --git a/ansible/roles/offline-installer/tasks/upload_to_storage.yml b/ansible/roles/offline-installer/tasks/upload_to_storage.yml deleted file mode 100644 index b8a68ba164..0000000000 --- a/ansible/roles/offline-installer/tasks/upload_to_storage.yml +++ /dev/null @@ -1,103 +0,0 @@ ---- -- name: Get the environment name for the artifact name - shell: "cat {{offline_repo_location}}/offline-installer-repo/src/package.json | jq -r '.name'" - register: env_name - -- name: Display the environment name of the installer - debug: - msg: "{{env_name.stdout}}" - -- name: Create a variable to inject environment name to upload to azure blob - set_fact: - environment_name: "{{ env_name.stdout }}" - -- name: Get the version from the package.json file - shell: "cat {{offline_repo_location}}/offline-installer-repo/src/package.json | jq -r '.version'" - register: version - -- name: Display the version number of the installer - debug: - msg: "{{version.stdout}}" - -- name: Create a variable to inject version in the template - set_fact: - installer_version: "{{ version.stdout }}" - -- name: get the directory name - shell: "ls {{offline_repo_location}}/offline-installer-repo/offline_artifacts/" - register: folderName - -- debug: - msg: "{{folderName.stdout}}" - -- name: set the folder name to copy the artifacts - set_fact: - time: "{{folderName.stdout}}" - -- name: copy the installer artifacts and metadata files to upload it to azure blob and generate latest.json file - template: - src: "{{item}}.j2" - dest: "{{offline_repo_location}}/offline-installer-repo/{{item}}" - mode: '0755' - with_items: - - artifacts.sh - - metadata.sh - -- name: copy the artifacts and generate the metadata file - shell: "bash {{offline_repo_location}}/offline-installer-repo/{{item}}" - args: - chdir: "{{offline_repo_location}}/offline-installer-repo/" - with_items: - - artifacts.sh - - metadata.sh - -- name: this block consists of tasks related to azure storage - block: - - name: set common azure variables - set_fact: - blob_container_name: "{{ offline_installer_storage }}" - container_public_access: "blob" - storage_account_name: "{{ azure_public_storage_account_name }}" - storage_account_key: "{{ azure_public_storage_account_key }}" - - - name: upload batch of files to azure storage - include_role: - name: azure-cloud-storage - tasks_from: blob-upload-batch.yml - vars: - blob_container_folder_path: "" - local_file_or_folder_path: "{{ offline_repo_location }}/offline-installer-repo/offline_artifacts" - - - name: upload batch of files to azure storage - include_role: - name: azure-cloud-storage - tasks_from: blob-upload-batch.yml - vars: - blob_container_folder_path: "/latest" - local_file_or_folder_path: "{{ offline_repo_location }}/offline-installer-repo/offline_artifacts/{{ folderName.stdout }}" - when: cloud_service_provider == "azure" - -- name: Create a zip of the folder to archieve the artifact - archive: - path: - - "{{offline_repo_location}}/offline-installer-repo/offline_artifacts/{{folderName.stdout}}" - dest: "{{offline_repo_location}}/{{offline_installer_type}}.zip" - owner: jenkins - group: jenkins - format: zip - -- name: copy latest.json file to archieve it in jenkins - copy: - src: "{{offline_repo_location}}/offline-installer-repo/offline_artifacts/{{folderName.stdout}}/latest.json" - dest: "{{offline_repo_location}}/latest.json" - owner: jenkins - group: jenkins - remote_src: yes - -- name: change the ownership of the directory to jenkins user - file: - path: "{{offline_repo_location}}" - state: directory - recurse: yes - owner: jenkins - group: jenkins \ No newline at end of file diff --git a/ansible/roles/offline-installer/templates/32-bit-prerequisite.sh.j2 b/ansible/roles/offline-installer/templates/32-bit-prerequisite.sh.j2 deleted file mode 100644 index cbfa755b0e..0000000000 --- a/ansible/roles/offline-installer/templates/32-bit-prerequisite.sh.j2 +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -#Build the offline installer -cd /private/src/ -rm -rf node_modules -npm install leveldown --verbose -npm run dist diff --git a/ansible/roles/offline-installer/templates/Dockerfile.j2 b/ansible/roles/offline-installer/templates/Dockerfile.j2 deleted file mode 100644 index 348c4c6e0a..0000000000 --- a/ansible/roles/offline-installer/templates/Dockerfile.j2 +++ /dev/null @@ -1,13 +0,0 @@ -#FROM electronuserland/builder:wine -#MAINTAINER "S M Y ALTAMASH" "" -#ENV ELECTRON_CACHE="/root/.cache/electron" -#ENV ELECTRON_BUILDER_CACHE="/root/.cache/electron-builder" -#ENV GITHUB_ACCESS_TOKEN={{offline_git_access_token}} -#ENV GITHUB_PRIVATE_REPO={{offline_git_private_repo}} -#ENV TARGET_ENVIRONMENT={{offline_target_env}} -#WORKDIR /private/ -#ADD . /private/ -#WORKDIR /private/src/ -#CMD npm install && npm run dist -#CMD npm run dist-win64 -#CMD npm run dist-linux diff --git a/ansible/roles/offline-installer/templates/artifacts.sh.j2 b/ansible/roles/offline-installer/templates/artifacts.sh.j2 deleted file mode 100644 index ea5db269de..0000000000 --- a/ansible/roles/offline-installer/templates/artifacts.sh.j2 +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - - -if [ "{{offline_installer_type}}" == "windows32bit" ]; -then - cp '{{offline_repo_location}}/offline-installer-repo/src/dist/{{installer_version}}/win/ia32/{{environment_name}} Setup {{installer_version}}.exe' offline_artifacts/{{time}}/{{environment_name}}_{{installer_version}}_windows32bit.exe -elif [ "{{offline_installer_type}}" == "windows64bit" ]; -then - cp '{{offline_repo_location}}/offline-installer-repo/src/dist/{{installer_version}}/win/x64/{{environment_name}} Setup {{installer_version}}.exe' offline_artifacts/{{time}}/{{environment_name}}_{{installer_version}}_windows64bit.exe -elif [ "{{offline_installer_type}}" == "linux64bit" ]; -then - cp '{{offline_repo_location}}/offline-installer-repo/src/dist/{{installer_version}}/linux/x64/{{environment_name}}_{{installer_version}}_amd64.deb' offline_artifacts/{{time}}/{{environment_name}}_{{installer_version}}_linux64bit.deb -fi - - diff --git a/ansible/roles/offline-installer/templates/build.sh.j2 b/ansible/roles/offline-installer/templates/build.sh.j2 deleted file mode 100644 index 720b64b8c6..0000000000 --- a/ansible/roles/offline-installer/templates/build.sh.j2 +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -echo "Offline Installer for Sunbird" - -# Build script -set -eo pipefail - -if [ "{{offline_installer_type}}" == "windows32bit" ]; -then - - docker run --rm -v ${PWD}:/private/ i386/node:8.16.2-stretch bash -x /private/32-bit-prerequisite.sh - -fi - -#chmod +x setupOfflineInstaller.sh -docker run --rm --env-file envfile --env ELECTRON_CACHE="/root/.cache/electron" --env ELECTRON_BUILDER_CACHE="/root/.cache/electron-builder" -v ${PWD}:/project electronuserland/builder:wine bash -x setupOfflineInstaller.sh - -echo "Build the installer succesfully" diff --git a/ansible/roles/offline-installer/templates/env.json.j2 b/ansible/roles/offline-installer/templates/env.json.j2 deleted file mode 100644 index 8705f96ab9..0000000000 --- a/ansible/roles/offline-installer/templates/env.json.j2 +++ /dev/null @@ -1,10 +0,0 @@ -{ - "APP_BASE_URL": "https://sunbird.org", - "CHANNEL": "sunbird", - "TELEMETRY_SYNC_INTERVAL_IN_SECS": 30, - "APP_ID": "local.sunbird.desktop", - "TELEMETRY_PACKET_SIZE": 200, - "APP_BASE_URL_TOKEN": "{{offline_app_base_url_token}}", - "APP_NAME": "SUNBIRD", - "MODE": "standalone" -} diff --git a/ansible/roles/offline-installer/templates/envfile.j2 b/ansible/roles/offline-installer/templates/envfile.j2 deleted file mode 100644 index 9b98165e0b..0000000000 --- a/ansible/roles/offline-installer/templates/envfile.j2 +++ /dev/null @@ -1,3 +0,0 @@ -GITHUB_ACCESS_TOKEN={{offline_git_access_token}} -GITHUB_PRIVATE_REPO={{offline_git_private_repo}} -TARGET_ENVIRONMENT={{offline_target_env}} diff --git a/ansible/roles/offline-installer/templates/metadata.sh.j2 b/ansible/roles/offline-installer/templates/metadata.sh.j2 deleted file mode 100644 index 9d7e7a0dd7..0000000000 --- a/ansible/roles/offline-installer/templates/metadata.sh.j2 +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -env_name={{environment_name}} -version={{installer_version}} -artifactFolder=$(find offline_artifacts/* -type d) - -# constructing the latest.json file -echo "{\"version\":\"${version}\",\"windows\":{\"32bit\":\"${env_name}_${version}_windows32bit.exe\",\"64bit\":\"${env_name}_${version}_windows64bit.exe\"},\"linux\":{\"64bit\":\"${env_name}_${version}_linux64bit.deb\"}}" | jq '.' | tee -a {{offline_repo_location}}/offline-installer-repo/${artifactFolder}/latest.json diff --git a/ansible/roles/offline-installer/templates/setupOfflineInstaller.sh.j2 b/ansible/roles/offline-installer/templates/setupOfflineInstaller.sh.j2 deleted file mode 100644 index 64b5a019b8..0000000000 --- a/ansible/roles/offline-installer/templates/setupOfflineInstaller.sh.j2 +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -# Downgrade the node version -npm install -g n -n 8.16 -cd /project/src - -if [ "{{offline_installer_type}}" != "windows32bit" ]; -then -#Build the offline installer - npm install - npm run dist -fi - -if [ "{{offline_installer_type}}" == "windows32bit" ]; -then -# npm run dist - npm run dist-win32 -elif [ "{{offline_installer_type}}" == "windows64bit" ]; -then - npm run dist-win64 -elif [ "{{offline_installer_type}}" == "linux64bit" ]; -then - npm run dist-linux -fi diff --git a/pipelines/offlineinstaller/Jenkinsfile b/pipelines/offlineinstaller/Jenkinsfile index a4e6a8f610..c97c01a9bd 100644 --- a/pipelines/offlineinstaller/Jenkinsfile +++ b/pipelines/offlineinstaller/Jenkinsfile @@ -31,7 +31,7 @@ node() { } stage('Install the offline desktop Application') { ansiblePlaybook = "${currentWs}/ansible/offline-installer.yml --vault-password-file /var/lib/jenkins/secrets/vault-pass" - ansibleExtraArgs = "--extra-vars \"offline_repo_location=$currentWs offline_installer_type=${offline_installer_type}\" -v" + ansibleExtraArgs = "--extra-vars \"offline_repo_location=$currentWs offline_installer_type=${offline_installer_type}\"" values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) println values From 6ffe54280dc385838ade36df168fa6b83d008afd Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Wed, 28 Sep 2022 11:57:28 +0530 Subject: [PATCH 083/434] fix: removed unused files, typos Signed-off-by: Keshav Prasad --- .../roles/deploy-player/tasks/main.yml | 2 +- .../ansible/roles/helm-deploy/tasks/main.yml | 10 ++-- .../roles/sunbird-deploy/tasks/main.yml | 2 +- .../backup/jenkins-backup-upload/Jenkinsfile | 50 ------------------- 4 files changed, 7 insertions(+), 57 deletions(-) delete mode 100644 pipelines/backup/jenkins-backup-upload/Jenkinsfile diff --git a/kubernetes/ansible/roles/deploy-player/tasks/main.yml b/kubernetes/ansible/roles/deploy-player/tasks/main.yml index 5abdc85449..52500df2e3 100644 --- a/kubernetes/ansible/roles/deploy-player/tasks/main.yml +++ b/kubernetes/ansible/roles/deploy-player/tasks/main.yml @@ -48,7 +48,7 @@ loop_control: loop_var: outer_item -- name: Create the token pubic key file +- name: Create the token public key file copy: dest: "{{ chart_path }}/keys/{{ adminutil_refresh_token_public_key_kid }}" content: "{{ core_vault_sunbird_sso_publickey }}" diff --git a/kubernetes/ansible/roles/helm-deploy/tasks/main.yml b/kubernetes/ansible/roles/helm-deploy/tasks/main.yml index bd40bcfb82..a57c847b97 100644 --- a/kubernetes/ansible/roles/helm-deploy/tasks/main.yml +++ b/kubernetes/ansible/roles/helm-deploy/tasks/main.yml @@ -38,13 +38,13 @@ loop_control: loop_var: outer_item -- name: Create the token pubic key file +- name: Create the token public key file copy: dest: "{{ chart_path }}/keys/{{ adminutil_refresh_token_public_key_prefix }}" content: "{{ core_vault_sunbird_sso_publickey }}" when: release_name == "adminutils" -- name: Create the token pubic key file for ML Services +- name: Create the token public key file for ML Services copy: dest: "{{ chart_path }}/keys/{{ adminutil_refresh_token_public_key_kid }}" content: "{{ core_vault_sunbird_sso_publickey }}" @@ -107,7 +107,7 @@ args: executable: /bin/bash register: deployment_result - ignore_errors: yes + ignore_errors: true - name: Get deployed image name - deployments shell: kubectl get deployments.apps {{ release_name }} -o json -n {{ namespace }} | jq -r '.spec.template.spec.containers[0].image | split("/")[1]' @@ -121,7 +121,7 @@ args: executable: /bin/bash register: daemonset_result - ignore_errors: yes + ignore_errors: true - name: Get deployed image name - daemonsets shell: "kubectl get daemonsets {{ release_name }} -o json -n {{ namespace }} | jq '.spec.template.spec.containers | .[].image' -r | awk -F/ '{print $2}'" @@ -135,7 +135,7 @@ args: executable: /bin/bash register: statefulset_result - ignore_errors: yes + ignore_errors: true - name: Get deployed image name - statefulsets shell: "kubectl get statefulsets {{ release_name }} -o json -n {{ namespace }} | jq '.spec.template.spec.containers | .[].image' -r | awk -F/ '{print $2}'" diff --git a/kubernetes/ansible/roles/sunbird-deploy/tasks/main.yml b/kubernetes/ansible/roles/sunbird-deploy/tasks/main.yml index 33fba6fb42..09e96cf25e 100644 --- a/kubernetes/ansible/roles/sunbird-deploy/tasks/main.yml +++ b/kubernetes/ansible/roles/sunbird-deploy/tasks/main.yml @@ -39,7 +39,7 @@ loop_control: loop_var: outer_item -- name: Create the token pubic key file +- name: Create the token public key file copy: dest: "{{ chart_path }}/keys/{{ adminutil_refresh_token_public_key_kid }}" content: "{{ core_vault_sunbird_sso_publickey }}" diff --git a/pipelines/backup/jenkins-backup-upload/Jenkinsfile b/pipelines/backup/jenkins-backup-upload/Jenkinsfile deleted file mode 100644 index cd880c9390..0000000000 --- a/pipelines/backup/jenkins-backup-upload/Jenkinsfile +++ /dev/null @@ -1,50 +0,0 @@ -@Library('deploy-conf') _ -node() { - try { - String ANSI_GREEN = "\u001B[32m" - String ANSI_NORMAL = "\u001B[0m" - String ANSI_BOLD = "\u001B[1m" - String ANSI_RED = "\u001B[31m" - String ANSI_YELLOW = "\u001B[33m" - - stage('checkout public repo') { - folder = new File("$WORKSPACE/.git") - if (folder.exists()) - { - println "Found .git folder. Clearing it.." - sh'git clean -fxd' - } - checkout scm - } - - ansiColor('xterm') { - stage('deploy'){ - values = [:] - currentWs = sh(returnStdout: true, script: 'pwd').trim() - envDir = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-3].trim() - module = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-2].trim() - jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() - ansiblePlaybook = "${currentWs}/ansible/jenkins-backup.yml" - ansibleExtraArgs = "--vault-password-file /var/lib/jenkins/secrets/vault-pass" - values.put('currentWs', currentWs) - values.put('env', envDir) - values.put('module', module) - values.put('jobName', jobName) - values.put('ansiblePlaybook', ansiblePlaybook) - values.put('ansibleExtraArgs', ansibleExtraArgs) - println values - ansible_playbook_run(values) - currentBuild.result = 'SUCCESS' - currentBuild.description = "Private: ${params.private_branch}, Public: ${params.branch_or_tag}" - } - } - } - catch (err) { - currentBuild.result = "FAILURE" - throw err - } - finally { - slack_notify(currentBuild.result) - email_notify() - } -} From e635d07e7640e3aabccb8e06a85dadb0d593634f Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Wed, 28 Sep 2022 12:05:16 +0530 Subject: [PATCH 084/434] fix: remove verbosity Signed-off-by: Keshav Prasad --- pipelines/backup/jenkins-backup/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pipelines/backup/jenkins-backup/Jenkinsfile b/pipelines/backup/jenkins-backup/Jenkinsfile index 27570e2a87..787a44fe17 100644 --- a/pipelines/backup/jenkins-backup/Jenkinsfile +++ b/pipelines/backup/jenkins-backup/Jenkinsfile @@ -25,7 +25,7 @@ node() { jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "${currentWs}/ansible/jenkins-backup.yml" - ansibleExtraArgs = "-v --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansibleExtraArgs = "--vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('currentWs', currentWs) values.put('env', envDir) values.put('module', module) From 4d1b0a5222f3b7dd4203676415363ad6ca495313 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Wed, 28 Sep 2022 14:31:57 +0530 Subject: [PATCH 085/434] fix: adding default container name Signed-off-by: Keshav Prasad --- ansible/mongodb-backup.yml | 3 ++- ansible/roles/mongodb-backup/defaults/main.yml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ansible/mongodb-backup.yml b/ansible/mongodb-backup.yml index 2ab4091fc4..4db8d263bd 100644 --- a/ansible/mongodb-backup.yml +++ b/ansible/mongodb-backup.yml @@ -1,5 +1,6 @@ +--- - hosts: "{{ host }}" - become: yes + become: true vars_files: - ['{{inventory_dir}}/secrets.yml'] roles: diff --git a/ansible/roles/mongodb-backup/defaults/main.yml b/ansible/roles/mongodb-backup/defaults/main.yml index d7b56ebefd..da5a0f710f 100644 --- a/ansible/roles/mongodb-backup/defaults/main.yml +++ b/ansible/roles/mongodb-backup/defaults/main.yml @@ -1,5 +1,5 @@ mongo_backup_dir: '/tmp/mongo-backup' -mongo_backup_azure_container_name: "{{ mongo_backup_azure_container_name }}" +mongo_backup_azure_container_name: "mongodb-backup" # This variable is added for the below reason - # 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name From 19b876d2c6c217bd3273425222be8e77551b6be5 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Wed, 28 Sep 2022 15:25:46 +0530 Subject: [PATCH 086/434] feat: adding new mongo backup jobs Signed-off-by: Keshav Prasad --- .../Core/jobs/GraylogMongoDbBackup/config.xml | 130 ++++++++++++++++++ .../jobs/Core/jobs/MongoDbBackup/config.xml | 130 ++++++++++++++++++ 2 files changed, 260 insertions(+) create mode 100644 deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/GraylogMongoDbBackup/config.xml create mode 100644 deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/MongoDbBackup/config.xml diff --git a/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/GraylogMongoDbBackup/config.xml b/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/GraylogMongoDbBackup/config.xml new file mode 100644 index 0000000000..f1e05c88a9 --- /dev/null +++ b/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/GraylogMongoDbBackup/config.xml @@ -0,0 +1,130 @@ + + + + false + + + + -1 + 10 + -1 + 2 + + + + + false + false + + + + + private_branch + + choice-parameter-189743214208409 + 1 + + true + + + + true + + + GraylogMongoDbBackup + OpsAdministration/dev/Core/GraylogMongoDbBackup + + + ET_FORMATTED_HTML + true + + + branch_or_tag + + choice-parameter-189743216959018 + 1 + + true + + + + true + + + GraylogMongoDbBackup + OpsAdministration/dev/Core/GraylogMongoDbBackup + + + ET_FORMATTED_HTML + true + + + host + + graylog + false + + + + + 0 + 0 + + false + project + false + + + + + + + 00 4 * * * + + + + + + + 2 + + + https://github.com/keshavprasadms/sunbird-devops.git + + + + + ${branch_or_tag} + + + false + + + + true + false + + 0 + false + + + + pipelines/backup/mongodb-backup/Jenkinsfile + false + + + false + diff --git a/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/MongoDbBackup/config.xml b/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/MongoDbBackup/config.xml new file mode 100644 index 0000000000..ff3d4bd8f3 --- /dev/null +++ b/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/MongoDbBackup/config.xml @@ -0,0 +1,130 @@ + + + + false + + + + -1 + 10 + -1 + 2 + + + + + false + false + + + + + private_branch + + choice-parameter-189743214208409 + 1 + + true + + + + true + + + MongoDbBackup + OpsAdministration/dev/Core/MongoDbBackup + + + ET_FORMATTED_HTML + true + + + branch_or_tag + + choice-parameter-189743216959018 + 1 + + true + + + + true + + + MongoDbBackup + OpsAdministration/dev/Core/MongoDbBackup + + + ET_FORMATTED_HTML + true + + + host + + mongo_master + false + + + + + 0 + 0 + + false + project + false + + + + + + + 30 3 * * * + + + + + + + 2 + + + https://github.com/keshavprasadms/sunbird-devops.git + + + + + ${branch_or_tag} + + + false + + + + true + false + + 0 + false + + + + pipelines/backup/mongodb-backup/Jenkinsfile + false + + + false + From 332c7d70b3b37991aebcb75c0a021076780fb95c Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Wed, 28 Sep 2022 15:34:49 +0530 Subject: [PATCH 087/434] fix: delegate container creation to local Signed-off-by: Keshav Prasad --- ansible/roles/es-azure-snapshot/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/roles/es-azure-snapshot/tasks/main.yml b/ansible/roles/es-azure-snapshot/tasks/main.yml index e804b4344d..8ce0fcd267 100644 --- a/ansible/roles/es-azure-snapshot/tasks/main.yml +++ b/ansible/roles/es-azure-snapshot/tasks/main.yml @@ -8,6 +8,8 @@ include_role: name: azure-cloud-storage tasks_from: container-create.yml + apply: + delegate_to: localhost vars: blob_container_name: "{{ es_backup_storage }}" container_public_access: "off" From 765c15c25bf08de64b2ca46450f3f6507bc5851c Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Thu, 29 Sep 2022 06:41:34 +0530 Subject: [PATCH 088/434] fix: updated pip package name Signed-off-by: Keshav Prasad --- ansible/bootstrap.yml | 2 +- pipelines/backup/es-backup/Jenkinsfile | 2 +- private_repo/ansible/inventory/dev/Core/common.yml | 3 --- private_repo/ansible/inventory/dev/Core/secrets.yml | 3 --- 4 files changed, 2 insertions(+), 8 deletions(-) diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml index aba26fbbd4..d8bf9fa494 100644 --- a/ansible/bootstrap.yml +++ b/ansible/bootstrap.yml @@ -8,7 +8,7 @@ - name: Installing other packages apt: state: present - name: ['python-pkg-resources', 'python2-pip'] + name: ['python-pkg-resources', 'python-pip'] when: ansible_distribution_version | float < 18 - name: Installing other packages apt: diff --git a/pipelines/backup/es-backup/Jenkinsfile b/pipelines/backup/es-backup/Jenkinsfile index 81d46a2a2b..a941380cb9 100644 --- a/pipelines/backup/es-backup/Jenkinsfile +++ b/pipelines/backup/es-backup/Jenkinsfile @@ -25,7 +25,7 @@ node() { jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "${currentWs}/ansible/es.yml" - ansibleExtraArgs = "--tags \"es_backup\" -v --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansibleExtraArgs = "--tags \"es_backup\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('currentWs', currentWs) values.put('env', envDir) values.put('module', module) diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index 8277399b44..bd034f9bb3 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -22,7 +22,6 @@ alerts_mailing_list : "devops@myorg.com" # Comma separat # Define the below if you are using Azure Cloud -# Management Storage Account # Note - You can use the same azure account for the below variables or have separate azure accounts sunbird_public_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing public data (like contents) sunbird_private_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing private data (like reports, telemetry data) @@ -35,11 +34,9 @@ azure_management_storage_account_name: "{{ sunbird_management_storage_account_na azure_artifact_storage_account_name: "{{ sunbird_artifact_storage_account_name }}" # Define the below if you are using AWS Cloud -# Management Storage Bucket aws_management_bucket_name: "" # Define the below if you are using Google Cloud -# Management Storage Bucket gcs_management_bucket_name: "" # ------------------------------------------------------------------------------------------------------------ # diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml index f157d85862..cf76c3d66e 100644 --- a/private_repo/ansible/inventory/dev/Core/secrets.yml +++ b/private_repo/ansible/inventory/dev/Core/secrets.yml @@ -22,7 +22,6 @@ sunbird_management_storage_account_key: "change.azure.storage.account.key" sunbird_artifact_storage_account_key: "{{ sunbird_management_storage_account_key }}" # Define the below if you are using Azure Cloud -# Management Storage Account azure_public_storage_account_key: "{{ sunbird_public_storage_account_key }}" azure_private_storage_account_key: "{{ sunbird_private_storage_account_key }}" azure_management_storage_account_key: "{{ sunbird_management_storage_account_key }}" @@ -31,12 +30,10 @@ azure_public_storage_account_sas: "{{ sunbird_public_storage_account_sas }}" azure_management_storage_account_sas: "{{ sunbird_management_storage_account_sas }}" # Define the below if you are using AWS Cloud -# Management Storage Bucket aws_management_bucket_user_access_key: "" aws_management_bucket_user_secret_key: "" # Define the below if you are using Google Cloud -# Management Storage Bucket gcs_management_bucket_service_account: | From 769de28fb936a02ab4f881674fa521ec28a13d9d Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Thu, 29 Sep 2022 06:50:28 +0530 Subject: [PATCH 089/434] fix: remove unnessary all tags Signed-off-by: Keshav Prasad --- ansible/bootstrap.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml index d8bf9fa494..30d57ca52f 100644 --- a/ansible/bootstrap.yml +++ b/ansible/bootstrap.yml @@ -19,9 +19,8 @@ - bootstrap_any tags: - bootstrap_any - - all -- hosts: "{{hosts}}" +- hosts: "{{ hosts }}" become: yes ignore_unreachable: yes vars_files: @@ -40,5 +39,4 @@ roles: - vm-agents-nodeexporter tags: - - node_exporter - - all + - node_exporter \ No newline at end of file From beeabe072c2705b52a580c23ce87153113d41642 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Thu, 29 Sep 2022 14:03:28 +0530 Subject: [PATCH 090/434] fix: renamed to cassandra backup folder (#3560) Signed-off-by: Keshav Prasad --- ansible/roles/cassandra-backup/tasks/main.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ansible/roles/cassandra-backup/tasks/main.yml b/ansible/roles/cassandra-backup/tasks/main.yml index ac0682c58a..bbc7246c48 100755 --- a/ansible/roles/cassandra-backup/tasks/main.yml +++ b/ansible/roles/cassandra-backup/tasks/main.yml @@ -14,11 +14,11 @@ mode: 0755 - set_fact: - cassandra_backup_gzip_file_name: "cassandra-backup-{{ lookup('pipe', 'date +%Y%m%d') }}-{{ ansible_hostname }}-new" + cassandra_backup_folder_name: "cassandra-backup-{{ lookup('pipe', 'date +%Y%m%d') }}-{{ ansible_hostname }}-new" - name: run the backup script become: true - shell: python3 cassandra_backup.py --snapshotname "{{ cassandra_backup_gzip_file_name }}" --snapshotdirectory "{{ cassandra_backup_gzip_file_name }}" "{{additional_arguments|d('')}}" + shell: python3 cassandra_backup.py --snapshotname "{{ cassandra_backup_folder_name }}" --snapshotdirectory "{{ cassandra_backup_folder_name }}" "{{additional_arguments|d('')}}" args: chdir: /data/cassandra/backup async: 14400 @@ -39,7 +39,8 @@ vars: blob_container_name: "{{ cassandra_backup_storage }}" container_public_access: "off" - local_file_or_folder_path: "/data/cassandra/backup/{{ cassandra_backup_gzip_file_name }}" + blob_container_folder_path: "" + local_file_or_folder_path: "/data/cassandra/backup/{{ cassandra_backup_folder_name }}" storage_account_name: "{{ azure_management_storage_account_name }}" storage_account_sas_token: "{{ azure_management_storage_account_sas }}" when: cloud_service_provider == "azure" From 29dc554718d918fc76027b6427c32bce9b6d99db Mon Sep 17 00:00:00 2001 From: Akhil <30873558+saiakhil46@users.noreply.github.com> Date: Mon, 17 Oct 2022 16:44:45 +0530 Subject: [PATCH 091/434] Updated post-install script (#3564) --- .../tasks/knowledge_platform_tasks.yaml | 12 +++---- ansible/roles/post-install/tasks/main.yml | 6 ++-- .../roles/post-install/tasks/user_org.yaml | 32 +------------------ kubernetes/pipelines/post-install/Jenkinsfile | 2 +- 4 files changed, 11 insertions(+), 41 deletions(-) diff --git a/ansible/roles/post-install/tasks/knowledge_platform_tasks.yaml b/ansible/roles/post-install/tasks/knowledge_platform_tasks.yaml index f7a788d417..d88878755d 100644 --- a/ansible/roles/post-install/tasks/knowledge_platform_tasks.yaml +++ b/ansible/roles/post-install/tasks/knowledge_platform_tasks.yaml @@ -11,7 +11,7 @@ } } with_items: "{{ master_category }}" - delegate_to: "{{ learning_vm_ip }}" + delegate_to: "{{ learningservice_ip }}" - name: Create Object category uri: @@ -73,7 +73,7 @@ } } } - delegate_to: "{{ learning_vm_ip }}" + delegate_to: "{{ learningservice_ip }}" - name: Create framework category uri: @@ -89,7 +89,7 @@ } } with_items: "{{ framework_category }}" - delegate_to: "{{ learning_vm_ip }}" + delegate_to: "{{ learningservice_ip }}" - name: Create framework terms uri: @@ -105,7 +105,7 @@ } } with_items: "{{ framework_terms }}" - delegate_to: "{{ learning_vm_ip }}" + delegate_to: "{{ learningservice_ip }}" - name: Publish Framework uri: @@ -116,7 +116,7 @@ X-Channel-Id: "{{ sunbird_custodian_org_id }}" body: |- {} - delegate_to: "{{ learning_vm_ip }}" + delegate_to: "{{ learningservice_ip }}" - name: Assosiating framework with channel uri: @@ -153,7 +153,7 @@ "fields": ["name","identifier","code","description"] } } - delegate_to: "{{ learning_vm_ip }}" + delegate_to: "{{ learningservice_ip }}" register: created_framework - name: Printing the output debug: diff --git a/ansible/roles/post-install/tasks/main.yml b/ansible/roles/post-install/tasks/main.yml index 121e4d0653..84513e9d84 100644 --- a/ansible/roles/post-install/tasks/main.yml +++ b/ansible/roles/post-install/tasks/main.yml @@ -65,6 +65,6 @@ } } -# - import_tasks: knowledge_platform_tasks.yaml -# - import_tasks: user_org.yaml -# - import_tasks: forms.yaml +- import_tasks: knowledge_platform_tasks.yaml +- import_tasks: user_org.yaml +- import_tasks: forms.yaml diff --git a/ansible/roles/post-install/tasks/user_org.yaml b/ansible/roles/post-install/tasks/user_org.yaml index caee5ebaa7..e06f28ad2b 100644 --- a/ansible/roles/post-install/tasks/user_org.yaml +++ b/ansible/roles/post-install/tasks/user_org.yaml @@ -72,11 +72,6 @@ "operation":"add", "scope": [{ "organisationId": "{{ sunbird_custodian_org_id }}" }] }, - { - "role": "OFFICIAL_TEXTBOOK_BADGE_ISSUER", - "operation":"add", - "scope": [{ "organisationId": "{{ sunbird_custodian_org_id }}" }] - }, { "role": "PUBLIC", "operation":"add", @@ -87,11 +82,6 @@ "operation":"add", "scope": [{ "organisationId": "{{ sunbird_custodian_org_id }}" }] }, - { - "role": "TEACHER_BADGE_ISSUER", - "operation":"add", - "scope": [{ "organisationId": "{{ sunbird_custodian_org_id }}" }] - }, { "role": "CONTENT_CREATOR", "operation":"add", @@ -103,12 +93,7 @@ "scope": [{ "organisationId": "{{ sunbird_custodian_org_id }}" }] }, { - "role": "SYSTEM_ADMINISTRATION", - "operation":"add", - "scope": [{ "organisationId": "{{ sunbird_custodian_org_id }}" }] - }, - { - "role": "ANNOUNCEMENT_SENDER", + "role": "SYSTEM_ADMINISTRATION", "operation":"add", "scope": [{ "organisationId": "{{ sunbird_custodian_org_id }}" }] }, @@ -127,26 +112,11 @@ "operation":"add", "scope": [{ "organisationId": "{{ sunbird_custodian_org_id }}" }] }, - { - "role": "CONTENT_REVIEW", - "operation":"add", - "scope": [{ "organisationId": "{{ sunbird_custodian_org_id }}" }] - }, - { - "role": "CONTENT_CREATION", - "operation":"add", - "scope": [{ "organisationId": "{{ sunbird_custodian_org_id }}" }] - }, { "role": "MEMBERSHIP_MANAGEMENT", "operation":"add", "scope": [{ "organisationId": "{{ sunbird_custodian_org_id }}" }] }, - { - "role": "COURSE_CREATOR", - "operation":"add", - "scope": [{ "organisationId": "{{ sunbird_custodian_org_id }}" }] - }, { "role": "BOOK_CREATOR", "operation":"add", diff --git a/kubernetes/pipelines/post-install/Jenkinsfile b/kubernetes/pipelines/post-install/Jenkinsfile index deda3ff045..bab10fb0fa 100644 --- a/kubernetes/pipelines/post-install/Jenkinsfile +++ b/kubernetes/pipelines/post-install/Jenkinsfile @@ -24,7 +24,7 @@ node() { jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim().toLowerCase() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "$currentWs/ansible/post-install.yaml" - ansibleExtraArgs = "--vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag} -v" + ansibleExtraArgs = "--vault-password-file /var/lib/jenkins/secrets/vault-pass -v" values.put('currentWs', currentWs) values.put('env', envDir) values.put('module', module) From a1ab95bf3c2b49c74523a86e92c827ec8581ca87 Mon Sep 17 00:00:00 2001 From: VISHNUDAS-tunerlabse Date: Mon, 17 Oct 2022 19:24:22 +0530 Subject: [PATCH 092/434] certificates api added --- ansible/roles/kong-api/defaults/main.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 907e250460..edd37b3470 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9748,3 +9748,23 @@ kong_apis: - name: opa-checks config.required: true config.enabled: true +- name: getDetailsOfProjectsWithCertificate + uris: "{{ userProjects_service_prefix }}/mlprojects/v1/certificates" + upstream_url: "{{ ml_project_service_url }}/v1/userProjects/certificates" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - projectAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false From e37ca7291abf51ec385d9c464a3852f32b5724f1 Mon Sep 17 00:00:00 2001 From: Jayaprakash8887 Date: Wed, 19 Oct 2022 14:07:45 +0530 Subject: [PATCH 093/434] Issue #KN-9 feat: Content Publish API refactor. --- .../stack-sunbird/templates/content-service_application.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/stack-sunbird/templates/content-service_application.conf b/ansible/roles/stack-sunbird/templates/content-service_application.conf index d33dbecf6f..b45d85dee1 100644 --- a/ansible/roles/stack-sunbird/templates/content-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/content-service_application.conf @@ -493,6 +493,7 @@ kafka { urls : "{{ kafka_urls }}" topic.send.enable : true topics.instruction : "{{ env_name }}.learning.job.request" + publish.request.topic : "{{ env_name }}.publish.job.request" } # DIAL Link Config From cde575b2de6bfa1e30fdc04fa999cdeae37c4bbb Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Thu, 20 Oct 2022 16:49:51 +0530 Subject: [PATCH 094/434] Updated the ingestion specs --- ansible/roles/ml-analytics-service/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 915992714e..abd8aae3b6 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -52,10 +52,10 @@ ml_analytics_api_access_token: "{{ml_api_access_token | default('ml_core_interna ml_analytics_druid_observation_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "azure","uris": ["azure://telemetry-data-store/observation/status/sl_observation_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-observation-status","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"auto"},"dimensionsSpec":{"dimensions":["status","entity_externalId","entity_id","entity_type","solution_id","solution_externalId","submission_id","entity_name","solution_name","role_title","school_name","school_code","school_externalId","state_name","state_code","state_externalId","district_name","district_code","district_externalId","block_name","block_code","block_externalId","cluster_name","cluster_code","cluster_externalId","completedDate","channel","parent_channel","program_id","program_externalId","program_name","app_name","user_id","private_program","solution_type","organisation_name","ecm_marked_na","board_name","updatedAt","organisation_id","user_type","observed_school_name","observed_school_id","observed_school_code","observed_state_name","observed_state_id","observed_state_code","observed_district_name","observed_district_id","observed_district_code","observed_block_name","observed_block_id","observed_block_code","observed_cluster_name","observed_cluster_id","observed_cluster_code"]},"metricsSpec":[]}}}' ml_analytics_druid_project_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "azure","uris": ["azure://telemetry-data-store/projects/sl_projects.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-project","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"project_updated_date","format":"auto"},"dimensionsSpec":{"dimensions":[]},"metricsSpec":[]}}}' ml_analytics_azure_sas_token: "{{ sunbird_private_storage_account_key }}" -ml_analytics_druid_distinctCnt_obs_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount/ml_observation_distinctCount_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"status"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' -ml_analytics_druid_distinctCnt_obs_domain_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount_domain/ml_observation_distinctCount_domain.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-domain","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"string","name":"domain_name"},{"type":"string","name":"domain_externalId"},{"type":"string","name":"domain_level"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' -ml_analytics_druid_distinctCnt_obs_domain_criteria_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount_domain_criteria/ml_observation_distinctCount_domain_criteria.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-domain-criteria","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"string","name":"domain_name"},{"type":"string","name":"domain_externalId"},{"type":"string","name":"domain_level"},{"type":"string","name":"criteria_name"},{"type":"string","name":"criteria_score"},{"type":"string","name":"criteria_id"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' -ml_analytics_druid_distinctCnt_projects_status_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/projects/distinctCount/ml_projects_distinctCount.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"project_title"},{"type":"string","name":"solution_id"},{"type":"string","name":"status_of_project"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"private_program"},{"type":"string","name":"project_created_type"},{"type":"string","name":"parent_channel"},{"type":"long","name":"unique_projects"},{"type":"long","name":"unique_users"},{"type":"long","name":"no_of_imp_with_evidence"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' +ml_analytics_druid_distinctCnt_obs_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount/ml_observation_distinctCount_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"status"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' +ml_analytics_druid_distinctCnt_obs_domain_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount_domain/ml_observation_distinctCount_domain.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-domain","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"string","name":"domain_name"},{"type":"string","name":"domain_externalId"},{"type":"string","name":"domain_level"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' +ml_analytics_druid_distinctCnt_obs_domain_criteria_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount_domain_criteria/ml_observation_distinctCount_domain_criteria.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-domain-criteria","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"string","name":"domain_name"},{"type":"string","name":"domain_externalId"},{"type":"string","name":"domain_level"},{"type":"string","name":"criteria_name"},{"type":"string","name":"criteria_score"},{"type":"string","name":"criteria_id"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' +ml_analytics_druid_distinctCnt_projects_status_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/projects/distinctCount/ml_projects_distinctCount.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"project_title"},{"type":"string","name":"solution_id"},{"type":"string","name":"status_of_project"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"private_program"},{"type":"string","name":"project_created_type"},{"type":"string","name":"parent_channel"},{"type":"long","name":"unique_projects"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"long","name":"no_of_imp_with_evidence"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' ml_analytics_obs_distinctCnt_azure_blob_path: "observation/distinctCount/" ml_analytics_obs_distinctCnt_domain_azure_blob_path: "observation/distinctCount_domain/" ml_analytics_obs_distinctCnt_domain_criteria_azure_blob_path: "observation/distinctCount_domain_criteria/" From f2dacabae324e635d74e42ca451f9dcf080b8add Mon Sep 17 00:00:00 2001 From: VISHNUDAS-tunerlabse Date: Tue, 25 Oct 2022 11:57:37 +0530 Subject: [PATCH 095/434] project certificate schema jsons added --- .../registry/schemas/ProjectCertificate.json | 75 ++++++ .../final_project_credential_template.json | 28 +++ .../schema/final_project_sunbird_context.json | 91 +++++++ .../schema/final_project_v1_context.json | 237 ++++++++++++++++++ 4 files changed, 431 insertions(+) create mode 100644 kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json create mode 100644 utils/sunbird-RC/schema/final_project_credential_template.json create mode 100644 utils/sunbird-RC/schema/final_project_sunbird_context.json create mode 100644 utils/sunbird-RC/schema/final_project_v1_context.json diff --git a/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json b/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json new file mode 100644 index 0000000000..c8555839d8 --- /dev/null +++ b/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json @@ -0,0 +1,75 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "type": "object", + "properties": { + "ProjectCertificate": { + "$ref": "#/definitions/ProjectCertificate" + } + }, + "required": [ + "ProjectCertificate" + ], + "title": "ProjectCertificate", + "definitions": { + "ProjectCertificate": { + "$id": "#/properties/ProjectCertificate", + "type": "object", + "title": "The ProjectCertificate Schema", + "required": [ + "recipient" + ], + "properties": { + "status": { + "type": "string", + "enum": ["ACTIVE", "REVOKED", "DELETED"] + }, + "recipient":{ + "$id": "#/properties/recipient", + "$ref": "Recipient.json#/definitions/Recipient" + }, + "templateUrl": { + "type": "string" + }, + "issuer":{ + "$id": "#/properties/issuer", + "$ref": "Issuer.json#/definitions/Issuer" + }, + "projectName":{ + "type": "string" + }, + "projectId":{ + "type": "string" + }, + "solutionId":{ + "type": "string" + }, + "solutionName":{ + "type": "string" + }, + "programId":{ + "type": "string" + }, + "programName":{ + "type": "string" + }, + "completedDate": { + "type": "string" + } + + } + } + }, + "_osConfig": { + "uniqueIndexFields": [ + ], + "ownershipAttributes": [], + "roles": [ + ], + "inviteRoles": [ + "anonymous" + ], + "systemFields": ["osCreatedAt", "osUpdatedAt", "osCreatedBy", "osUpdatedBy"], + "enableLogin": false, + "credentialTemplate": "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/final_project_credential_template.json" + } +} \ No newline at end of file diff --git a/utils/sunbird-RC/schema/final_project_credential_template.json b/utils/sunbird-RC/schema/final_project_credential_template.json new file mode 100644 index 0000000000..2ff3508e79 --- /dev/null +++ b/utils/sunbird-RC/schema/final_project_credential_template.json @@ -0,0 +1,28 @@ +{ + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/final_project_v1_context.json", + "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/final_project_sunbird_context.json" + ], + "type": [ + "VerifiableCredential" + ], + "id":"did:sunbird:{{osid}}", + "issuanceDate": "{{osCreatedAt}}", + "credentialSubject": { + "type":"{{certificateLabel}}", + "recipientName": "{{recipient.name}}", + "projectName": "{{projectName}}", + "projectId": "{{projectId}}", + "solutionId": "{{solutionId}}", + "solutionName": "{{solutionName}}" + }, + "issuer":{ + "id":"https://raw.githubusercontent.com/project-sunbird/sunbird-devops/release-4.8.0/kubernetes/helm_charts/sunbird-RC/registry/templates/READ.md#Issuer", + "type":[ + "Issuer" + ], + "name":"{{issuer.name}}", + "publicKey":["{{issuer.kid}}"] + } + } \ No newline at end of file diff --git a/utils/sunbird-RC/schema/final_project_sunbird_context.json b/utils/sunbird-RC/schema/final_project_sunbird_context.json new file mode 100644 index 0000000000..bbc31a4010 --- /dev/null +++ b/utils/sunbird-RC/schema/final_project_sunbird_context.json @@ -0,0 +1,91 @@ +{ + "@context": { + "@version": 1.1, + "@protected": true, + "ProjectCertificate": { + "@id": "https://raw.githubusercontent.com/project-sunbird/sunbird-devops/release-4.8.0/kubernetes/helm_charts/sunbird-RC/registry/templates/READ.md#ProjectCertificate", + "@context": { + "id": "@id", + "@version": 1.1, + "@protected": true, + "ProjectCertificate": "schema:Text" + } + }, + "projectName":{ + "@id":"https://raw.githubusercontent.com/project-sunbird/sunbird-devops/release-4.8.0/kubernetes/helm_charts/sunbird-RC/registry/templates/READ.md#projectName", + "@context": { + "name":"schema:Text" + } + }, + "projectId":{ + "@id":"https://raw.githubusercontent.com/project-sunbird/sunbird-devops/release-4.8.0/kubernetes/helm_charts/sunbird-RC/registry/templates/READ.md#projectId", + "@context": { + "name":"schema:Text" + } + }, + "solutionName":{ + "@id":"https://raw.githubusercontent.com/project-sunbird/sunbird-devops/release-4.8.0/kubernetes/helm_charts/sunbird-RC/registry/templates/READ.md#solutionName", + "@context": { + "name":"schema:Text" + } + }, + "solutionId":{ + "@id":"https://raw.githubusercontent.com/project-sunbird/sunbird-devops/release-4.8.0/kubernetes/helm_charts/sunbird-RC/registry/templates/READ.md#solutionId", + "@context": { + "name":"schema:Text" + } + }, + "recipientName":{ + "@id":"https://raw.githubusercontent.com/project-sunbird/sunbird-devops/release-4.8.0/kubernetes/helm_charts/sunbird-RC/registry/templates/READ.md#recipientName", + "@context": { + "name":"schema:Text" + } + }, + "name":{ + "@id":"https://raw.githubusercontent.com/project-sunbird/sunbird-devops/release-4.8.0/kubernetes/helm_charts/sunbird-RC/registry/templates/READ.md#name", + "@context": { + "name":"schema:Text" + } + }, + "publicKey":{ + "@id":"https://raw.githubusercontent.com/project-sunbird/sunbird-devops/release-4.8.0/kubernetes/helm_charts/sunbird-RC/registry/templates/READ.md#publicKey", + "@context": { + "name":"schema:Text" + } + }, + "url":{ + "@id":"https://raw.githubusercontent.com/project-sunbird/sunbird-devops/release-4.8.0/kubernetes/helm_charts/sunbird-RC/registry/templates/READ.md#url", + "@context": { + "name":"schema:Text" + } + }, + "designation":{ + "@id":"https://raw.githubusercontent.com/project-sunbird/sunbird-devops/release-4.8.0/kubernetes/helm_charts/sunbird-RC/registry/templates/READ.md#designation", + "@context": { + "name":"schema:Text" + } + }, + "image":{ + "@id":"https://raw.githubusercontent.com/project-sunbird/sunbird-devops/release-4.8.0/kubernetes/helm_charts/sunbird-RC/registry/templates/READ.md#image", + "@context": { + "name":"schema:Text" + } + }, + "identity":{ + "@id":"https://raw.githubusercontent.com/project-sunbird/sunbird-devops/release-4.8.0/kubernetes/helm_charts/sunbird-RC/registry/templates/READ.md#identity", + "@context": { + "name":"schema:Text" + } + }, + "signatory": { + "@id":"https://github.com/sunbird-specs/vc-specs#signatory", + "@container": "@list" + }, + "templateUrl": { + "@id": "https://raw.githubusercontent.com/project-sunbird/sunbird-devops/release-4.8.0/kubernetes/helm_charts/sunbird-RC/registry/templates/READ.md#templateUrl", + "@context": { + "name": "schema:Text" + } + } + } +} \ No newline at end of file diff --git a/utils/sunbird-RC/schema/final_project_v1_context.json b/utils/sunbird-RC/schema/final_project_v1_context.json new file mode 100644 index 0000000000..d028ec2a3f --- /dev/null +++ b/utils/sunbird-RC/schema/final_project_v1_context.json @@ -0,0 +1,237 @@ +{ + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "VerifiableCredential": { + "@id": "https://www.w3.org/2018/credentials#VerifiableCredential", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "cred": "https://www.w3.org/2018/credentials#", + "sec": "https://w3id.org/security#", + "xsd": "http://www.w3.org/2001/XMLSchema#", + + "credentialSchema": { + "@id": "cred:credentialSchema", + "@type": "@id", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "cred": "https://www.w3.org/2018/credentials#", + + "JsonSchemaValidator2018": "cred:JsonSchemaValidator2018" + } + }, + "credentialStatus": {"@id": "cred:credentialStatus", "@type": "@id"}, + "credentialSubject": {"@id": "cred:credentialSubject", "@type": "@id"}, + "evidence": {"@id": "cred:evidence", "@type": "@id"}, + "expirationDate": {"@id": "cred:expirationDate", "@type": "xsd:dateTime"}, + "holder": {"@id": "cred:holder", "@type": "@id"}, + "issued": {"@id": "cred:issued", "@type": "xsd:dateTime"}, + "issuer": {"@id": "cred:issuer", "@type": "@id"}, + "issuanceDate": {"@id": "cred:issuanceDate", "@type": "xsd:dateTime"}, + "proof": {"@id": "sec:proof", "@type": "@id", "@container": "@graph"}, + "refreshService": { + "@id": "cred:refreshService", + "@type": "@id", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "cred": "https://www.w3.org/2018/credentials#", + + "ManualRefreshService2018": "cred:ManualRefreshService2018" + } + }, + "termsOfUse": {"@id": "cred:termsOfUse", "@type": "@id"}, + "validFrom": {"@id": "cred:validFrom", "@type": "xsd:dateTime"}, + "validUntil": {"@id": "cred:validUntil", "@type": "xsd:dateTime"} + } + }, + + "VerifiablePresentation": { + "@id": "https://www.w3.org/2018/credentials#VerifiablePresentation", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "cred": "https://www.w3.org/2018/credentials#", + "sec": "https://w3id.org/security#", + + "holder": {"@id": "cred:holder", "@type": "@id"}, + "proof": {"@id": "sec:proof", "@type": "@id", "@container": "@graph"}, + "verifiableCredential": {"@id": "cred:verifiableCredential", "@type": "@id", "@container": "@graph"} + } + }, + + "EcdsaSecp256k1Signature2019": { + "@id": "https://w3id.org/security#EcdsaSecp256k1Signature2019", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "sec": "https://w3id.org/security#", + "xsd": "http://www.w3.org/2001/XMLSchema#", + + "challenge": "sec:challenge", + "created": {"@id": "http://purl.org/dc/terms/created", "@type": "xsd:dateTime"}, + "domain": "sec:domain", + "expires": {"@id": "sec:expiration", "@type": "xsd:dateTime"}, + "jws": "sec:jws", + "nonce": "sec:nonce", + "proofPurpose": { + "@id": "sec:proofPurpose", + "@type": "@vocab", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "sec": "https://w3id.org/security#", + + "assertionMethod": {"@id": "sec:assertionMethod", "@type": "@id", "@container": "@set"}, + "authentication": {"@id": "sec:authenticationMethod", "@type": "@id", "@container": "@set"} + } + }, + "proofValue": "sec:proofValue", + "verificationMethod": {"@id": "sec:verificationMethod", "@type": "@id"} + } + }, + + "EcdsaSecp256r1Signature2019": { + "@id": "https://w3id.org/security#EcdsaSecp256r1Signature2019", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "sec": "https://w3id.org/security#", + "xsd": "http://www.w3.org/2001/XMLSchema#", + + "challenge": "sec:challenge", + "created": {"@id": "http://purl.org/dc/terms/created", "@type": "xsd:dateTime"}, + "domain": "sec:domain", + "expires": {"@id": "sec:expiration", "@type": "xsd:dateTime"}, + "jws": "sec:jws", + "nonce": "sec:nonce", + "proofPurpose": { + "@id": "sec:proofPurpose", + "@type": "@vocab", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "sec": "https://w3id.org/security#", + + "assertionMethod": {"@id": "sec:assertionMethod", "@type": "@id", "@container": "@set"}, + "authentication": {"@id": "sec:authenticationMethod", "@type": "@id", "@container": "@set"} + } + }, + "proofValue": "sec:proofValue", + "verificationMethod": {"@id": "sec:verificationMethod", "@type": "@id"} + } + }, + + "Ed25519Signature2018": { + "@id": "https://w3id.org/security#Ed25519Signature2018", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "sec": "https://w3id.org/security#", + "xsd": "http://www.w3.org/2001/XMLSchema#", + + "challenge": "sec:challenge", + "created": {"@id": "http://purl.org/dc/terms/created", "@type": "xsd:dateTime"}, + "domain": "sec:domain", + "expires": {"@id": "sec:expiration", "@type": "xsd:dateTime"}, + "jws": "sec:jws", + "nonce": "sec:nonce", + "proofPurpose": { + "@id": "sec:proofPurpose", + "@type": "@vocab", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "sec": "https://w3id.org/security#", + + "assertionMethod": {"@id": "sec:assertionMethod", "@type": "@id", "@container": "@set"}, + "authentication": {"@id": "sec:authenticationMethod", "@type": "@id", "@container": "@set"} + } + }, + "proofValue": "sec:proofValue", + "verificationMethod": {"@id": "sec:verificationMethod", "@type": "@id"} + } + }, + + "RsaSignature2018": { + "@id": "https://w3id.org/security#RsaSignature2018", + "@context": { + "@version": 1.1, + "@protected": true, + + "challenge": "sec:challenge", + "created": {"@id": "http://purl.org/dc/terms/created", "@type": "xsd:dateTime"}, + "domain": "sec:domain", + "expires": {"@id": "sec:expiration", "@type": "xsd:dateTime"}, + "jws": "sec:jws", + "nonce": "sec:nonce", + "proofPurpose": { + "@id": "sec:proofPurpose", + "@type": "@vocab", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "sec": "https://w3id.org/security#", + + "assertionMethod": {"@id": "sec:assertionMethod", "@type": "@id", "@container": "@set"}, + "authentication": {"@id": "sec:authenticationMethod", "@type": "@id", "@container": "@set"} + } + }, + "proofValue": "sec:proofValue", + "verificationMethod": {"@id": "sec:verificationMethod", "@type": "@id"} + } + }, + + "proof": {"@id": "https://w3id.org/security#proof", "@type": "@id", "@container": "@graph"} + } + } \ No newline at end of file From d32a99d8194a51e78f7a0c59a161cd52282528b9 Mon Sep 17 00:00:00 2001 From: VISHNUDAS-tunerlabse Date: Tue, 25 Oct 2022 17:29:21 +0530 Subject: [PATCH 096/434] certicificate schema filename changes and project certificate api added --- ansible/roles/kong-api/defaults/main.yml | 25 ++++++++++- .../registry/schemas/ProjectCertificate.json | 44 +++++++++---------- ....json => project_credential_template.json} | 4 +- ...text.json => project_sunbird_context.json} | 0 ...1_context.json => project_v1_context.json} | 0 5 files changed, 48 insertions(+), 25 deletions(-) rename utils/sunbird-RC/schema/{final_project_credential_template.json => project_credential_template.json} (82%) rename utils/sunbird-RC/schema/{final_project_sunbird_context.json => project_sunbird_context.json} (100%) rename utils/sunbird-RC/schema/{final_project_v1_context.json => project_v1_context.json} (100%) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index edd37b3470..2673650119 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9748,7 +9748,8 @@ kong_apis: - name: opa-checks config.required: true config.enabled: true -- name: getDetailsOfProjectsWithCertificate + +- name: projectCertificateList uris: "{{ userProjects_service_prefix }}/mlprojects/v1/certificates" upstream_url: "{{ ml_project_service_url }}/v1/userProjects/certificates" strip_uri: true @@ -9768,3 +9769,25 @@ kong_apis: - name: opa-checks config.required: false config.enabled: false +- name: createRCProjectCertificate + uris: "{{ registry_service_prefix }}/certificate/v1/create" + upstream_url: "{{ registry_service_url }}/api/v1/ProjectCertificate" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - certificateCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: request-transformer + config.remove.headers: Authorization + - name: opa-checks + config.required: true + config.enabled: true diff --git a/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json b/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json index c8555839d8..31257ac8b1 100644 --- a/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json +++ b/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json @@ -34,27 +34,27 @@ "$id": "#/properties/issuer", "$ref": "Issuer.json#/definitions/Issuer" }, - "projectName":{ - "type": "string" - }, - "projectId":{ - "type": "string" - }, - "solutionId":{ - "type": "string" - }, - "solutionName":{ - "type": "string" - }, - "programId":{ - "type": "string" - }, - "programName":{ - "type": "string" - }, - "completedDate": { - "type": "string" - } + "projectName":{ + "type": "string" + }, + "projectId":{ + "type": "string" + }, + "solutionId":{ + "type": "string" + }, + "solutionName":{ + "type": "string" + }, + "programId":{ + "type": "string" + }, + "programName":{ + "type": "string" + }, + "completedDate": { + "type": "string" + } } } @@ -70,6 +70,6 @@ ], "systemFields": ["osCreatedAt", "osUpdatedAt", "osCreatedBy", "osUpdatedBy"], "enableLogin": false, - "credentialTemplate": "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/final_project_credential_template.json" + "credentialTemplate": "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/project_credential_template.json" } } \ No newline at end of file diff --git a/utils/sunbird-RC/schema/final_project_credential_template.json b/utils/sunbird-RC/schema/project_credential_template.json similarity index 82% rename from utils/sunbird-RC/schema/final_project_credential_template.json rename to utils/sunbird-RC/schema/project_credential_template.json index 2ff3508e79..230fdccce9 100644 --- a/utils/sunbird-RC/schema/final_project_credential_template.json +++ b/utils/sunbird-RC/schema/project_credential_template.json @@ -1,8 +1,8 @@ { "@context": [ "https://www.w3.org/2018/credentials/v1", - "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/final_project_v1_context.json", - "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/final_project_sunbird_context.json" + "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/project_v1_context.json", + "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/project_sunbird_context.json" ], "type": [ "VerifiableCredential" diff --git a/utils/sunbird-RC/schema/final_project_sunbird_context.json b/utils/sunbird-RC/schema/project_sunbird_context.json similarity index 100% rename from utils/sunbird-RC/schema/final_project_sunbird_context.json rename to utils/sunbird-RC/schema/project_sunbird_context.json diff --git a/utils/sunbird-RC/schema/final_project_v1_context.json b/utils/sunbird-RC/schema/project_v1_context.json similarity index 100% rename from utils/sunbird-RC/schema/final_project_v1_context.json rename to utils/sunbird-RC/schema/project_v1_context.json From 179885117785d858a1071ca54718bf659ce1e3f1 Mon Sep 17 00:00:00 2001 From: VISHNUDAS-tunerlabse Date: Tue, 25 Oct 2022 17:39:48 +0530 Subject: [PATCH 097/434] format changes --- ansible/roles/kong-api/defaults/main.yml | 1 + .../registry/schemas/ProjectCertificate.json | 54 +++++++++---------- 2 files changed, 28 insertions(+), 27 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 2673650119..f9ae07e61c 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9769,6 +9769,7 @@ kong_apis: - name: opa-checks config.required: false config.enabled: false + - name: createRCProjectCertificate uris: "{{ registry_service_prefix }}/certificate/v1/create" upstream_url: "{{ registry_service_url }}/api/v1/ProjectCertificate" diff --git a/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json b/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json index 31257ac8b1..98f3bb91e9 100644 --- a/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json +++ b/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json @@ -11,29 +11,29 @@ ], "title": "ProjectCertificate", "definitions": { - "ProjectCertificate": { - "$id": "#/properties/ProjectCertificate", - "type": "object", - "title": "The ProjectCertificate Schema", - "required": [ - "recipient" - ], - "properties": { - "status": { - "type": "string", - "enum": ["ACTIVE", "REVOKED", "DELETED"] - }, - "recipient":{ - "$id": "#/properties/recipient", - "$ref": "Recipient.json#/definitions/Recipient" - }, - "templateUrl": { - "type": "string" - }, - "issuer":{ - "$id": "#/properties/issuer", - "$ref": "Issuer.json#/definitions/Issuer" - }, + "ProjectCertificate": { + "$id": "#/properties/ProjectCertificate", + "type": "object", + "title": "The ProjectCertificate Schema", + "required": [ + "recipient" + ], + "properties": { + "status": { + "type": "string", + "enum": ["ACTIVE", "REVOKED", "DELETED"] + }, + "recipient":{ + "$id": "#/properties/recipient", + "$ref": "Recipient.json#/definitions/Recipient" + }, + "templateUrl": { + "type": "string" + }, + "issuer":{ + "$id": "#/properties/issuer", + "$ref": "Issuer.json#/definitions/Issuer" + }, "projectName":{ "type": "string" }, @@ -55,10 +55,10 @@ "completedDate": { "type": "string" } - - } - } - }, + + } + } + }, "_osConfig": { "uniqueIndexFields": [ ], From 2b7747c2e0636f53ff529cf97de0369c80d756f7 Mon Sep 17 00:00:00 2001 From: VISHNUDAS-tunerlabse Date: Fri, 28 Oct 2022 18:56:55 +0530 Subject: [PATCH 098/434] project certificate download new api added --- ansible/roles/kong-api/defaults/main.yml | 25 +++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index f9ae07e61c..ff4323914e 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9769,7 +9769,7 @@ kong_apis: - name: opa-checks config.required: false config.enabled: false - + - name: createRCProjectCertificate uris: "{{ registry_service_prefix }}/certificate/v1/create" upstream_url: "{{ registry_service_url }}/api/v1/ProjectCertificate" @@ -9792,3 +9792,26 @@ kong_apis: - name: opa-checks config.required: true config.enabled: true + +- name: getProjectRCCertificate + uris: "{{ registry_service_prefix }}/projetCertificate/v1/download" + upstream_url: "{{ registry_service_url }}/api/v1/ProjectCertificate" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - anonymousCertificateAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: request-transformer + config.remove.headers: Authorization + - name: opa-checks + config.required: true + config.enabled: true From 97c0afc24d3fc9810364545022352b5bcae8eb34 Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Sun, 30 Oct 2022 09:03:04 +0530 Subject: [PATCH 099/434] Add gcloud role and related tasks (#3566) --- ansible/roles/cassandra-backup/tasks/main.yml | 12 +++++ ansible/roles/gcloud-cli/tasks/main.yml | 19 +++++++ .../roles/gcp-cloud-storage/defaults/main.yml | 49 +++++++++++++++++++ .../gcp-cloud-storage/tasks/delete-batch.yml | 11 +++++ .../gcp-cloud-storage/tasks/download.yml | 11 +++++ .../gcp-cloud-storage/tasks/gcloud-auth.yml | 14 ++++++ .../gcp-cloud-storage/tasks/gcloud-revoke.yml | 8 +++ .../roles/gcp-cloud-storage/tasks/main.yml | 20 ++++++++ .../gcp-cloud-storage/tasks/upload-batch.yml | 11 +++++ .../roles/gcp-cloud-storage/tasks/upload.yml | 11 +++++ .../roles/postgresql-backup/defaults/main.yml | 2 +- .../roles/postgresql-backup/tasks/main.yml | 11 +++++ .../roles/postgresql-restore/tasks/main.yml | 20 ++++---- .../ansible/inventory/dev/Core/common.yml | 7 ++- .../ansible/inventory/dev/Core/secrets.yml | 3 +- 15 files changed, 197 insertions(+), 12 deletions(-) create mode 100644 ansible/roles/gcloud-cli/tasks/main.yml create mode 100644 ansible/roles/gcp-cloud-storage/defaults/main.yml create mode 100644 ansible/roles/gcp-cloud-storage/tasks/delete-batch.yml create mode 100644 ansible/roles/gcp-cloud-storage/tasks/download.yml create mode 100644 ansible/roles/gcp-cloud-storage/tasks/gcloud-auth.yml create mode 100644 ansible/roles/gcp-cloud-storage/tasks/gcloud-revoke.yml create mode 100644 ansible/roles/gcp-cloud-storage/tasks/main.yml create mode 100644 ansible/roles/gcp-cloud-storage/tasks/upload-batch.yml create mode 100644 ansible/roles/gcp-cloud-storage/tasks/upload.yml diff --git a/ansible/roles/cassandra-backup/tasks/main.yml b/ansible/roles/cassandra-backup/tasks/main.yml index bbc7246c48..fc662bcea5 100755 --- a/ansible/roles/cassandra-backup/tasks/main.yml +++ b/ansible/roles/cassandra-backup/tasks/main.yml @@ -44,6 +44,18 @@ storage_account_name: "{{ azure_management_storage_account_name }}" storage_account_sas_token: "{{ azure_management_storage_account_sas }}" when: cloud_service_provider == "azure" + +- name: upload file to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload-batch.yml + vars: + gcp_bucket_name: "{{ gcloud_management_bucket_name }}" + dest_folder_name: "{{ cassandra_backup_storage }}" + dest_folder_path: "" + local_file_or_folder_path: "/data/cassandra/backup/{{ cassandra_backup_folder_name }}" + when: cloud_service_provider == "gcloud" - name: clean up backup dir after upload file: path="{{ cassandra_backup_dir }}" state=absent + diff --git a/ansible/roles/gcloud-cli/tasks/main.yml b/ansible/roles/gcloud-cli/tasks/main.yml new file mode 100644 index 0000000000..4e39b7ceaf --- /dev/null +++ b/ansible/roles/gcloud-cli/tasks/main.yml @@ -0,0 +1,19 @@ +--- +- name: Add gcloud signing key + apt_key: + url: https://packages.cloud.google.com/apt/doc/apt-key.gpg + state: present + +- name: Add gcloud repository into sources list + apt_repository: + repo: "deb https://packages.cloud.google.com/apt cloud-sdk main" + state: present + +- name: Install google cloud cli with specific version and dependent packages + apt: + pkg: + - ca-certificates + - curl + - apt-transport-https + - gnupg + - google-cloud-cli=406.0.0-0 diff --git a/ansible/roles/gcp-cloud-storage/defaults/main.yml b/ansible/roles/gcp-cloud-storage/defaults/main.yml new file mode 100644 index 0000000000..086cf9c50d --- /dev/null +++ b/ansible/roles/gcp-cloud-storage/defaults/main.yml @@ -0,0 +1,49 @@ +# GCP bucket name +# Example - +# bucket_name: "sunbird-dev-public" +gcp_bucket_name: "" + +# The service account key file +# Example - +# gcp_storage_key_file: "/tmp/gcp.json" +gcp_storage_key_file: "" + +# Folder name in GCP bucket +# Example - +# dest_folder_name: "my-destination-folder" +dest_folder_name: "" + +# The delete pattern to delete files and folder +# Example - +# file_delete_pattern: "my-drectory/*" +# file_delete_pattern: "my-drectory/another-directory/*" +# file_delete_pattern: "*" +file_delete_pattern: "" + +# The path to local file which has to be uploaded to gcloud storage +# The local path to store the file after downloading from gcloud storage +# Example - +# local_file_or_folder_path: "/workspace/my-folder/myfile.json" +# local_file_or_folder_path: "/workspace/my-folder" +local_file_or_folder_path: "" + +# The name of the file in gcloud storage after uploading from local path +# The name of the file in gcloud storage that has to be downloaded +# Example - +# dest_file_name: "/myfile-blob.json" +dest_file_name: "" + + +# The folder path in gcloud storage to upload the files starting from the root of the bucket +# This path should start with / if we provide a value for this variable since we are going to append this path as below +# {{ bucket_name }}{{ dest_folder_name }} +# The above translates to "my-bucket/my-folder-path" +# Example - +# dest_folder_path: "/my-folder/json-files-folder" +# This variable can also be empty as shown below, which means we will upload directly at the root path of the bucket +dest_folder_path: "" + +# The local folder path which has to be uploaded to gcloud storage +# Example - +# local_source_folder: "/workspace/my-folder/json-files-folder" +local_source_folder: "" diff --git a/ansible/roles/gcp-cloud-storage/tasks/delete-batch.yml b/ansible/roles/gcp-cloud-storage/tasks/delete-batch.yml new file mode 100644 index 0000000000..ad0e4449d6 --- /dev/null +++ b/ansible/roles/gcp-cloud-storage/tasks/delete-batch.yml @@ -0,0 +1,11 @@ +--- +- name: Authenticate to gcloud + include_tasks: gcloud-auth.yml + +- name: Delete folder recursively in gcp storage + shell: gsutil rm -r "gs://{{ gcp_bucket_name }}/{{ file_delete_pattern }" + async: 3600 + poll: 10 + +- name: Revoke gcloud access + include_tasks: gcloud-revoke.yml diff --git a/ansible/roles/gcp-cloud-storage/tasks/download.yml b/ansible/roles/gcp-cloud-storage/tasks/download.yml new file mode 100644 index 0000000000..c8c6e956ad --- /dev/null +++ b/ansible/roles/gcp-cloud-storage/tasks/download.yml @@ -0,0 +1,11 @@ +--- +- name: Authenticate to gcloud + include_tasks: gcloud-auth.yml + +- name: Download from gcloud storage + shell: gsutil cp "gs://{{ gcp_bucket_name }}/{{ dest_folder_name }}/{{ dest_file_name }}" "{{ local_file_or_folder_path }}" + async: 3600 + poll: 10 + +- name: Revoke gcloud access + include_tasks: gcloud-revoke.yml \ No newline at end of file diff --git a/ansible/roles/gcp-cloud-storage/tasks/gcloud-auth.yml b/ansible/roles/gcp-cloud-storage/tasks/gcloud-auth.yml new file mode 100644 index 0000000000..a480bdc275 --- /dev/null +++ b/ansible/roles/gcp-cloud-storage/tasks/gcloud-auth.yml @@ -0,0 +1,14 @@ +--- +- name: create tmp gcp service key file + tempfile: + state: file + suffix: gcp + register: config_key + +- name: Copy service account key file + copy: + content: "{{ gcp_storage_key_file }}" + dest: "{{ config_key.path }}" + +- name: Configure gcloud service account + shell: gcloud auth activate-service-account "{{ gcp_storage_service_account_name }}" --key-file="{{ config_key.path }}" diff --git a/ansible/roles/gcp-cloud-storage/tasks/gcloud-revoke.yml b/ansible/roles/gcp-cloud-storage/tasks/gcloud-revoke.yml new file mode 100644 index 0000000000..8c26cd0ef0 --- /dev/null +++ b/ansible/roles/gcp-cloud-storage/tasks/gcloud-revoke.yml @@ -0,0 +1,8 @@ +- name: Revoke gcloud service account access + shell: gcloud auth revoke "{{ gcp_storage_service_account_name }}" + +- name: Remove key file + file: + path: "{{ config_key.path }}" + state: absent + when: config_key.path is defined diff --git a/ansible/roles/gcp-cloud-storage/tasks/main.yml b/ansible/roles/gcp-cloud-storage/tasks/main.yml new file mode 100644 index 0000000000..aa41c090ed --- /dev/null +++ b/ansible/roles/gcp-cloud-storage/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: upload file to gcloud storage + include: upload.yml + tags: + - file-upload + +- name: upload batch of files to gcloud storage + include: upload-batch.yml + tags: + - upload-batch + +- name: delete batch of files from gcloud storage + include: delete-batch.yml + tags: + - delete-batch + +- name: download a file from gcloud storage + include: download.yml + tags: + - file-download \ No newline at end of file diff --git a/ansible/roles/gcp-cloud-storage/tasks/upload-batch.yml b/ansible/roles/gcp-cloud-storage/tasks/upload-batch.yml new file mode 100644 index 0000000000..49abd5b822 --- /dev/null +++ b/ansible/roles/gcp-cloud-storage/tasks/upload-batch.yml @@ -0,0 +1,11 @@ +--- +- name: Authenticate to gcloud + include_tasks: gcloud-auth.yml + +- name: Upload files from a local directory gcp storage + shell: gsutil -m cp -r "{{ local_file_or_folder_path }}" "gs://{{ gcp_bucket_name }}/{{ dest_folder_name }}/{{ dest_folder_path }}" + async: 3600 + poll: 10 + +- name: Revoke gcloud access + include_tasks: gcloud-revoke.yml diff --git a/ansible/roles/gcp-cloud-storage/tasks/upload.yml b/ansible/roles/gcp-cloud-storage/tasks/upload.yml new file mode 100644 index 0000000000..2f88d9407f --- /dev/null +++ b/ansible/roles/gcp-cloud-storage/tasks/upload.yml @@ -0,0 +1,11 @@ +--- +- name: Authenticate to gcloud + include_tasks: gcloud-auth.yml + +- name: Upload to gcloud storage + shell: gsutil cp "{{ local_file_or_folder_path }}" "gs://{{ gcp_bucket_name }}/{{ dest_folder_name }}/{{ dest_file_name }}" + async: 3600 + poll: 10 + +- name: Revoke gcloud access + include_tasks: gcloud-revoke.yml diff --git a/ansible/roles/postgresql-backup/defaults/main.yml b/ansible/roles/postgresql-backup/defaults/main.yml index f358e4f4f3..0b6a9bca4a 100644 --- a/ansible/roles/postgresql-backup/defaults/main.yml +++ b/ansible/roles/postgresql-backup/defaults/main.yml @@ -7,4 +7,4 @@ postgresql_backup_azure_container_name: postgresql-backup # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos -postgresql_backup_storage: "{{ postgresql_backup_azure_container_name }}" \ No newline at end of file +postgresql_backup_storage: "{{ postgresql_backup_azure_container_name }}" diff --git a/ansible/roles/postgresql-backup/tasks/main.yml b/ansible/roles/postgresql-backup/tasks/main.yml index 81ce384afa..0704d4847f 100644 --- a/ansible/roles/postgresql-backup/tasks/main.yml +++ b/ansible/roles/postgresql-backup/tasks/main.yml @@ -26,5 +26,16 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: upload file to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload.yml + vars: + gcp_bucket_name: "{{ gcloud_management_bucket_name }}" + dest_folder_name: "{{ postgresql_backup_storage }}" + dest_file_name: "{{ postgresql_backup_gzip_file_name }}" + local_file_or_folder_path: "{{ postgresql_backup_gzip_file_path }}" + when: cloud_service_provider == "gcloud" + - name: clean up backup dir after upload file: path="{{ postgresql_backup_dir }}" state=absent \ No newline at end of file diff --git a/ansible/roles/postgresql-restore/tasks/main.yml b/ansible/roles/postgresql-restore/tasks/main.yml index b95eff5751..ec6a40494d 100644 --- a/ansible/roles/postgresql-restore/tasks/main.yml +++ b/ansible/roles/postgresql-restore/tasks/main.yml @@ -16,21 +16,23 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: download file from gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: download.yml + vars: + gcp_bucket_name: "{{ gcloud_management_bucket_name }}" + dest_folder_name: "{{ postgresql_restore_storage }}" + dest_file_name: "{{ postgresql_restore_gzip_file_name }}" + local_file_or_folder_path: "{{ postgresql_restore_gzip_file_path }}" + when: cloud_service_provider == "gcloud" + - name: ensure postgresql service is stopped service: name=postgresql state=stopped - name: wait for postgresql to be stopped wait_for: port={{ postgresql_port }} state=stopped -- name: drop cluster - command: pg_dropcluster {{ postgresql_cluster_version }} {{ postgresql_cluster_name }} - become_user: "{{ postgresql_user }}" - ignore_errors: true - -- name: create cluster - command: pg_createcluster {{ postgresql_cluster_version }} {{ postgresql_cluster_name }} - become_user: "{{ postgresql_user }}" - - name: ensure postgresql service is started service: name=postgresql state=started diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index bd034f9bb3..d314ecf925 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -37,7 +37,12 @@ azure_artifact_storage_account_name: "{{ sunbird_artifact_storage_account_name } aws_management_bucket_name: "" # Define the below if you are using Google Cloud -gcs_management_bucket_name: "" +gcloud_private_bucket_name: "" +gcloud_public_bucket_name: "" +gcloud_artifact_bucket_name: "" +gcloud_management_bucket_name: "" + +gcloud_private_bucket_projectId: "" # ------------------------------------------------------------------------------------------------------------ # # Cloud / Infra Specific values - Check these and update accordingly diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml index cf76c3d66e..bbb1a526b1 100644 --- a/private_repo/ansible/inventory/dev/Core/secrets.yml +++ b/private_repo/ansible/inventory/dev/Core/secrets.yml @@ -34,7 +34,8 @@ aws_management_bucket_user_access_key: "" aws_management_bucket_user_secret_key: "" # Define the below if you are using Google Cloud -gcs_management_bucket_service_account: | +gcp_storage_service_account_name: "" +gcp_storage_key_file: "" # gcloud service account key - refer: https://cloud.google.com/iam/docs/creating-managing-service-account-keys # The proxy key and crt values should be padded to the right by a couple of spaces From 2bf8f187e388b5923f613898d5e28edb7218abd8 Mon Sep 17 00:00:00 2001 From: VISHNUDAS <95604247+VISHNUDAS-tunerlabs@users.noreply.github.com> Date: Mon, 31 Oct 2022 11:15:29 +0530 Subject: [PATCH 100/434] Update project_credential_template.json --- utils/sunbird-RC/schema/project_credential_template.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/sunbird-RC/schema/project_credential_template.json b/utils/sunbird-RC/schema/project_credential_template.json index 230fdccce9..4366d2f82f 100644 --- a/utils/sunbird-RC/schema/project_credential_template.json +++ b/utils/sunbird-RC/schema/project_credential_template.json @@ -10,7 +10,7 @@ "id":"did:sunbird:{{osid}}", "issuanceDate": "{{osCreatedAt}}", "credentialSubject": { - "type":"{{certificateLabel}}", + "type":"project", "recipientName": "{{recipient.name}}", "projectName": "{{projectName}}", "projectId": "{{projectId}}", @@ -25,4 +25,4 @@ "name":"{{issuer.name}}", "publicKey":["{{issuer.kid}}"] } - } \ No newline at end of file + } From bab91717d6ed441afc765707a46a9455a675559b Mon Sep 17 00:00:00 2001 From: VISHNUDAS-tunerlabse Date: Mon, 31 Oct 2022 13:58:47 +0530 Subject: [PATCH 101/434] issuenceDate change --- utils/sunbird-RC/schema/project_credential_template.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/sunbird-RC/schema/project_credential_template.json b/utils/sunbird-RC/schema/project_credential_template.json index 230fdccce9..3c7fdf3e31 100644 --- a/utils/sunbird-RC/schema/project_credential_template.json +++ b/utils/sunbird-RC/schema/project_credential_template.json @@ -8,9 +8,9 @@ "VerifiableCredential" ], "id":"did:sunbird:{{osid}}", - "issuanceDate": "{{osCreatedAt}}", + "issuanceDate": "{{completedDate}}", "credentialSubject": { - "type":"{{certificateLabel}}", + "type":"project", "recipientName": "{{recipient.name}}", "projectName": "{{projectName}}", "projectId": "{{projectId}}", From d8f60500923be72cf92acb322f95d6531422a3d8 Mon Sep 17 00:00:00 2001 From: VISHNUDAS-tunerlabse Date: Mon, 31 Oct 2022 15:12:42 +0530 Subject: [PATCH 102/434] project certificate flag env --- ansible/roles/stack-sunbird/templates/ml-core-service.env | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible/roles/stack-sunbird/templates/ml-core-service.env b/ansible/roles/stack-sunbird/templates/ml-core-service.env index 6bf2405d86..d092fbd49b 100755 --- a/ansible/roles/stack-sunbird/templates/ml-core-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-core-service.env @@ -82,3 +82,6 @@ USER_SERVICE_URL={{ml_core_user_service_URL | default("http://learner-service:90 ## portal url of env APP_PORTAL_BASE_URL={{ proto }}://{{ domain_name }} + +# Project certificate enable or disable flag E.g. ON/OFF +PROJECT_CERTIFICATE_ON_OFF={{ml_core_project_certificate_on_off | default("ON")}} From 37b7fa647138ab2ed6d6909abf273f0ff665f64c Mon Sep 17 00:00:00 2001 From: VISHNUDAS-tunerlabse Date: Wed, 2 Nov 2022 09:05:22 +0530 Subject: [PATCH 103/434] kid env of certificate issuer added --- ansible/roles/stack-sunbird/templates/ml-core-service.env | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/ml-core-service.env b/ansible/roles/stack-sunbird/templates/ml-core-service.env index d092fbd49b..6a813f8cb6 100755 --- a/ansible/roles/stack-sunbird/templates/ml-core-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-core-service.env @@ -83,5 +83,8 @@ USER_SERVICE_URL={{ml_core_user_service_URL | default("http://learner-service:90 ## portal url of env APP_PORTAL_BASE_URL={{ proto }}://{{ domain_name }} -# Project certificate enable or disable flag E.g. ON/OFF +# Project certificate enable or disable flag E.g. ON/OFF PROJECT_CERTIFICATE_ON_OFF={{ml_core_project_certificate_on_off | default("ON")}} + +# certificate issuer KID value +CERTIFICATE_ISSUER_KID=d50937e1-9359-4451-a66a-ebee45d1d605 \ No newline at end of file From d78c40fbfcb1de9b87c4e6e37422ad0e6da5bac7 Mon Sep 17 00:00:00 2001 From: VISHNUDAS-tunerlabse Date: Wed, 2 Nov 2022 14:05:32 +0530 Subject: [PATCH 104/434] credential change --- utils/sunbird-RC/schema/project_credential_template.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/utils/sunbird-RC/schema/project_credential_template.json b/utils/sunbird-RC/schema/project_credential_template.json index 9f1272cfaf..3807365bb4 100644 --- a/utils/sunbird-RC/schema/project_credential_template.json +++ b/utils/sunbird-RC/schema/project_credential_template.json @@ -7,6 +7,7 @@ "type": [ "VerifiableCredential" ], +{% raw %} "id":"did:sunbird:{{osid}}", "issuanceDate": "{{completedDate}}", "credentialSubject": { @@ -26,3 +27,4 @@ "publicKey":["{{issuer.kid}}"] } } + {% endraw %} From 370735b55c3d1b03e1e0f7f12b53b9dde8202782 Mon Sep 17 00:00:00 2001 From: VISHNUDAS-tunerlabse Date: Wed, 2 Nov 2022 14:12:23 +0530 Subject: [PATCH 105/434] formating change on credential file --- .../schema/project_credential_template.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/utils/sunbird-RC/schema/project_credential_template.json b/utils/sunbird-RC/schema/project_credential_template.json index 3807365bb4..d9a520d5da 100644 --- a/utils/sunbird-RC/schema/project_credential_template.json +++ b/utils/sunbird-RC/schema/project_credential_template.json @@ -1,12 +1,12 @@ { - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/project_v1_context.json", - "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/project_sunbird_context.json" + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/project_v1_context.json", + "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/project_sunbird_context.json" ], - "type": [ - "VerifiableCredential" - ], + "type": [ + "VerifiableCredential" + ], {% raw %} "id":"did:sunbird:{{osid}}", "issuanceDate": "{{completedDate}}", @@ -27,4 +27,4 @@ "publicKey":["{{issuer.kid}}"] } } - {% endraw %} +{% endraw %} From ab685251e3fe0bcfa502ec8c312a6d8c0be8b85c Mon Sep 17 00:00:00 2001 From: VISHNUDAS-tunerlabse Date: Wed, 2 Nov 2022 14:41:23 +0530 Subject: [PATCH 106/434] kid env variable change --- ansible/roles/stack-sunbird/templates/ml-core-service.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/ml-core-service.env b/ansible/roles/stack-sunbird/templates/ml-core-service.env index 6a813f8cb6..7b1da9c931 100755 --- a/ansible/roles/stack-sunbird/templates/ml-core-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-core-service.env @@ -87,4 +87,4 @@ APP_PORTAL_BASE_URL={{ proto }}://{{ domain_name }} PROJECT_CERTIFICATE_ON_OFF={{ml_core_project_certificate_on_off | default("ON")}} # certificate issuer KID value -CERTIFICATE_ISSUER_KID=d50937e1-9359-4451-a66a-ebee45d1d605 \ No newline at end of file +CERTIFICATE_ISSUER_KID={{certificate_issuer_kid | default("")}} \ No newline at end of file From 8f5f0daa16a251e32f399a61fed8ec492c5fd6fd Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Fri, 4 Nov 2022 11:47:35 +0530 Subject: [PATCH 107/434] Release 5.1.0 - gcp related changes (#3578) --- .gitignore | 2 +- ansible/artifacts-download.yml | 13 ++++- ansible/artifacts-upload.yml | 13 ++++- ansible/assets-upload.yml | 32 +++++++++-- ansible/bootstrap.yml | 13 ++++- ansible/deploy-plugins.yml | 55 ++++++++++++++++++- ansible/postgres-managed-service-backup.yml | 4 +- ansible/postgresql-restore.yml | 2 +- .../roles/cassandra-restore/tasks/main.yml | 13 ++++- .../gcp-cloud-storage/tasks/delete-batch.yml | 2 +- ansible/roles/grafana-backup/tasks/main.yml | 11 ++++ .../jenkins-backup-upload/tasks/main.yml | 14 ++++- ansible/roles/mongodb-backup/tasks/main.yml | 11 ++++ .../defaults/main.yml | 0 .../tasks/main.yml | 11 ++++ .../defaults/main.yml | 0 .../tasks/main.yml | 11 ++++ .../roles/prometheus-backup-v2/tasks/main.yml | 11 ++++ .../roles/prometheus-backup/tasks/main.yml | 11 ++++ .../roles/prometheus-restore/tasks/main.yml | 11 ++++ ansible/roles/redis-backup/tasks/main.yml | 11 ++++ .../dev/jobs/Core/jobs/Bootstrap/config.xml | 1 + .../DataPipeline/jobs/Bootstrap/config.xml | 1 + .../jobs/Bootstrap/config.xml | 1 + .../managed-postgres-backup/Jenkinsfile | 2 +- 25 files changed, 239 insertions(+), 17 deletions(-) rename ansible/roles/{postgres-azure-managed-service-backup => postgres-managed-service-backup}/defaults/main.yml (100%) rename ansible/roles/{postgres-azure-managed-service-backup => postgres-managed-service-backup}/tasks/main.yml (82%) rename ansible/roles/{postgres-azure-managed-service-restore => postgres-managed-service-restore}/defaults/main.yml (100%) rename ansible/roles/{postgres-azure-managed-service-restore => postgres-managed-service-restore}/tasks/main.yml (83%) diff --git a/.gitignore b/.gitignore index 9cbd220cb1..97b376da44 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ .DS_Store *.retry *.pyc -.idea \ No newline at end of file +.idea diff --git a/ansible/artifacts-download.yml b/ansible/artifacts-download.yml index 2872fa1013..cb8230d44b 100644 --- a/ansible/artifacts-download.yml +++ b/ansible/artifacts-download.yml @@ -14,4 +14,15 @@ local_file_or_folder_path: "{{ artifact_path }}" storage_account_name: "{{ azure_artifact_storage_account_name }}" storage_account_key: "{{ azure_artifact_storage_account_key }}" - when: cloud_service_provider == "azure" \ No newline at end of file + when: cloud_service_provider == "azure" + + - name: download artifact from gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: download.yml + vars: + gcp_bucket_name: "{{ gcloud_artifact_bucket_name }}" + dest_folder_name: "{{ artifacts_container }}" + dest_file_name: "{{ artifact }}" + local_file_or_folder_path: "{{ artifact_path }}" + when: cloud_service_provider == "gcloud" diff --git a/ansible/artifacts-upload.yml b/ansible/artifacts-upload.yml index 642a9aa111..52e67448c7 100644 --- a/ansible/artifacts-upload.yml +++ b/ansible/artifacts-upload.yml @@ -15,4 +15,15 @@ local_file_or_folder_path: "{{ artifact_path }}" storage_account_name: "{{ azure_artifact_storage_account_name }}" storage_account_key: "{{ azure_artifact_storage_account_key }}" - when: cloud_service_provider == "azure" \ No newline at end of file + when: cloud_service_provider == "azure" + + - name: upload artifact to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload.yml + vars: + gcp_bucket_name: "{{ gcloud_artifact_bucket_name }}" + dest_folder_name: "{{ artifacts_container }}" + dest_file_name: "{{ artifact }}" + local_file_or_folder_path: "{{ artifact_path }}" + when: cloud_service_provider == "gcloud" diff --git a/ansible/assets-upload.yml b/ansible/assets-upload.yml index db14234e4a..3809c63722 100644 --- a/ansible/assets-upload.yml +++ b/ansible/assets-upload.yml @@ -9,7 +9,10 @@ # 3. After few releases, we will remove the older variables and use only the new variables across the repos vars: player_cdn_storage: "{{ player_cdn_container }}" + # Azure tasks: + - name: this block consists of tasks related to azure storage + block: - name: set common azure variables set_fact: blob_container_name: "{{ player_cdn_storage }}" @@ -18,13 +21,11 @@ storage_account_name: "{{ azure_public_storage_account_name }}" storage_account_key: "{{ azure_public_storage_account_key }}" storage_account_sas_token: "{{ azure_public_storage_account_sas }}" - when: cloud_service_provider == "azure" - + - name: delete files and folders from azure storage using azcopy include_role: name: azure-cloud-storage tasks_from: delete-using-azcopy.yml - when: cloud_service_provider == "azure" - name: upload batch of files to azure storage include_role: @@ -32,4 +33,27 @@ tasks_from: blob-upload-batch.yml vars: local_file_or_folder_path: "{{ assets }}" - when: cloud_service_provider == "azure" + when: cloud_service_provider == "azure" + + #GCP + - name: this block consists of tasks related to azure storage + block: + - name: set common gcloud variables + set_fact: + dest_folder_name: "{{ player_cdn_storage }}" + dest_folder_path: "" + file_delete_pattern: "{{ player_cdn_storage }}/" + gcp_bucket_name: "{{ gcloud_public_bucket_name }}" + + - name: delete files and folders from gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: delete-batch.yml + + - name: upload batch of files to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload-batch.yml + vars: + local_file_or_folder_path: "{{ assets }}/*" + when: cloud_service_provider == "gcloud" diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml index 30d57ca52f..36d9d7b0d0 100644 --- a/ansible/bootstrap.yml +++ b/ansible/bootstrap.yml @@ -30,6 +30,16 @@ tags: - azure_cli +- hosts: "{{ hosts }}" + become: yes + ignore_unreachable: yes + vars_files: + - "{{inventory_dir}}/secrets.yml" + roles: + - role: gcloud-cli + tags: + - gcloud_cli + - hosts: "{{ hosts| default('all') }}" become: yes gather_facts: no @@ -39,4 +49,5 @@ roles: - vm-agents-nodeexporter tags: - - node_exporter \ No newline at end of file + - node_exporter + diff --git a/ansible/deploy-plugins.yml b/ansible/deploy-plugins.yml index ef3ea0b44a..bf876b3f66 100644 --- a/ansible/deploy-plugins.yml +++ b/ansible/deploy-plugins.yml @@ -30,7 +30,7 @@ storage_account_sas_token: "{{ azure_public_storage_account_sas }}" tags: - always - + - block: - name: delete files and folders from azure storage using azcopy include_role: @@ -43,7 +43,7 @@ - collection-editor - generic-editor - preview - + - block: - name: upload batch of files to azure storage include_role: @@ -82,3 +82,54 @@ tags: - plugins when: cloud_service_provider == "azure" + + - name: this block consists of tasks related to gcloud storage + block: + - name: set common gcloud variables + set_fact: + dest_folder_name: "{{ plugin_storage }}" + gcp_bucket_name: "{{ gcloud_public_bucket_name }}" + tags: + - always + + - block: + - name: delete files and folders from gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: delete-batch.yml + vars: + file_delete_pattern: "{{ dest_folder_name }}/{{ folder_name }}" + tags: + - content-editor + - collection-editor + - generic-editor + - preview + + - block: + - name: upload batch of files to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload-batch.yml + vars: + dest_folder_path: "{{ folder_name }}" + local_file_or_folder_path: "{{ source_name }}" + tags: + - content-editor + - collection-editor + - generic-editor + - preview + - editor + - core-plugins + + - block: + - name: upload file to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload.yml + vars: + dest_file_name: "artefacts/content-player/content-player-{{ player_version_number }}.zip" + local_file_or_folder_path: "{{ source_file_name }}" + tags: + - preview + when: cloud_service_provider == "gcloud" + diff --git a/ansible/postgres-managed-service-backup.yml b/ansible/postgres-managed-service-backup.yml index 1a92efb09d..05abaf41c0 100644 --- a/ansible/postgres-managed-service-backup.yml +++ b/ansible/postgres-managed-service-backup.yml @@ -3,6 +3,6 @@ vars_files: - ['{{inventory_dir}}/secrets.yml'] roles: - - postgres-azure-managed-service-backup + - postgres-managed-service-backup tags: - - postgres-azure-managed-service + - postgres-managed-service diff --git a/ansible/postgresql-restore.yml b/ansible/postgresql-restore.yml index e2d80770d1..bcec7447d6 100644 --- a/ansible/postgresql-restore.yml +++ b/ansible/postgresql-restore.yml @@ -3,6 +3,6 @@ vars_files: - ['{{inventory_dir}}/secrets.yml'] roles: - - postgres-azure-managed-service-restore + - postgres-managed-service-restore tags: - postgresql-restore diff --git a/ansible/roles/cassandra-restore/tasks/main.yml b/ansible/roles/cassandra-restore/tasks/main.yml index 717e2fe113..3b2fc3ae9b 100755 --- a/ansible/roles/cassandra-restore/tasks/main.yml +++ b/ansible/roles/cassandra-restore/tasks/main.yml @@ -17,7 +17,18 @@ storage_account_name: "{{ azure_management_storage_account_name }}" storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" - + +- name: download file from gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: download.yml + vars: + gcp_bucket_name: "{{ gcloud_management_bucket_name }}" + dest_folder_name: "{{ cassandra_backup_storage }}" + dest_file_name: "{{ cassandra_restore_gzip_file_name }}" + local_file_or_folder_path: "{{ cassandra_restore_gzip_file_path }}" + when: cloud_service_provider == "gcloud" + - name: unarchieve restore artifact become: true unarchive: src={{user_home}}/{{ cassandra_restore_gzip_file_name }} dest={{user_home}}/ copy=no diff --git a/ansible/roles/gcp-cloud-storage/tasks/delete-batch.yml b/ansible/roles/gcp-cloud-storage/tasks/delete-batch.yml index ad0e4449d6..17fe952b16 100644 --- a/ansible/roles/gcp-cloud-storage/tasks/delete-batch.yml +++ b/ansible/roles/gcp-cloud-storage/tasks/delete-batch.yml @@ -3,7 +3,7 @@ include_tasks: gcloud-auth.yml - name: Delete folder recursively in gcp storage - shell: gsutil rm -r "gs://{{ gcp_bucket_name }}/{{ file_delete_pattern }" + shell: gsutil rm -r "gs://{{ gcp_bucket_name }}/{{ file_delete_pattern }}" async: 3600 poll: 10 diff --git a/ansible/roles/grafana-backup/tasks/main.yml b/ansible/roles/grafana-backup/tasks/main.yml index c898ada0d5..0f0a44a2b2 100644 --- a/ansible/roles/grafana-backup/tasks/main.yml +++ b/ansible/roles/grafana-backup/tasks/main.yml @@ -32,5 +32,16 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: upload file to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload.yml + vars: + gcp_bucket_name: "{{ gcloud_management_bucket_name }}" + dest_folder_name: "{{ grafana_backup_storage }}" + dest_file_name: "{{ grafana_backup_gzip_file_name }}" + local_file_or_folder_path: "{{ grafana_backup_gzip_file_path }}" + when: cloud_service_provider == "gcloud" + - name: clean up backup dir after upload file: path="{{ grafana_backup_dir }}" state=absent diff --git a/ansible/roles/jenkins-backup-upload/tasks/main.yml b/ansible/roles/jenkins-backup-upload/tasks/main.yml index d003bed89f..32be77b7a7 100644 --- a/ansible/roles/jenkins-backup-upload/tasks/main.yml +++ b/ansible/roles/jenkins-backup-upload/tasks/main.yml @@ -23,4 +23,16 @@ local_file_or_folder_path: "/tmp/{{ LATEST_BACKUP_DIR.stdout }}.zip" storage_account_name: "{{ azure_management_storage_account_name }}" storage_account_key: "{{ azure_management_storage_account_key }}" - when: cloud_service_provider == "azure" \ No newline at end of file + when: cloud_service_provider == "azure" + +- name: upload file to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload.yml + vars: + gcp_bucket_name: "{{ gcloud_management_bucket_name }}" + dest_folder_name: "{{ jenkins_backup_storage }}" + dest_file_name: "{{ LATEST_BACKUP_DIR.stdout }}.zip" + local_file_or_folder_path: "/tmp/{{ LATEST_BACKUP_DIR.stdout }}.zip" + when: cloud_service_provider == "gcloud" + diff --git a/ansible/roles/mongodb-backup/tasks/main.yml b/ansible/roles/mongodb-backup/tasks/main.yml index 1eefe6b077..4ae40ecd2b 100644 --- a/ansible/roles/mongodb-backup/tasks/main.yml +++ b/ansible/roles/mongodb-backup/tasks/main.yml @@ -26,6 +26,17 @@ storage_account_name: "{{ azure_management_storage_account_name }}" storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" + +- name: upload file to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload.yml + vars: + gcp_bucket_name: "{{ gcloud_management_bucket_name }}" + dest_folder_name: "{{ mongo_backup_storage }}" + dest_file_name: "{{ mongo_backup_file_name }}.tar.gz" + local_file_or_folder_path: "{{ mongo_backup_file_path }}.tar.gz" + when: cloud_service_provider == "gcloud" - name: clean up backup dir after upload file: path={{ mongo_backup_dir }} state=absent diff --git a/ansible/roles/postgres-azure-managed-service-backup/defaults/main.yml b/ansible/roles/postgres-managed-service-backup/defaults/main.yml similarity index 100% rename from ansible/roles/postgres-azure-managed-service-backup/defaults/main.yml rename to ansible/roles/postgres-managed-service-backup/defaults/main.yml diff --git a/ansible/roles/postgres-azure-managed-service-backup/tasks/main.yml b/ansible/roles/postgres-managed-service-backup/tasks/main.yml similarity index 82% rename from ansible/roles/postgres-azure-managed-service-backup/tasks/main.yml rename to ansible/roles/postgres-managed-service-backup/tasks/main.yml index a8261d91a3..686f4c42f6 100644 --- a/ansible/roles/postgres-azure-managed-service-backup/tasks/main.yml +++ b/ansible/roles/postgres-managed-service-backup/tasks/main.yml @@ -54,5 +54,16 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: upload file to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload.yml + vars: + gcp_bucket_name: "{{ gcloud_management_bucket_name }}" + dest_folder_name: "{{ postgresql_backup_storage }}" + dest_file_name: "{{ postgresql_backup_gzip_file_name }}.zip" + local_file_or_folder_path: "{{ postgresql_backup_gzip_file_path }}" + when: cloud_service_provider == "gcloud" + - name: clean up backup dir after upload file: path="{{ postgresql_backup_dir }}" state=absent diff --git a/ansible/roles/postgres-azure-managed-service-restore/defaults/main.yml b/ansible/roles/postgres-managed-service-restore/defaults/main.yml similarity index 100% rename from ansible/roles/postgres-azure-managed-service-restore/defaults/main.yml rename to ansible/roles/postgres-managed-service-restore/defaults/main.yml diff --git a/ansible/roles/postgres-azure-managed-service-restore/tasks/main.yml b/ansible/roles/postgres-managed-service-restore/tasks/main.yml similarity index 83% rename from ansible/roles/postgres-azure-managed-service-restore/tasks/main.yml rename to ansible/roles/postgres-managed-service-restore/tasks/main.yml index 61b1fe3eca..7df51e26b4 100644 --- a/ansible/roles/postgres-azure-managed-service-restore/tasks/main.yml +++ b/ansible/roles/postgres-managed-service-restore/tasks/main.yml @@ -21,6 +21,17 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: download file from gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: download.yml + vars: + gcp_bucket_name: "{{ gcloud_management_bucket_name }}" + dest_folder_name: "{{ postgres_backup_storage }}" + dest_file_name: "{{ postgres_backup_filename }}" + local_file_or_folder_path: "{{ postgres_restore_dir }}/{{ postgres_backup_filepath }}" + when: cloud_service_provider == "gcloud" + - name: unarchive artifact unarchive: src={{ postgresql_restore_dir }}/{{ postgres_backup_filename }} dest={{ postgresql_restore_dir }}/ copy=no diff --git a/ansible/roles/prometheus-backup-v2/tasks/main.yml b/ansible/roles/prometheus-backup-v2/tasks/main.yml index 071ed395e1..0cafacb627 100644 --- a/ansible/roles/prometheus-backup-v2/tasks/main.yml +++ b/ansible/roles/prometheus-backup-v2/tasks/main.yml @@ -29,6 +29,17 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: upload file to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload.yml + vars: + gcp_bucket_name: "{{ gcloud_management_bucket_name }}" + dest_folder_name: "{{ prometheus_backup_storage }}" + dest_file_name: "{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" + local_file_or_folder_path: "/tmp/{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" + when: cloud_service_provider == "gcloud" + - name: Deleting snapshot file: path: "{{ prometheus_data_dir }}/snapshots/{{ snapshot_name }}" diff --git a/ansible/roles/prometheus-backup/tasks/main.yml b/ansible/roles/prometheus-backup/tasks/main.yml index f9aaa54073..32cffa6e5c 100644 --- a/ansible/roles/prometheus-backup/tasks/main.yml +++ b/ansible/roles/prometheus-backup/tasks/main.yml @@ -38,5 +38,16 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: upload file to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload.yml + vars: + gcp_bucket_name: "{{ gcloud_management_bucket_name }}" + dest_folder_name: "{{ prometheus_backup_storage }}" + dest_file_name: "{{ prometheus_backup_gzip_file_name }}" + local_file_or_folder_path: "{{ prometheus_backup_gzip_file_path }}" + when: cloud_service_provider == "gcloud" + - name: clean up backup dir after upload file: path="{{ prometheus_backup_dir }}" state=absent diff --git a/ansible/roles/prometheus-restore/tasks/main.yml b/ansible/roles/prometheus-restore/tasks/main.yml index 40c9bd9225..843ebe4598 100644 --- a/ansible/roles/prometheus-restore/tasks/main.yml +++ b/ansible/roles/prometheus-restore/tasks/main.yml @@ -14,6 +14,17 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: download file from gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: download.yml + vars: + gcp_bucket_name: "{{ gcloud_management_bucket_name }}" + dest_folder_name: "{{ prometheus_backup_storage }}" + dest_file_name: "{{ prometheus_backup_filename }}" + local_file_or_folder_path: "{{ prometheus_backup_dir }}/{{ prometheus_backup_filepath }}" + when: cloud_service_provider == "gcloud" + - name: ensure prometheus is stopped shell: "docker service scale {{prometheus_service_name}}=0 && sleep 10" delegate_to: "{{manager_host}}" #variable is passed as extra vars from jenkins diff --git a/ansible/roles/redis-backup/tasks/main.yml b/ansible/roles/redis-backup/tasks/main.yml index be66ea5292..51f7ab63ff 100644 --- a/ansible/roles/redis-backup/tasks/main.yml +++ b/ansible/roles/redis-backup/tasks/main.yml @@ -26,6 +26,17 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: upload file to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload.yml + vars: + gcp_bucket_name: "{{ gcloud_management_bucket_name }}" + dest_folder_name: "{{ nodebb_redis_backup_storage }}" + dest_file_name: "{{ redis_backup_file_name }}" + local_file_or_folder_path: "{{ redis_backup_file_path }}" + when: cloud_service_provider == "gcloud" + - name: clean up backup dir after upload file: path={{ redis_backup_dir }} state=absent diff --git a/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/Bootstrap/config.xml b/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/Bootstrap/config.xml index 7663c96890..20d7006b52 100644 --- a/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/Bootstrap/config.xml +++ b/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/Bootstrap/config.xml @@ -94,6 +94,7 @@ return """<b>This parameter is not used</b>""" true diff --git a/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/DataPipeline/jobs/Bootstrap/config.xml b/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/DataPipeline/jobs/Bootstrap/config.xml index 39884cf71a..8c82b404e9 100644 --- a/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/DataPipeline/jobs/Bootstrap/config.xml +++ b/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/DataPipeline/jobs/Bootstrap/config.xml @@ -94,6 +94,7 @@ return """<b>This parameter is not used</b>""" true diff --git a/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/KnowledgePlatform/jobs/Bootstrap/config.xml b/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/KnowledgePlatform/jobs/Bootstrap/config.xml index 9f26dbf9d9..b3132dfd16 100644 --- a/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/KnowledgePlatform/jobs/Bootstrap/config.xml +++ b/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/KnowledgePlatform/jobs/Bootstrap/config.xml @@ -94,6 +94,7 @@ return """<b>This parameter is not used</b>""" true diff --git a/pipelines/backup/managed-postgres-backup/Jenkinsfile b/pipelines/backup/managed-postgres-backup/Jenkinsfile index 66acf4baee..f27e665bd5 100644 --- a/pipelines/backup/managed-postgres-backup/Jenkinsfile +++ b/pipelines/backup/managed-postgres-backup/Jenkinsfile @@ -25,7 +25,7 @@ node() { jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "${currentWs}/ansible/postgres-managed-service-backup.yml" - ansibleExtraArgs = "--tags postgres-azure-managed-service --extra-vars \"postgres_env=${params.postgres_env}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansibleExtraArgs = "--tags postgres-managed-service --extra-vars \"postgres_env=${params.postgres_env}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('currentWs', currentWs) values.put('env', envDir) values.put('module', module) From 4174d6cf925e09a27683da0fe02e84003d14a2ce Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Sun, 6 Nov 2022 23:11:36 +0530 Subject: [PATCH 108/434] Release 5.1.0 gcp related changes (#3580) --- ansible/desktop-faq-upload.yml | 45 ++++++++++++++++++++- ansible/dial_upload-schema.yml | 14 ++++++- ansible/kp_upload-schema.yml | 13 +++++- ansible/plugins.yml | 21 ++++++++++ ansible/roles/cert-templates/tasks/main.yml | 13 +++++- ansible/roles/desktop-deploy/tasks/main.yml | 26 +++++++++++- ansible/uploadFAQs.yml | 13 ++++++ 7 files changed, 140 insertions(+), 5 deletions(-) diff --git a/ansible/desktop-faq-upload.yml b/ansible/desktop-faq-upload.yml index 0cdb89a07d..f20f0d7eeb 100644 --- a/ansible/desktop-faq-upload.yml +++ b/ansible/desktop-faq-upload.yml @@ -49,4 +49,47 @@ tags: - upload-chatbot-config - upload-batch - when: cloud_service_provider == "azure" \ No newline at end of file + when: cloud_service_provider == "azure" + + - name: this block consists of tasks related to gcloud storage + block: + - name: set common gcloud variables + set_fact: + dest_folder_name: "{{ upload_storage }}" + dest_file_name: "{{ destination_path }}" + dest_folder_path: "{{ destination_path }}" + local_file_or_folder_path: "{{ playbook_dir }}/../{{ src_file_path }}" + tags: + - always + + - block: + - name: upload file to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload.yml + vars: + gcp_bucket_name: "{{ gcloud_public_bucket_name }}" + tags: + - upload-desktop-faq + + - block: + - name: upload file to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload.yml + vars: + gcp_bucket_name: "{{ gcloud_private_bucket_name }}" + tags: + - upload-label + + - block: + - name: upload batch of files to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload-batch.yml + vars: + gcp_bucket_name: "{{ gcloud_public_bucket_name }}" + tags: + - upload-chatbot-config + - upload-batch + when: cloud_service_provider == "gcloud" diff --git a/ansible/dial_upload-schema.yml b/ansible/dial_upload-schema.yml index ba7abf627b..a93a900263 100644 --- a/ansible/dial_upload-schema.yml +++ b/ansible/dial_upload-schema.yml @@ -37,4 +37,16 @@ local_file_or_folder_path: "dial_schema_template_files" storage_account_name: "{{ azure_public_storage_account_name }}" storage_account_key: "{{ azure_public_storage_account_key }}" - when: cloud_service_provider == "azure" \ No newline at end of file + when: cloud_service_provider == "azure" + + - name: upload batch of files to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload-batch.yml + vars: + dest_folder_name: "{{ dial_plugin_storage }}" + dest_folder_path: "schemas/local" + local_file_or_folder_path: "dial_schema_template_files" + gcp_bucket_name: "{{ gcloud_public_bucket_name }}" + when: cloud_service_provider == "gcloud" + diff --git a/ansible/kp_upload-schema.yml b/ansible/kp_upload-schema.yml index 7d7163437b..a4f6bda83a 100644 --- a/ansible/kp_upload-schema.yml +++ b/ansible/kp_upload-schema.yml @@ -21,4 +21,15 @@ local_file_or_folder_path: "{{ source_name }}" storage_account_name: "{{ azure_public_storage_account_name }}" storage_account_key: "{{ azure_public_storage_account_key }}" - when: cloud_service_provider == "azure" \ No newline at end of file + when: cloud_service_provider == "azure" + + - name: upload batch of files to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload-batch.yml + vars: + dest_folder_name: "{{ plugin_storage }}" + dest_folder_path: "schemas/local" + local_file_or_folder_path: "{{ source_name }}" + gcp_bucket_name: "{{ gcloud_public_bucket_name }}" + when: cloud_service_provider == "gcloud" diff --git a/ansible/plugins.yml b/ansible/plugins.yml index 35e34578d0..ab32d9f756 100644 --- a/ansible/plugins.yml +++ b/ansible/plugins.yml @@ -33,3 +33,24 @@ name: azure-cloud-storage tasks_from: blob-upload-batch.yml when: cloud_service_provider == "azure" + + - name: this block consists of tasks related to gcloud storage + block: + - name: set common gcloud variables + set_fact: + dest_folder_name: "{{ plugin_storage }}" + gcp_bucket_name: "{{ gcloud_public_bucket_name }}" + file_delete_pattern: "content-plugins/{{ plugins_name }}" + dest_folder_path: "/content-plugins/{{ plugins_name }}" + local_file_or_folder_path: "{{ source_file }}" + + - name: delete files and folders from gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: delete-batch.yml + + - name: upload batch of files to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload-batch.yml + when: cloud_service_provider == "gcloud" diff --git a/ansible/roles/cert-templates/tasks/main.yml b/ansible/roles/cert-templates/tasks/main.yml index ee05f2adb3..acecc4d6f4 100644 --- a/ansible/roles/cert-templates/tasks/main.yml +++ b/ansible/roles/cert-templates/tasks/main.yml @@ -42,4 +42,15 @@ local_file_or_folder_path: "{{ cert_location }}/cert-templates/certUtilScripts/out" storage_account_name: "{{ azure_private_storage_account_name }}" storage_account_key: "{{ azure_private_storage_account_key }}" - when: cloud_service_provider == "azure" \ No newline at end of file + when: cloud_service_provider == "azure" + +- name: upload batch of files to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload-batch.yml + vars: + dest_folder_name: "{{ cert_service_storage }}" + dest_folder_path: "" + local_file_or_folder_path: "{{ cert_location }}/cert-templates/certUtilScripts/out" + gcp_bucket_name: "{{ gcloud_private_bucket_name }}" + when: cloud_service_provider == "gcloud" diff --git a/ansible/roles/desktop-deploy/tasks/main.yml b/ansible/roles/desktop-deploy/tasks/main.yml index e7763604c1..4ce4da3fb6 100644 --- a/ansible/roles/desktop-deploy/tasks/main.yml +++ b/ansible/roles/desktop-deploy/tasks/main.yml @@ -73,4 +73,28 @@ vars: blob_container_folder_path: "/latest" local_file_or_folder_path: "{{ offline_repo_location }}/desktop_uploader_assets/{{ time }}/" - when: cloud_service_provider == "azure" \ No newline at end of file + when: cloud_service_provider == "azure" + +- name: this block consists of tasks related to gcloud storage + block: + - name: set common gcloud variables + set_fact: + dest_folder_name: "{{ offline_installer_storage }}" + gcp_bucket_name: "{{ gcloud_public_bucket_name }}" + + - name: upload batch of files to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload-batch.yml + vars: + dest_folder_path: "" + local_file_or_folder_path: "{{ offline_repo_location }}/desktop_uploader_assets" + + - name: upload batch of files to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload-batch.yml + vars: + dest_folder_path: "latest" + local_file_or_folder_path: "{{ offline_repo_location }}/desktop_uploader_assets/{{ time }}/" + when: cloud_service_provider == "gcloud" diff --git a/ansible/uploadFAQs.yml b/ansible/uploadFAQs.yml index 8447fe4e47..52923e1bf4 100644 --- a/ansible/uploadFAQs.yml +++ b/ansible/uploadFAQs.yml @@ -29,6 +29,19 @@ with_items: - "{{ source_folder.split(',') }}" when: cloud_service_provider == "azure" + + - name: upload batch of files to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload-batch.yml + vars: + dest_folder_name: "{{ upload_storage }}" + dest_folder_path: "" + local_file_or_folder_path: "{{ playbook_dir }}/../utils/{{ item }}" + gcp_bucket_name: "{{ gcloud_public_bucket_name }}" + with_items: + - "{{ source_folder.split(',') }}" + when: cloud_service_provider == "gcloud" tags: - upload-faqs - upload-RC-schema From 41445d96423b1de1530a1c65bc0a33f83cae393f Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Mon, 14 Nov 2022 12:03:58 +0530 Subject: [PATCH 109/434] Add GCP related vars for KP and DP (#3586) --- .../ansible/inventory/dev/DataPipeline/common.yml | 9 +++++++++ .../ansible/inventory/dev/DataPipeline/secrets.yml | 4 ++++ .../ansible/inventory/dev/KnowledgePlatform/common.yml | 9 +++++++++ .../ansible/inventory/dev/KnowledgePlatform/secrets.yml | 4 ++++ 4 files changed, 26 insertions(+) diff --git a/private_repo/ansible/inventory/dev/DataPipeline/common.yml b/private_repo/ansible/inventory/dev/DataPipeline/common.yml index 348c74dc6b..ef8432539b 100644 --- a/private_repo/ansible/inventory/dev/DataPipeline/common.yml +++ b/private_repo/ansible/inventory/dev/DataPipeline/common.yml @@ -1,5 +1,6 @@ # ------------------------------------------------------------------------------------------------------------ # # Mandatorty variables - DO NOT LEAVE ANYTHING BLANK # +cloud_service_provider: "" # Your cloud service provider name. Supported values are aws, azure, gcloud domain_name: "" # your domain name like example.com # docker hub details dockerhub: "change.docker.url" # docker hub username or url incase of private registry @@ -168,3 +169,11 @@ processing_kafka_overriden_topics: - name: ml.observation.druid retention_time: 86400000 replication_factor: 1 + +# Define the below if you are using Google Cloud +gcloud_private_bucket_name: "" +gcloud_public_bucket_name: "" +gcloud_artifact_bucket_name: "" +gcloud_management_bucket_name: "" + +gcloud_private_bucket_projectId: "" diff --git a/private_repo/ansible/inventory/dev/DataPipeline/secrets.yml b/private_repo/ansible/inventory/dev/DataPipeline/secrets.yml index d18a6d1e0e..c37b74d8fe 100644 --- a/private_repo/ansible/inventory/dev/DataPipeline/secrets.yml +++ b/private_repo/ansible/inventory/dev/DataPipeline/secrets.yml @@ -26,3 +26,7 @@ dp_vault_data_exhaust_token: # slack api token # ------------------------------------------------------------------------------------------------------------ # # Sensible defaults which you need not change - But if you would like to change, you are free to do so dp_vault_artifacts_container: artifacts + +# Define the below if you are using Google Cloud +gcp_storage_service_account_name: "" +gcp_storage_key_file: "" diff --git a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml index 24f0320615..7f21987f82 100644 --- a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml +++ b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml @@ -1,6 +1,7 @@ # ------------------------------------------------------------------------------------------------------------ # # Mandatorty variables - DO NOT LEAVE ANYTHING BLANK # # docker hub details +cloud_service_provider: "" # Your cloud service provider name. Supported values are aws, azure, gcloud dockerhub: "change.docker.url" # docker hub username or url incase of private registry private_ingressgateway_ip: "" # your private kubernetes load balancer ip domain_name: "" # your domain name like example.com @@ -32,3 +33,11 @@ plugin_container_name: "{{azure_public_container}}" kp_schema_base_path: "{{proto}}://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{plugin_container_name}}/schemas/local" imagepullsecrets: "{{env}}registrysecret" # kubernetes imagePullSecrets kubeconfig_path: /var/lib/jenkins/secrets/k8s.yaml # kubeconfig file path on jenkins + +# Define the below if you are using Google Cloud +gcloud_private_bucket_name: "" +gcloud_public_bucket_name: "" +gcloud_artifact_bucket_name: "" +gcloud_management_bucket_name: "" + +gcloud_private_bucket_projectId: "" diff --git a/private_repo/ansible/inventory/dev/KnowledgePlatform/secrets.yml b/private_repo/ansible/inventory/dev/KnowledgePlatform/secrets.yml index fb1af29c0a..ef5db134da 100644 --- a/private_repo/ansible/inventory/dev/KnowledgePlatform/secrets.yml +++ b/private_repo/ansible/inventory/dev/KnowledgePlatform/secrets.yml @@ -18,3 +18,7 @@ lp_vault_youtube_api_key: # youtube api token if you want # ------------------------------------------------------------------------------------------------------------ # # Sensible defaults which you need not change - But if you would like to change, you are free to do so lp_vault_graph_passport_key: "long-secret-to-calm-entropy-gods" + +# Define the below if you are using Google Cloud +gcp_storage_service_account_name: "" +gcp_storage_key_file: "" From 1fbc256e18e188bd4a14a943b9d05a461c4950a9 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 14:03:38 +0530 Subject: [PATCH 110/434] fix: SB-31155 updated references for upstream_url --- ansible/inventory/env/group_vars/all.yml | 3 ++- ansible/roles/stack-proxy/defaults/main.yml | 7 +++++-- ansible/roles/stack-sunbird/defaults/main.yml | 7 +++++-- .../ansible/roles/helm-daemonset/defaults/main.yml | 7 +++++-- .../ansible/roles/helm-deploy/defaults/main.yml | 7 +++++-- private_repo/ansible/inventory/dev/Core/common.yml | 13 ++++++++++++- 6 files changed, 34 insertions(+), 10 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index df20586566..d0dfe156b1 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -36,7 +36,8 @@ sunbird_keycloak_required_action_link_expiration_seconds: 2592000 sunbird_es_port: 9300 mail_server_port: 587 -upstream_url: "{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}" +# SB-31155 +#upstream_url: "{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}" # Learner sunbird_user_profile_field_default_visibility: private diff --git a/ansible/roles/stack-proxy/defaults/main.yml b/ansible/roles/stack-proxy/defaults/main.yml index 579709e412..dd4bda152d 100644 --- a/ansible/roles/stack-proxy/defaults/main.yml +++ b/ansible/roles/stack-proxy/defaults/main.yml @@ -39,6 +39,9 @@ ekstep_s3_env: "{{sunbird_env}}" registry_url: "{{proto}}://{{proxy_server_name}}/registry" kibana_service: "{{swarm_dashboard}}:5601" -upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" -plugin_upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" +# SB-31155 +#upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" + +# SB-31155 +#plugin_upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" sunbird_offline_azure_storage_account_url: "{{ sunbird_public_storage_account_name }}.blob.core.windows.net/{{ offline_installer_container_name }}" diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index 3b5946e333..8936a190ec 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -212,8 +212,11 @@ prometheus_alertmanager_route_prefix: alertmanager ekstep_s3_env: "{{sunbird_env}}" registry_url: "{{proto}}://{{proxy_server_name}}/registry" -upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" -plugin_upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" +# SB-31155 +#upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" + +# SB-31155 +#plugin_upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" sunbird_offline_azure_storage_account_url: "{{ sunbird_public_storage_account_name }}.blob.core.windows.net/{{ offline_installer_container_name }}" # Override this dictionary in your common.yaml proxy: diff --git a/kubernetes/ansible/roles/helm-daemonset/defaults/main.yml b/kubernetes/ansible/roles/helm-daemonset/defaults/main.yml index 59eb136773..9822dd5626 100644 --- a/kubernetes/ansible/roles/helm-daemonset/defaults/main.yml +++ b/kubernetes/ansible/roles/helm-daemonset/defaults/main.yml @@ -33,6 +33,9 @@ ekstep_s3_env: "{{sunbird_env}}" registry_url: "{{proto}}://{{proxy_server_name}}/registry" ep_es_host: -upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" -plugin_upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" +# SB-31155 +#upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" + +# SB-31155 +#plugin_upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" sunbird_offline_azure_storage_account_url: "{{ sunbird_public_storage_account_name }}.blob.core.windows.net/{{ offline_installer_container_name }}" diff --git a/kubernetes/ansible/roles/helm-deploy/defaults/main.yml b/kubernetes/ansible/roles/helm-deploy/defaults/main.yml index ed2c7f5aca..bf1fed2ff7 100644 --- a/kubernetes/ansible/roles/helm-deploy/defaults/main.yml +++ b/kubernetes/ansible/roles/helm-deploy/defaults/main.yml @@ -32,8 +32,11 @@ registry_url: "{{proto}}://{{proxy_server_name}}/registry" ep_es_host: proxy_custom_config: -upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" -plugin_upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" +# SB-31155 +#upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" + +# SB-31155 +#plugin_upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" discussion_upstream_url: "{{ sunbird_public_storage_account_name }}.blob.core.windows.net" sunbird_offline_azure_storage_account_url: "{{ sunbird_public_storage_account_name }}.blob.core.windows.net/{{ offline_installer_container_name }}" diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index d314ecf925..1b32d003e7 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -44,6 +44,14 @@ gcloud_management_bucket_name: "" gcloud_private_bucket_projectId: "" +# Uncomment the variable based on your cloud provider (as a default we have kept Azure variable uncommented) +# GCP +# upstream_url: https://storage.cloud.google.com/{{ gcloud_public_bucket_name }}/{{ content_storage }} +# AWS +# upstream_url: # Geetha to fill this url based on AWS role vars +# Azure +upstream_url: "{{sunbird_azure_public_storage_account_name}}.blob.core.windows.net/{{ content_storage }}" # Proxy url to get /assets/public + # ------------------------------------------------------------------------------------------------------------ # # Cloud / Infra Specific values - Check these and update accordingly @@ -70,6 +78,7 @@ sunbird_default_channel: sunbird # default sunbird channel name environment_id: "10000003" # A 8 digit number for example like 1000000, should be same as defined in KP common.yml sunbird_content_azure_storage_container: contents # Azure container name for storing public data (like contents), should be same as azure_public_container defined in KP common.yml + # This sms sender id should be verified by your provider. This is the sender id which will be used for `From Address`. For example, # # From: SBSMS @@ -115,9 +124,11 @@ postgres: db_admin_user: postgres db_admin_password: "{{core_vault_postgres_password}}" +# Generic variable for any cloud provider +content_storage: "{{ sunbird_content_azure_storage_container }}" + # Azure account related vars sunbird_azure_public_storage_account_name: "{{ sunbird_public_storage_account_name }}" -upstream_url: "{{sunbird_azure_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}" # Proxy url to get /assets/public plugin_upstream_url: "{{upstream_url}}" azure_plugin_storage_account_name: "{{sunbird_azure_public_storage_account_name}}" azure_plugin_storage_account_key: "{{sunbird_public_storage_account_key}}" From 32d2c59e0d8e7fbef7867238c72a0c384bdd7c27 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 14:09:03 +0530 Subject: [PATCH 111/434] fix: adding https in url Signed-off-by: Keshav Prasad --- private_repo/ansible/inventory/dev/Core/common.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index 1b32d003e7..650e04c0e4 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -50,7 +50,7 @@ gcloud_private_bucket_projectId: "" # AWS # upstream_url: # Geetha to fill this url based on AWS role vars # Azure -upstream_url: "{{sunbird_azure_public_storage_account_name}}.blob.core.windows.net/{{ content_storage }}" # Proxy url to get /assets/public +upstream_url: "https://{{sunbird_azure_public_storage_account_name}}.blob.core.windows.net/{{ content_storage }}" # Proxy url to get /assets/public # ------------------------------------------------------------------------------------------------------------ # # Cloud / Infra Specific values - Check these and update accordingly From 079c554336373f2d3d67dbc69f2f544fa9c5926c Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 14:10:10 +0530 Subject: [PATCH 112/434] fix: updated sunbird_cloud_storage_urls var to use upstream_url Signed-off-by: Keshav Prasad --- ansible/inventory/env/group_vars/all.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index d0dfe156b1..4b0975b4b2 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -364,7 +364,7 @@ content_service_blacklisted_resourcetype: '' content_service_whitelisted_resourcetype: '' content_service_whitelisted_mimetype: '' content_service_blacklisted_mimetype: '' -sunbird_cloud_storage_urls: 'https://s3.ap-south-1.amazonaws.com/ekstep-public-{{ekstep_s3_env}}/,https://ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com/,https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/' +sunbird_cloud_storage_urls: 'https://s3.ap-south-1.amazonaws.com/ekstep-public-{{ekstep_s3_env}}/,https://ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com/,{{ upstream_url }}/' sunbird_email_max_recipients_limit: 100 sunbird_cassandra_consistency_level: local_quorum sunbird_cassandra_replication_strategy: '{"class":"SimpleStrategy","replication_factor":"1"}' From 6664891531d8ecf999abed6da51ef8c547b68367 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 14:26:26 +0530 Subject: [PATCH 113/434] fix: use cloud_storage_url var as a base for upstream_url --- ansible/inventory/env/group_vars/all.yml | 4 +++- ansible/roles/stack-sunbird/defaults/main.yml | 3 ++- private_repo/ansible/inventory/dev/Core/common.yml | 7 ++++--- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 4b0975b4b2..96337704c7 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -509,7 +509,9 @@ sunbird_portal_updateLoginTimeEnabled: false # Desktop app vars #sunbird_offline_azure_storage_account: "" #added this var for adopter usecase offline_installer_container_name: "{{env}}-offlineinstaller" -cloud_storage_url: "{{ sunbird_public_storage_account_name }}.blob.core.windows.net" + +# SB-31155 +#cloud_storage_url: "{{ sunbird_public_storage_account_name }}.blob.core.windows.net" # Search-service search_index_host: "{{ groups['composite-search-cluster']|join(':9200,')}}:9200" diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index 8936a190ec..6196962b3e 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -78,7 +78,8 @@ sunbird_portal_cdn_url: sunbird_dataservice_url: sunbird_background_actor_port: sunbird_app_url: -sunbird_image_storage_url: +# SB-31155 +#sunbird_image_storage_url: sunbird_telemetry_dispatchers: kafka content_service_whitelisted_channels: content_service_blacklisted_channels: diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index 650e04c0e4..811677d8c1 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -46,11 +46,11 @@ gcloud_private_bucket_projectId: "" # Uncomment the variable based on your cloud provider (as a default we have kept Azure variable uncommented) # GCP -# upstream_url: https://storage.cloud.google.com/{{ gcloud_public_bucket_name }}/{{ content_storage }} +# cloud_storage_url: https://storage.cloud.google.com/{{ gcloud_public_bucket_name }} # AWS -# upstream_url: # Geetha to fill this url based on AWS role vars +# cloud_storage_url: # Geetha to fill this url based on AWS role vars # Azure -upstream_url: "https://{{sunbird_azure_public_storage_account_name}}.blob.core.windows.net/{{ content_storage }}" # Proxy url to get /assets/public +cloud_storage_url: "https://{{ sunbird_public_storage_account_name }}.blob.core.windows.net" # ------------------------------------------------------------------------------------------------------------ # # Cloud / Infra Specific values - Check these and update accordingly @@ -125,6 +125,7 @@ postgres: db_admin_password: "{{core_vault_postgres_password}}" # Generic variable for any cloud provider +upstream_url: "{{ cloud_storage_url }}/{{ content_storage }}" # Proxy url to get /assets/public content_storage: "{{ sunbird_content_azure_storage_container }}" # Azure account related vars From edc608e04a049a30a5abfe10e0539f34aed0574e Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 14:33:37 +0530 Subject: [PATCH 114/434] fix: generalizing dial_service_schema_base_path var Signed-off-by: Keshav Prasad --- ansible/inventory/env/group_vars/all.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 96337704c7..c27674492f 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -556,5 +556,9 @@ sunbird_trampoline_android_keycloak_client_id: trampoline-android sunbird_trampoline_desktop_keycloak_client_id: trampoline-desktop # DIAL-service schema +# SB-31155 - This should be deprecated in future in favour of dial_plugin_storage dial_plugin_container_name: "sunbird-dial-{{env}}" -dial_service_schema_base_path: "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{dial_plugin_container_name}}/jsonld-schema/local" + +# SB-31155 - Adding a generialzed variable which can be used for any CSP +dial_plugin_storage: "{{ dial_plugin_container_name }}" +dial_service_schema_base_path: "{{ cloud_storage_url }}/{{ dial_plugin_storage }}/jsonld-schema/local" From 2e9403e531e09cb76cc7190c3ca12a3b1fc1cc0c Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 14:37:20 +0530 Subject: [PATCH 115/434] fix: generalized ml_analytics_evidence_base_url var Signed-off-by: Keshav Prasad --- ansible/roles/ml-analytics-service/defaults/main.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 5c5d87dace..b3ede22f5d 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -10,8 +10,14 @@ ml_analytics_survey_app_name: "{{ ml_survey_app_name | default('sunbirdsurvey') ml_analytics_integrated_app_name: "{{ ml_integrated_app_name | default('sunbird') }}" ml_analytics_integrated_portal: "{{ ml_integrated_portal | default('dev.sunbird.portal') }}" ml_analytics_survey_service: "http://{{private_ingressgateway_ip}}/ml-survey" + +# SB-31155 +# This should be deprecated in future in favour of ml_analytics_public_storage ml_analytics_public_container: "{{ ml_analytics_container | default('samiksha') }}" -ml_analytics_evidence_base_url: "https://{{ sunbird_public_storage_account_name }}.blob.core.windows.net/{{ ml_analytics_public_container }}/" + +# SB-31155 - Adding a generialzed variable which can be used for any CSP +ml_analytics_public_storage: "{{ ml_analytics_public_container }}" +ml_analytics_evidence_base_url: "{{ cloud_storage_url }}/{{ ml_analytics_public_storage }}/" ml_analytics_mongodb_url: "{{ml_mongodb_host | default(groups['mongo_master'][0]+':27017')}}" ml_analytics_mongo_db_name: "{{ml_mongodb | default('ml-survey')}}" ml_analytics_mongo_observation_submission_collection: "observationSubmissions" From 8072b863cfd82b4083c2724064b90d2d6ddcec45 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 14:51:46 +0530 Subject: [PATCH 116/434] fix: removed unnessary vars and redefine in all.yml Signed-off-by: Keshav Prasad --- ansible/inventory/env/group_vars/all.yml | 9 ++++++++- ansible/roles/stack-proxy/defaults/main.yml | 9 +-------- ansible/roles/stack-sunbird/defaults/main.yml | 8 -------- .../templates/sunbird_knowledge-mw-service.env | 1 - .../ansible/roles/helm-daemonset/defaults/main.yml | 7 ------- kubernetes/ansible/roles/helm-deploy/defaults/main.yml | 6 ------ 6 files changed, 9 insertions(+), 31 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index c27674492f..f73d598ce2 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -376,7 +376,6 @@ sunbird_otp_length: 6 sunbird_help_link_visibility: FALSE # not required -sunbird_image_storage_url: "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/dial/" vault_auth_key: "{{core_vault_auth_key}}" vault_sender: "{{core_vault_sender}}" vault_country: "{{core_vault_country}}" @@ -508,8 +507,16 @@ sunbird_portal_updateLoginTimeEnabled: false # Desktop app vars #sunbird_offline_azure_storage_account: "" #added this var for adopter usecase + +# SB-31155 - This should be deprecated in future in favour of offline_installer_storage offline_installer_container_name: "{{env}}-offlineinstaller" +# SB-31155 - Adding a generialzed variable which can be used for any CSP +offline_installer_storage: "{{ offline_installer_container_name }}" + +# SB-31155 - Removed multiple declarations and moved here +sunbird_offline_azure_storage_account_url: "{{ cloud_storage_url }}/{{ offline_installer_storage }}" + # SB-31155 #cloud_storage_url: "{{ sunbird_public_storage_account_name }}.blob.core.windows.net" diff --git a/ansible/roles/stack-proxy/defaults/main.yml b/ansible/roles/stack-proxy/defaults/main.yml index dd4bda152d..ab1524cf72 100644 --- a/ansible/roles/stack-proxy/defaults/main.yml +++ b/ansible/roles/stack-proxy/defaults/main.yml @@ -37,11 +37,4 @@ prometheus_route_prefix: prometheus prometheus_alertmanager_route_prefix: alertmanager ekstep_s3_env: "{{sunbird_env}}" registry_url: "{{proto}}://{{proxy_server_name}}/registry" -kibana_service: "{{swarm_dashboard}}:5601" - -# SB-31155 -#upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" - -# SB-31155 -#plugin_upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" -sunbird_offline_azure_storage_account_url: "{{ sunbird_public_storage_account_name }}.blob.core.windows.net/{{ offline_installer_container_name }}" +kibana_service: "{{swarm_dashboard}}:5601" \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index 6196962b3e..97ffbc1584 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -78,8 +78,6 @@ sunbird_portal_cdn_url: sunbird_dataservice_url: sunbird_background_actor_port: sunbird_app_url: -# SB-31155 -#sunbird_image_storage_url: sunbird_telemetry_dispatchers: kafka content_service_whitelisted_channels: content_service_blacklisted_channels: @@ -213,12 +211,6 @@ prometheus_alertmanager_route_prefix: alertmanager ekstep_s3_env: "{{sunbird_env}}" registry_url: "{{proto}}://{{proxy_server_name}}/registry" -# SB-31155 -#upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" - -# SB-31155 -#plugin_upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" -sunbird_offline_azure_storage_account_url: "{{ sunbird_public_storage_account_name }}.blob.core.windows.net/{{ offline_installer_container_name }}" # Override this dictionary in your common.yaml proxy: # repository: 'proxy' diff --git a/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env b/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env index 6a13ddadfd..c7b0533c2a 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env @@ -7,7 +7,6 @@ sunbird_keycloak_client_id={{sunbird_keycloak_client_id}} sunbird_keycloak_public={{sunbird_keycloak_public}} sunbird_cache_store={{sunbird_cache_store}} sunbird_cache_ttl={{sunbird_cache_ttl}} -sunbird_image_storage_url={{sunbird_image_storage_url}} sunbird_azure_account_name={{sunbird_public_storage_account_name}} sunbird_azure_account_key={{sunbird_public_storage_account_key}} sunbird_dial_code_registry_url=https://{{proxy_server_name}}/dial/ diff --git a/kubernetes/ansible/roles/helm-daemonset/defaults/main.yml b/kubernetes/ansible/roles/helm-daemonset/defaults/main.yml index 9822dd5626..511f5c2acd 100644 --- a/kubernetes/ansible/roles/helm-daemonset/defaults/main.yml +++ b/kubernetes/ansible/roles/helm-daemonset/defaults/main.yml @@ -32,10 +32,3 @@ prometheus_alertmanager_route_prefix: alertmanager ekstep_s3_env: "{{sunbird_env}}" registry_url: "{{proto}}://{{proxy_server_name}}/registry" ep_es_host: - -# SB-31155 -#upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" - -# SB-31155 -#plugin_upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" -sunbird_offline_azure_storage_account_url: "{{ sunbird_public_storage_account_name }}.blob.core.windows.net/{{ offline_installer_container_name }}" diff --git a/kubernetes/ansible/roles/helm-deploy/defaults/main.yml b/kubernetes/ansible/roles/helm-deploy/defaults/main.yml index bf1fed2ff7..2e19f88194 100644 --- a/kubernetes/ansible/roles/helm-deploy/defaults/main.yml +++ b/kubernetes/ansible/roles/helm-deploy/defaults/main.yml @@ -32,13 +32,7 @@ registry_url: "{{proto}}://{{proxy_server_name}}/registry" ep_es_host: proxy_custom_config: -# SB-31155 -#upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" - -# SB-31155 -#plugin_upstream_url: "ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com" discussion_upstream_url: "{{ sunbird_public_storage_account_name }}.blob.core.windows.net" -sunbird_offline_azure_storage_account_url: "{{ sunbird_public_storage_account_name }}.blob.core.windows.net/{{ offline_installer_container_name }}" proxy_cache_path: large_cache: From 52539a42dc62fc8baf76f7d9054b5153402b4f60 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 14:57:28 +0530 Subject: [PATCH 117/434] fix: updated desktop_app_storage_url var reference Signed-off-by: Keshav Prasad --- ansible/roles/stack-sunbird/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index 97ffbc1584..8b600f04a1 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -82,7 +82,7 @@ sunbird_telemetry_dispatchers: kafka content_service_whitelisted_channels: content_service_blacklisted_channels: sunbird_env_logo_url: -desktop_app_storage_url: "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{offline_installer_container_name}}" +desktop_app_storage_url: "{{ sunbird_offline_azure_storage_account_url }}" telemetry_logstash_heap_size: 512m telemetry_logstash_replicas: 1 From c40dc026dbc5c4e7cbc89e141452cf7d53d6707a Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 15:03:13 +0530 Subject: [PATCH 118/434] fix: generalized h5p_library_path var Signed-off-by: Keshav Prasad --- ansible/inventory/env/group_vars/all.yml | 3 +++ .../stack-sunbird/templates/content-service_application.conf | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index f73d598ce2..f1ed8628f2 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -569,3 +569,6 @@ dial_plugin_container_name: "sunbird-dial-{{env}}" # SB-31155 - Adding a generialzed variable which can be used for any CSP dial_plugin_storage: "{{ dial_plugin_container_name }}" dial_service_schema_base_path: "{{ cloud_storage_url }}/{{ dial_plugin_storage }}/jsonld-schema/local" + +# SB-31155 - Moved to the installation public container for now (same place where keycloaka and java artifacts are stored) +h5p_library_path: "https://sunbirdpublic.blob.core.windows.net/installation/h5p-standalone-1.3.4.zip" \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/content-service_application.conf b/ansible/roles/stack-sunbird/templates/content-service_application.conf index d33dbecf6f..3fa9ba9a99 100644 --- a/ansible/roles/stack-sunbird/templates/content-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/content-service_application.conf @@ -382,7 +382,7 @@ content { } h5p { library { - path: "{{ h5p_library_path | default('https://sunbirddev.blob.core.windows.net/sunbird-content-dev/h5p-standalone-1.3.4.zip') }}" + path: "{{ h5p_library_path }}" } } copy { From f6fa71b055c503c3b1a3792ce23d1727afa73790 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 15:14:37 +0530 Subject: [PATCH 119/434] fix: updated player.env to use generalized var Signed-off-by: Keshav Prasad --- ansible/roles/stack-sunbird/templates/sunbird_player.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_player.env b/ansible/roles/stack-sunbird/templates/sunbird_player.env index 0d1c34f45b..2afd3af54c 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_player.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_player.env @@ -162,7 +162,7 @@ sunbird_base_proto={{sunbird_base_proto | default(proto)}} ml_survey_url={{ml_survey_url|default(proto+'://' +domain_name) }} #Release-4.1.0 -sunbird_azure_storage_account_name=https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/ +sunbird_azure_storage_account_name={{ cloud_storage_url }}/ #Release-4.1.0 sunbird_google_oauth_ios_clientId={{sunbird_google_oauth_ios_clientId | default("")}} From cdb0b41cac68f4a370017150ed8cbe8f4a479007 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 15:18:21 +0530 Subject: [PATCH 120/434] fix: generalized discussion_upstream_url Signed-off-by: Keshav Prasad --- kubernetes/ansible/roles/helm-deploy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/ansible/roles/helm-deploy/defaults/main.yml b/kubernetes/ansible/roles/helm-deploy/defaults/main.yml index 2e19f88194..6c5c925747 100644 --- a/kubernetes/ansible/roles/helm-deploy/defaults/main.yml +++ b/kubernetes/ansible/roles/helm-deploy/defaults/main.yml @@ -32,7 +32,7 @@ registry_url: "{{proto}}://{{proxy_server_name}}/registry" ep_es_host: proxy_custom_config: -discussion_upstream_url: "{{ sunbird_public_storage_account_name }}.blob.core.windows.net" +discussion_upstream_url: "{{ cloud_storage_url }}" proxy_cache_path: large_cache: From f409d6f1eba6f7ca1ef034749aa12c85220b34f7 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 15:23:53 +0530 Subject: [PATCH 121/434] fix: generalizing CACHE_CONTEXT_URLS Signed-off-by: Keshav Prasad --- kubernetes/helm_charts/sunbird-RC/certificatesign/values.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/helm_charts/sunbird-RC/certificatesign/values.j2 b/kubernetes/helm_charts/sunbird-RC/certificatesign/values.j2 index 9895ebf05c..62c9114a76 100644 --- a/kubernetes/helm_charts/sunbird-RC/certificatesign/values.j2 +++ b/kubernetes/helm_charts/sunbird-RC/certificatesign/values.j2 @@ -35,4 +35,4 @@ certificatesignenv: CERTIFICATE_PRIVATE_KEY: |- {{ CERTIFICATE_PRIVATE_KEY | default("''") | indent(width=4) }} SIGNING_KEY_TYPE: "{{ SIGNING_KEY_TYPE|default('RSA')}}" - CACHE_CONTEXT_URLS: "{{ cache_context_urls | default('https://' + sunbird_public_storage_account_name + '.blob.core.windows.net/' + sunbird_content_azure_storage_container + '/schema/v1_context.json,https://' + sunbird_public_storage_account_name + '.blob.core.windows.net/' + sunbird_content_azure_storage_container + '/schema/sunbird_context.json,https://' + sunbird_public_storage_account_name + '.blob.core.windows.net/' + sunbird_content_azure_storage_container + '/schema/credential_template.json')}}" \ No newline at end of file + CACHE_CONTEXT_URLS: "{{ cache_context_urls | default(upstream_url + '/schema/v1_context.json,upstream_url + '/schema/sunbird_context.json,upstream_url + '/schema/credential_template.json')}}" \ No newline at end of file From ebaa1771e20bdcde6b879355c9d70a47a24ef198 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 15:25:28 +0530 Subject: [PATCH 122/434] fix: generalizing credentialTemplate param Signed-off-by: Keshav Prasad --- .../sunbird-RC/registry/schemas/ProjectCertificate.json | 2 +- .../sunbird-RC/registry/schemas/TrainingCertificate.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json b/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json index 98f3bb91e9..0035464abb 100644 --- a/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json +++ b/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json @@ -70,6 +70,6 @@ ], "systemFields": ["osCreatedAt", "osUpdatedAt", "osCreatedBy", "osUpdatedBy"], "enableLogin": false, - "credentialTemplate": "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/project_credential_template.json" + "credentialTemplate": "{{ upstream_url }}/schema/project_credential_template.json" } } \ No newline at end of file diff --git a/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json b/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json index 2906929f2d..5187b08e81 100644 --- a/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json +++ b/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json @@ -69,6 +69,6 @@ ], "systemFields": ["osCreatedAt", "osUpdatedAt", "osCreatedBy", "osUpdatedBy"], "enableLogin": false, - "credentialTemplate": "https://{{upstream_url}}/schema/credential_template.json" + "credentialTemplate": "https://{{ upstream_url }}/schema/credential_template.json" } } From 68111485f45ae603223a68f2c07f655a97dcdf1a Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 15:34:32 +0530 Subject: [PATCH 123/434] fix: generalizing kp_schema_base_path and updating reference to upstream_url Signed-off-by: Keshav Prasad --- ansible/inventory/env/group_vars/all.yml | 2 -- .../ansible/inventory/dev/Core/common.yml | 4 ++-- .../inventory/dev/KnowledgePlatform/common.yml | 17 +++++++++++++++-- .../sunbird-RC/schema/credential_template.json | 4 ++-- 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index f1ed8628f2..238ab4dd65 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -36,8 +36,6 @@ sunbird_keycloak_required_action_link_expiration_seconds: 2592000 sunbird_es_port: 9300 mail_server_port: 587 -# SB-31155 -#upstream_url: "{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}" # Learner sunbird_user_profile_field_default_visibility: private diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index 811677d8c1..594a415e25 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -130,11 +130,11 @@ content_storage: "{{ sunbird_content_azure_storage_container }}" # Azure account related vars sunbird_azure_public_storage_account_name: "{{ sunbird_public_storage_account_name }}" -plugin_upstream_url: "{{upstream_url}}" +plugin_upstream_url: "{{ upstream_url }}" azure_plugin_storage_account_name: "{{sunbird_azure_public_storage_account_name}}" azure_plugin_storage_account_key: "{{sunbird_public_storage_account_key}}" plugin_container_name: "{{sunbird_content_azure_storage_container}}" -kp_schema_base_path: "{{proto}}://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{plugin_container_name}}/schemas/local" +kp_schema_base_path: "{{ upstream_url }}/schemas/local" keycloak_api_management_user_email: "admin@sunbird.org" sunbird_installation_email: "admin@sunbird.org" diff --git a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml index 7f21987f82..94df144c58 100644 --- a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml +++ b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml @@ -29,8 +29,21 @@ neo4j_enterprise: false # Set this to true if you use # Sensible defaults which you need not change - But if you would like to change, you are free to do so ekstep_domain_name: "{{ proto }}://{{ domain_name }}" artifacts_container: artifacts -plugin_container_name: "{{azure_public_container}}" -kp_schema_base_path: "{{proto}}://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{plugin_container_name}}/schemas/local" + +# Uncomment the variable based on your cloud provider (as a default we have kept Azure variable uncommented) +# GCP +# cloud_storage_url: https://storage.cloud.google.com/{{ gcloud_public_bucket_name }} +# AWS +# cloud_storage_url: # Geetha to fill this url based on AWS role vars +# Azure +cloud_storage_url: "https://{{ sunbird_public_storage_account_name }}.blob.core.windows.net" + +plugin_container_name: "{{ azure_public_container }}" + +# Generic variable for any cloud provider +plugin_storage: "{{ plugin_container_name }}" + +kp_schema_base_path: "{{ cloud_storage_url }}/{{ plugin_storage }}/schemas/local" imagepullsecrets: "{{env}}registrysecret" # kubernetes imagePullSecrets kubeconfig_path: /var/lib/jenkins/secrets/k8s.yaml # kubeconfig file path on jenkins diff --git a/utils/sunbird-RC/schema/credential_template.json b/utils/sunbird-RC/schema/credential_template.json index 8f467986cc..f96a3c0528 100644 --- a/utils/sunbird-RC/schema/credential_template.json +++ b/utils/sunbird-RC/schema/credential_template.json @@ -1,7 +1,7 @@ { "@context": [ - "https://{{upstream_url}}/schema/v1_context.json", - "https://{{upstream_url}}/schema/sunbird_context.json" + "https://{{ upstream_url }}/schema/v1_context.json", + "https://{{ upstream_url }}/schema/sunbird_context.json" ], "type": [ "VerifiableCredential" From 511382e55312e0cb7c87977f81873524c2d3e87e Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 15:36:45 +0530 Subject: [PATCH 124/434] fix: updated references of templates to upstream_url Signed-off-by: Keshav Prasad --- utils/sunbird-RC/schema/project_credential_template.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/sunbird-RC/schema/project_credential_template.json b/utils/sunbird-RC/schema/project_credential_template.json index d9a520d5da..6041f69d41 100644 --- a/utils/sunbird-RC/schema/project_credential_template.json +++ b/utils/sunbird-RC/schema/project_credential_template.json @@ -1,8 +1,8 @@ { "@context": [ "https://www.w3.org/2018/credentials/v1", - "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/project_v1_context.json", - "https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/schema/project_sunbird_context.json" + "{{ upstream_url }}/schema/project_v1_context.json", + "{{ upstream_url }}/schema/project_sunbird_context.json" ], "type": [ "VerifiableCredential" From dec5289aed91445edddde3a235b29b2e8d0a9410 Mon Sep 17 00:00:00 2001 From: Surabhi Date: Mon, 14 Nov 2022 16:04:05 +0530 Subject: [PATCH 125/434] sunbird cdn configuration --- ansible/roles/stack-sunbird/templates/inbound.env | 13 ++++++++++--- .../roles/stack-sunbird/templates/transformer.env | 14 +++++++++++--- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/inbound.env b/ansible/roles/stack-sunbird/templates/inbound.env index c8ed1a5157..c9bc2033a8 100644 --- a/ansible/roles/stack-sunbird/templates/inbound.env +++ b/ansible/roles/stack-sunbird/templates/inbound.env @@ -55,12 +55,19 @@ REDIS_DB_INDEX={{redis_db_index_uci | default('7')}} #Azure Config AZURE_BLOB_STORE_CONTAINER={{sunbird_azure_uci_container_name | default('uci-' + env )}} -AZURE_BLOB_STORE_ACCOUNT_KEY={{sunbird_private_storage_account_name}} -AZURE_BLOB_STORE_ACCOUNT_NAME={{sunbird_private_storage_account_key}} -SELECTED_FILE_CDN=azure +AZURE_BLOB_STORE_ACCOUNT_NAME={{sunbird_private_storage_account_name}} +AZURE_BLOB_STORE_ACCOUNT_KEY={{sunbird_private_storage_account_key}} #Netcore NETCORE_WHATSAPP_AUTH_TOKEN={{uci_netcore_whatsapp_token}} NETCORE_WHATSAPP_SOURCE={{uci_netcore_whatsapp_source}} NETCORE_WHATSAPP_URI={{uci_netcore_whatsapp_uri | default('https://waapi.pepipost.com/api/v2/')}} +#Sunbird CDN Configuration +SUNBIRD_CLOUD_MEDIA_STORAGE_TYPE=azure +SUNBIRD_CLOUD_MEDIA_STORAGE_KEY={{sunbird_private_storage_account_name}} +SUNBIRD_CLOUD_MEDIA_STORAGE_SECRET={{sunbird_private_storage_account_key}} +SUNBIRD_CLOUD_MEDIA_STORAGE_CONTAINER={{sunbird_azure_uci_container_name | default('uci-' + env )}} + +#Selected CDN Configuration +SELECTED_FILE_CDN=sunbird diff --git a/ansible/roles/stack-sunbird/templates/transformer.env b/ansible/roles/stack-sunbird/templates/transformer.env index fd2e6d00aa..f5c2f7b3a5 100644 --- a/ansible/roles/stack-sunbird/templates/transformer.env +++ b/ansible/roles/stack-sunbird/templates/transformer.env @@ -72,6 +72,14 @@ POSTHOG_EVENT_ENABLED=FALSE #Azure Config AZURE_BLOB_STORE_CONTAINER={{sunbird_azure_uci_container_name | default('uci-' + env )}} -AZURE_BLOB_STORE_ACCOUNT_KEY={{sunbird_private_storage_account_name}} -AZURE_BLOB_STORE_ACCOUNT_NAME={{sunbird_private_storage_account_key}} -SELECTED_FILE_CDN=azure \ No newline at end of file +AZURE_BLOB_STORE_ACCOUNT_NAME={{sunbird_private_storage_account_name}} +AZURE_BLOB_STORE_ACCOUNT_KEY={{sunbird_private_storage_account_key}} + +#Sunbird CDN Configuration +SUNBIRD_CLOUD_MEDIA_STORAGE_TYPE=azure +SUNBIRD_CLOUD_MEDIA_STORAGE_KEY={{sunbird_private_storage_account_name}} +SUNBIRD_CLOUD_MEDIA_STORAGE_SECRET={{sunbird_private_storage_account_key}} +SUNBIRD_CLOUD_MEDIA_STORAGE_CONTAINER={{sunbird_azure_uci_container_name | default('uci-' + env )}} + +#Selected CDN Configuration +SELECTED_FILE_CDN=sunbird \ No newline at end of file From 0dbae8510053debc98081a5a0e4c8a34848b028f Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 16:13:25 +0530 Subject: [PATCH 126/434] fix: remove unnessary vars Signed-off-by: Keshav Prasad --- ansible/inventory/env/group_vars/all.yml | 8 -------- .../stack-sunbird/templates/sunbird_learner-service.env | 1 - .../roles/stack-sunbird/templates/sunbird_lms-service.env | 1 - private_repo/ansible/inventory/dev/Core/common.yml | 2 +- 4 files changed, 1 insertion(+), 11 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 238ab4dd65..9fe037507c 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -408,8 +408,6 @@ sunbird_health_check_enable: 'true' ## Release 1.15 ## sunbird_keycloak_user_federation_provider_id: "{{core_vault_sunbird_keycloak_user_federation_provider_id}}" -# Learner-service -sunbird_course_metrics_base_url: https://{{sunbird_private_storage_account_name}}.blob.core.windows.net/ sunbird_gzip_size_threshold: 262144 prometheus_mount_point: "/root/dockerdata/prometheus/data/" @@ -503,9 +501,6 @@ content_import_remove_props: '["downloadUrl","variants","previewUrl","streamingU #Sunbird-Portal release-2.6.5 # sunbird_portal_updateLoginTimeEnabled: false -# Desktop app vars -#sunbird_offline_azure_storage_account: "" #added this var for adopter usecase - # SB-31155 - This should be deprecated in future in favour of offline_installer_storage offline_installer_container_name: "{{env}}-offlineinstaller" @@ -515,9 +510,6 @@ offline_installer_storage: "{{ offline_installer_container_name }}" # SB-31155 - Removed multiple declarations and moved here sunbird_offline_azure_storage_account_url: "{{ cloud_storage_url }}/{{ offline_installer_storage }}" -# SB-31155 -#cloud_storage_url: "{{ sunbird_public_storage_account_name }}.blob.core.windows.net" - # Search-service search_index_host: "{{ groups['composite-search-cluster']|join(':9200,')}}:9200" compositesearch_index_name: "compositesearch" diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index 79d0bfe1e3..3b6a3f122e 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -86,7 +86,6 @@ sunbird_time_zone={{sunbird_time_zone}} sunbird_health_check_enable={{sunbird_health_check_enable}} sunbird_keycloak_user_federation_provider_id={{core_vault_sunbird_keycloak_user_federation_provider_id}} sunbird_gzip_enable={{sunbird_gzip_enable}} -sunbird_course_metrics_base_url={{sunbird_course_metrics_base_url}} sunbird_gzip_size_threshold={{sunbird_gzip_size_threshold | default(262144)}} sunbird_analytics_blob_account_name={{sunbird_private_storage_account_name}} sunbird_analytics_blob_account_key={{sunbird_private_storage_account_key}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 6b790eb735..1b3fdba3ca 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -87,7 +87,6 @@ sunbird_time_zone={{sunbird_time_zone}} sunbird_health_check_enable={{sunbird_health_check_enable}} sunbird_keycloak_user_federation_provider_id={{core_vault_sunbird_keycloak_user_federation_provider_id}} sunbird_gzip_enable={{sunbird_gzip_enable}} -sunbird_course_metrics_base_url={{sunbird_course_metrics_base_url}} sunbird_gzip_size_threshold={{sunbird_gzip_size_threshold | default(262144)}} sunbird_analytics_blob_account_name={{sunbird_private_storage_account_name}} sunbird_analytics_blob_account_key={{sunbird_private_storage_account_key}} diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index 594a415e25..b73c466a45 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -125,7 +125,7 @@ postgres: db_admin_password: "{{core_vault_postgres_password}}" # Generic variable for any cloud provider -upstream_url: "{{ cloud_storage_url }}/{{ content_storage }}" # Proxy url to get /assets/public +upstream_url: "{{ cloud_storage_url }}/{{ content_storage }}" content_storage: "{{ sunbird_content_azure_storage_container }}" # Azure account related vars From 52004154e58728c131ff6dcfa8e85693df037ec8 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 16:20:22 +0530 Subject: [PATCH 127/434] fix: reordered comments Signed-off-by: Keshav Prasad --- private_repo/ansible/inventory/dev/Core/common.yml | 7 +++++-- .../ansible/inventory/dev/KnowledgePlatform/common.yml | 3 ++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index b73c466a45..781d798112 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -77,8 +77,13 @@ proto: https # http or https, preferably https sunbird_default_channel: sunbird # default sunbird channel name environment_id: "10000003" # A 8 digit number for example like 1000000, should be same as defined in KP common.yml +# SB-31155 - This should be deprecated in future in favour of content_storage sunbird_content_azure_storage_container: contents # Azure container name for storing public data (like contents), should be same as azure_public_container defined in KP common.yml +# SB-31155 - Adding a generialzed variable which can be used for any CSP +content_storage: "{{ sunbird_content_azure_storage_container }}" + + # This sms sender id should be verified by your provider. This is the sender id which will be used for `From Address`. For example, # # From: SBSMS @@ -124,9 +129,7 @@ postgres: db_admin_user: postgres db_admin_password: "{{core_vault_postgres_password}}" -# Generic variable for any cloud provider upstream_url: "{{ cloud_storage_url }}/{{ content_storage }}" -content_storage: "{{ sunbird_content_azure_storage_container }}" # Azure account related vars sunbird_azure_public_storage_account_name: "{{ sunbird_public_storage_account_name }}" diff --git a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml index 94df144c58..e4fdbf2b14 100644 --- a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml +++ b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml @@ -38,9 +38,10 @@ artifacts_container: artifacts # Azure cloud_storage_url: "https://{{ sunbird_public_storage_account_name }}.blob.core.windows.net" +# SB-31155 - This should be deprecated in future in favour of plugin_storage plugin_container_name: "{{ azure_public_container }}" -# Generic variable for any cloud provider +# SB-31155 - Adding a generialzed variable which can be used for any CSP plugin_storage: "{{ plugin_container_name }}" kp_schema_base_path: "{{ cloud_storage_url }}/{{ plugin_storage }}/schemas/local" From d94747a96b9b173b03c216fa351543c0952b7302 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 16:26:07 +0530 Subject: [PATCH 128/434] fix: typo fix Signed-off-by: Keshav Prasad --- ansible/inventory/env/group_vars/all.yml | 4 ++-- ansible/roles/ml-analytics-service/defaults/main.yml | 2 +- private_repo/ansible/inventory/dev/Core/common.yml | 2 +- .../ansible/inventory/dev/KnowledgePlatform/common.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 9fe037507c..9e268e1168 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -504,7 +504,7 @@ sunbird_portal_updateLoginTimeEnabled: false # SB-31155 - This should be deprecated in future in favour of offline_installer_storage offline_installer_container_name: "{{env}}-offlineinstaller" -# SB-31155 - Adding a generialzed variable which can be used for any CSP +# SB-31155 - Adding a generalized variable which can be used for any CSP offline_installer_storage: "{{ offline_installer_container_name }}" # SB-31155 - Removed multiple declarations and moved here @@ -556,7 +556,7 @@ sunbird_trampoline_desktop_keycloak_client_id: trampoline-desktop # SB-31155 - This should be deprecated in future in favour of dial_plugin_storage dial_plugin_container_name: "sunbird-dial-{{env}}" -# SB-31155 - Adding a generialzed variable which can be used for any CSP +# SB-31155 - Adding a generalized variable which can be used for any CSP dial_plugin_storage: "{{ dial_plugin_container_name }}" dial_service_schema_base_path: "{{ cloud_storage_url }}/{{ dial_plugin_storage }}/jsonld-schema/local" diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index b3ede22f5d..fd5e62c5f4 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -15,7 +15,7 @@ ml_analytics_survey_service: "http://{{private_ingressgateway_ip}}/ml-survey" # This should be deprecated in future in favour of ml_analytics_public_storage ml_analytics_public_container: "{{ ml_analytics_container | default('samiksha') }}" -# SB-31155 - Adding a generialzed variable which can be used for any CSP +# SB-31155 - Adding a generalized variable which can be used for any CSP ml_analytics_public_storage: "{{ ml_analytics_public_container }}" ml_analytics_evidence_base_url: "{{ cloud_storage_url }}/{{ ml_analytics_public_storage }}/" ml_analytics_mongodb_url: "{{ml_mongodb_host | default(groups['mongo_master'][0]+':27017')}}" diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index 781d798112..831a444922 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -80,7 +80,7 @@ environment_id: "10000003" # A 8 digit number fo # SB-31155 - This should be deprecated in future in favour of content_storage sunbird_content_azure_storage_container: contents # Azure container name for storing public data (like contents), should be same as azure_public_container defined in KP common.yml -# SB-31155 - Adding a generialzed variable which can be used for any CSP +# SB-31155 - Adding a generalized variable which can be used for any CSP content_storage: "{{ sunbird_content_azure_storage_container }}" diff --git a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml index e4fdbf2b14..831eaf7c4a 100644 --- a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml +++ b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml @@ -41,7 +41,7 @@ cloud_storage_url: "https://{{ sunbird_public_storage_account_name }}.blob.core. # SB-31155 - This should be deprecated in future in favour of plugin_storage plugin_container_name: "{{ azure_public_container }}" -# SB-31155 - Adding a generialzed variable which can be used for any CSP +# SB-31155 - Adding a generalized variable which can be used for any CSP plugin_storage: "{{ plugin_container_name }}" kp_schema_base_path: "{{ cloud_storage_url }}/{{ plugin_storage }}/schemas/local" From 0a7856c7144da6b2f763e79717ac36ff46b7b686 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 16:35:00 +0530 Subject: [PATCH 129/434] fix: remove duplicate vars Signed-off-by: Keshav Prasad --- ansible/inventory/env/group_vars/all.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 9e268e1168..c479f6693b 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -85,7 +85,6 @@ keycloak_postgres_host: "{{groups['postgres'][0]}}" #Private IP of Postgres ser kong_postgres_host: "{{groups['postgres'][0]}}" #Private IP of Postgres server uci_postgres_host: "{{groups['postgres'][0]}}" #Private IP of Postgres server sunbird_cassandra_host: "{{groups['cassandra']|join(',')}}" #Private IP of Cassandra server -sunbird_es_host: "{{groups['es']| join(',')}}" ## Application server configurations sunbird_analytics_api_base_url: "http://analytics-service.{{namespace}}.svc.cluster.local:9000" @@ -339,13 +338,11 @@ kong__test_jwt: "{{ core_vault_sunbird_api_auth_token }}" ####### App ES ######## app_es_etc_cluster_name: "{{env}}" app_es_etc_discovery_zen_minimum_master_nodes: "{{groups['es']| length | int}}" -app_es_snapshot_host: "{{ groups['es'][0] }}" app_es_restore_host: "{{ groups['es'][0] }}" app_es_snapshot_base_path: application #######Log Es log_es_etc_cluster_name: "{{env}}-log" -log_es_snapshot_host: "{{ groups['log-es'][0] }}" log_es_restore_host: "{{ groups['log-es'][0] }}" log_es_host: "{{ groups['log-es'][0] }}" From 4867b294f19eae2df99bfb33a8541e74f2ce6926 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 14 Nov 2022 18:13:25 +0530 Subject: [PATCH 130/434] fix: moving few vars to default Signed-off-by: Keshav Prasad --- ansible/inventory/env/group_vars/all.yml | 7 ++++++- private_repo/ansible/inventory/dev/Core/common.yml | 8 +------- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index c479f6693b..1aaa166d5c 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -557,5 +557,10 @@ dial_plugin_container_name: "sunbird-dial-{{env}}" dial_plugin_storage: "{{ dial_plugin_container_name }}" dial_service_schema_base_path: "{{ cloud_storage_url }}/{{ dial_plugin_storage }}/jsonld-schema/local" +# SB-31155 - Moving few vars from private repo template to here +content_storage: "{{ sunbird_content_azure_storage_container }}" +upstream_url: "{{ cloud_storage_url }}/{{ content_storage }}" +plugin_upstream_url: "{{ upstream_url }}" +kp_schema_base_path: "{{ upstream_url }}/schemas/local" # SB-31155 - Moved to the installation public container for now (same place where keycloaka and java artifacts are stored) -h5p_library_path: "https://sunbirdpublic.blob.core.windows.net/installation/h5p-standalone-1.3.4.zip" \ No newline at end of file +h5p_library_path: "https://sunbirdpublic.blob.core.windows.net/installation/h5p-standalone-1.3.4.zip" diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index 831a444922..286c957102 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -77,12 +77,9 @@ proto: https # http or https, preferably https sunbird_default_channel: sunbird # default sunbird channel name environment_id: "10000003" # A 8 digit number for example like 1000000, should be same as defined in KP common.yml -# SB-31155 - This should be deprecated in future in favour of content_storage +# SB-31155 - This should be deprecated in future in favour of content_storage defined in all.yml sunbird_content_azure_storage_container: contents # Azure container name for storing public data (like contents), should be same as azure_public_container defined in KP common.yml -# SB-31155 - Adding a generalized variable which can be used for any CSP -content_storage: "{{ sunbird_content_azure_storage_container }}" - # This sms sender id should be verified by your provider. This is the sender id which will be used for `From Address`. For example, # @@ -129,15 +126,12 @@ postgres: db_admin_user: postgres db_admin_password: "{{core_vault_postgres_password}}" -upstream_url: "{{ cloud_storage_url }}/{{ content_storage }}" # Azure account related vars sunbird_azure_public_storage_account_name: "{{ sunbird_public_storage_account_name }}" -plugin_upstream_url: "{{ upstream_url }}" azure_plugin_storage_account_name: "{{sunbird_azure_public_storage_account_name}}" azure_plugin_storage_account_key: "{{sunbird_public_storage_account_key}}" plugin_container_name: "{{sunbird_content_azure_storage_container}}" -kp_schema_base_path: "{{ upstream_url }}/schemas/local" keycloak_api_management_user_email: "admin@sunbird.org" sunbird_installation_email: "admin@sunbird.org" From 996c091b92d728a2926b9147767ee103d87296b4 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Tue, 15 Nov 2022 16:45:27 +0530 Subject: [PATCH 131/434] fix: moved var to all.yml of LP repo Signed-off-by: Keshav Prasad --- .../ansible/inventory/dev/KnowledgePlatform/common.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml index 831eaf7c4a..b905d7b359 100644 --- a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml +++ b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml @@ -41,9 +41,6 @@ cloud_storage_url: "https://{{ sunbird_public_storage_account_name }}.blob.core. # SB-31155 - This should be deprecated in future in favour of plugin_storage plugin_container_name: "{{ azure_public_container }}" -# SB-31155 - Adding a generalized variable which can be used for any CSP -plugin_storage: "{{ plugin_container_name }}" - kp_schema_base_path: "{{ cloud_storage_url }}/{{ plugin_storage }}/schemas/local" imagepullsecrets: "{{env}}registrysecret" # kubernetes imagePullSecrets kubeconfig_path: /var/lib/jenkins/secrets/k8s.yaml # kubeconfig file path on jenkins From f55ab75992bea5ca7ab7b9c15854103f307df1f5 Mon Sep 17 00:00:00 2001 From: Ashwiniev95 Date: Wed, 16 Nov 2022 11:30:18 +0530 Subject: [PATCH 132/434] Add few new variables --- ansible/roles/ml-analytics-service/defaults/main.yml | 5 +++++ ansible/roles/ml-analytics-service/templates/config.j2 | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 5c5d87dace..f95a395b7d 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -99,3 +99,8 @@ ml_analytics_druid_observation_batch_ingestion_spec: '{"type":"index","spec":{"i ml_analytics_observation_batchupdate_azure_blob_path: "observation/batchDeletion" ml_analytics_observation_submission_id_filepath: "{{ WORKDIR }}/ml-analytics-service/observations/submissions.csv" ml_analytics_observation_batchupdate_output_dir: "{{ WORKDIR }}/source/observations/" +ml_analytics_druid_survey_query_spec : '{"queryType":"scan","dataSource":"sl-survey","resultFormat":"list","columns":["completedDate","createdAt","createdBy","criteriaExternalId","criteriaId","criteriaName","surveyId","surveyName","surveySubmissionId","questionAnswer","questionECM","questionExternalId","questionId","questionName","questionResponseLabel","questionResponseType","solutionExternalId","solutionId","solutionName","updatedAt","instanceParentId","instanceId","instanceParentResponsetype","instanceParentQuestion","questionSequenceByEcm","maxScore","minScore","percentageScore","pointsBasedScoreInParent","totalScore","scoreAchieved","totalpercentage","instanceParentExternalId","instanceParentEcmSequence","remarks","total_evidences","evidence_count","instanceParentCriteriaId","instanceParentCriteriaExternalId","instanceParentCriteriaName","isAPrivateProgram","programId","programName","programExternalId","questionResponseLabel_number","channel","parent_channel","appName","organisation_name","user_subtype","user_type","board_name","district_code","district_name","district_externalId","block_code","block_name","block_externalId","school_code","school_name","school_externalId","cluster_code","cluster_name","cluster_externalId","state_code","state_name","state_externalId","organisation_id","evidences"],"intervals":["1901-01-01T00:00:00+00:00/2101-01-01T00:00:00+00:00"]}' +survey_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris": ["azure://telemetry-data-store/survey/batchDeletion/druidData.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-survey","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"completedDate","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"completedDate"},{"type":"string","name":"createdAt"},{"type":"string","name":"createdBy"},{"type":"string","name":"criteriaExternalId"},{"type":"string","name":"criteriaId"},{"type":"string","name":"criteriaName"},{"type":"string","name":"surveyId"},{"type":"string","name":"surveyName"},{"type":"string","name":"surveySubmissionId"},{"type":"string","name":"questionAnswer"},{"type":"string","name":"questionECM"},{"type":"string","name":"questionExternalId"},{"type":"string","name":"questionId"},{"type":"string","name":"questionName"},{"type":"string","name":"questionResponseLabel"},{"type":"string","name":"questionResponseType"},{"type":"string","name":"solutionExternalId"},{"type":"string","name":"solutionId"},{"type":"string","name":"solutionName"},{"type":"string","name":"updatedAt"},{"type":"string","name":"instanceParentId"},{"type":"string","name":"instanceId"},{"type":"string","name":"instanceParentResponsetype"},{"type":"string","name":"instanceParentQuestion"},{"type":"string","name":"questionSequenceByEcm"},{"type":"string","name":"maxScore"},{"type":"string","name":"minScore"},{"type":"string","name":"percentageScore"},{"type":"string","name":"pointsBasedScoreInParent"},{"type":"string","name":"totalScore"},{"type":"string","name":"scoreAchieved"},{"type":"string","name":"totalpercentage"},{"type":"string","name":"instanceParentExternalId"},{"type":"string","name":"instanceParentEcmSequence"},{"type":"string","name":"remarks"},{"type":"string","name":"total_evidences"},{"type":"string","name":"evidence_count"},{"type":"string","name":"evidences"},{"type":"string","name":"instanceParentCriteriaId"},{"type":"string","name":"instanceParentCriteriaExternalId"},{"type":"string","name":"instanceParentCriteriaName"},{"type":"string","name":"isAPrivateProgram"},{"type":"string","name":"programId"},{"type":"string","name":"programName"},{"type":"string","name":"programExternalId"},{"name":"questionResponseLabel_number","type":"float"},{"type":"string","name":"channel"},{"type":"string","name":"parent_channel"},{"type":"string","name":"appName"},{"type":"string","name":"organisation_name"},{"type":"string","name":"user_subtype"},{"type":"string","name":"user_type"},{"type":"string","name":"board_name"},{"type":"string","name":"district_code"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_code"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"school_code"},{"type":"string","name":"school_name"},{"type":"string","name":"school_externalId"},{"type":"string","name":"cluster_code"},{"type":"string","name":"cluster_name"},{"type":"string","name":"cluster_externalId"},{"type":"string","name":"state_code"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"organisation_id"},{"type":"string","name":"isSubmissionDeleted"}]},"metricsSpec":[{"type":"floatSum","name":"question_response_number","fieldName":"questionResponseLabel_number"}]}}}' +ml_analytics_survey_batchupdate_azure_blob_path : "survey/batchDeletion" +ml_analytics_survey_submission_id_filepath : "{{ WORKDIR }}/ml-analytics-service/survey/submissions.csv" +ml_analytics_survey_batchupdate_output_dir : "{{ WORKDIR }}/source/survey/" diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index b4945675d3..cef1739e4e 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -106,6 +106,10 @@ observation_query_spec = {{ ml_analytics_druid_observation_query_spec }} observation_injestion_spec = {{ml_analytics_druid_observation_batch_ingestion_spec}} +survey_query_spec = {{ml_analytics_druid_survey_query_spec}} + +survey_injestion_spec = {{ml_analytics_druid_survey_batch_ingestion_spec}} + [KAFKA] url = {{ ml_analytics_kafka_url }} @@ -188,6 +192,8 @@ projects_program_csv = {{ ml_analytics_program_dashboard_azure_blob_path }} observation_batch_ingestion_data_del = {{ ml_analytics_observation_batchupdate_azure_blob_path }} +survey_batch_ingestion_data_del = {{ml_analytics_survey_batchupdate_azure_blob_path}} + [REDIS] host = {{ ml_analytics_redis_host }} @@ -224,6 +230,10 @@ observation_sub_ids = {{ ml_analytics_observation_submission_id_filepath }} observation_druid_data = {{ ml_analytics_observation_batchupdate_output_dir }} +survey_sub_ids = {{ml_analytics_survey_submission_id_filepath}} + +survey_druid_data = {{ml_analytics_survey_batchupdate_output_dir}} + [CLOUD_STORAGE] service_name = {{ ml_analytics_AWS_service_name }} From e4628c7947ba160d429e9e3c893fd63c16d7cc92 Mon Sep 17 00:00:00 2001 From: Ashwiniev95 Date: Wed, 16 Nov 2022 11:33:51 +0530 Subject: [PATCH 133/434] Update key --- ansible/roles/ml-analytics-service/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index f95a395b7d..6bcb9616e9 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -100,7 +100,7 @@ ml_analytics_observation_batchupdate_azure_blob_path: "observation/batchDeletion ml_analytics_observation_submission_id_filepath: "{{ WORKDIR }}/ml-analytics-service/observations/submissions.csv" ml_analytics_observation_batchupdate_output_dir: "{{ WORKDIR }}/source/observations/" ml_analytics_druid_survey_query_spec : '{"queryType":"scan","dataSource":"sl-survey","resultFormat":"list","columns":["completedDate","createdAt","createdBy","criteriaExternalId","criteriaId","criteriaName","surveyId","surveyName","surveySubmissionId","questionAnswer","questionECM","questionExternalId","questionId","questionName","questionResponseLabel","questionResponseType","solutionExternalId","solutionId","solutionName","updatedAt","instanceParentId","instanceId","instanceParentResponsetype","instanceParentQuestion","questionSequenceByEcm","maxScore","minScore","percentageScore","pointsBasedScoreInParent","totalScore","scoreAchieved","totalpercentage","instanceParentExternalId","instanceParentEcmSequence","remarks","total_evidences","evidence_count","instanceParentCriteriaId","instanceParentCriteriaExternalId","instanceParentCriteriaName","isAPrivateProgram","programId","programName","programExternalId","questionResponseLabel_number","channel","parent_channel","appName","organisation_name","user_subtype","user_type","board_name","district_code","district_name","district_externalId","block_code","block_name","block_externalId","school_code","school_name","school_externalId","cluster_code","cluster_name","cluster_externalId","state_code","state_name","state_externalId","organisation_id","evidences"],"intervals":["1901-01-01T00:00:00+00:00/2101-01-01T00:00:00+00:00"]}' -survey_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris": ["azure://telemetry-data-store/survey/batchDeletion/druidData.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-survey","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"completedDate","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"completedDate"},{"type":"string","name":"createdAt"},{"type":"string","name":"createdBy"},{"type":"string","name":"criteriaExternalId"},{"type":"string","name":"criteriaId"},{"type":"string","name":"criteriaName"},{"type":"string","name":"surveyId"},{"type":"string","name":"surveyName"},{"type":"string","name":"surveySubmissionId"},{"type":"string","name":"questionAnswer"},{"type":"string","name":"questionECM"},{"type":"string","name":"questionExternalId"},{"type":"string","name":"questionId"},{"type":"string","name":"questionName"},{"type":"string","name":"questionResponseLabel"},{"type":"string","name":"questionResponseType"},{"type":"string","name":"solutionExternalId"},{"type":"string","name":"solutionId"},{"type":"string","name":"solutionName"},{"type":"string","name":"updatedAt"},{"type":"string","name":"instanceParentId"},{"type":"string","name":"instanceId"},{"type":"string","name":"instanceParentResponsetype"},{"type":"string","name":"instanceParentQuestion"},{"type":"string","name":"questionSequenceByEcm"},{"type":"string","name":"maxScore"},{"type":"string","name":"minScore"},{"type":"string","name":"percentageScore"},{"type":"string","name":"pointsBasedScoreInParent"},{"type":"string","name":"totalScore"},{"type":"string","name":"scoreAchieved"},{"type":"string","name":"totalpercentage"},{"type":"string","name":"instanceParentExternalId"},{"type":"string","name":"instanceParentEcmSequence"},{"type":"string","name":"remarks"},{"type":"string","name":"total_evidences"},{"type":"string","name":"evidence_count"},{"type":"string","name":"evidences"},{"type":"string","name":"instanceParentCriteriaId"},{"type":"string","name":"instanceParentCriteriaExternalId"},{"type":"string","name":"instanceParentCriteriaName"},{"type":"string","name":"isAPrivateProgram"},{"type":"string","name":"programId"},{"type":"string","name":"programName"},{"type":"string","name":"programExternalId"},{"name":"questionResponseLabel_number","type":"float"},{"type":"string","name":"channel"},{"type":"string","name":"parent_channel"},{"type":"string","name":"appName"},{"type":"string","name":"organisation_name"},{"type":"string","name":"user_subtype"},{"type":"string","name":"user_type"},{"type":"string","name":"board_name"},{"type":"string","name":"district_code"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_code"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"school_code"},{"type":"string","name":"school_name"},{"type":"string","name":"school_externalId"},{"type":"string","name":"cluster_code"},{"type":"string","name":"cluster_name"},{"type":"string","name":"cluster_externalId"},{"type":"string","name":"state_code"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"organisation_id"},{"type":"string","name":"isSubmissionDeleted"}]},"metricsSpec":[{"type":"floatSum","name":"question_response_number","fieldName":"questionResponseLabel_number"}]}}}' +ml_analytics_druid_survey_batch_ingestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris": ["azure://telemetry-data-store/survey/batchDeletion/druidData.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-survey","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"completedDate","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"completedDate"},{"type":"string","name":"createdAt"},{"type":"string","name":"createdBy"},{"type":"string","name":"criteriaExternalId"},{"type":"string","name":"criteriaId"},{"type":"string","name":"criteriaName"},{"type":"string","name":"surveyId"},{"type":"string","name":"surveyName"},{"type":"string","name":"surveySubmissionId"},{"type":"string","name":"questionAnswer"},{"type":"string","name":"questionECM"},{"type":"string","name":"questionExternalId"},{"type":"string","name":"questionId"},{"type":"string","name":"questionName"},{"type":"string","name":"questionResponseLabel"},{"type":"string","name":"questionResponseType"},{"type":"string","name":"solutionExternalId"},{"type":"string","name":"solutionId"},{"type":"string","name":"solutionName"},{"type":"string","name":"updatedAt"},{"type":"string","name":"instanceParentId"},{"type":"string","name":"instanceId"},{"type":"string","name":"instanceParentResponsetype"},{"type":"string","name":"instanceParentQuestion"},{"type":"string","name":"questionSequenceByEcm"},{"type":"string","name":"maxScore"},{"type":"string","name":"minScore"},{"type":"string","name":"percentageScore"},{"type":"string","name":"pointsBasedScoreInParent"},{"type":"string","name":"totalScore"},{"type":"string","name":"scoreAchieved"},{"type":"string","name":"totalpercentage"},{"type":"string","name":"instanceParentExternalId"},{"type":"string","name":"instanceParentEcmSequence"},{"type":"string","name":"remarks"},{"type":"string","name":"total_evidences"},{"type":"string","name":"evidence_count"},{"type":"string","name":"evidences"},{"type":"string","name":"instanceParentCriteriaId"},{"type":"string","name":"instanceParentCriteriaExternalId"},{"type":"string","name":"instanceParentCriteriaName"},{"type":"string","name":"isAPrivateProgram"},{"type":"string","name":"programId"},{"type":"string","name":"programName"},{"type":"string","name":"programExternalId"},{"name":"questionResponseLabel_number","type":"float"},{"type":"string","name":"channel"},{"type":"string","name":"parent_channel"},{"type":"string","name":"appName"},{"type":"string","name":"organisation_name"},{"type":"string","name":"user_subtype"},{"type":"string","name":"user_type"},{"type":"string","name":"board_name"},{"type":"string","name":"district_code"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_code"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"school_code"},{"type":"string","name":"school_name"},{"type":"string","name":"school_externalId"},{"type":"string","name":"cluster_code"},{"type":"string","name":"cluster_name"},{"type":"string","name":"cluster_externalId"},{"type":"string","name":"state_code"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"organisation_id"},{"type":"string","name":"isSubmissionDeleted"}]},"metricsSpec":[{"type":"floatSum","name":"question_response_number","fieldName":"questionResponseLabel_number"}]}}}' ml_analytics_survey_batchupdate_azure_blob_path : "survey/batchDeletion" ml_analytics_survey_submission_id_filepath : "{{ WORKDIR }}/ml-analytics-service/survey/submissions.csv" ml_analytics_survey_batchupdate_output_dir : "{{ WORKDIR }}/source/survey/" From f870b051d010ca60e089f0312ad2c57f36a1fc64 Mon Sep 17 00:00:00 2001 From: Surabhi Date: Wed, 16 Nov 2022 13:09:48 +0530 Subject: [PATCH 134/434] removed unused variables --- ansible/roles/stack-sunbird/templates/inbound.env | 5 ----- ansible/roles/stack-sunbird/templates/transformer.env | 5 ----- 2 files changed, 10 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/inbound.env b/ansible/roles/stack-sunbird/templates/inbound.env index c9bc2033a8..331ae1d3fc 100644 --- a/ansible/roles/stack-sunbird/templates/inbound.env +++ b/ansible/roles/stack-sunbird/templates/inbound.env @@ -53,11 +53,6 @@ REDIS_PASS={{sunbird_redis_pass | default('')}} REDIS_PORT={{sunbird_redis_port | default(6379)}} REDIS_DB_INDEX={{redis_db_index_uci | default('7')}} -#Azure Config -AZURE_BLOB_STORE_CONTAINER={{sunbird_azure_uci_container_name | default('uci-' + env )}} -AZURE_BLOB_STORE_ACCOUNT_NAME={{sunbird_private_storage_account_name}} -AZURE_BLOB_STORE_ACCOUNT_KEY={{sunbird_private_storage_account_key}} - #Netcore NETCORE_WHATSAPP_AUTH_TOKEN={{uci_netcore_whatsapp_token}} NETCORE_WHATSAPP_SOURCE={{uci_netcore_whatsapp_source}} diff --git a/ansible/roles/stack-sunbird/templates/transformer.env b/ansible/roles/stack-sunbird/templates/transformer.env index f5c2f7b3a5..b5be5c4451 100644 --- a/ansible/roles/stack-sunbird/templates/transformer.env +++ b/ansible/roles/stack-sunbird/templates/transformer.env @@ -70,11 +70,6 @@ REDIS_DB_INDEX={{redis_db_index_uci | default('7')}} EXHAUST_TELEMETRY_ENABLED=TRUE POSTHOG_EVENT_ENABLED=FALSE -#Azure Config -AZURE_BLOB_STORE_CONTAINER={{sunbird_azure_uci_container_name | default('uci-' + env )}} -AZURE_BLOB_STORE_ACCOUNT_NAME={{sunbird_private_storage_account_name}} -AZURE_BLOB_STORE_ACCOUNT_KEY={{sunbird_private_storage_account_key}} - #Sunbird CDN Configuration SUNBIRD_CLOUD_MEDIA_STORAGE_TYPE=azure SUNBIRD_CLOUD_MEDIA_STORAGE_KEY={{sunbird_private_storage_account_name}} From 3a25d5bde548cb3ad03c9d67c81752a543364b3b Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Wed, 16 Nov 2022 14:03:55 +0530 Subject: [PATCH 135/434] feat: SB-30654 generalizing plugins upload Signed-off-by: Keshav Prasad --- ansible/deploy-plugins.yml | 23 ++++++++++++++++------- pipelines/deploy/CEPlugins/Jenkinsfile | 3 +-- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/ansible/deploy-plugins.yml b/ansible/deploy-plugins.yml index bf876b3f66..b7f233af67 100644 --- a/ansible/deploy-plugins.yml +++ b/ansible/deploy-plugins.yml @@ -72,13 +72,22 @@ - preview - block: - - name: run the az_copy.sh script - shell: "bash {{ az_file_path }} {{ plugin_storage }} {{ source_file }}" - async: 3600 - poll: 10 - environment: - AZURE_STORAGE_ACCOUNT: "{{ azure_public_storage_account_name }}" - AZURE_STORAGE_SAS_TOKEN: "{{ azure_public_storage_account_sas }}" + - name: delete batch of files from azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-delete-batch.yml + vars: + blob_delete_pattern: "content-plugins/{{ item }}" + with_lines: "cat {{ plugin_list_to_delete_and_upload }}" + + - name: upload batch of files to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload-batch.yml + vars: + blob_container_folder_path: "/content-plugins" + local_file_or_folder_path: "{{ source_file }}/{{ item }}" + with_lines: "cat {{ plugin_list_to_delete_and_upload }}" tags: - plugins when: cloud_service_provider == "azure" diff --git a/pipelines/deploy/CEPlugins/Jenkinsfile b/pipelines/deploy/CEPlugins/Jenkinsfile index fea1e80819..1d026ac576 100644 --- a/pipelines/deploy/CEPlugins/Jenkinsfile +++ b/pipelines/deploy/CEPlugins/Jenkinsfile @@ -31,11 +31,10 @@ node() { sh """ unzip ${artifact} unzip content-plugins.zip - chmod a+x content-plugins/az_copy.sh mv content-plugins ansible """ ansiblePlaybook = "${currentWs}/ansible/deploy-plugins.yml" - ansibleExtraArgs = "--tags plugins --extra-vars \" source_file=${currentWs}/ansible/content-plugins az_file_path=${currentWs}/ansible/content-plugins/az_copy.sh\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansibleExtraArgs = "--tags plugins --extra-vars \" source_file=${currentWs}/ansible/content-plugins plugin_list_to_delete_and_upload=${currentWs}/ansible/content-plugins/plugin_list_to_delete_and_upload.txt\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) println values From be05234a5cb2b7165251751460c6de9c1e84a03e Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Wed, 16 Nov 2022 18:55:45 +0530 Subject: [PATCH 136/434] feat: upload plugins using existing roles Signed-off-by: Keshav Prasad --- ansible/deploy-plugins.yml | 12 +++++++----- ansible/roles/azure-cloud-storage/defaults/main.yml | 7 ++++++- .../azure-cloud-storage/tasks/blob-delete-batch.yml | 2 +- .../azure-cloud-storage/tasks/blob-upload-batch.yml | 3 ++- .../azure-cloud-storage/tasks/container-create.yml | 4 ++-- pipelines/deploy/CEPlugins/Jenkinsfile | 2 +- 6 files changed, 19 insertions(+), 11 deletions(-) diff --git a/ansible/deploy-plugins.yml b/ansible/deploy-plugins.yml index b7f233af67..357baef98e 100644 --- a/ansible/deploy-plugins.yml +++ b/ansible/deploy-plugins.yml @@ -30,6 +30,7 @@ storage_account_sas_token: "{{ azure_public_storage_account_sas }}" tags: - always + no_log: True - block: - name: delete files and folders from azure storage using azcopy @@ -77,17 +78,18 @@ name: azure-cloud-storage tasks_from: blob-delete-batch.yml vars: - blob_delete_pattern: "content-plugins/{{ item }}" - with_lines: "cat {{ plugin_list_to_delete_and_upload }}" + blob_delete_pattern: "content-plugins/{{ item }}/*" + with_lines: cat {{ plugin_list_to_delete_and_upload }} - name: upload batch of files to azure storage include_role: name: azure-cloud-storage tasks_from: blob-upload-batch.yml vars: - blob_container_folder_path: "/content-plugins" - local_file_or_folder_path: "{{ source_file }}/{{ item }}" - with_lines: "cat {{ plugin_list_to_delete_and_upload }}" + blob_container_folder_path: "/content-plugins/{{ item }}" + local_file_or_folder_path: "{{ source_folder }}/{{ item }}" + create_container: false + with_lines: cat {{ plugin_list_to_delete_and_upload }} tags: - plugins when: cloud_service_provider == "azure" diff --git a/ansible/roles/azure-cloud-storage/defaults/main.yml b/ansible/roles/azure-cloud-storage/defaults/main.yml index 0e4e45bf95..8f6673d3c9 100644 --- a/ansible/roles/azure-cloud-storage/defaults/main.yml +++ b/ansible/roles/azure-cloud-storage/defaults/main.yml @@ -64,4 +64,9 @@ blob_container_folder_path: "" # This variable affects only new containers and has no affect on a container if it already exists # If the container already exists, the access level will not be changed # You will need to change the access level from Azure portal or using az storage container set-permission command -container_public_access: "" \ No newline at end of file +container_public_access: "" + +# Create the container by default before running the specific azure tasks +# If we would like to skip container creation (in case of a looped execution), you can set this value to false +# in order to skip the task for every iteration +create_container: true \ No newline at end of file diff --git a/ansible/roles/azure-cloud-storage/tasks/blob-delete-batch.yml b/ansible/roles/azure-cloud-storage/tasks/blob-delete-batch.yml index 4e8ad68a2d..e642a6f24f 100644 --- a/ansible/roles/azure-cloud-storage/tasks/blob-delete-batch.yml +++ b/ansible/roles/azure-cloud-storage/tasks/blob-delete-batch.yml @@ -1,5 +1,5 @@ --- -- name: delete files and folders from a blob container recursively +- name: delete files and folders - deleting {{ blob_container_name }}/{{ blob_delete_pattern }} shell: "az storage blob delete-batch --source {{ blob_container_name }} --pattern '{{ blob_delete_pattern }}' --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" async: 3600 poll: 10 \ No newline at end of file diff --git a/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml b/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml index 3043da46cc..8f10576cb5 100644 --- a/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml +++ b/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml @@ -3,8 +3,9 @@ include_role: name: azure-cloud-storage tasks_from: container-create.yml + when: create_container is true -- name: upload files and folders from a local directory to azure storage container +- name: upload files and folders - uploading {{ blob_container_name }}{{ blob_container_folder_path }} shell: "az storage blob upload-batch --destination {{ blob_container_name }}{{ blob_container_folder_path }} --source {{ local_file_or_folder_path }} --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" async: 3600 poll: 10 \ No newline at end of file diff --git a/ansible/roles/azure-cloud-storage/tasks/container-create.yml b/ansible/roles/azure-cloud-storage/tasks/container-create.yml index 419510cc19..847c765a33 100644 --- a/ansible/roles/azure-cloud-storage/tasks/container-create.yml +++ b/ansible/roles/azure-cloud-storage/tasks/container-create.yml @@ -1,8 +1,8 @@ --- -- name: create container in azure storage if it doesn't exist +- name: create container if it doesn't exist shell: "az storage container create --name {{ blob_container_name }} --public-access {{ container_public_access }} --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" when: storage_account_key | length > 0 -- name: create container in azure storage if it doesn't exist +- name: create container if it doesn't exist shell: "az storage container create --name {{ blob_container_name }} --public-access {{ container_public_access }} --account-name {{ storage_account_name }} --sas-token '{{ storage_account_sas_token }}'" when: storage_account_sas_token | length > 0 \ No newline at end of file diff --git a/pipelines/deploy/CEPlugins/Jenkinsfile b/pipelines/deploy/CEPlugins/Jenkinsfile index 1d026ac576..078069bbe0 100644 --- a/pipelines/deploy/CEPlugins/Jenkinsfile +++ b/pipelines/deploy/CEPlugins/Jenkinsfile @@ -34,7 +34,7 @@ node() { mv content-plugins ansible """ ansiblePlaybook = "${currentWs}/ansible/deploy-plugins.yml" - ansibleExtraArgs = "--tags plugins --extra-vars \" source_file=${currentWs}/ansible/content-plugins plugin_list_to_delete_and_upload=${currentWs}/ansible/content-plugins/plugin_list_to_delete_and_upload.txt\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansibleExtraArgs = "--tags plugins --extra-vars \" source_folder=${currentWs}/ansible/content-plugins plugin_list_to_delete_and_upload=${currentWs}/ansible/content-plugins/plugins_to_delete_and_upload.txt\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) println values From f436573fcf8d07c1c67c4f099c6a01b446c3ed06 Mon Sep 17 00:00:00 2001 From: G33tha Date: Wed, 16 Nov 2022 20:18:21 +0530 Subject: [PATCH 137/434] grouping aws specific tasks into a single role (#3573) --- ansible/artifacts-download.yml | 13 ++++ ansible/artifacts-upload.yml | 13 ++++ ansible/assets-upload.yml | 24 +++++++ ansible/bootstrap.yml | 10 +++ ansible/deploy-plugins.yml | 64 +++++++++++++++++++ ansible/desktop-faq-upload.yml | 51 +++++++++++++++ ansible/dial_upload-schema.yml | 13 ++++ ansible/kp_upload-schema.yml | 13 ++++ ansible/roles/aws-cli/defaults/main.yml | 1 + ansible/roles/aws-cli/tasks/main.yml | 24 +++++++ .../roles/aws-cloud-storage/defaults/main.yml | 3 + .../aws-cloud-storage/tasks/delete-folder.yml | 9 +++ .../roles/aws-cloud-storage/tasks/delete.yml | 9 +++ .../aws-cloud-storage/tasks/download.yml | 9 +++ .../roles/aws-cloud-storage/tasks/main.yml | 18 ++++++ .../aws-cloud-storage/tasks/upload-folder.yml | 9 +++ .../roles/aws-cloud-storage/tasks/upload.yml | 9 +++ ansible/roles/cassandra-backup/tasks/main.yml | 13 ++++ .../roles/cassandra-restore/tasks/main.yml | 14 ++++ ansible/roles/cert-templates/tasks/main.yml | 13 ++++ ansible/roles/desktop-deploy/tasks/main.yml | 28 ++++++++ ansible/roles/grafana-backup/tasks/main.yml | 13 ++++ .../jenkins-backup-upload/tasks/main.yml | 13 ++++ ansible/roles/mongodb-backup/tasks/main.yml | 13 ++++ .../tasks/main.yml | 13 ++++ .../tasks/main.yml | 13 ++++ .../roles/postgresql-backup/tasks/main.yml | 13 ++++ .../roles/postgresql-restore/tasks/main.yml | 13 ++++ .../roles/prometheus-backup-v2/tasks/main.yml | 13 ++++ .../roles/prometheus-backup/tasks/main.yml | 13 ++++ .../roles/prometheus-restore/tasks/main.yml | 13 ++++ ansible/roles/redis-backup/tasks/main.yml | 13 ++++ ansible/uploadFAQs.yml | 15 +++++ .../dev/jobs/Core/jobs/Bootstrap/config.xml | 1 + pipelines/deploy/CEPlugins/Jenkinsfile | 2 +- .../ansible/inventory/dev/Core/common.yml | 8 ++- .../ansible/inventory/dev/Core/secrets.yml | 11 +++- 37 files changed, 535 insertions(+), 5 deletions(-) create mode 100644 ansible/roles/aws-cli/defaults/main.yml create mode 100644 ansible/roles/aws-cli/tasks/main.yml create mode 100644 ansible/roles/aws-cloud-storage/defaults/main.yml create mode 100644 ansible/roles/aws-cloud-storage/tasks/delete-folder.yml create mode 100644 ansible/roles/aws-cloud-storage/tasks/delete.yml create mode 100644 ansible/roles/aws-cloud-storage/tasks/download.yml create mode 100644 ansible/roles/aws-cloud-storage/tasks/main.yml create mode 100644 ansible/roles/aws-cloud-storage/tasks/upload-folder.yml create mode 100644 ansible/roles/aws-cloud-storage/tasks/upload.yml diff --git a/ansible/artifacts-download.yml b/ansible/artifacts-download.yml index cb8230d44b..043446554d 100644 --- a/ansible/artifacts-download.yml +++ b/ansible/artifacts-download.yml @@ -26,3 +26,16 @@ dest_file_name: "{{ artifact }}" local_file_or_folder_path: "{{ artifact_path }}" when: cloud_service_provider == "gcloud" + + - name: download artifact from aws s3 + include_role: + name: aws-cloud-storage + tasks_from: download.yml + vars: + local_file_or_folder_path: "{{ artifact_path }}" + s3_bucket_name: "{{ aws_artifact_s3_bucket_name }}" + s3_path: "{{ artifacts_container }}/{{ artifact }}" + aws_default_region: "{{ aws_region }}" + aws_access_key_id: "{{ aws_artifact_bucket_access_key }}" + aws_secret_access_key: "{{ aws_artifact_bucket_secret_access_key }}" + when: cloud_service_provider == "aws" \ No newline at end of file diff --git a/ansible/artifacts-upload.yml b/ansible/artifacts-upload.yml index 52e67448c7..32e866808c 100644 --- a/ansible/artifacts-upload.yml +++ b/ansible/artifacts-upload.yml @@ -27,3 +27,16 @@ dest_file_name: "{{ artifact }}" local_file_or_folder_path: "{{ artifact_path }}" when: cloud_service_provider == "gcloud" + + - name: upload artifact to aws s3 + include_role: + name: aws-cloud-storage + tasks_from: upload.yml + vars: + local_file_or_folder_path: "{{ artifact_path }}" + s3_bucket_name: "{{ aws_artifact_s3_bucket_name }}" + s3_path: "{{ artifacts_container }}/{{ artifact }}" + aws_default_region: "{{ aws_region }}" + aws_access_key_id: "{{ aws_artifact_bucket_access_key }}" + aws_secret_access_key: "{{ aws_artifact_bucket_secret_access_key }}" + when: cloud_service_provider == "aws" \ No newline at end of file diff --git a/ansible/assets-upload.yml b/ansible/assets-upload.yml index 3809c63722..12021680fe 100644 --- a/ansible/assets-upload.yml +++ b/ansible/assets-upload.yml @@ -35,6 +35,30 @@ local_file_or_folder_path: "{{ assets }}" when: cloud_service_provider == "azure" +##### AWS + - name: this block consists of tasks related to aws storage + block: + - name: set common aws variables + set_fact: + s3_bucket_name: "{{ aws_public_s3_bucket_name }}" + s3_path: "{{ player_cdn_storage }}" + aws_default_region: "{{ aws_region }}" + aws_access_key_id: "{{ aws_public_bucket_access_key }}" + aws_secret_access_key: "{{ aws_public_bucket_secret_access_key }}" + + - name: delete files and folders from s3 + include_role: + name: aws-cloud-storage + tasks_from: delete-folder.yml + + - name: upload batch of files to s3 + include_role: + name: aws-cloud-storage + tasks_from: upload-folder.yml + vars: + local_file_or_folder_path: "{{ assets }}" + when: cloud_service_provider == "aws" + #GCP - name: this block consists of tasks related to azure storage block: diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml index 36d9d7b0d0..b23479e833 100644 --- a/ansible/bootstrap.yml +++ b/ansible/bootstrap.yml @@ -40,6 +40,16 @@ tags: - gcloud_cli +- hosts: "{{ hosts }}" + become: yes + ignore_unreachable: yes + vars_files: + - "{{inventory_dir}}/secrets.yml" + roles: + - role: aws-cli + tags: + - aws_cli + - hosts: "{{ hosts| default('all') }}" become: yes gather_facts: no diff --git a/ansible/deploy-plugins.yml b/ansible/deploy-plugins.yml index bf876b3f66..fa4156d3c7 100644 --- a/ansible/deploy-plugins.yml +++ b/ansible/deploy-plugins.yml @@ -133,3 +133,67 @@ - preview when: cloud_service_provider == "gcloud" +################################### AWS tasks ######################### + - name: this block consists of tasks related to aws s3 + block: + - name: set common aws variables + set_fact: + aws_default_region: "{{ aws_region }}" + s3_bucket_name: "{{ aws_public_s3_bucket_name }}" + aws_access_key_id: "{{ aws_public_bucket_access_key }}" + aws_secret_access_key: "{{ aws_public_bucket_secret_access_key }}" + tags: + - always + + - block: + - name: delete files and folders from s3 + include_role: + name: aws-cloud-storage + tasks_from: delete-folder.yml + vars: + s3_path: "{{ plugin_storage }}/{{ folder_name }}" + tags: + - content-editor + - collection-editor + - generic-editor + - preview + + - block: + - name: upload folder to s3 + include_role: + name: aws-cloud-storage + tasks_from: upload-folder.yml + vars: + s3_path: "{{ plugin_storage }}/{{ folder_name }}" + local_file_or_folder_path: "{{ source_name }}" + tags: + - content-editor + - collection-editor + - generic-editor + - preview + - editor + - core-plugins + + - block: + - name: upload file to s3 + include_role: + name: aws-cloud-storage + tasks_from: upload.yml + vars: + s3_path: "{{ plugin_storage }}/artefacts/content-player/content-player-{{ player_version_number }}.zip" + local_file_or_folder_path: "{{ source_file_name }}" + tags: + - preview + + - block: + - name: run the s3_copy.sh script + shell: "bash {{ s3_file_path }} {{ plugin_storage }} {{ source_file }} {{ aws_public_s3_bucket_name }}" + async: 3600 + poll: 10 + environment: + AWS_DEFAULT_REGION: "{{ aws_default_region }}" + AWS_ACCESS_KEY_ID: "{{ aws_access_key_id }}" + AWS_SECRET_ACCESS_KEY: "{{ aws_secret_access_key }}" + tags: + - plugins + when: cloud_service_provider == "aws" \ No newline at end of file diff --git a/ansible/desktop-faq-upload.yml b/ansible/desktop-faq-upload.yml index f20f0d7eeb..911153576b 100644 --- a/ansible/desktop-faq-upload.yml +++ b/ansible/desktop-faq-upload.yml @@ -93,3 +93,54 @@ - upload-chatbot-config - upload-batch when: cloud_service_provider == "gcloud" + +######################## AWS tasks ######################################### + + - name: this block consists of tasks related to aws s3 + block: + - name: set common aws variables + set_fact: + aws_default_region: "{{ aws_region }}" + local_file_or_folder_path: "{{ playbook_dir }}/../{{ src_file_path }}" + s3_path: "{{ upload_storage }}/{{ destination_path }}" + tags: + - always + + - block: + - name: upload file to aws s3 public bucket + include_role: + name: aws-cloud-storage + tasks_from: upload.yml + vars: + s3_bucket_name: "{{ aws_public_s3_bucket_name }}" + aws_access_key_id: "{{ aws_public_bucket_access_key }}" + aws_secret_access_key: "{{ aws_public_bucket_secret_access_key }}" + tags: + - upload-desktop-faq + + - block: + - name: upload file to aws s3 private bucket + include_role: + name: aws-cloud-storage + tasks_from: upload.yml + vars: + s3_bucket_name: "{{ aws_private_s3_bucket_name }}" + aws_access_key_id: "{{ aws_private_bucket_access_key }}" + aws_secret_access_key: "{{ aws_private_bucket_secret_access_key }}" + tags: + - upload-label + + - block: + - name: upload folder to aws s3 + include_role: + name: aws-cloud-storage + tasks_from: upload-folder.yml + vars: + s3_bucket_name: "{{ aws_public_s3_bucket_name }}" + aws_access_key_id: "{{ aws_public_bucket_access_key }}" + aws_secret_access_key: "{{ aws_public_bucket_secret_access_key }}" + tags: + - upload-chatbot-config + - upload-batch + when: cloud_service_provider == "aws" + \ No newline at end of file diff --git a/ansible/dial_upload-schema.yml b/ansible/dial_upload-schema.yml index a93a900263..f046e63462 100644 --- a/ansible/dial_upload-schema.yml +++ b/ansible/dial_upload-schema.yml @@ -38,6 +38,19 @@ storage_account_name: "{{ azure_public_storage_account_name }}" storage_account_key: "{{ azure_public_storage_account_key }}" when: cloud_service_provider == "azure" + + - name: upload batch of files to aws s3 + include_role: + name: aws-cloud-storage + tasks_from: upload-folder.yml + vars: + s3_bucket_name: "{{ aws_public_s3_bucket_name }}" + aws_access_key_id: "{{ aws_public_bucket_access_key }}" + aws_secret_access_key: "{{ aws_public_bucket_secret_access_key }}" + aws_default_region: "{{ aws_region }}" + local_file_or_folder_path: "dial_schema_template_files" + s3_path: "{{ dial_plugin_storage }}/schemas/local" + when: cloud_service_provider == "aws" - name: upload batch of files to gcloud storage include_role: diff --git a/ansible/kp_upload-schema.yml b/ansible/kp_upload-schema.yml index a4f6bda83a..aecdab077a 100644 --- a/ansible/kp_upload-schema.yml +++ b/ansible/kp_upload-schema.yml @@ -23,6 +23,19 @@ storage_account_key: "{{ azure_public_storage_account_key }}" when: cloud_service_provider == "azure" + - name: upload batch of files to aws s3 + include_role: + name: aws-cloud-storage + tasks_from: upload-folder.yml + vars: + s3_bucket_name: "{{ aws_public_s3_bucket_name }}" + aws_access_key_id: "{{ aws_public_bucket_access_key }}" + aws_secret_access_key: "{{ aws_public_bucket_secret_access_key }}" + aws_default_region: "{{ aws_region }}" + local_file_or_folder_path: "{{ source_name }}" + s3_path: "{{ plugin_storage }}/schemas/local" + when: cloud_service_provider == "aws" + - name: upload batch of files to gcloud storage include_role: name: gcp-cloud-storage diff --git a/ansible/roles/aws-cli/defaults/main.yml b/ansible/roles/aws-cli/defaults/main.yml new file mode 100644 index 0000000000..53d866eafa --- /dev/null +++ b/ansible/roles/aws-cli/defaults/main.yml @@ -0,0 +1 @@ +aws_cli_url: https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip \ No newline at end of file diff --git a/ansible/roles/aws-cli/tasks/main.yml b/ansible/roles/aws-cli/tasks/main.yml new file mode 100644 index 0000000000..5907fb1aaf --- /dev/null +++ b/ansible/roles/aws-cli/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Download the installation file + get_url: + url: "{{ aws_cli_url }}" + dest: /tmp/awscliv2.zip + +- name: Installing unzip + apt: + name: "{{item}}" + state: latest + with_items: + - zip + - unzip + +- name: Unzip the installer + unarchive: + src: /tmp/awscliv2.zip + dest: /tmp/ + remote_src: yes + +- name: install aws cli + shell: ./aws/install + args: + chdir: /tmp/ diff --git a/ansible/roles/aws-cloud-storage/defaults/main.yml b/ansible/roles/aws-cloud-storage/defaults/main.yml new file mode 100644 index 0000000000..6f3f6f86d6 --- /dev/null +++ b/ansible/roles/aws-cloud-storage/defaults/main.yml @@ -0,0 +1,3 @@ +s3_bucket_name: "" +s3_path: "" +local_file_or_folder_path: "" diff --git a/ansible/roles/aws-cloud-storage/tasks/delete-folder.yml b/ansible/roles/aws-cloud-storage/tasks/delete-folder.yml new file mode 100644 index 0000000000..c912b14edb --- /dev/null +++ b/ansible/roles/aws-cloud-storage/tasks/delete-folder.yml @@ -0,0 +1,9 @@ +--- +- name: delete files and folders recursively + environment: + AWS_DEFAULT_REGION: "{{ aws_default_region }}" + AWS_ACCESS_KEY_ID: "{{ aws_access_key_id }}" + AWS_SECRET_ACCESS_KEY: "{{ aws_secret_access_key }}" + shell: "aws s3 rm s3://{{ s3_bucket_name }}/{{ s3_path }} --recursive" + async: 3600 + poll: 10 diff --git a/ansible/roles/aws-cloud-storage/tasks/delete.yml b/ansible/roles/aws-cloud-storage/tasks/delete.yml new file mode 100644 index 0000000000..414ea52e6b --- /dev/null +++ b/ansible/roles/aws-cloud-storage/tasks/delete.yml @@ -0,0 +1,9 @@ +--- +- name: delete files from s3 + environment: + AWS_DEFAULT_REGION: "{{ aws_default_region }}" + AWS_ACCESS_KEY_ID: "{{ aws_access_key_id }}" + AWS_SECRET_ACCESS_KEY: "{{ aws_secret_access_key }}" + shell: "aws s3 rm s3://{{ s3_bucket_name }}/{{ s3_path }}" + async: 3600 + poll: 10 diff --git a/ansible/roles/aws-cloud-storage/tasks/download.yml b/ansible/roles/aws-cloud-storage/tasks/download.yml new file mode 100644 index 0000000000..138024af78 --- /dev/null +++ b/ansible/roles/aws-cloud-storage/tasks/download.yml @@ -0,0 +1,9 @@ +--- +- name: download files to s3 + environment: + AWS_DEFAULT_REGION: "{{ aws_default_region }}" + AWS_ACCESS_KEY_ID: "{{ aws_access_key_id }}" + AWS_SECRET_ACCESS_KEY: "{{ aws_secret_access_key }}" + shell: "aws s3 cp s3://{{ s3_bucket_name }}/{{ s3_path }} {{ local_file_or_folder_path }}" + async: 3600 + poll: 10 diff --git a/ansible/roles/aws-cloud-storage/tasks/main.yml b/ansible/roles/aws-cloud-storage/tasks/main.yml new file mode 100644 index 0000000000..62f204a9d2 --- /dev/null +++ b/ansible/roles/aws-cloud-storage/tasks/main.yml @@ -0,0 +1,18 @@ +--- +- name: delete files from aws S3 bucket + include: delete.yml + +- name: delete folders from aws S3 bucket recursively + include: delete-folder.yml + + +- name: download file from S3 + include: download.yml + +- name: upload files from a local to aws S3 + include: upload.yml + +- name: upload files and folder from local directory to aws S3 + include: upload-folder.yml + + diff --git a/ansible/roles/aws-cloud-storage/tasks/upload-folder.yml b/ansible/roles/aws-cloud-storage/tasks/upload-folder.yml new file mode 100644 index 0000000000..3e03b068b7 --- /dev/null +++ b/ansible/roles/aws-cloud-storage/tasks/upload-folder.yml @@ -0,0 +1,9 @@ +--- +- name: upload folder to s3 + environment: + AWS_DEFAULT_REGION: "{{ aws_default_region }}" + AWS_ACCESS_KEY_ID: "{{ aws_access_key_id }}" + AWS_SECRET_ACCESS_KEY: "{{ aws_secret_access_key }}" + shell: "aws s3 cp {{ local_file_or_folder_path }} s3://{{ s3_bucket_name }}/{{ s3_path }} --recursive" + async: 3600 + poll: 10 diff --git a/ansible/roles/aws-cloud-storage/tasks/upload.yml b/ansible/roles/aws-cloud-storage/tasks/upload.yml new file mode 100644 index 0000000000..af8de990e2 --- /dev/null +++ b/ansible/roles/aws-cloud-storage/tasks/upload.yml @@ -0,0 +1,9 @@ +--- +- name: upload files to s3 + environment: + AWS_DEFAULT_REGION: "{{ aws_default_region }}" + AWS_ACCESS_KEY_ID: "{{ aws_access_key_id }}" + AWS_SECRET_ACCESS_KEY: "{{ aws_secret_access_key }}" + shell: "aws s3 cp {{ local_file_or_folder_path }} s3://{{ s3_bucket_name }}/{{ s3_path }}" + async: 3600 + poll: 10 diff --git a/ansible/roles/cassandra-backup/tasks/main.yml b/ansible/roles/cassandra-backup/tasks/main.yml index fc662bcea5..507aeb190b 100755 --- a/ansible/roles/cassandra-backup/tasks/main.yml +++ b/ansible/roles/cassandra-backup/tasks/main.yml @@ -45,6 +45,19 @@ storage_account_sas_token: "{{ azure_management_storage_account_sas }}" when: cloud_service_provider == "azure" +- name: upload backup to S3 + include_role: + name: aws-cloud-storage + tasks_from: upload-folder.yml + vars: + local_file_or_folder_path: "/data/cassandra/backup/{{ cassandra_backup_folder_name }}" + s3_bucket_name: "{{ aws_management_s3_bucket_name }}" + s3_path: "{{ cassandra_backup_storage }}" + aws_default_region: "{{ aws_region }}" + aws_access_key_id: "{{ aws_management_bucket_access_key }}" + aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" + when: cloud_service_provider == "aws" + - name: upload file to gcloud storage include_role: name: gcp-cloud-storage diff --git a/ansible/roles/cassandra-restore/tasks/main.yml b/ansible/roles/cassandra-restore/tasks/main.yml index 3b2fc3ae9b..8a47ab7089 100755 --- a/ansible/roles/cassandra-restore/tasks/main.yml +++ b/ansible/roles/cassandra-restore/tasks/main.yml @@ -18,6 +18,20 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: download a file from aws s3 + become: true + include_role: + name: aws-cloud-storage + tasks_from: download.yml + vars: + s3_bucket_name: "{{ aws_management_s3_bucket_name }}" + aws_access_key_id: "{{ aws_management_bucket_access_key }}" + aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" + aws_default_region: "{{ aws_region }}" + local_file_or_folder_path: "{{ cassandra_restore_gzip_file_path }}" + s3_path: "{{ cassandra_backup_storage }}/{{ cassandra_restore_gzip_file_name }}" + when: cloud_service_provider == "aws" + - name: download file from gcloud storage include_role: name: gcp-cloud-storage diff --git a/ansible/roles/cert-templates/tasks/main.yml b/ansible/roles/cert-templates/tasks/main.yml index acecc4d6f4..78f1f769b3 100644 --- a/ansible/roles/cert-templates/tasks/main.yml +++ b/ansible/roles/cert-templates/tasks/main.yml @@ -44,6 +44,19 @@ storage_account_key: "{{ azure_private_storage_account_key }}" when: cloud_service_provider == "azure" +- name: upload batch of files to aws s3 + include_role: + name: aws-cloud-storage + tasks_from: upload-folder.yml + vars: + s3_bucket_name: "{{ aws_private_s3_bucket_name }}" + aws_access_key_id: "{{ aws_private_bucket_access_key }}" + aws_secret_access_key: "{{ aws_private_bucket_secret_access_key }}" + aws_default_region: "{{ aws_region }}" + local_file_or_folder_path: "{{ cert_location }}/cert-templates/certUtilScripts/out" + s3_path: "{{ cert_service_storage }}" + when: cloud_service_provider == "aws" + - name: upload batch of files to gcloud storage include_role: name: gcp-cloud-storage diff --git a/ansible/roles/desktop-deploy/tasks/main.yml b/ansible/roles/desktop-deploy/tasks/main.yml index 4ce4da3fb6..09c41300ef 100644 --- a/ansible/roles/desktop-deploy/tasks/main.yml +++ b/ansible/roles/desktop-deploy/tasks/main.yml @@ -75,6 +75,34 @@ local_file_or_folder_path: "{{ offline_repo_location }}/desktop_uploader_assets/{{ time }}/" when: cloud_service_provider == "azure" +######################## AWS tasks ################################## + +- name: this block consists of tasks related to aws s3 + block: + - name: set common aws variables + set_fact: + s3_bucket_name: "{{ aws_public_s3_bucket_name }}" + aws_access_key_id: "{{ aws_public_bucket_access_key }}" + aws_secret_access_key: "{{ aws_public_bucket_secret_access_key }}" + aws_default_region: "{{ aws_region }}" + + - name: upload batch of files to aws s3 + include_role: + name: aws-cloud-storage + tasks_from: upload-folder.yml + vars: + s3_path: "{{ offline_installer_storage }}" + local_file_or_folder_path: "{{ offline_repo_location }}/desktop_uploader_assets" + + - name: upload batch of files to aws s3 + include_role: + name: aws-cloud-storage + tasks_from: upload-folder.yml + vars: + s3_path: "{{ offline_installer_storage }}/latest" + local_file_or_folder_path: "{{ offline_repo_location }}/desktop_uploader_assets/{{ time }}/" + when: cloud_service_provider == "aws" + - name: this block consists of tasks related to gcloud storage block: - name: set common gcloud variables diff --git a/ansible/roles/grafana-backup/tasks/main.yml b/ansible/roles/grafana-backup/tasks/main.yml index 0f0a44a2b2..2c8520030c 100644 --- a/ansible/roles/grafana-backup/tasks/main.yml +++ b/ansible/roles/grafana-backup/tasks/main.yml @@ -32,6 +32,19 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: upload file to aws s3 + include_role: + name: aws-cloud-storage + tasks_from: upload.yml + vars: + s3_bucket_name: "{{ aws_management_s3_bucket_name }}" + aws_access_key_id: "{{ aws_management_bucket_access_key }}" + aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" + aws_default_region: "{{ aws_region }}" + local_file_or_folder_path: "{{ grafana_backup_gzip_file_path }}" + s3_path: "{{ grafana_backup_storage }}/{{ grafana_backup_gzip_file_name }}" + when: cloud_service_provider == "aws" + - name: upload file to gcloud storage include_role: name: gcp-cloud-storage diff --git a/ansible/roles/jenkins-backup-upload/tasks/main.yml b/ansible/roles/jenkins-backup-upload/tasks/main.yml index 32be77b7a7..a94e57fe4a 100644 --- a/ansible/roles/jenkins-backup-upload/tasks/main.yml +++ b/ansible/roles/jenkins-backup-upload/tasks/main.yml @@ -25,6 +25,19 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: upload file to aws s3 + include_role: + name: aws-cloud-storage + tasks_from: upload.yml + vars: + s3_bucket_name: "{{ aws_management_s3_bucket_name }}" + aws_access_key_id: "{{ aws_management_bucket_access_key }}" + aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" + aws_default_region: "{{ aws_region }}" + local_file_or_folder_path: "/tmp/{{ LATEST_BACKUP_DIR.stdout }}.zip" + s3_path: "{{ jenkins_backup_storage }}/{{ LATEST_BACKUP_DIR.stdout }}.zip" + when: cloud_service_provider == "aws" + - name: upload file to gcloud storage include_role: name: gcp-cloud-storage diff --git a/ansible/roles/mongodb-backup/tasks/main.yml b/ansible/roles/mongodb-backup/tasks/main.yml index 4ae40ecd2b..0762f2754f 100644 --- a/ansible/roles/mongodb-backup/tasks/main.yml +++ b/ansible/roles/mongodb-backup/tasks/main.yml @@ -27,6 +27,19 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: upload file to aws s3 + include_role: + name: aws-cloud-storage + tasks_from: upload.yml + vars: + s3_bucket_name: "{{ aws_public_s3_bucket_name }}" + aws_access_key_id: "{{ aws_public_bucket_access_key }}" + aws_secret_access_key: "{{ aws_public_bucket_secret_access_key }}" + aws_default_region: "{{ aws_region }}" + local_file_or_folder_path: "{{ mongo_backup_file_path }}.tar.gz" + s3_path: "{{ mongo_backup_storage }}/{{ mongo_backup_file_name }}.tar.gz" + when: cloud_service_provider == "aws" + - name: upload file to gcloud storage include_role: name: gcp-cloud-storage diff --git a/ansible/roles/postgres-managed-service-backup/tasks/main.yml b/ansible/roles/postgres-managed-service-backup/tasks/main.yml index 686f4c42f6..ea206146b3 100644 --- a/ansible/roles/postgres-managed-service-backup/tasks/main.yml +++ b/ansible/roles/postgres-managed-service-backup/tasks/main.yml @@ -54,6 +54,19 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: upload file to aws s3 + include_role: + name: aws-cloud-storage + tasks_from: upload.yml + vars: + s3_bucket_name: "{{ aws_management_s3_bucket_name }}" + aws_access_key_id: "{{ aws_management_bucket_access_key }}" + aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" + aws_default_region: "{{ aws_region }}" + local_file_or_folder_path: "{{ postgresql_backup_gzip_file_path }}" + s3_path: "{{ postgresql_backup_storage }}/{{ postgresql_backup_gzip_file_name }}.zip" + when: cloud_service_provider == "aws" + - name: upload file to gcloud storage include_role: name: gcp-cloud-storage diff --git a/ansible/roles/postgres-managed-service-restore/tasks/main.yml b/ansible/roles/postgres-managed-service-restore/tasks/main.yml index 7df51e26b4..0299ff3f73 100644 --- a/ansible/roles/postgres-managed-service-restore/tasks/main.yml +++ b/ansible/roles/postgres-managed-service-restore/tasks/main.yml @@ -21,6 +21,19 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: download a file from aws s3 + include_role: + name: aws-cloud-storage + tasks_from: download.yml + vars: + s3_bucket_name: "{{ aws_management_s3_bucket_name }}" + aws_access_key_id: "{{ aws_management_bucket_access_key }}" + aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" + aws_default_region: "{{ aws_region }}" + local_file_or_folder_path: "{{ postgres_restore_dir }}/{{ postgres_backup_filepath }}" + s3_path: "{{ postgres_backup_storage }}/{{ postgres_backup_filename }}" + when: cloud_service_provider == "aws" + - name: download file from gcloud storage include_role: name: gcp-cloud-storage diff --git a/ansible/roles/postgresql-backup/tasks/main.yml b/ansible/roles/postgresql-backup/tasks/main.yml index 0704d4847f..65116bede0 100644 --- a/ansible/roles/postgresql-backup/tasks/main.yml +++ b/ansible/roles/postgresql-backup/tasks/main.yml @@ -26,6 +26,19 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: upload file to aws s3 + include_role: + name: aws-cloud-storage + tasks_from: upload.yml + vars: + s3_bucket_name: "{{ aws_management_s3_bucket_name }}" + aws_access_key_id: "{{ aws_management_bucket_access_key }}" + aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" + aws_default_region: "{{ aws_region }}" + local_file_or_folder_path: "{{ postgresql_backup_gzip_file_path }}" + s3_path: "{{ postgresql_backup_storage }}/{{ postgresql_backup_gzip_file_name }}" + when: cloud_service_provider == "aws" + - name: upload file to gcloud storage include_role: name: gcp-cloud-storage diff --git a/ansible/roles/postgresql-restore/tasks/main.yml b/ansible/roles/postgresql-restore/tasks/main.yml index ec6a40494d..877e178987 100644 --- a/ansible/roles/postgresql-restore/tasks/main.yml +++ b/ansible/roles/postgresql-restore/tasks/main.yml @@ -16,6 +16,19 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: download a file from aws s3 + include_role: + name: aws-cloud-storage + tasks_from: download.yml + vars: + s3_bucket_name: "{{ aws_management_s3_bucket_name }}" + aws_access_key_id: "{{ aws_management_bucket_access_key }}" + aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" + aws_default_region: "{{ aws_region }}" + local_file_or_folder_path: "{{ postgresql_restore_gzip_file_path }}" + s3_path: "{{ postgres_backup_storage }}/{{ postgresql_restore_gzip_file_name }}" + when: cloud_service_provider == "aws" + - name: download file from gcloud storage include_role: name: gcp-cloud-storage diff --git a/ansible/roles/prometheus-backup-v2/tasks/main.yml b/ansible/roles/prometheus-backup-v2/tasks/main.yml index 0cafacb627..3831080dbc 100644 --- a/ansible/roles/prometheus-backup-v2/tasks/main.yml +++ b/ansible/roles/prometheus-backup-v2/tasks/main.yml @@ -29,6 +29,19 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: upload file to aws s3 + include_role: + name: aws-cloud-storage + tasks_from: upload.yml + vars: + s3_bucket_name: "{{ aws_management_s3_bucket_name }}" + aws_access_key_id: "{{ aws_management_bucket_access_key }}" + aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" + aws_default_region: "{{ aws_region }}" + local_file_or_folder_path: "/tmp/{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" + s3_path: "{{ prometheus_backup_storage }}/{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" + when: cloud_service_provider == "aws" + - name: upload file to gcloud storage include_role: name: gcp-cloud-storage diff --git a/ansible/roles/prometheus-backup/tasks/main.yml b/ansible/roles/prometheus-backup/tasks/main.yml index 32cffa6e5c..55a51287ae 100644 --- a/ansible/roles/prometheus-backup/tasks/main.yml +++ b/ansible/roles/prometheus-backup/tasks/main.yml @@ -38,6 +38,19 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: upload file to aws s3 + include_role: + name: aws-cloud-storage + tasks_from: upload.yml + vars: + s3_bucket_name: "{{ aws_management_s3_bucket_name }}" + aws_access_key_id: "{{ aws_management_bucket_access_key }}" + aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" + aws_default_region: "{{ aws_region }}" + local_file_or_folder_path: "{{ prometheus_backup_gzip_file_path }}" + s3_path: "{{ prometheus_backup_storage }}/{{ prometheus_backup_gzip_file_name }}" + when: cloud_service_provider == "aws" + - name: upload file to gcloud storage include_role: name: gcp-cloud-storage diff --git a/ansible/roles/prometheus-restore/tasks/main.yml b/ansible/roles/prometheus-restore/tasks/main.yml index 843ebe4598..2232770fdd 100644 --- a/ansible/roles/prometheus-restore/tasks/main.yml +++ b/ansible/roles/prometheus-restore/tasks/main.yml @@ -14,6 +14,19 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: download a file from aws s3 + include_role: + name: aws-cloud-storage + tasks_from: download.yml + vars: + s3_bucket_name: "{{ aws_management_s3_bucket_name }}" + aws_access_key_id: "{{ aws_management_bucket_access_key }}" + aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" + aws_default_region: "{{ aws_region }}" + local_file_or_folder_path: "{{ prometheus_backup_dir }}/{{ prometheus_backup_filepath }}" + s3_path: "{{ prometheus_backup_storage }}/{{ prometheus_backup_filename }}" + when: cloud_service_provider == "aws" + - name: download file from gcloud storage include_role: name: gcp-cloud-storage diff --git a/ansible/roles/redis-backup/tasks/main.yml b/ansible/roles/redis-backup/tasks/main.yml index 51f7ab63ff..5359a362c8 100644 --- a/ansible/roles/redis-backup/tasks/main.yml +++ b/ansible/roles/redis-backup/tasks/main.yml @@ -26,6 +26,19 @@ storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" +- name: upload file to aws s3 + include_role: + name: aws-cloud-storage + tasks_from: upload.yml + vars: + s3_bucket_name: "{{ aws_management_s3_bucket_name }}" + aws_access_key_id: "{{ aws_management_bucket_access_key }}" + aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" + aws_default_region: "{{ aws_region }}" + local_file_or_folder_path: "{{ redis_backup_file_path }}" + s3_path: "{{ nodebb_redis_backup_storage }}/{{ redis_backup_file_name }}" + when: cloud_service_provider == "aws" + - name: upload file to gcloud storage include_role: name: gcp-cloud-storage diff --git a/ansible/uploadFAQs.yml b/ansible/uploadFAQs.yml index 52923e1bf4..b37398b874 100644 --- a/ansible/uploadFAQs.yml +++ b/ansible/uploadFAQs.yml @@ -29,6 +29,21 @@ with_items: - "{{ source_folder.split(',') }}" when: cloud_service_provider == "azure" + + - name: upload batch of files to s3 + include_role: + name: aws-cloud-storage + tasks_from: upload-folder.yml + vars: + s3_bucket_name: "{{ aws_public_s3_bucket_name }}" + aws_default_region: "{{ aws_region }}" + aws_access_key_id: "{{ aws_public_bucket_access_key }}" + aws_secret_access_key: "{{ aws_public_bucket_secret_access_key }}" + local_file_or_folder_path: "{{ playbook_dir }}/../utils/{{ item }}" + s3_path: "{{ upload_storage }}" + with_items: + - "{{ source_folder.split(',') }}" + when: cloud_service_provider == "aws" - name: upload batch of files to gcloud storage include_role: diff --git a/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/Bootstrap/config.xml b/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/Bootstrap/config.xml index 20d7006b52..b95bca2645 100644 --- a/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/Bootstrap/config.xml +++ b/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/Bootstrap/config.xml @@ -94,6 +94,7 @@ return """<b>This parameter is not used</b>""" true diff --git a/pipelines/deploy/CEPlugins/Jenkinsfile b/pipelines/deploy/CEPlugins/Jenkinsfile index fea1e80819..e1baf9ca14 100644 --- a/pipelines/deploy/CEPlugins/Jenkinsfile +++ b/pipelines/deploy/CEPlugins/Jenkinsfile @@ -35,7 +35,7 @@ node() { mv content-plugins ansible """ ansiblePlaybook = "${currentWs}/ansible/deploy-plugins.yml" - ansibleExtraArgs = "--tags plugins --extra-vars \" source_file=${currentWs}/ansible/content-plugins az_file_path=${currentWs}/ansible/content-plugins/az_copy.sh\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansibleExtraArgs = "--tags plugins --extra-vars \" source_file=${currentWs}/ansible/content-plugins az_file_path=${currentWs}/ansible/content-plugins/az_copy.sh\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) println values diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index 286c957102..1984bcd2b3 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -34,7 +34,11 @@ azure_management_storage_account_name: "{{ sunbird_management_storage_account_na azure_artifact_storage_account_name: "{{ sunbird_artifact_storage_account_name }}" # Define the below if you are using AWS Cloud -aws_management_bucket_name: "" +aws_region: "" +aws_management_s3_bucket_name: "" +aws_artifact_s3_bucket_name: "" +aws_public_s3_bucket_name: "" +aws_private_s3_bucket_name: "" # Define the below if you are using Google Cloud gcloud_private_bucket_name: "" @@ -48,7 +52,7 @@ gcloud_private_bucket_projectId: "" # GCP # cloud_storage_url: https://storage.cloud.google.com/{{ gcloud_public_bucket_name }} # AWS -# cloud_storage_url: # Geetha to fill this url based on AWS role vars +# cloud_storage_url: "https://{{aws_public_s3_bucket_name}}.s3.{{aws_region}}.amazonaws.com" # Azure cloud_storage_url: "https://{{ sunbird_public_storage_account_name }}.blob.core.windows.net" diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml index bbb1a526b1..e8e48bf801 100644 --- a/private_repo/ansible/inventory/dev/Core/secrets.yml +++ b/private_repo/ansible/inventory/dev/Core/secrets.yml @@ -30,8 +30,15 @@ azure_public_storage_account_sas: "{{ sunbird_public_storage_account_sas }}" azure_management_storage_account_sas: "{{ sunbird_management_storage_account_sas }}" # Define the below if you are using AWS Cloud -aws_management_bucket_user_access_key: "" -aws_management_bucket_user_secret_key: "" +aws_management_bucket_access_key: "" +aws_artifact_bucket_access_key: "" +aws_public_bucket_access_key: "" +aws_private_bucket_access_key: "" + +aws_management_bucket_secret_access_key: "" +aws_artifact_bucket_secret_access_key: "" +aws_public_bucket_secret_access_key: "" +aws_private_bucket_secret_access_key: "" # Define the below if you are using Google Cloud gcp_storage_service_account_name: "" From ab8a0b1f1e2e0e7d5f27c8eff9b038f73213f230 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Thu, 17 Nov 2022 01:06:12 +0530 Subject: [PATCH 138/434] fix: remove polling to save time --- ansible/deploy-plugins.yml | 19 +++++++------------ .../azure-cloud-storage/defaults/main.yml | 2 +- .../tasks/blob-delete-batch-no-poll.yml | 5 +++++ .../tasks/blob-delete-batch.yml | 4 ++-- .../tasks/blob-upload-batch-no-poll.yml | 5 +++++ .../tasks/blob-upload-batch.yml | 6 +++--- pipelines/deploy/CEPlugins/Jenkinsfile | 2 +- 7 files changed, 24 insertions(+), 19 deletions(-) create mode 100644 ansible/roles/azure-cloud-storage/tasks/blob-delete-batch-no-poll.yml create mode 100644 ansible/roles/azure-cloud-storage/tasks/blob-upload-batch-no-poll.yml diff --git a/ansible/deploy-plugins.yml b/ansible/deploy-plugins.yml index 357baef98e..508e32e1de 100644 --- a/ansible/deploy-plugins.yml +++ b/ansible/deploy-plugins.yml @@ -76,20 +76,15 @@ - name: delete batch of files from azure storage include_role: name: azure-cloud-storage - tasks_from: blob-delete-batch.yml + tasks_from: "{{ item[0] }}" vars: - blob_delete_pattern: "content-plugins/{{ item }}/*" - with_lines: cat {{ plugin_list_to_delete_and_upload }} - - - name: upload batch of files to azure storage - include_role: - name: azure-cloud-storage - tasks_from: blob-upload-batch.yml - vars: - blob_container_folder_path: "/content-plugins/{{ item }}" - local_file_or_folder_path: "{{ source_folder }}/{{ item }}" + blob_delete_pattern: "content-plugins/{{ item[1] }}/*" + blob_container_folder_path: "/content-plugins/{{ item[1] }}" + local_file_or_folder_path: "{{ source_folder }}/{{ item[1] }}" create_container: false - with_lines: cat {{ plugin_list_to_delete_and_upload }} + with_nested: + - ['blob-delete-batch-no-poll.yml', 'blob-upload-batch-no-poll.yml'] + - "{{ lookup('file', plugins_to_delete_and_upload).split('\n') }}" tags: - plugins when: cloud_service_provider == "azure" diff --git a/ansible/roles/azure-cloud-storage/defaults/main.yml b/ansible/roles/azure-cloud-storage/defaults/main.yml index 8f6673d3c9..0f4b72d96d 100644 --- a/ansible/roles/azure-cloud-storage/defaults/main.yml +++ b/ansible/roles/azure-cloud-storage/defaults/main.yml @@ -69,4 +69,4 @@ container_public_access: "" # Create the container by default before running the specific azure tasks # If we would like to skip container creation (in case of a looped execution), you can set this value to false # in order to skip the task for every iteration -create_container: true \ No newline at end of file +create_container: True diff --git a/ansible/roles/azure-cloud-storage/tasks/blob-delete-batch-no-poll.yml b/ansible/roles/azure-cloud-storage/tasks/blob-delete-batch-no-poll.yml new file mode 100644 index 0000000000..152e3a49ad --- /dev/null +++ b/ansible/roles/azure-cloud-storage/tasks/blob-delete-batch-no-poll.yml @@ -0,0 +1,5 @@ +--- +- name: delete files and folders - deleting {{ blob_container_name }}/{{ blob_delete_pattern }} + shell: "az storage blob delete-batch --source {{ blob_container_name }} --pattern '{{ blob_delete_pattern }}' --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" + async: 1800 + poll: 0 \ No newline at end of file diff --git a/ansible/roles/azure-cloud-storage/tasks/blob-delete-batch.yml b/ansible/roles/azure-cloud-storage/tasks/blob-delete-batch.yml index e642a6f24f..152e3a49ad 100644 --- a/ansible/roles/azure-cloud-storage/tasks/blob-delete-batch.yml +++ b/ansible/roles/azure-cloud-storage/tasks/blob-delete-batch.yml @@ -1,5 +1,5 @@ --- - name: delete files and folders - deleting {{ blob_container_name }}/{{ blob_delete_pattern }} shell: "az storage blob delete-batch --source {{ blob_container_name }} --pattern '{{ blob_delete_pattern }}' --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" - async: 3600 - poll: 10 \ No newline at end of file + async: 1800 + poll: 0 \ No newline at end of file diff --git a/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch-no-poll.yml b/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch-no-poll.yml new file mode 100644 index 0000000000..ff00854851 --- /dev/null +++ b/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch-no-poll.yml @@ -0,0 +1,5 @@ +--- +- name: upload files and folders - uploading {{ blob_container_name }}{{ blob_container_folder_path }} + shell: "az storage blob upload-batch --destination {{ blob_container_name }}{{ blob_container_folder_path }} --source {{ local_file_or_folder_path }} --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" + async: 1800 + poll: 0 \ No newline at end of file diff --git a/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml b/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml index 8f10576cb5..59d1098fc6 100644 --- a/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml +++ b/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml @@ -3,9 +3,9 @@ include_role: name: azure-cloud-storage tasks_from: container-create.yml - when: create_container is true + when: create_container is True - name: upload files and folders - uploading {{ blob_container_name }}{{ blob_container_folder_path }} shell: "az storage blob upload-batch --destination {{ blob_container_name }}{{ blob_container_folder_path }} --source {{ local_file_or_folder_path }} --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" - async: 3600 - poll: 10 \ No newline at end of file + async: 1800 + poll: 0 \ No newline at end of file diff --git a/pipelines/deploy/CEPlugins/Jenkinsfile b/pipelines/deploy/CEPlugins/Jenkinsfile index 078069bbe0..865d71a34c 100644 --- a/pipelines/deploy/CEPlugins/Jenkinsfile +++ b/pipelines/deploy/CEPlugins/Jenkinsfile @@ -34,7 +34,7 @@ node() { mv content-plugins ansible """ ansiblePlaybook = "${currentWs}/ansible/deploy-plugins.yml" - ansibleExtraArgs = "--tags plugins --extra-vars \" source_folder=${currentWs}/ansible/content-plugins plugin_list_to_delete_and_upload=${currentWs}/ansible/content-plugins/plugins_to_delete_and_upload.txt\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansibleExtraArgs = "--tags plugins --extra-vars \" source_folder=${currentWs}/ansible/content-plugins plugins_to_delete_and_upload=${currentWs}/ansible/content-plugins/plugins_to_delete_and_upload.txt\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) println values From 949f1da2fa3bcc996c80d5b314f1ae6891c03df6 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Thu, 17 Nov 2022 01:18:41 +0530 Subject: [PATCH 139/434] fix: updated comments Signed-off-by: Keshav Prasad --- ansible/deploy-plugins.yml | 1 - ansible/roles/azure-cloud-storage/defaults/main.yml | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/ansible/deploy-plugins.yml b/ansible/deploy-plugins.yml index 508e32e1de..2fe881dc93 100644 --- a/ansible/deploy-plugins.yml +++ b/ansible/deploy-plugins.yml @@ -81,7 +81,6 @@ blob_delete_pattern: "content-plugins/{{ item[1] }}/*" blob_container_folder_path: "/content-plugins/{{ item[1] }}" local_file_or_folder_path: "{{ source_folder }}/{{ item[1] }}" - create_container: false with_nested: - ['blob-delete-batch-no-poll.yml', 'blob-upload-batch-no-poll.yml'] - "{{ lookup('file', plugins_to_delete_and_upload).split('\n') }}" diff --git a/ansible/roles/azure-cloud-storage/defaults/main.yml b/ansible/roles/azure-cloud-storage/defaults/main.yml index 0f4b72d96d..824d5af18a 100644 --- a/ansible/roles/azure-cloud-storage/defaults/main.yml +++ b/ansible/roles/azure-cloud-storage/defaults/main.yml @@ -66,7 +66,7 @@ blob_container_folder_path: "" # You will need to change the access level from Azure portal or using az storage container set-permission command container_public_access: "" -# Create the container by default before running the specific azure tasks -# If we would like to skip container creation (in case of a looped execution), you can set this value to false -# in order to skip the task for every iteration +# Creates the container by default before running the specific azure blob tasks +# If we would like to skip container creation (in case of a looped execution), +# you can set this value to False in order to skip the contatiner creation task for every iteration create_container: True From 931cd0509ba6c68f303f2c0c3eb9b622fdb78206 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Thu, 17 Nov 2022 01:20:09 +0530 Subject: [PATCH 140/434] fix: added a var to control container creation Signed-off-by: Keshav Prasad --- ansible/roles/azure-cloud-storage/defaults/main.yml | 2 +- ansible/roles/azure-cloud-storage/tasks/blob-upload.yml | 1 + ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ansible/roles/azure-cloud-storage/defaults/main.yml b/ansible/roles/azure-cloud-storage/defaults/main.yml index 824d5af18a..b5266cb76a 100644 --- a/ansible/roles/azure-cloud-storage/defaults/main.yml +++ b/ansible/roles/azure-cloud-storage/defaults/main.yml @@ -67,6 +67,6 @@ blob_container_folder_path: "" container_public_access: "" # Creates the container by default before running the specific azure blob tasks -# If we would like to skip container creation (in case of a looped execution), +# If you would like to skip container creation (in case of a looped execution), # you can set this value to False in order to skip the contatiner creation task for every iteration create_container: True diff --git a/ansible/roles/azure-cloud-storage/tasks/blob-upload.yml b/ansible/roles/azure-cloud-storage/tasks/blob-upload.yml index 4b493ffb73..36423dcfc6 100644 --- a/ansible/roles/azure-cloud-storage/tasks/blob-upload.yml +++ b/ansible/roles/azure-cloud-storage/tasks/blob-upload.yml @@ -3,6 +3,7 @@ include_role: name: azure-cloud-storage tasks_from: container-create.yml + when: create_container is True - name: upload file to azure storage container shell: "az storage blob upload --container-name {{ blob_container_name }} --file {{ local_file_or_folder_path }} --name {{ blob_file_name }} --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" diff --git a/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml b/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml index 99ab3c2bf8..0726b48f00 100644 --- a/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml +++ b/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml @@ -3,6 +3,7 @@ include_role: name: azure-cloud-storage tasks_from: container-create.yml + when: create_container is True - name: upload files and folders to azure storage using azcopy shell: "azcopy copy {{ local_file_or_folder_path }} 'https://{{ storage_account_name }}.blob.core.windows.net/{{ blob_container_name }}{{ blob_container_folder_path }}{{ storage_account_sas_token }}' --recursive" From 2d9eb95c6af1ec44b7d9869f7196c91d3375a2c6 Mon Sep 17 00:00:00 2001 From: VISHNUDAS <95604247+VISHNUDAS-tunerlabs@users.noreply.github.com> Date: Thu, 17 Nov 2022 10:18:16 +0530 Subject: [PATCH 141/434] env changes for project certificate story (#3599) --- ansible/roles/stack-sunbird/templates/ml-core-service.env | 8 +------- .../roles/stack-sunbird/templates/ml-projects-service.env | 3 +++ 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/ml-core-service.env b/ansible/roles/stack-sunbird/templates/ml-core-service.env index 7b1da9c931..e3db337464 100755 --- a/ansible/roles/stack-sunbird/templates/ml-core-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-core-service.env @@ -81,10 +81,4 @@ ELASTICSEARCH_ENTITIES_INDEX={{ml_core_elasticsearch_user_extension_index_type | USER_SERVICE_URL={{ml_core_user_service_URL | default("http://learner-service:9000")}} ## portal url of env -APP_PORTAL_BASE_URL={{ proto }}://{{ domain_name }} - -# Project certificate enable or disable flag E.g. ON/OFF -PROJECT_CERTIFICATE_ON_OFF={{ml_core_project_certificate_on_off | default("ON")}} - -# certificate issuer KID value -CERTIFICATE_ISSUER_KID={{certificate_issuer_kid | default("")}} \ No newline at end of file +APP_PORTAL_BASE_URL={{ proto }}://{{ domain_name }} \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/ml-projects-service.env b/ansible/roles/stack-sunbird/templates/ml-projects-service.env index eeca6c4d70..16e8340a1c 100644 --- a/ansible/roles/stack-sunbird/templates/ml-projects-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-projects-service.env @@ -39,3 +39,6 @@ PROJECT_SUBMISSION_TOPIC={{ml_project_submission_topic | default (env_name+".ml. # Base url of the sunbird enviornment USER_SERVICE_URL={{ml_project_user_service_URL | default("http://learner-service:9000")}} + +# certificate issuer KID value +CERTIFICATE_ISSUER_KID={{certificate_issuer_kid | default("")}} From 4b41e72e1da9645cb70d7893355141f7210bb3ad Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Thu, 17 Nov 2022 15:21:23 +0530 Subject: [PATCH 142/434] fix: remove unnecessary become Signed-off-by: Keshav Prasad --- ansible/deploy-plugins.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ansible/deploy-plugins.yml b/ansible/deploy-plugins.yml index 0d05b069eb..63dba9cd96 100644 --- a/ansible/deploy-plugins.yml +++ b/ansible/deploy-plugins.yml @@ -1,5 +1,4 @@ - hosts: local - become: yes gather_facts: no vars_files: - "{{inventory_dir}}/secrets.yml" @@ -201,4 +200,4 @@ AWS_SECRET_ACCESS_KEY: "{{ aws_secret_access_key }}" tags: - plugins - when: cloud_service_provider == "aws" \ No newline at end of file + when: cloud_service_provider == "aws" From 25c6f71fad5ba01e1c2374cc9a23b7f53fdf77ac Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Thu, 17 Nov 2022 17:14:10 +0530 Subject: [PATCH 143/434] fix: poll incorrectly set to 0 Signed-off-by: Keshav Prasad --- ansible/roles/azure-cloud-storage/tasks/blob-delete-batch.yml | 4 ++-- ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/roles/azure-cloud-storage/tasks/blob-delete-batch.yml b/ansible/roles/azure-cloud-storage/tasks/blob-delete-batch.yml index 152e3a49ad..e642a6f24f 100644 --- a/ansible/roles/azure-cloud-storage/tasks/blob-delete-batch.yml +++ b/ansible/roles/azure-cloud-storage/tasks/blob-delete-batch.yml @@ -1,5 +1,5 @@ --- - name: delete files and folders - deleting {{ blob_container_name }}/{{ blob_delete_pattern }} shell: "az storage blob delete-batch --source {{ blob_container_name }} --pattern '{{ blob_delete_pattern }}' --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" - async: 1800 - poll: 0 \ No newline at end of file + async: 3600 + poll: 10 \ No newline at end of file diff --git a/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml b/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml index 59d1098fc6..82f806a803 100644 --- a/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml +++ b/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml @@ -7,5 +7,5 @@ - name: upload files and folders - uploading {{ blob_container_name }}{{ blob_container_folder_path }} shell: "az storage blob upload-batch --destination {{ blob_container_name }}{{ blob_container_folder_path }} --source {{ local_file_or_folder_path }} --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" - async: 1800 - poll: 0 \ No newline at end of file + async: 3600 + poll: 10 \ No newline at end of file From 3dc90f9eb9ff25c8b919b81d806c55ec328307a5 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Thu, 17 Nov 2022 19:24:20 +0530 Subject: [PATCH 144/434] fix: renamed task (#3601) --- ansible/deploy-plugins.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/deploy-plugins.yml b/ansible/deploy-plugins.yml index 63dba9cd96..8da2bd445e 100644 --- a/ansible/deploy-plugins.yml +++ b/ansible/deploy-plugins.yml @@ -72,7 +72,7 @@ - preview - block: - - name: delete batch of files from azure storage + - name: delete and re-upload plugins include_role: name: azure-cloud-storage tasks_from: "{{ item[0] }}" @@ -200,4 +200,4 @@ AWS_SECRET_ACCESS_KEY: "{{ aws_secret_access_key }}" tags: - plugins - when: cloud_service_provider == "aws" + when: cloud_service_provider == "aws" \ No newline at end of file From bdbea1be4ef6c30d61ab1406669a5a3cd0573aef Mon Sep 17 00:00:00 2001 From: VISHNUDAS <95604247+VISHNUDAS-tunerlabs@users.noreply.github.com> Date: Mon, 21 Nov 2022 15:47:09 +0530 Subject: [PATCH 145/434] Certificate env changes- RC- internal call used instead env variable (#3603) From daf4b7c37236bae6f813ccf26acaa58a80662bc4 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Mon, 21 Nov 2022 17:27:44 +0530 Subject: [PATCH 146/434] Update config.j2 --- .../ml-analytics-service/templates/config.j2 | 144 ++++++++++-------- 1 file changed, 83 insertions(+), 61 deletions(-) diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index cef1739e4e..f43f08191a 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -4,7 +4,8 @@ survey_app = {{ ml_analytics_survey_app_name }} integrated_app = {{ ml_analytics_integrated_app_name }} -integrated_portal = {{ ml_analytics_integrated_portal }} +integrated_portal = {{ ml_analytics_integrated_portal_name }} + [API_HEADERS] @@ -14,6 +15,7 @@ authorization = {{ ml_analytics_api_authorization_key }} internal_access_token = {{ ml_analytics_api_access_token }} + [ML_SURVEY_SERVICE_URL] url = {{ ml_analytics_survey_service }} @@ -24,24 +26,15 @@ user_profile_end_point = assessment/api/v1/userExtension/getProfile/ evidence_base_url = {{ ml_analytics_evidence_base_url }} -[MONGO] - -# -------------- -# Mongo url -#--------------- -mongo_url = mongodb://{{ ml_analytics_mongodb_url }} +[MONGO] -# ----------------------- -# Mongo database name -# ----------------------- +url = mongodb://{{ ml_analytics_mongodb_url }} database_name = {{ ml_analytics_mongo_db_name }} -# ------------------- -# Mongo Collections -# ------------------- +# ------ Mongo Collections ------- # observation_sub_collection = {{ ml_analytics_mongo_observation_submission_collection }} solutions_collection = {{ ml_analytics_mongo_solution_collection }} @@ -68,6 +61,7 @@ survey_submissions_collection = {{ ml_analytics_mongo_survey_submissions_collect survey_collection = {{ ml_analytics_mongo_survey_collection }} + [DRUID] metadata_url = http://{{ ml_analytics_druid_url }}/druid/coordinator/v1/datasources/ @@ -84,13 +78,15 @@ observation_status_injestion_spec = {{ ml_analytics_druid_observation_status_inj project_injestion_spec = {{ ml_analytics_druid_project_injestion_spec }} -ml_distinctCnt_obs_status_spec = {{ ml_analytics_druid_distinctCnt_obs_injestion_spec }} +ml_distinctCnt_obs_status_spec = {{ ml_analytics_druid_distinctCnt_obs_injestion_spec }} -ml_distinctCnt_obs_domain_spec = {{ ml_analytics_druid_distinctCnt_obs_domain_injestion_spec }} +ml_distinctCnt_obs_domain_spec = {{ ml_analytics_druid_distinctCnt_obs_domain_injestion_spec }} -ml_distinctCnt_obs_domain_criteria_spec = {{ ml_analytics_druid_distinctCnt_obs_domain_criteria_injestion_spec }} +ml_distinctCnt_obs_domain_criteria_spec = {{ ml_analytics_druid_distinctCnt_obs_domain_criteria_injestion_spec }} -ml_distinctCnt_projects_status_spec = {{ ml_analytics_druid_distinctCnt_projects_status_injestion_spec }} +ml_distinctCnt_projects_status_spec = {{ ml_analytics_druid_distinctCnt_projects_status_injestion_spec }} + +ml_distinctCnt_prglevel_projects_status_spec = {{ ml_analytics_druid_distinctCnt_prglevel_projects_status_injestion_spec }} observation_status_rollup_injestion_spec = {{ ml_analytics_druid_observation_status_rollup_injestion_spec }} @@ -98,8 +94,6 @@ project_rollup_injestion_spec = {{ ml_analytics_druid_project_rollup_injestion_s ml_survey_rollup_spec = {{ml_analytics_druid_survey_rollup_injestion_spec}} -ml_distinctCnt_prglevel_projects_status_spec = {{ ml_analytics_druid_distinctCnt_prglevel_projects_status_injestion_spec}} - survey_status_injestion_spec = {{ ml_analytics_druid_survey_status_injestion_spec }} observation_query_spec = {{ ml_analytics_druid_observation_query_spec }} @@ -110,6 +104,9 @@ survey_query_spec = {{ml_analytics_druid_survey_query_spec}} survey_injestion_spec = {{ml_analytics_druid_survey_batch_ingestion_spec}} +intervals = {{ml_analytics_druid_interval_list}} + + [KAFKA] url = {{ ml_analytics_kafka_url }} @@ -126,6 +123,7 @@ survey_raw_topic = {{ ml_analytics_kafka_survey_topic_name }} survey_druid_topic = {{ ml_analytics_kafka_survey_druid_topic_name }} + [LOGS] observation_streaming_success = {{ ml_analytics_observation_log_folder_path }}/success.log @@ -152,55 +150,54 @@ survey_streaming_success = {{ ml_analytics_survey_log_folder_path }}/success.log survey_streaming_error = {{ ml_analytics_survey_log_folder_path }}/error.log -[AZURE] +{% if ML_Cloud_Service_Provider is eq 'ORACLE' %} -account_name = {{ ml_analytics_azure_account_name }} +[ORACLE] -sas_token = {{ ml_analytics_azure_sas_token }} +endpoint_url = {{ ml_ORACLE_endpoint_url }} -container_name = {{ ml_analytics_azure_container_name }} +access_key = {{ ml_ORACLE_access_key }} -observation_blob_path = {{ ml_analytics_observation_azure_blob_path }} +secret_access_key = {{ ml_ORACLE_secret_access_key }} -projects_blob_path = {{ ml_analytics_project_azure_blob_path }} +region_name = {{ ml_ORACLE_region_name }} -observation_distinctCount_blob_path = {{ ml_analytics_obs_distinctCnt_azure_blob_path }} +bucket_name = {{ ml_ORACLE_bucket_name }} -observation_distinctCount_domain_blob_path = {{ ml_analytics_obs_distinctCnt_domain_azure_blob_path }} +{% elif ML_Cloud_Service_Provider is eq 'GCP' %} -observation_distinctCount_domain_criteria_blob_path = {{ ml_analytics_obs_distinctCnt_domain_criteria_azure_blob_path }} +[GCP] -projects_distinctCnt_blob_path = {{ ml_analytics_projects_distinctCnt_azure_blob_path }} +secret_data = {{ ml_GCP_secret_json_file }} -projects_rollup_blob_path = {{ ml_analytics_project_rollup_azure_blob_path }} +bucket_name = {{ ml_GCP_bucket_name }} -observation_rollup_blob_path = {{ ml_analytics_observation_rollup_azure_blob_path }} +{% elif ML_Cloud_Service_Provider is eq 'AWS' %} -survey_rollup_blob_path = {{ ml_analytics_survey_rollup_azure_blob_path }} +[AWS] -projects_distinctCnt_prgmlevel_blob_path = {{ml_analytics_projects_distinctCnt_prglevel_azure_blob_path}} +service_name = {{ ml_AWS_service_name }} -survey_blob_path = {{ ml_analytics_survey_azure_blob_path }} +access_key = {{ ml_AWS_access_key }} -public_account_name = {{ ml_analytics_public_azure_account_name }} +secret_access_key = {{ ml_AWS_secret_access_key }} -public_access_key = {{ ml_analytics_public_azure_access_key }} +region_name = {{ ml_AWS_region_name }} -public_container_name = {{ ml_analytics_public_azure_container_name }} +bucket_name = {{ ml_AWS_bucket_name }} -projects_program_csv = {{ ml_analytics_program_dashboard_azure_blob_path }} +{% else %} -observation_batch_ingestion_data_del = {{ ml_analytics_observation_batchupdate_azure_blob_path }} +[AZURE] -survey_batch_ingestion_data_del = {{ml_analytics_survey_batchupdate_azure_blob_path}} +account_name = {{ ml_analytics_azure_account_name }} -[REDIS] +sas_token = {{ ml_analytics_azure_sas_token }} -host = {{ ml_analytics_redis_host }} +container_name = {{ ml_analytics_azure_container_name }} -port = {{ ml_analytics_redis_port }} +account_key = {{ ml_analytics_azure_account_key }} -db_name = {{ ml_analytics_redis_db_name }} [OUTPUT_DIR] @@ -208,22 +205,22 @@ project = {{ ml_analytics_project_output_dir }} observation_status = {{ ml_analytics_observation_status_output_dir }} -observation_distinctCount_status = {{ ml_analytics_obs_distinctCnt_output_dir }} +observation_distinctCount_status = {{ ml_analytics_obs_distinctCnt_output_dir }} -observation_distinctCount_domain = {{ ml_analytics_obs_distinctCnt_domain_output_dir }} +observation_distinctCount_domain = {{ ml_analytics_obs_distinctCnt_domain_output_dir }} -observation_distinctCount_domain_criteria = {{ ml_analytics_obs_distinctCnt_domain_criteria_output_dir }} +observation_distinctCount_domain_criteria = {{ ml_analytics_obs_distinctCnt_domain_criteria_output_dir }} projects_distinctCount = {{ ml_analytics_projects_distinctCnt_output_dir }} +projects_distinctCount_prgmlevel = {{ ml_analytics_projects_distinctCnt_prglevel_output_dir }} + project_rollup = {{ ml_analytics_project_rollup_output_dir }} observation_status_rollup = {{ ml_analytics_observation_status_rollup_output_dir }} survey_rollup = {{ ml_analytics_survey_rollup_output_dir }} -projects_distinctCount_prgmlevel = {{ml_analytics_projects_distinctCnt_prglevel_output_dir}} - survey_status = {{ ml_analytics_survey_status_output_dir }} observation_sub_ids = {{ ml_analytics_observation_submission_id_filepath }} @@ -234,26 +231,51 @@ survey_sub_ids = {{ml_analytics_survey_submission_id_filepath}} survey_druid_data = {{ml_analytics_survey_batchupdate_output_dir}} -[CLOUD_STORAGE] -service_name = {{ ml_analytics_AWS_service_name }} +[SLACK] -access_key = {{ ml_analytics_AWS_access_key }} +token = {{ml_slack_token}} -secret_access_key = {{ ml_analytics_AWS_secret_access_key }} +channel = {{ml_slack_channel}} -region_name = {{ ml_analytics_AWS_region_name }} -bucket_name = {{ ml_analytics_AWS_bucket_name }} +[VAM] -[SLACK] +druid_query_url = {{ ml_druid_query_data }} -token = {{ ml_analytics_slack_token }} +program_dashboard_data = {{ ml_program_dashboard_data }} -channel = {{ ml_analytics_channel_name }} -[VAM] +[COMMON] -druid_query_url = {{ ml_druid_query_data }} +cloud_module_path = {{ ml_analytics_cloud_package_path }} -program_dashboard_data = {{ ml_program_dashboard_data }} +observation_blob_path = {{ ml_analytics_observation_azure_blob_path }} + +projects_blob_path = {{ ml_analytics_project_azure_blob_path }} + +observation_distinctCount_blob_path = {{ ml_analytics_obs_distinctCnt_azure_blob_path }} + +observation_distinctCount_domain_blob_path = {{ ml_analytics_obs_distinctCnt_domain_azure_blob_path }} + +observation_distinctCount_domain_criteria_blob_path = {{ ml_analytics_obs_distinctCnt_domain_criteria_azure_blob_path }} + +projects_distinctCnt_blob_path = {{ ml_analytics_projects_distinctCnt_azure_blob_path }} + +projects_distinctCnt_prgmlevel_blob_path = {{ ml_analytics_projects_distinctCnt_prglevel_azure_blob_path }} + +projects_rollup_blob_path = {{ ml_analytics_project_rollup_azure_blob_path }} + +observation_rollup_blob_path = {{ ml_analytics_observation_rollup_azure_blob_path }} + +survey_rollup_blob_path = {{ ml_analytics_survey_rollup_azure_blob_path }} + +survey_blob_path = {{ ml_analytics_survey_azure_blob_path }} + +projects_program_csv = {{ ml_analytics_program_dashboard_azure_blob_path }} + +observation_batch_ingestion_data_del = {{ ml_analytics_observation_batchupdate_azure_blob_path }} + +survey_batch_ingestion_data_del = {{ ml_analytics_survey_batchupdate_azure_blob_path}} + +cname_url = {{ ml_analytics_cname_url }} From 6bc03f69e454aea55aeeb8b74e5003b403d4376c Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Mon, 21 Nov 2022 17:35:57 +0530 Subject: [PATCH 147/434] Update main.yml --- ansible/roles/ml-analytics-service/tasks/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ansible/roles/ml-analytics-service/tasks/main.yml b/ansible/roles/ml-analytics-service/tasks/main.yml index 0998cf8188..6bf640005e 100755 --- a/ansible/roles/ml-analytics-service/tasks/main.yml +++ b/ansible/roles/ml-analytics-service/tasks/main.yml @@ -105,6 +105,10 @@ dest: "{{ config_path }}/config.ini" backup: yes +- name: Copy GCP Secrets to JSON file + copy: dest="{{config_path}}/{{ml_GCP_secret_json_file}}" content="{{ ml_GCP_Secrets | to_nice_json}}" mode=0644 owner="{{ USER }}" + when: ML_Cloud_Service_Provider == 'GCP' + - name: Templating the shell_script_config.j2 to shell_script_config template: src: "shell_script_config.j2" From 38e6fd566b7f2c968c7341088e453d1bd23b7fb2 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Mon, 21 Nov 2022 17:37:28 +0530 Subject: [PATCH 148/434] Update config.j2 --- ansible/roles/ml-analytics-service/templates/config.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index f43f08191a..ce5ff99bff 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -4,7 +4,7 @@ survey_app = {{ ml_analytics_survey_app_name }} integrated_app = {{ ml_analytics_integrated_app_name }} -integrated_portal = {{ ml_analytics_integrated_portal_name }} +integrated_portal = {{ ml_analytics_integrated_portal }} [API_HEADERS] From eb8eb6a37af4aa6935c82488e4b678c930742467 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Mon, 21 Nov 2022 17:56:34 +0530 Subject: [PATCH 149/434] Update main.yml --- ansible/roles/ml-analytics-service/defaults/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 1e6f116cc3..6733061380 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -110,3 +110,8 @@ ml_analytics_druid_survey_batch_ingestion_spec : '{"type":"index","spec":{"ioCon ml_analytics_survey_batchupdate_azure_blob_path : "survey/batchDeletion" ml_analytics_survey_submission_id_filepath : "{{ WORKDIR }}/ml-analytics-service/survey/submissions.csv" ml_analytics_survey_batchupdate_output_dir : "{{ WORKDIR }}/source/survey/" +ml_analytics_druid_interval_list: '["1901-01-01T00:00:00+00:00/2020-01-01T00:00:00+00:00","2020-01-01T00:00:00+00:00/2020-06-01T00:00:00+00:00","2020-06-01T00:00:00+00:00/2021-01-01T00:00:00+00:00","2021-01-01T00:00:00+00:00/2021-06-01T00:00:00+00:00","2021-06-01T00:00:00+00:00/2022-01-01T00:00:00+00:00","2022-01-01T00:00:00+00:00/2022-03-01T00:00:00+00:00","2022-03-01T00:00:00+00:00/2022-06-01T00:00:00+00:00","2022-06-01T00:00:00+00:00/2022-09-01T00:00:00+00:00","2022-09-01T00:00:00+00:00/2023-01-01T00:00:00+00:00"]' +ml_analytics_azure_account_key: "{{ sunbird_private_storage_account_sas }}" +ML_Cloud_Service_Provider: "{{ ml_csp | default('AZURE') }}" ## Valid options - ORACLE, GCP, AWS & AZURE +ml_analytics_cloud_package_path: "{{ ml_cloud_package_path | default('') }}" +ml_analytics_cname_url: "{{ ml_cname_url | default('') }}" From a56716a89b06df6a4f8e0d37c7803b9898c9b6fb Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Wed, 23 Nov 2022 18:24:43 +0530 Subject: [PATCH 150/434] LR-262 cloud base path change --- .../roles/stack-sunbird/templates/sunbird_lms-service.env | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index c6c8a2eee9..403e9c8155 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -144,4 +144,7 @@ enrollment_list_size={{ enrollment_list_size | default(1000) }} # Release-5.0.0 sunbird_cloud_service_provider={{cloud_service_provider}} -isMultiDCEnabled={{cassandra_isMultiDCEnabled}} \ No newline at end of file +isMultiDCEnabled={{cassandra_isMultiDCEnabled}} + +# Release-5.0.1 +cloud_store_base_path=https://sunbirddev.blob.core.windows.net \ No newline at end of file From 7c02eb4653bd23890c3b0fedcd5b77342d29bde7 Mon Sep 17 00:00:00 2001 From: Jayaprakash8887 Date: Wed, 23 Nov 2022 18:39:44 +0530 Subject: [PATCH 151/434] Issue #KN-427 feat: Knowledge service cloud-agnostic --- .../templates/assessment-service_application.conf | 9 +++++---- .../templates/content-service_application.conf | 9 +++++---- .../templates/taxonomy-service_application.conf | 9 +++++---- 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/assessment-service_application.conf b/ansible/roles/stack-sunbird/templates/assessment-service_application.conf index 851433f160..60d129907a 100644 --- a/ansible/roles/stack-sunbird/templates/assessment-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/assessment-service_application.conf @@ -383,10 +383,11 @@ languageCode { telugu : "te" } -cloud_storage_type: "azure" -azure_storage_key: "{{ sunbird_public_storage_account_name }}" -azure_storage_secret: "{{ sunbird_public_storage_account_key }}" -azure_storage_container: "{{ sunbird_content_azure_storage_container }}" +cloud_storage_type: "{{ cloud_service_provider }}" +cloud_storage_key: "{{ cloud_public_storage_accountname }}" +cloud_storage_secret: "{{ cloud_public_storage_secret }}" +cloud_storage_endpoint: "{{ cloud_public_storage_endpoint }}" +cloud_storage_container: "{{ cloud_storage_content_bucketname }}" kafka { urls : "{{ kafka_urls }}" diff --git a/ansible/roles/stack-sunbird/templates/content-service_application.conf b/ansible/roles/stack-sunbird/templates/content-service_application.conf index ee0a80a645..24c1007695 100644 --- a/ansible/roles/stack-sunbird/templates/content-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/content-service_application.conf @@ -481,10 +481,11 @@ composite { url : "{{ sunbird_search_service_api_base_url }}/v3/search" } } -cloud_storage_type: "azure" -azure_storage_key: "{{ sunbird_public_storage_account_name }}" -azure_storage_secret: "{{ sunbird_public_storage_account_key }}" -azure_storage_container: "{{ sunbird_content_azure_storage_container }}" +cloud_storage_type: "{{ cloud_service_provider }}" +cloud_storage_key: "{{ cloud_public_storage_accountname }}" +cloud_storage_secret: "{{ cloud_public_storage_secret }}" +cloud_storage_endpoint: "{{ cloud_public_storage_endpoint }}" +cloud_storage_container: "{{ cloud_storage_content_bucketname }}" # Google Drive APIKEY learning_content_drive_apiKey = "{{ learning_content_drive_apiKey }}" diff --git a/ansible/roles/stack-sunbird/templates/taxonomy-service_application.conf b/ansible/roles/stack-sunbird/templates/taxonomy-service_application.conf index 1c3714fbe8..e1298a1b92 100644 --- a/ansible/roles/stack-sunbird/templates/taxonomy-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/taxonomy-service_application.conf @@ -366,10 +366,11 @@ platform { } # Cloud Storage Config -cloud_storage_type: "azure" -azure_storage_key: "{{ sunbird_public_storage_account_name }}" -azure_storage_secret: "{{ sunbird_public_storage_account_key }}" -azure_storage_container: "{{ sunbird_content_azure_storage_container }}" +cloud_storage_type: "{{ cloud_service_provider }}" +cloud_storage_key: "{{ cloud_public_storage_accountname }}" +cloud_storage_secret: "{{ cloud_public_storage_secret }}" +cloud_storage_endpoint: "{{ cloud_public_storage_endpoint }}" +cloud_storage_container: "{{ cloud_storage_content_bucketname }}" installation.id: ekstep From f804103408530aa2d9c2de3b6ad43c08aecd97bc Mon Sep 17 00:00:00 2001 From: Jayaprakash8887 Date: Wed, 23 Nov 2022 18:43:07 +0530 Subject: [PATCH 152/434] Revert "Issue #KN-9 feat: Content Publish API refactor." This reverts commit e37ca7291abf51ec385d9c464a3852f32b5724f1. --- .../stack-sunbird/templates/content-service_application.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/content-service_application.conf b/ansible/roles/stack-sunbird/templates/content-service_application.conf index 24c1007695..fb5a2e7667 100644 --- a/ansible/roles/stack-sunbird/templates/content-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/content-service_application.conf @@ -494,7 +494,6 @@ kafka { urls : "{{ kafka_urls }}" topic.send.enable : true topics.instruction : "{{ env_name }}.learning.job.request" - publish.request.topic : "{{ env_name }}.publish.job.request" } # DIAL Link Config From c27b9025fadf6c1bd03255b7f1676897628da4b2 Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Wed, 23 Nov 2022 19:00:09 +0530 Subject: [PATCH 153/434] LR-262 cname template variable --- ansible/roles/stack-sunbird/templates/sunbird_lms-service.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 403e9c8155..a2f21c7967 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -147,4 +147,4 @@ sunbird_cloud_service_provider={{cloud_service_provider}} isMultiDCEnabled={{cassandra_isMultiDCEnabled}} # Release-5.0.1 -cloud_store_base_path=https://sunbirddev.blob.core.windows.net \ No newline at end of file +cloud_store_base_path={{cloud_store_base_path}} \ No newline at end of file From af7d891f37c40f0a88b78c27b6313a87c5384324 Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Thu, 24 Nov 2022 09:59:10 +0530 Subject: [PATCH 154/434] LR-262 variable name updated --- ansible/roles/stack-sunbird/templates/sunbird_lms-service.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index a2f21c7967..22712ff167 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -147,4 +147,4 @@ sunbird_cloud_service_provider={{cloud_service_provider}} isMultiDCEnabled={{cassandra_isMultiDCEnabled}} # Release-5.0.1 -cloud_store_base_path={{cloud_store_base_path}} \ No newline at end of file +cloud_store_base_url={{cloud_store_base_url}} \ No newline at end of file From bd0bb17934691c3cff591a3db315120a0445b01f Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Thu, 24 Nov 2022 10:33:45 +0530 Subject: [PATCH 155/434] LR-262 variable name change --- ansible/inventory/env/group_vars/all.yml | 5 ++++- .../roles/stack-sunbird/templates/sunbird_lms-service.env | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index b3ac73f078..d8da227a81 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -558,4 +558,7 @@ dial_service_schema_base_path: "https://{{sunbird_public_storage_account_name}}. ### Release-5.0.0 cloud service provider changes for supporting multiple providers ### ### cloud_service_provider value should be either (azure, aws, gcloud) as per cloud sdk dependency ### -cloud_service_provider: "azure" \ No newline at end of file +cloud_service_provider: "azure" +# LERN Release-5.0.1 cname template variable +cloud_storage_base_url: https://sunbirddev.blob.core.windows.net + diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 22712ff167..00c81c29d5 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -147,4 +147,4 @@ sunbird_cloud_service_provider={{cloud_service_provider}} isMultiDCEnabled={{cassandra_isMultiDCEnabled}} # Release-5.0.1 -cloud_store_base_url={{cloud_store_base_url}} \ No newline at end of file +cloud_storage_base_url={{cloud_storage_base_url}} \ No newline at end of file From 267f338854cd4f8aacb4f957dbeb98537fea55a0 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Thu, 24 Nov 2022 11:35:50 +0530 Subject: [PATCH 156/434] Update config.j2 --- ansible/roles/ml-analytics-service/templates/config.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index ce5ff99bff..770de394cb 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -164,7 +164,7 @@ region_name = {{ ml_ORACLE_region_name }} bucket_name = {{ ml_ORACLE_bucket_name }} -{% elif ML_Cloud_Service_Provider is eq 'GCP' %} +{% elif ML_Cloud_Service_Provider is eq 'gcloud' %} [GCP] @@ -172,7 +172,7 @@ secret_data = {{ ml_GCP_secret_json_file }} bucket_name = {{ ml_GCP_bucket_name }} -{% elif ML_Cloud_Service_Provider is eq 'AWS' %} +{% elif ML_Cloud_Service_Provider is eq 'aws' %} [AWS] From d22223a0a4cfc6103d333ffc8069a162abdd6e4c Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Thu, 24 Nov 2022 11:53:35 +0530 Subject: [PATCH 157/434] Update main.yml --- .../ml-analytics-service/defaults/main.yml | 22 ++++++++----------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 6733061380..da0df0ada6 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -44,8 +44,8 @@ ml_analytics_kafka_survey_druid_topic_name: "{{ env_name }}.ml.survey.druid" ml_analytics_observation_log_folder_path: "{{ WORKDIR }}/logs/observation" ml_analytics_project_log_folder_path: "{{ WORKDIR }}/logs/project" ml_analytics_survey_log_folder_path: "{{ WORKDIR }}/logs/survey" -ml_analytics_azure_account_name: "{{ sunbird_private_storage_account_name }}" -ml_analytics_azure_container_name: "telemetry-data-store" +ml_analytics_azure_account_name: "{{ cloud_private_storage_accountname }}" +ml_analytics_azure_container_name: "{{ cloud_storage_telemetry_bucketname }}" ml_analytics_observation_azure_blob_path: "observation/status/" ml_analytics_project_azure_blob_path: "projects/" ml_analytics_redis_host: "{{ml_redis_host | default(groups['dp-redis'][0])}}" @@ -57,7 +57,7 @@ ml_analytics_api_authorization_key: "{{ml_api_auth_token | default('sunbird_api_ ml_analytics_api_access_token: "{{ml_api_access_token | default('ml_core_internal_access_token')}}" ml_analytics_druid_observation_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "azure","uris": ["azure://telemetry-data-store/observation/status/sl_observation_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-observation-status","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"auto"},"dimensionsSpec":{"dimensions":["status","entity_externalId","entity_id","entity_type","solution_id","solution_externalId","submission_id","entity_name","solution_name","role_title","school_name","school_code","school_externalId","state_name","state_code","state_externalId","district_name","district_code","district_externalId","block_name","block_code","block_externalId","cluster_name","cluster_code","cluster_externalId","completedDate","channel","parent_channel","program_id","program_externalId","program_name","app_name","user_id","private_program","solution_type","organisation_name","ecm_marked_na","board_name","updatedAt","organisation_id","user_type","observed_school_name","observed_school_id","observed_school_code","observed_state_name","observed_state_id","observed_state_code","observed_district_name","observed_district_id","observed_district_code","observed_block_name","observed_block_id","observed_block_code","observed_cluster_name","observed_cluster_id","observed_cluster_code"]},"metricsSpec":[]}}}' ml_analytics_druid_project_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "azure","uris": ["azure://telemetry-data-store/projects/sl_projects.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-project","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"project_updated_date","format":"auto"},"dimensionsSpec":{"dimensions":[]},"metricsSpec":[]}}}' -ml_analytics_azure_sas_token: "{{ sunbird_private_storage_account_key }}" +ml_analytics_azure_sas_token: "{{ cloud_private_storage_secret }}" ml_analytics_druid_distinctCnt_obs_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount/ml_observation_distinctCount_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"status"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' ml_analytics_druid_distinctCnt_obs_domain_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount_domain/ml_observation_distinctCount_domain.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-domain","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"string","name":"domain_name"},{"type":"string","name":"domain_externalId"},{"type":"string","name":"domain_level"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' ml_analytics_druid_distinctCnt_obs_domain_criteria_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount_domain_criteria/ml_observation_distinctCount_domain_criteria.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-domain-criteria","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"string","name":"domain_name"},{"type":"string","name":"domain_externalId"},{"type":"string","name":"domain_level"},{"type":"string","name":"criteria_name"},{"type":"string","name":"criteria_score"},{"type":"string","name":"criteria_id"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' @@ -80,11 +80,10 @@ ml_analytics_observation_status_rollup_output_dir: "/opt/sparkjobs/source/observ ml_analytics_druid_project_rollup_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/projects/rollup/projects_rollup.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-status-rollup","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"project_updated_date","format":"iso"},"dimensionsSpec":{"dimensions":["project_title","project_goal","area_of_improvement","status_of_project","tasks_name","tasks_status","designation","task_evidence_status","project_id","task_id","project_created_type","parent_channel","program_id","program_name","project_updated_date","createdBy","program_externalId","private_program","task_deleted_flag","project_terms_and_condition","state_externalId","block_externalId","district_externalId","cluster_externalId","school_externalId","state_name","block_name","district_name","cluster_name","school_name","board_name","organisation_name","solution_id","organisation_id",{"name":"status_code","type":"long"}]},"metricsSpec":[{"name":"count","type":"count"},{"name":"sum___v","type":"longSum","fieldName":"__v"},{"name":"sum_status_code","type":"longMax","fieldName":"status_code"},{"type":"HLLSketchBuild","name":"count_of_createBy","fieldName":"createdBy"},{"type":"HLLSketchBuild","name":"count_of_project_id","fieldName":"project_id"},{"type":"HLLSketchBuild","name":"count_of_solution_id","fieldName":"solution_id"},{"type":"HLLSketchBuild","name":"count_of_program_id","fieldName":"program_id"}]}}}' ml_analytics_druid_observation_status_rollup_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/rollup/observation_status_rollup.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-observation-status-rollup","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"iso"},"dimensionsSpec":{"dimensions":["status","user_id","solution_id","submission_id","entity_name","completedDate","program_id","private_program","solution_type","updatedAt","role_title","solution_name","program_name","channel","parent_channel","block_name","district_name","school_name","cluster_name","state_name","organisation_name","board_name","district_externalId","state_externalId","block_externalId","cluster_externalId","school_externalId","organisation_id",{"type":"long","name":"status_code"}]},"metricsSpec":[{"type":"count","name":"count"},{"type":"longSum","name":"sum___v","fieldName":"__v","expression":null},{"type":"HLLSketchBuild","name":"count_distinct_solution","fieldName":"solution_id","lgK":12,"tgtHllType":"HLL_4","round":false},{"type":"HLLSketchBuild","name":"count_distinct_submission_id","fieldName":"submission_id","lgK":12,"tgtHllType":"HLL_4","round":false},{"type":"HLLSketchBuild","name":"count_distinct_user_id","fieldName":"user_id","lgK":12,"tgtHllType":"HLL_4","round":false}]}}}' ml_analytics_druid_rollup_url: "{{groups['druid'][0]}}:8081" -ml_analytics_AWS_service_name: "{{ ml_AWS_service_name | default('') }}" -ml_analytics_AWS_access_key: "{{ ml_AWS_access_key | default('') }}" -ml_analytics_AWS_secret_access_key: "{{ ml_AWS_secret_access_key | default('') }}" -ml_analytics_AWS_region_name: "{{ ml_AWS_region_name | default('') }}" -ml_analytics_AWS_bucket_name: "{{ ml_AWS_bucket_name | default('') }}" +ml_analytics_AWS_access_key: "{{ cloud_private_storage_accountname }}" +ml_analytics_AWS_secret_access_key: "{{ cloud_private_storage_secret }}" +ml_analytics_AWS_region_name: "{{ cloud_private_storage_region }}" +ml_analytics_AWS_bucket_name: "{{ cloud_storage_telemetry_bucketname }}" ml_analytics_druid_distinctCnt_prglevel_projects_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/projects/distinctCountPrglevel/ml_projects_distinctCount_prgmlevel.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-programLevel-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"status_of_project"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"private_program"},{"type":"string","name":"project_created_type"},{"type":"string","name":"parent_channel"},{"type":"long","name":"unique_projects"},{"type":"long","name":"unique_users"},{"type":"long","name":"no_of_imp_with_evidence"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' ml_analytics_projects_distinctCnt_prglevel_output_dir: "{{ WORKDIR }}/source/projects/distinctCountPrglevel/output" ml_analytics_projects_distinctCnt_prglevel_azure_blob_path: "projects/distinctCountPrglevel/" @@ -93,9 +92,6 @@ ml_analytics_survey_azure_blob_path : "survey/status/" ml_analytics_druid_survey_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/survey/status/sl_survey_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-survey-status","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":true,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"iso"},"dimensionsSpec":{"dimensions":["survey_submission_id", "submission_status", "user_id", "user_sub_type", "user_type", "state_externalId", "block_externalId", "district_externalId", "cluster_externalId", "school_externalId", "state_name", "block_name", "district_name", "cluster_name", "school_name", "board_name", "organisation_id", "organisation_name", "program_externalId", "program_id", "program_name", "survey_name", "survey_id", "survey_externalId", "created_date", "submission_date", "updatedAt", "parent_channel", "solution_name", "solution_id","private_program"]},"metricsSpec":[]}}}' ml_analytics_slack_token: "{{ ml_slack_token | default('') }}" ml_analytics_channel_name: "{{ ml_slack_channel | default('') }}" -ml_analytics_public_azure_account_name: "{{ ml_public_azure_account | default('') }}" -ml_analytics_public_azure_access_key: "{{ ml_public_azure_key | default('') }}" -ml_analytics_public_azure_container_name: "{{ ml_public_azure_container | default('') }}" ml_analytics_program_dashboard_azure_blob_path: "{{ ml_program_blob_path | default('') }}" ml_druid_query_data: "{{ ml_druid_query | default('') }}" ml_program_dashboard_data: "{{ ml_program_data | default('') }}" @@ -111,7 +107,7 @@ ml_analytics_survey_batchupdate_azure_blob_path : "survey/batchDeletion" ml_analytics_survey_submission_id_filepath : "{{ WORKDIR }}/ml-analytics-service/survey/submissions.csv" ml_analytics_survey_batchupdate_output_dir : "{{ WORKDIR }}/source/survey/" ml_analytics_druid_interval_list: '["1901-01-01T00:00:00+00:00/2020-01-01T00:00:00+00:00","2020-01-01T00:00:00+00:00/2020-06-01T00:00:00+00:00","2020-06-01T00:00:00+00:00/2021-01-01T00:00:00+00:00","2021-01-01T00:00:00+00:00/2021-06-01T00:00:00+00:00","2021-06-01T00:00:00+00:00/2022-01-01T00:00:00+00:00","2022-01-01T00:00:00+00:00/2022-03-01T00:00:00+00:00","2022-03-01T00:00:00+00:00/2022-06-01T00:00:00+00:00","2022-06-01T00:00:00+00:00/2022-09-01T00:00:00+00:00","2022-09-01T00:00:00+00:00/2023-01-01T00:00:00+00:00"]' -ml_analytics_azure_account_key: "{{ sunbird_private_storage_account_sas }}" -ML_Cloud_Service_Provider: "{{ ml_csp | default('AZURE') }}" ## Valid options - ORACLE, GCP, AWS & AZURE +ml_analytics_azure_account_key: "{{ cloud_private_storage_secret }}" +ML_Cloud_Service_Provider: "{{ cloud_service_provider | default('azure') }}" ## Valid options - ORACLE, GCP, AWS & AZURE ml_analytics_cloud_package_path: "{{ ml_cloud_package_path | default('') }}" ml_analytics_cname_url: "{{ ml_cname_url | default('') }}" From 69249369d7031e55ccb3737c4352f95e16d652df Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Thu, 24 Nov 2022 11:55:16 +0530 Subject: [PATCH 158/434] Update main.yml --- ansible/roles/ml-analytics-service/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index da0df0ada6..6b12734b74 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -108,6 +108,6 @@ ml_analytics_survey_submission_id_filepath : "{{ WORKDIR }}/ml-analytics-service ml_analytics_survey_batchupdate_output_dir : "{{ WORKDIR }}/source/survey/" ml_analytics_druid_interval_list: '["1901-01-01T00:00:00+00:00/2020-01-01T00:00:00+00:00","2020-01-01T00:00:00+00:00/2020-06-01T00:00:00+00:00","2020-06-01T00:00:00+00:00/2021-01-01T00:00:00+00:00","2021-01-01T00:00:00+00:00/2021-06-01T00:00:00+00:00","2021-06-01T00:00:00+00:00/2022-01-01T00:00:00+00:00","2022-01-01T00:00:00+00:00/2022-03-01T00:00:00+00:00","2022-03-01T00:00:00+00:00/2022-06-01T00:00:00+00:00","2022-06-01T00:00:00+00:00/2022-09-01T00:00:00+00:00","2022-09-01T00:00:00+00:00/2023-01-01T00:00:00+00:00"]' ml_analytics_azure_account_key: "{{ cloud_private_storage_secret }}" -ML_Cloud_Service_Provider: "{{ cloud_service_provider | default('azure') }}" ## Valid options - ORACLE, GCP, AWS & AZURE +ML_Cloud_Service_Provider: "{{ cloud_service_provider | default('azure') }}" ## Valid options - ORACLE, gcloud, aws & azure ml_analytics_cloud_package_path: "{{ ml_cloud_package_path | default('') }}" ml_analytics_cname_url: "{{ ml_cname_url | default('') }}" From bcdb073b4716ccfbcd1bf89d0acec8ecbe02f6ea Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Thu, 24 Nov 2022 12:14:58 +0530 Subject: [PATCH 159/434] Update main.yml --- ansible/roles/ml-analytics-service/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 6b12734b74..b9e9557807 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -109,5 +109,5 @@ ml_analytics_survey_batchupdate_output_dir : "{{ WORKDIR }}/source/survey/" ml_analytics_druid_interval_list: '["1901-01-01T00:00:00+00:00/2020-01-01T00:00:00+00:00","2020-01-01T00:00:00+00:00/2020-06-01T00:00:00+00:00","2020-06-01T00:00:00+00:00/2021-01-01T00:00:00+00:00","2021-01-01T00:00:00+00:00/2021-06-01T00:00:00+00:00","2021-06-01T00:00:00+00:00/2022-01-01T00:00:00+00:00","2022-01-01T00:00:00+00:00/2022-03-01T00:00:00+00:00","2022-03-01T00:00:00+00:00/2022-06-01T00:00:00+00:00","2022-06-01T00:00:00+00:00/2022-09-01T00:00:00+00:00","2022-09-01T00:00:00+00:00/2023-01-01T00:00:00+00:00"]' ml_analytics_azure_account_key: "{{ cloud_private_storage_secret }}" ML_Cloud_Service_Provider: "{{ cloud_service_provider | default('azure') }}" ## Valid options - ORACLE, gcloud, aws & azure -ml_analytics_cloud_package_path: "{{ ml_cloud_package_path | default('') }}" +ml_analytics_cloud_package_path: "{{ config_path }}/cloud_storage" ml_analytics_cname_url: "{{ ml_cname_url | default('') }}" From 1932c838f41f48de229dbf2a1e2d8af45ffb37b4 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Thu, 24 Nov 2022 12:24:35 +0530 Subject: [PATCH 160/434] Update main.yml --- ansible/roles/ml-analytics-service/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index b9e9557807..bdc0129745 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -110,4 +110,4 @@ ml_analytics_druid_interval_list: '["1901-01-01T00:00:00+00:00/2020-01-01T00:00: ml_analytics_azure_account_key: "{{ cloud_private_storage_secret }}" ML_Cloud_Service_Provider: "{{ cloud_service_provider | default('azure') }}" ## Valid options - ORACLE, gcloud, aws & azure ml_analytics_cloud_package_path: "{{ config_path }}/cloud_storage" -ml_analytics_cname_url: "{{ ml_cname_url | default('') }}" +ml_analytics_cname_url: "https://{{ cloud_private_storage_accountname }}.blob.core.windows.net/{{ cloud_storage_telemetry_bucketname }}" From d13d58a0797b9377086e379b2d907386d7a917de Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Thu, 24 Nov 2022 13:06:20 +0530 Subject: [PATCH 161/434] Update main.yml --- ansible/roles/ml-analytics-service/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/ml-analytics-service/tasks/main.yml b/ansible/roles/ml-analytics-service/tasks/main.yml index 6bf640005e..a3813c5d05 100755 --- a/ansible/roles/ml-analytics-service/tasks/main.yml +++ b/ansible/roles/ml-analytics-service/tasks/main.yml @@ -106,7 +106,7 @@ backup: yes - name: Copy GCP Secrets to JSON file - copy: dest="{{config_path}}/{{ml_GCP_secret_json_file}}" content="{{ ml_GCP_Secrets | to_nice_json}}" mode=0644 owner="{{ USER }}" + copy: dest="{{config_path}}/{{ml_GCP_secret_json_file}}" content="{{ ml_GCP_Secrets | to_nice_json}}" mode=0400 owner="{{ USER }}" when: ML_Cloud_Service_Provider == 'GCP' - name: Templating the shell_script_config.j2 to shell_script_config From dfd09a62adca833c9f37ef56fb45a8aad4667f68 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Thu, 24 Nov 2022 14:34:33 +0530 Subject: [PATCH 162/434] Update main.yml --- ansible/roles/ml-analytics-service/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/ml-analytics-service/tasks/main.yml b/ansible/roles/ml-analytics-service/tasks/main.yml index a3813c5d05..dfa015c99c 100755 --- a/ansible/roles/ml-analytics-service/tasks/main.yml +++ b/ansible/roles/ml-analytics-service/tasks/main.yml @@ -107,7 +107,7 @@ - name: Copy GCP Secrets to JSON file copy: dest="{{config_path}}/{{ml_GCP_secret_json_file}}" content="{{ ml_GCP_Secrets | to_nice_json}}" mode=0400 owner="{{ USER }}" - when: ML_Cloud_Service_Provider == 'GCP' + when: ML_Cloud_Service_Provider == 'gcloud' - name: Templating the shell_script_config.j2 to shell_script_config template: From 99e820eb7d2d79651f8a40ab7a5de72f34486c68 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Thu, 24 Nov 2022 16:11:29 +0530 Subject: [PATCH 163/434] Update main.yml --- ansible/roles/ml-analytics-service/defaults/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index bdc0129745..e29058043c 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -111,3 +111,7 @@ ml_analytics_azure_account_key: "{{ cloud_private_storage_secret }}" ML_Cloud_Service_Provider: "{{ cloud_service_provider | default('azure') }}" ## Valid options - ORACLE, gcloud, aws & azure ml_analytics_cloud_package_path: "{{ config_path }}/cloud_storage" ml_analytics_cname_url: "https://{{ cloud_private_storage_accountname }}.blob.core.windows.net/{{ cloud_storage_telemetry_bucketname }}" +ml_GCP_secret_json_file: gcp_secrets.json +ml_GCP_Secrets: + account_name: {{ cloud_private_storage_accountname }} + account_key: {{ cloud_private_storage_secret }} From 618045ed8f33d036b41010ff520c88383b1d19eb Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Thu, 24 Nov 2022 16:14:41 +0530 Subject: [PATCH 164/434] Update main.yml --- ansible/roles/ml-analytics-service/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index e29058043c..fd73a69673 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -112,6 +112,7 @@ ML_Cloud_Service_Provider: "{{ cloud_service_provider | default('azure') }}" ## ml_analytics_cloud_package_path: "{{ config_path }}/cloud_storage" ml_analytics_cname_url: "https://{{ cloud_private_storage_accountname }}.blob.core.windows.net/{{ cloud_storage_telemetry_bucketname }}" ml_GCP_secret_json_file: gcp_secrets.json +ml_GCP_bucket_name: {{ cloud_storage_telemetry_bucketname }} ml_GCP_Secrets: account_name: {{ cloud_private_storage_accountname }} account_key: {{ cloud_private_storage_secret }} From abab73d35530175638ea31e7d79781a450ee2af3 Mon Sep 17 00:00:00 2001 From: Rajesh Kumaravel Date: Fri, 25 Nov 2022 14:43:50 +0530 Subject: [PATCH 165/434] Issue #ED-521 fix: Updated CSP variables with Finalized vars --- .../roles/stack-sunbird/templates/sunbird_player.env | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_player.env b/ansible/roles/stack-sunbird/templates/sunbird_player.env index 2afd3af54c..c0ec466694 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_player.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_player.env @@ -222,3 +222,14 @@ sunbird_gcloud_labels={{gcloud_labels_folder_name | default("labels")}} sunbird_gcloud_client_email={{gcloud_private_bucket_client_email | default("")}} sunbird_gcloud_private_key={{gcloud_private_bucket_private_key | default("")}} sunbird_gcloud_projectId={{gcloud_private_bucket_projectId | default("")}} + +#release-5.1.0 +#CSP configuration variables changes +cloud_service_provider={{cloud_service_provider}} +cloud_private_storage_accountname={{cloud_private_storage_accountname | default("")}} +cloud_private_storage_secret={{cloud_private_storage_secret | default("")}} +cloud_private_storage_region={{cloud_private_storage_region | default("ap-south-1")}} +cloud_private_storage_project={{cloud_private_storage_project | default("")}} +cloud_storage_privatereports_bucketname={{cloud_storage_privatereports_bucketname | default("reports")}} +cloud_storage_resourceBundle_bucketname={{cloud_storage_resourceBundle_bucketname | default("label")}} +cloud_storage_desktopCrash_bucketname={{cloud_storage_desktopCrash_bucketname | default("desktopappcrashlogs")}} From c72fa43de1022b894f58abe2681f8cd8b2a7ca93 Mon Sep 17 00:00:00 2001 From: Rajesh Kumaravel Date: Fri, 25 Nov 2022 15:07:37 +0530 Subject: [PATCH 166/434] Issue #ED-521 fix: Updated CSP variables with Finalized vars --- ansible/roles/stack-sunbird/templates/sunbird_player.env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_player.env b/ansible/roles/stack-sunbird/templates/sunbird_player.env index c0ec466694..0180418fb0 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_player.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_player.env @@ -231,5 +231,5 @@ cloud_private_storage_secret={{cloud_private_storage_secret | default("")}} cloud_private_storage_region={{cloud_private_storage_region | default("ap-south-1")}} cloud_private_storage_project={{cloud_private_storage_project | default("")}} cloud_storage_privatereports_bucketname={{cloud_storage_privatereports_bucketname | default("reports")}} -cloud_storage_resourceBundle_bucketname={{cloud_storage_resourceBundle_bucketname | default("label")}} -cloud_storage_desktopCrash_bucketname={{cloud_storage_desktopCrash_bucketname | default("desktopappcrashlogs")}} +cloud_storage_resourceBundle_bucketname={{cloud_storage_resourcebundle_bucketname | default("label")}} +cloud_storage_desktopCrash_bucketname={{cloud_storage_desktopcrash_bucketname | default("desktopappcrashlogs")}} From 1a3073db50dac65a0eaf16e66949083ac24cbd2d Mon Sep 17 00:00:00 2001 From: Rajesh Kumaravel Date: Fri, 25 Nov 2022 15:33:09 +0530 Subject: [PATCH 167/434] Issue #ED-521 fix: Updated CSP variables with Finalized vars --- ansible/roles/stack-sunbird/templates/sunbird_player.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_player.env b/ansible/roles/stack-sunbird/templates/sunbird_player.env index 0180418fb0..9cb6473418 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_player.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_player.env @@ -231,5 +231,5 @@ cloud_private_storage_secret={{cloud_private_storage_secret | default("")}} cloud_private_storage_region={{cloud_private_storage_region | default("ap-south-1")}} cloud_private_storage_project={{cloud_private_storage_project | default("")}} cloud_storage_privatereports_bucketname={{cloud_storage_privatereports_bucketname | default("reports")}} -cloud_storage_resourceBundle_bucketname={{cloud_storage_resourcebundle_bucketname | default("label")}} +cloud_storage_resourceBundle_bucketname={{cloud_storage_label_bucketname | default("label")}} cloud_storage_desktopCrash_bucketname={{cloud_storage_desktopcrash_bucketname | default("desktopappcrashlogs")}} From aaa3644c5af698e581878c848bd8f0eed598101f Mon Sep 17 00:00:00 2001 From: Surabhi Date: Fri, 25 Nov 2022 16:14:58 +0530 Subject: [PATCH 168/434] variables changes for sunbird cloud agnostic tool --- ansible/roles/stack-sunbird/templates/inbound.env | 8 ++++---- ansible/roles/stack-sunbird/templates/transformer.env | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/inbound.env b/ansible/roles/stack-sunbird/templates/inbound.env index 331ae1d3fc..d8b3bcba55 100644 --- a/ansible/roles/stack-sunbird/templates/inbound.env +++ b/ansible/roles/stack-sunbird/templates/inbound.env @@ -59,10 +59,10 @@ NETCORE_WHATSAPP_SOURCE={{uci_netcore_whatsapp_source}} NETCORE_WHATSAPP_URI={{uci_netcore_whatsapp_uri | default('https://waapi.pepipost.com/api/v2/')}} #Sunbird CDN Configuration -SUNBIRD_CLOUD_MEDIA_STORAGE_TYPE=azure -SUNBIRD_CLOUD_MEDIA_STORAGE_KEY={{sunbird_private_storage_account_name}} -SUNBIRD_CLOUD_MEDIA_STORAGE_SECRET={{sunbird_private_storage_account_key}} -SUNBIRD_CLOUD_MEDIA_STORAGE_CONTAINER={{sunbird_azure_uci_container_name | default('uci-' + env )}} +SUNBIRD_CLOUD_MEDIA_STORAGE_TYPE={{cloud_service_provider}} +SUNBIRD_CLOUD_MEDIA_STORAGE_KEY={{cloud_public_storage_accountname}} +SUNBIRD_CLOUD_MEDIA_STORAGE_SECRET={{cloud_public_storage_secret}} +SUNBIRD_CLOUD_MEDIA_STORAGE_CONTAINER={{cloud_storage_uci_bucketname | default('uci-' + env )}} #Selected CDN Configuration SELECTED_FILE_CDN=sunbird diff --git a/ansible/roles/stack-sunbird/templates/transformer.env b/ansible/roles/stack-sunbird/templates/transformer.env index b5be5c4451..f8bcde12dc 100644 --- a/ansible/roles/stack-sunbird/templates/transformer.env +++ b/ansible/roles/stack-sunbird/templates/transformer.env @@ -71,10 +71,10 @@ EXHAUST_TELEMETRY_ENABLED=TRUE POSTHOG_EVENT_ENABLED=FALSE #Sunbird CDN Configuration -SUNBIRD_CLOUD_MEDIA_STORAGE_TYPE=azure -SUNBIRD_CLOUD_MEDIA_STORAGE_KEY={{sunbird_private_storage_account_name}} -SUNBIRD_CLOUD_MEDIA_STORAGE_SECRET={{sunbird_private_storage_account_key}} -SUNBIRD_CLOUD_MEDIA_STORAGE_CONTAINER={{sunbird_azure_uci_container_name | default('uci-' + env )}} +SUNBIRD_CLOUD_MEDIA_STORAGE_TYPE={{cloud_service_provider}} +SUNBIRD_CLOUD_MEDIA_STORAGE_KEY={{cloud_public_storage_accountname}} +SUNBIRD_CLOUD_MEDIA_STORAGE_SECRET={{cloud_public_storage_secret}} +SUNBIRD_CLOUD_MEDIA_STORAGE_CONTAINER={{cloud_storage_uci_bucketname | default('uci-' + env )}} #Selected CDN Configuration SELECTED_FILE_CDN=sunbird \ No newline at end of file From b26fbbc807c7d20328ea365f07fd97fb7df03786 Mon Sep 17 00:00:00 2001 From: Surabhi Date: Fri, 25 Nov 2022 20:13:43 +0530 Subject: [PATCH 169/434] variables changes - private vars --- ansible/roles/stack-sunbird/templates/inbound.env | 4 ++-- ansible/roles/stack-sunbird/templates/transformer.env | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/inbound.env b/ansible/roles/stack-sunbird/templates/inbound.env index d8b3bcba55..1104836d93 100644 --- a/ansible/roles/stack-sunbird/templates/inbound.env +++ b/ansible/roles/stack-sunbird/templates/inbound.env @@ -60,8 +60,8 @@ NETCORE_WHATSAPP_URI={{uci_netcore_whatsapp_uri | default('https://waapi.pepipos #Sunbird CDN Configuration SUNBIRD_CLOUD_MEDIA_STORAGE_TYPE={{cloud_service_provider}} -SUNBIRD_CLOUD_MEDIA_STORAGE_KEY={{cloud_public_storage_accountname}} -SUNBIRD_CLOUD_MEDIA_STORAGE_SECRET={{cloud_public_storage_secret}} +SUNBIRD_CLOUD_MEDIA_STORAGE_KEY={{cloud_private_storage_accountname}} +SUNBIRD_CLOUD_MEDIA_STORAGE_SECRET={{cloud_private_storage_secret}} SUNBIRD_CLOUD_MEDIA_STORAGE_CONTAINER={{cloud_storage_uci_bucketname | default('uci-' + env )}} #Selected CDN Configuration diff --git a/ansible/roles/stack-sunbird/templates/transformer.env b/ansible/roles/stack-sunbird/templates/transformer.env index f8bcde12dc..72aa85a7d1 100644 --- a/ansible/roles/stack-sunbird/templates/transformer.env +++ b/ansible/roles/stack-sunbird/templates/transformer.env @@ -72,8 +72,8 @@ POSTHOG_EVENT_ENABLED=FALSE #Sunbird CDN Configuration SUNBIRD_CLOUD_MEDIA_STORAGE_TYPE={{cloud_service_provider}} -SUNBIRD_CLOUD_MEDIA_STORAGE_KEY={{cloud_public_storage_accountname}} -SUNBIRD_CLOUD_MEDIA_STORAGE_SECRET={{cloud_public_storage_secret}} +SUNBIRD_CLOUD_MEDIA_STORAGE_KEY={{cloud_private_storage_accountname}} +SUNBIRD_CLOUD_MEDIA_STORAGE_SECRET={{cloud_private_storage_secret}} SUNBIRD_CLOUD_MEDIA_STORAGE_CONTAINER={{cloud_storage_uci_bucketname | default('uci-' + env )}} #Selected CDN Configuration From 4c14f86a8f3a68429b4309f34958f82932370f90 Mon Sep 17 00:00:00 2001 From: Akash Shah Date: Mon, 28 Nov 2022 18:10:39 +0530 Subject: [PATCH 170/434] Make roles as anonymous for project certificate --- .../sunbird-RC/registry/schemas/ProjectCertificate.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json b/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json index 0035464abb..cdfce21ac4 100644 --- a/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json +++ b/kubernetes/helm_charts/sunbird-RC/registry/schemas/ProjectCertificate.json @@ -64,6 +64,7 @@ ], "ownershipAttributes": [], "roles": [ + "anonymous" ], "inviteRoles": [ "anonymous" @@ -72,4 +73,4 @@ "enableLogin": false, "credentialTemplate": "{{ upstream_url }}/schema/project_credential_template.json" } -} \ No newline at end of file +} From 1f4f735d84d93b205313a08e9fa2f25a81007da2 Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Tue, 29 Nov 2022 10:46:11 +0530 Subject: [PATCH 171/434] Fix syntax (#3621) --- ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml | 4 ++-- ansible/roles/azure-cloud-storage/tasks/blob-upload.yml | 4 ++-- .../roles/azure-cloud-storage/tasks/upload-using-azcopy.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml b/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml index 82f806a803..53a57d7398 100644 --- a/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml +++ b/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml @@ -3,9 +3,9 @@ include_role: name: azure-cloud-storage tasks_from: container-create.yml - when: create_container is True + when: create_container == "True" - name: upload files and folders - uploading {{ blob_container_name }}{{ blob_container_folder_path }} shell: "az storage blob upload-batch --destination {{ blob_container_name }}{{ blob_container_folder_path }} --source {{ local_file_or_folder_path }} --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" async: 3600 - poll: 10 \ No newline at end of file + poll: 10 diff --git a/ansible/roles/azure-cloud-storage/tasks/blob-upload.yml b/ansible/roles/azure-cloud-storage/tasks/blob-upload.yml index 36423dcfc6..d895cf46cf 100644 --- a/ansible/roles/azure-cloud-storage/tasks/blob-upload.yml +++ b/ansible/roles/azure-cloud-storage/tasks/blob-upload.yml @@ -3,9 +3,9 @@ include_role: name: azure-cloud-storage tasks_from: container-create.yml - when: create_container is True + when: create_container == "True" - name: upload file to azure storage container shell: "az storage blob upload --container-name {{ blob_container_name }} --file {{ local_file_or_folder_path }} --name {{ blob_file_name }} --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" async: 3600 - poll: 10 \ No newline at end of file + poll: 10 diff --git a/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml b/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml index 0726b48f00..e37243cd70 100644 --- a/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml +++ b/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml @@ -3,11 +3,11 @@ include_role: name: azure-cloud-storage tasks_from: container-create.yml - when: create_container is True + when: create_container == "True" - name: upload files and folders to azure storage using azcopy shell: "azcopy copy {{ local_file_or_folder_path }} 'https://{{ storage_account_name }}.blob.core.windows.net/{{ blob_container_name }}{{ blob_container_folder_path }}{{ storage_account_sas_token }}' --recursive" environment: AZCOPY_CONCURRENT_FILES: "10" async: 10800 - poll: 10 \ No newline at end of file + poll: 10 From a5f853386839da3ab4313b1c635d59668a888d2d Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Tue, 29 Nov 2022 12:28:28 +0530 Subject: [PATCH 172/434] Change condition to match boolean (#3623) --- ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml | 2 +- ansible/roles/azure-cloud-storage/tasks/blob-upload.yml | 2 +- ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml b/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml index 53a57d7398..900ecee515 100644 --- a/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml +++ b/ansible/roles/azure-cloud-storage/tasks/blob-upload-batch.yml @@ -3,7 +3,7 @@ include_role: name: azure-cloud-storage tasks_from: container-create.yml - when: create_container == "True" + when: create_container == True - name: upload files and folders - uploading {{ blob_container_name }}{{ blob_container_folder_path }} shell: "az storage blob upload-batch --destination {{ blob_container_name }}{{ blob_container_folder_path }} --source {{ local_file_or_folder_path }} --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" diff --git a/ansible/roles/azure-cloud-storage/tasks/blob-upload.yml b/ansible/roles/azure-cloud-storage/tasks/blob-upload.yml index d895cf46cf..5430aba8fa 100644 --- a/ansible/roles/azure-cloud-storage/tasks/blob-upload.yml +++ b/ansible/roles/azure-cloud-storage/tasks/blob-upload.yml @@ -3,7 +3,7 @@ include_role: name: azure-cloud-storage tasks_from: container-create.yml - when: create_container == "True" + when: create_container == True - name: upload file to azure storage container shell: "az storage blob upload --container-name {{ blob_container_name }} --file {{ local_file_or_folder_path }} --name {{ blob_file_name }} --account-name {{ storage_account_name }} --account-key {{ storage_account_key }}" diff --git a/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml b/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml index e37243cd70..affbc8c002 100644 --- a/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml +++ b/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml @@ -3,7 +3,7 @@ include_role: name: azure-cloud-storage tasks_from: container-create.yml - when: create_container == "True" + when: create_container == True - name: upload files and folders to azure storage using azcopy shell: "azcopy copy {{ local_file_or_folder_path }} 'https://{{ storage_account_name }}.blob.core.windows.net/{{ blob_container_name }}{{ blob_container_folder_path }}{{ storage_account_sas_token }}' --recursive" From 20955da02e6434923d51649980b7472bf89ac521 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Tue, 29 Nov 2022 13:14:41 +0530 Subject: [PATCH 173/434] Update main.yml --- ansible/roles/ml-analytics-service/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index fd73a69673..99e7526e4b 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -111,8 +111,8 @@ ml_analytics_azure_account_key: "{{ cloud_private_storage_secret }}" ML_Cloud_Service_Provider: "{{ cloud_service_provider | default('azure') }}" ## Valid options - ORACLE, gcloud, aws & azure ml_analytics_cloud_package_path: "{{ config_path }}/cloud_storage" ml_analytics_cname_url: "https://{{ cloud_private_storage_accountname }}.blob.core.windows.net/{{ cloud_storage_telemetry_bucketname }}" -ml_GCP_secret_json_file: gcp_secrets.json -ml_GCP_bucket_name: {{ cloud_storage_telemetry_bucketname }} +ml_GCP_secret_json_file: "gcp_secrets.json" +ml_GCP_bucket_name: "{{ cloud_storage_telemetry_bucketname }}" ml_GCP_Secrets: - account_name: {{ cloud_private_storage_accountname }} - account_key: {{ cloud_private_storage_secret }} + account_name: "{{ cloud_private_storage_accountname }}" + account_key: "{{ cloud_private_storage_secret }}" From d002f1e51fc1aa8bb01c17c857a82b475b9aea3d Mon Sep 17 00:00:00 2001 From: Akhil <30873558+saiakhil46@users.noreply.github.com> Date: Tue, 29 Nov 2022 13:32:27 +0530 Subject: [PATCH 174/434] updated CACHE_CONTEXT_URLS var (#3625) --- kubernetes/helm_charts/sunbird-RC/certificatesign/values.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/helm_charts/sunbird-RC/certificatesign/values.j2 b/kubernetes/helm_charts/sunbird-RC/certificatesign/values.j2 index 62c9114a76..58d931b861 100644 --- a/kubernetes/helm_charts/sunbird-RC/certificatesign/values.j2 +++ b/kubernetes/helm_charts/sunbird-RC/certificatesign/values.j2 @@ -35,4 +35,4 @@ certificatesignenv: CERTIFICATE_PRIVATE_KEY: |- {{ CERTIFICATE_PRIVATE_KEY | default("''") | indent(width=4) }} SIGNING_KEY_TYPE: "{{ SIGNING_KEY_TYPE|default('RSA')}}" - CACHE_CONTEXT_URLS: "{{ cache_context_urls | default(upstream_url + '/schema/v1_context.json,upstream_url + '/schema/sunbird_context.json,upstream_url + '/schema/credential_template.json')}}" \ No newline at end of file + CACHE_CONTEXT_URLS: "{{ cache_context_urls | default(upstream_url + '/schema/v1_context.json,' + upstream_url + '/schema/sunbird_context.json,' + upstream_url + '/schema/credential_template.json') }}" \ No newline at end of file From b8b4fc4546effee1f6acef19ae78cc6b75fb36b8 Mon Sep 17 00:00:00 2001 From: SadanandGowda Date: Tue, 29 Nov 2022 18:29:06 +0530 Subject: [PATCH 175/434] csp migration variables update --- .../core/analytics/templates/deployment.yaml | 16 ++++++++-------- kubernetes/helm_charts/core/analytics/values.j2 | 8 ++++---- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/kubernetes/helm_charts/core/analytics/templates/deployment.yaml b/kubernetes/helm_charts/core/analytics/templates/deployment.yaml index 0926360f76..57198cb77b 100644 --- a/kubernetes/helm_charts/core/analytics/templates/deployment.yaml +++ b/kubernetes/helm_charts/core/analytics/templates/deployment.yaml @@ -35,14 +35,14 @@ spec: value: {{ .Values.env.min_heap | quote }} - name: MAX_HEAP value: {{ .Values.env.max_heap | quote }} - - name: azure_storage_secret - value: {{ .Values.env.azure_private_account_secret | quote }} - - name: azure_storage_key - value: {{ .Values.env.azure_private_account_name | quote }} - - name: public_azure_storage_secret - value: {{ .Values.env.azure_public_account_secret | quote }} - - name: public_azure_storage_key - value: {{ .Values.env.azure_public_account_name | quote }} + - name: cloud_storage_secret + value: {{ .Values.env.cloud_private_account_secret | quote }} + - name: cloud_storage_key + value: {{ .Values.env.cloud_private_account_name | quote }} + - name: public_cloud_storage_secret + value: {{ .Values.env.cloud_public_account_secret | quote }} + - name: public_cloud_storage_key + value: {{ .Values.env.cloud_public_account_name | quote }} - name: _JAVA_OPTIONS value: -Dlog4j2.formatMsgNoLookups=true envFrom: diff --git a/kubernetes/helm_charts/core/analytics/values.j2 b/kubernetes/helm_charts/core/analytics/values.j2 index 354dcab3d3..f86925ad5c 100644 --- a/kubernetes/helm_charts/core/analytics/values.j2 +++ b/kubernetes/helm_charts/core/analytics/values.j2 @@ -8,10 +8,10 @@ env: javaoptions: {{analytics_java_mem_limit|default('-Xmx600m')}} min_heap: {{analytics_min_heap_limit|default('-Xms1g')}} max_heap: {{analytics_max_heap_limit|default('-Xmx2g')}} - azure_private_account_secret: {{ sunbird_private_storage_account_key }} - azure_private_account_name: {{ sunbird_private_storage_account_name }} - azure_public_account_secret: {{ sunbird_public_storage_account_key }} - azure_public_account_name: {{ sunbird_public_storage_account_name }} + cloud_private_account_secret: {{ sunbird_private_storage_account_key }} + cloud_private_account_name: {{ sunbird_private_storage_account_name }} + cloud_public_account_secret: {{ sunbird_public_storage_account_key }} + cloud_public_account_name: {{ sunbird_public_storage_account_name }} replicaCount: {{analytics_replicacount|default(1)}} repository: {{analytics_repository|default('sunbird-analytics-service')}} From daef17772d996e7da7f90b2b1b925b17dec876cf Mon Sep 17 00:00:00 2001 From: saiakhil46 Date: Wed, 30 Nov 2022 17:37:18 +0530 Subject: [PATCH 176/434] added config.json file in certificatesign and updated templates --- kubernetes/ansible/roles/helm-deploy/tasks/main.yml | 8 ++++++++ .../sunbird-RC/certificatesign/configs/config.json | 11 +++++++++++ .../certificatesign/templates/configmap.yaml | 13 +++++++++++++ .../certificatesign/templates/deployment.yaml | 7 +++++++ 4 files changed, 39 insertions(+) create mode 100644 kubernetes/helm_charts/sunbird-RC/certificatesign/configs/config.json diff --git a/kubernetes/ansible/roles/helm-deploy/tasks/main.yml b/kubernetes/ansible/roles/helm-deploy/tasks/main.yml index a57c847b97..8f4881089a 100644 --- a/kubernetes/ansible/roles/helm-deploy/tasks/main.yml +++ b/kubernetes/ansible/roles/helm-deploy/tasks/main.yml @@ -22,6 +22,14 @@ - "{{ chart_path }}/schemas/*.json" when: release_name == "registry" +- name: template config json + template: + src: "{{ item }}" + dest: "{{ item }}" + with_fileglob: + - "{{ chart_path }}/configs/*.json" + when: release_name == "certificatesign" + - name: Load role to decrypt private keys, copy to private keys helm chart include_role: name: mount-keys diff --git a/kubernetes/helm_charts/sunbird-RC/certificatesign/configs/config.json b/kubernetes/helm_charts/sunbird-RC/certificatesign/configs/config.json new file mode 100644 index 0000000000..0909ace256 --- /dev/null +++ b/kubernetes/helm_charts/sunbird-RC/certificatesign/configs/config.json @@ -0,0 +1,11 @@ +{ + "issuers": { + "default": { + "publicKey": {{ CERTIFICATE_PUBLIC_KEY | default("") }}, + "privateKey": {{ CERTIFICATE_PRIVATE_KEY | default("") }}, + "signatureType": "RSA", + "verificationMethod": "did:india", + "$comment": "The above are test keys and it needs to be replaced before going to production" + } + } +} \ No newline at end of file diff --git a/kubernetes/helm_charts/sunbird-RC/certificatesign/templates/configmap.yaml b/kubernetes/helm_charts/sunbird-RC/certificatesign/templates/configmap.yaml index 05b928173d..587c7e9dfb 100644 --- a/kubernetes/helm_charts/sunbird-RC/certificatesign/templates/configmap.yaml +++ b/kubernetes/helm_charts/sunbird-RC/certificatesign/templates/configmap.yaml @@ -9,3 +9,16 @@ metadata: creationTimestamp: null name: {{ .Chart.Name }}-config namespace: {{ .Values.namespace }} + +--- + +{{- $configs := .Files.Glob "configs/*" }} +{{ if $configs }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-conf + namespace: {{ .Values.namespace }} +data: +{{ (.Files.Glob "configs/*").AsConfig | indent 2 }} +{{ end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/sunbird-RC/certificatesign/templates/deployment.yaml b/kubernetes/helm_charts/sunbird-RC/certificatesign/templates/deployment.yaml index 7fa927020a..c271409ef9 100644 --- a/kubernetes/helm_charts/sunbird-RC/certificatesign/templates/deployment.yaml +++ b/kubernetes/helm_charts/sunbird-RC/certificatesign/templates/deployment.yaml @@ -34,6 +34,13 @@ spec: {{ toYaml .Values.resources | indent 10 }} ports: - containerPort: {{ .Values.network.port }} + volumeMounts: + - name: {{ .Chart.Name }}-conf + mountPath: /etc/signer + volumes: + - name: {{ .Chart.Name }}-conf + configMap: + name: {{ .Chart.Name }}-conf --- From 6f9ffe1985f150b2ca095442577fa01ed5572d4e Mon Sep 17 00:00:00 2001 From: saiakhil46 Date: Thu, 1 Dec 2022 11:36:12 +0530 Subject: [PATCH 177/434] updated certificatesign helm_chart --- .../sunbird-RC/certificatesign/configs/config.json | 4 ++-- kubernetes/helm_charts/sunbird-RC/certificatesign/values.j2 | 5 ++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/kubernetes/helm_charts/sunbird-RC/certificatesign/configs/config.json b/kubernetes/helm_charts/sunbird-RC/certificatesign/configs/config.json index 0909ace256..98052b982e 100644 --- a/kubernetes/helm_charts/sunbird-RC/certificatesign/configs/config.json +++ b/kubernetes/helm_charts/sunbird-RC/certificatesign/configs/config.json @@ -1,8 +1,8 @@ { "issuers": { "default": { - "publicKey": {{ CERTIFICATE_PUBLIC_KEY | default("") }}, - "privateKey": {{ CERTIFICATE_PRIVATE_KEY | default("") }}, + "publicKey": "{{ CERTIFICATESIGN_PUBLIC_KEY | default('') }}", + "privateKey": "{{ CERTIFICATESIGN_PRIVATE_KEY | default('') }}", "signatureType": "RSA", "verificationMethod": "did:india", "$comment": "The above are test keys and it needs to be replaced before going to production" diff --git a/kubernetes/helm_charts/sunbird-RC/certificatesign/values.j2 b/kubernetes/helm_charts/sunbird-RC/certificatesign/values.j2 index 58d931b861..9e6beb68d4 100644 --- a/kubernetes/helm_charts/sunbird-RC/certificatesign/values.j2 +++ b/kubernetes/helm_charts/sunbird-RC/certificatesign/values.j2 @@ -31,8 +31,7 @@ certificatesignenv: PORT: "8079" QR_TYPE: {{ QR_TYPE|default('URL') }} CERTIFICATE_DOMAIN_URL: "https://{{domain_name}}" - CERTIFICATE_PUBLIC_KEY: {{CERTIFICATE_PUBLIC_KEY | default("''")}} - CERTIFICATE_PRIVATE_KEY: |- - {{ CERTIFICATE_PRIVATE_KEY | default("''") | indent(width=4) }} + CERTIFICATE_PUBLIC_KEY: "{{ CERTIFICATESIGN_PUBLIC_KEY | default('') }}" + CERTIFICATE_PRIVATE_KEY: "{{ CERTIFICATESIGN_PRIVATE_KEY | default('') }}" SIGNING_KEY_TYPE: "{{ SIGNING_KEY_TYPE|default('RSA')}}" CACHE_CONTEXT_URLS: "{{ cache_context_urls | default(upstream_url + '/schema/v1_context.json,' + upstream_url + '/schema/sunbird_context.json,' + upstream_url + '/schema/credential_template.json') }}" \ No newline at end of file From 53268216c638206567129ea0269af973139898fc Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Thu, 1 Dec 2022 14:00:53 +0530 Subject: [PATCH 178/434] fix: adding verbosity for desktop deploy (#3633) --- pipelines/offlineinstaller/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pipelines/offlineinstaller/Jenkinsfile b/pipelines/offlineinstaller/Jenkinsfile index c97c01a9bd..a4e6a8f610 100644 --- a/pipelines/offlineinstaller/Jenkinsfile +++ b/pipelines/offlineinstaller/Jenkinsfile @@ -31,7 +31,7 @@ node() { } stage('Install the offline desktop Application') { ansiblePlaybook = "${currentWs}/ansible/offline-installer.yml --vault-password-file /var/lib/jenkins/secrets/vault-pass" - ansibleExtraArgs = "--extra-vars \"offline_repo_location=$currentWs offline_installer_type=${offline_installer_type}\"" + ansibleExtraArgs = "--extra-vars \"offline_repo_location=$currentWs offline_installer_type=${offline_installer_type}\" -v" values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) println values From 8648a6183dc08554ee3353f3efc1afa908ed8a8b Mon Sep 17 00:00:00 2001 From: Akash Shah Date: Fri, 2 Dec 2022 14:39:37 +0530 Subject: [PATCH 179/434] Set authentication_enabled as false by default Add authentication_enabled as a new env key for the registry service and set it false by default. --- kubernetes/helm_charts/sunbird-RC/registry/values.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/kubernetes/helm_charts/sunbird-RC/registry/values.j2 b/kubernetes/helm_charts/sunbird-RC/registry/values.j2 index e7e6e6f31c..09181622b7 100644 --- a/kubernetes/helm_charts/sunbird-RC/registry/values.j2 +++ b/kubernetes/helm_charts/sunbird-RC/registry/values.j2 @@ -44,6 +44,7 @@ rccoreenv: connectionInfo_maxPoolSize: {{ registry_connectionInfo_maxPoolSize|default('200')}} auditTaskExecutor_queueCapacity: {{ registry_auditTaskExecutor_queueCapacity|default('100')}} taskExecutor_index_queueCapacity: {{ registry_taskExecutor_index_queueCapacity|default('100')}} + authentication_enabled: {{ registry_authentication_enabled|default('false')}} {# The below should get enabled once the service has probes implemented #} {# {{ registry_liveness_readiness | to_nice_yaml }} #} From 4b370d0f9a22cb5152d9dd15cdff7c74e710f584 Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Sat, 3 Dec 2022 22:21:04 +0530 Subject: [PATCH 180/434] Release 5.1.0 (#3637) * Update deploy plugins for GCP * Fix looping issue --- ansible/deploy-plugins.yml | 30 +++++++++++++++++-- .../tasks/delete-batch-no-poll.yml | 6 ++++ .../tasks/upload-batch-no-poll.yml | 5 ++++ 3 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 ansible/roles/gcp-cloud-storage/tasks/delete-batch-no-poll.yml create mode 100644 ansible/roles/gcp-cloud-storage/tasks/upload-batch-no-poll.yml diff --git a/ansible/deploy-plugins.yml b/ansible/deploy-plugins.yml index 8da2bd445e..6f5460809f 100644 --- a/ansible/deploy-plugins.yml +++ b/ansible/deploy-plugins.yml @@ -86,7 +86,8 @@ tags: - plugins when: cloud_service_provider == "azure" - + +### GCP tasks #### - name: this block consists of tasks related to gcloud storage block: - name: set common gcloud variables @@ -135,6 +136,31 @@ local_file_or_folder_path: "{{ source_file_name }}" tags: - preview + + - block: + - name: Authenticate to gcloud + include_role: + name: gcp-cloud-storage + tasks_from: gcloud-auth.yml + + - name: delete and re-upload plugins + include_role: + name: gcp-cloud-storage + tasks_from: "{{ item[0] }}" + vars: + file_delete_pattern: "content-plugins/{{ item[1] }}/*" + dest_folder_path: "content-plugins/{{ item[1] }}" + local_file_or_folder_path: "{{ source_folder }}/{{ item[1] }}" + with_nested: + - ['delete-batch-no-poll.yml', 'upload-batch-no-poll.yml'] + - "{{ lookup('file', plugins_to_delete_and_upload).split('\n') }}" + + - name: Revoke gcloud access + include_role: + name: gcp-cloud-storage + tasks_from: gcloud-revoke.yml + tags: + - plugins when: cloud_service_provider == "gcloud" ################################### AWS tasks ######################### @@ -200,4 +226,4 @@ AWS_SECRET_ACCESS_KEY: "{{ aws_secret_access_key }}" tags: - plugins - when: cloud_service_provider == "aws" \ No newline at end of file + when: cloud_service_provider == "aws" diff --git a/ansible/roles/gcp-cloud-storage/tasks/delete-batch-no-poll.yml b/ansible/roles/gcp-cloud-storage/tasks/delete-batch-no-poll.yml new file mode 100644 index 0000000000..ca02b8a064 --- /dev/null +++ b/ansible/roles/gcp-cloud-storage/tasks/delete-batch-no-poll.yml @@ -0,0 +1,6 @@ +--- +- name: Delete folder recursively in gcp storage + shell: gsutil rm -r "gs://{{ gcp_bucket_name }}/{{ file_delete_pattern }}" + async: 1800 + poll: 0 + diff --git a/ansible/roles/gcp-cloud-storage/tasks/upload-batch-no-poll.yml b/ansible/roles/gcp-cloud-storage/tasks/upload-batch-no-poll.yml new file mode 100644 index 0000000000..0d8755ab26 --- /dev/null +++ b/ansible/roles/gcp-cloud-storage/tasks/upload-batch-no-poll.yml @@ -0,0 +1,5 @@ +--- +- name: Upload files from a local directory gcp storage + shell: gsutil -m cp -r "{{ local_file_or_folder_path }}" "gs://{{ gcp_bucket_name }}/{{ dest_folder_name }}/{{ dest_folder_path }}" + async: 1800 + poll: 0 From b8bffc23589f6715c26b475a602ca39bf51b481b Mon Sep 17 00:00:00 2001 From: Reshmi V Nair <54312456+reshmi-nair@users.noreply.github.com> Date: Tue, 6 Dec 2022 10:13:47 +0530 Subject: [PATCH 181/434] LR-262 CSP related variable - Cloud storage base path added (#3641) --- ansible/inventory/env/group_vars/all.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 1aaa166d5c..62cac6441d 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -132,6 +132,8 @@ cassandra_backup_azure_container_name: cassandra-backup cassandra_backup_dir: /data/cassandra/backup ### Release 5.0.0 ### cassandra_multi_dc_enabled: false +# Release-5.0.1 +cloud_storage_base_url: "{{cloud_storage_base_url}}" keycloak_realm: sunbird sunbird_content_player_url: "http://kong:8000/" From 4e4cd89769a48b356e9fcd066854c6e7d2ffce01 Mon Sep 17 00:00:00 2001 From: Akash Shah Date: Tue, 6 Dec 2022 11:59:53 +0530 Subject: [PATCH 182/434] Add environment keys to enable async certificate Add environment keys to enable async certificate creation --- kubernetes/helm_charts/sunbird-RC/registry/values.j2 | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/kubernetes/helm_charts/sunbird-RC/registry/values.j2 b/kubernetes/helm_charts/sunbird-RC/registry/values.j2 index 09181622b7..7668715b20 100644 --- a/kubernetes/helm_charts/sunbird-RC/registry/values.j2 +++ b/kubernetes/helm_charts/sunbird-RC/registry/values.j2 @@ -45,6 +45,16 @@ rccoreenv: auditTaskExecutor_queueCapacity: {{ registry_auditTaskExecutor_queueCapacity|default('100')}} taskExecutor_index_queueCapacity: {{ registry_taskExecutor_index_queueCapacity|default('100')}} authentication_enabled: {{ registry_authentication_enabled|default('false')}} + async_enabled: {{ registry_async_enabled|default('true')}} + webhook_enabled: {{ registry_webhook_enabled|default('true')}} + ZOOKEEPER_CLIENT_PORT: {{ registry_zookeeper_client_port|default('2181')}} + ZOOKEEPER_TICK_TIME: {{ registry_zookeeper_tick_time|default('2000')}} + KAFKA_BROKER_ID: {{ registry_kafka_broker_id|default('1')}} + KAFKA_ZOOKEEPER_CONNECT: "{{groups['processing-cluster-zookeepers']|join(':2181,')}}:2181" + KAFKA_ADVERTISED_LISTENERS: "{{groups['processing-cluster-kafka']|join(':9092,')}}:9092" + KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: {{ registry_listener_security_protocol_map|default('INTERNAL:PLAINTEXT,OUTSIDE:PLAINTEXT')}} + KAFKA_INTER_BROKER_LISTENER_NAME: {{ registry_inter_broker_listener_name|default('INTERNAL')}} + KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: {{ registry_offsets_topic_replication_factor|default('1')}} {# The below should get enabled once the service has probes implemented #} {# {{ registry_liveness_readiness | to_nice_yaml }} #} From fa078eb69c5e120c9e8a6379db248b864cbb4910 Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Tue, 6 Dec 2022 13:58:39 +0530 Subject: [PATCH 183/434] LR-126:cloud agnostic variable changes --- .../stack-sunbird/templates/sunbird_cert-service.env | 12 ++++++------ .../templates/sunbird_learner-service.env | 4 ++-- .../stack-sunbird/templates/sunbird_lms-service.env | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env b/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env index c43c23171b..19a9a6c46c 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env @@ -1,13 +1,13 @@ -CONTAINER_NAME={{cert_service_container_name}} +CONTAINER_NAME={{cloud_storage_certservice_bucketname}} CLOUD_STORAGE_TYPE={{cloud_service_provider}} -PRIVATE_CLOUD_STORAGE_SECRET={{sunbird_private_storage_account_key}} -PRIVATE_CLOUD_STORAGE_KEY={{sunbird_private_storage_account_name}} +PRIVATE_CLOUD_STORAGE_SECRET={{cloud_private_storage_secret}} +PRIVATE_CLOUD_STORAGE_KEY={{cloud_private_storage_accountname}} sunbird_cert_domain_url={{proto}}://{{proxy_server_name}} sunbird_cert_enc_service_url=http://enc-service:8013 download_link_expiry_timeout=600 es_conn_info={{groups['es']|join(':9200,')}}:9200 ITEXT_LICENSE_ENABLED={{itext_license_enabled}} ITEXT_LICENSE_PATH=/home/sunbird/itext_trail_license.xml -PUBLIC_CLOUD_STORAGE_KEY={{sunbird_public_storage_account_name}} -PUBLIC_CLOUD_STORAGE_SECRET={{sunbird_public_storage_account_key}} -PUBLIC_CONTAINER_NAME={{sunbird_cert_qr_container_name}} +PUBLIC_CLOUD_STORAGE_KEY={{cloud_public_storage_accountname}} +PUBLIC_CLOUD_STORAGE_SECRET={{cloud_public_storage_secret}} +PUBLIC_CONTAINER_NAME={{cloud_storage_certqr_bucketname}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index f0f57bcaf8..f0d9addffd 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -28,8 +28,8 @@ sunbird_mail_server_password={{sunbird_mail_server_password}} sunbird_mail_server_from_email={{sunbird_mail_server_from_email}} sunbird_encryption_key={{sunbird_encryption_key}} sunbird_encryption_mode={{sunbird_encryption_mode}} -sunbird_account_name={{sunbird_public_storage_account_name}} -sunbird_account_key={{sunbird_public_storage_account_key}} +sunbird_account_name={{cloud_public_storage_accountname}} +sunbird_account_key={{cloud_public_storage_secret}} sunbird_quartz_mode={{sunbird_sunbird_quartz_mode}} sunbird_env_logo_url={{sunbird_env_logo_url}} sunbird_web_url={{sunbird_web_url}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 00c81c29d5..6e652f27df 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -29,8 +29,8 @@ sunbird_mail_server_password={{sunbird_mail_server_password}} sunbird_mail_server_from_email={{sunbird_mail_server_from_email}} sunbird_encryption_key={{sunbird_encryption_key}} sunbird_encryption_mode={{sunbird_encryption_mode}} -sunbird_account_name={{sunbird_public_storage_account_name}} -sunbird_account_key={{sunbird_public_storage_account_key}} +sunbird_account_name={{cloud_public_storage_accountname}} +sunbird_account_key={{cloud_public_storage_secret}} sunbird_quartz_mode={{sunbird_sunbird_quartz_mode}} sunbird_web_url={{sunbird_web_url}} sunbird_msg_91_auth={{sunbird_msg_91_auth}} @@ -89,8 +89,8 @@ sunbird_keycloak_user_federation_provider_id={{core_vault_sunbird_keycloak_user_ sunbird_gzip_enable={{sunbird_gzip_enable}} sunbird_course_metrics_base_url={{sunbird_course_metrics_base_url}} sunbird_gzip_size_threshold={{sunbird_gzip_size_threshold | default(262144)}} -sunbird_analytics_blob_account_name={{sunbird_private_storage_account_name}} -sunbird_analytics_blob_account_key={{sunbird_private_storage_account_key}} +sunbird_analytics_blob_account_name={{cloud_private_storage_accountname}} +sunbird_analytics_blob_account_key={{cloud_private_storage_secret}} # Optional for caching sunbird_cache_enable={{sunbird_cache_enable | default(false)}} # Set below variables if above true From 5dc030bf3356a7bb06c7a356506fdafe3adc29bd Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Tue, 6 Dec 2022 14:25:17 +0530 Subject: [PATCH 184/434] Update config.j2 (#3644) --- .../ml-analytics-service/defaults/main.yml | 44 ++++++------- .../roles/ml-analytics-service/tasks/main.yml | 2 +- .../ml-analytics-service/templates/config.j2 | 61 ++++++++++--------- 3 files changed, 52 insertions(+), 55 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 99e7526e4b..da571d3bed 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -44,10 +44,8 @@ ml_analytics_kafka_survey_druid_topic_name: "{{ env_name }}.ml.survey.druid" ml_analytics_observation_log_folder_path: "{{ WORKDIR }}/logs/observation" ml_analytics_project_log_folder_path: "{{ WORKDIR }}/logs/project" ml_analytics_survey_log_folder_path: "{{ WORKDIR }}/logs/survey" -ml_analytics_azure_account_name: "{{ cloud_private_storage_accountname }}" -ml_analytics_azure_container_name: "{{ cloud_storage_telemetry_bucketname }}" ml_analytics_observation_azure_blob_path: "observation/status/" -ml_analytics_project_azure_blob_path: "projects/" +ml_analytics_project_cloud_blob_path: "projects/" ml_analytics_redis_host: "{{ml_redis_host | default(groups['dp-redis'][0])}}" ml_analytics_redis_port: "{{ ml_redis_device_port | default('6379') }}" ml_analytics_redis_db_name: "12" @@ -57,62 +55,60 @@ ml_analytics_api_authorization_key: "{{ml_api_auth_token | default('sunbird_api_ ml_analytics_api_access_token: "{{ml_api_access_token | default('ml_core_internal_access_token')}}" ml_analytics_druid_observation_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "azure","uris": ["azure://telemetry-data-store/observation/status/sl_observation_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-observation-status","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"auto"},"dimensionsSpec":{"dimensions":["status","entity_externalId","entity_id","entity_type","solution_id","solution_externalId","submission_id","entity_name","solution_name","role_title","school_name","school_code","school_externalId","state_name","state_code","state_externalId","district_name","district_code","district_externalId","block_name","block_code","block_externalId","cluster_name","cluster_code","cluster_externalId","completedDate","channel","parent_channel","program_id","program_externalId","program_name","app_name","user_id","private_program","solution_type","organisation_name","ecm_marked_na","board_name","updatedAt","organisation_id","user_type","observed_school_name","observed_school_id","observed_school_code","observed_state_name","observed_state_id","observed_state_code","observed_district_name","observed_district_id","observed_district_code","observed_block_name","observed_block_id","observed_block_code","observed_cluster_name","observed_cluster_id","observed_cluster_code"]},"metricsSpec":[]}}}' ml_analytics_druid_project_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "azure","uris": ["azure://telemetry-data-store/projects/sl_projects.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-project","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"project_updated_date","format":"auto"},"dimensionsSpec":{"dimensions":[]},"metricsSpec":[]}}}' -ml_analytics_azure_sas_token: "{{ cloud_private_storage_secret }}" ml_analytics_druid_distinctCnt_obs_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount/ml_observation_distinctCount_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"status"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' ml_analytics_druid_distinctCnt_obs_domain_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount_domain/ml_observation_distinctCount_domain.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-domain","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"string","name":"domain_name"},{"type":"string","name":"domain_externalId"},{"type":"string","name":"domain_level"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' ml_analytics_druid_distinctCnt_obs_domain_criteria_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount_domain_criteria/ml_observation_distinctCount_domain_criteria.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-domain-criteria","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"string","name":"domain_name"},{"type":"string","name":"domain_externalId"},{"type":"string","name":"domain_level"},{"type":"string","name":"criteria_name"},{"type":"string","name":"criteria_score"},{"type":"string","name":"criteria_id"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' ml_analytics_druid_distinctCnt_projects_status_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/projects/distinctCount/ml_projects_distinctCount.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"project_title"},{"type":"string","name":"solution_id"},{"type":"string","name":"status_of_project"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"private_program"},{"type":"string","name":"project_created_type"},{"type":"string","name":"parent_channel"},{"type":"long","name":"unique_projects"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"long","name":"no_of_imp_with_evidence"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' -ml_analytics_obs_distinctCnt_azure_blob_path: "observation/distinctCount/" -ml_analytics_obs_distinctCnt_domain_azure_blob_path: "observation/distinctCount_domain/" -ml_analytics_obs_distinctCnt_domain_criteria_azure_blob_path: "observation/distinctCount_domain_criteria/" -ml_analytics_projects_distinctCnt_azure_blob_path: "projects/distinctCount/" +ml_analytics_obs_distinctCnt_cloud_blob_path: "observation/distinctCount/" +ml_analytics_obs_distinctCnt_domain_cloud_blob_path: "observation/distinctCount_domain/" +ml_analytics_obs_distinctCnt_domain_criteria_cloud_blob_path: "observation/distinctCount_domain_criteria/" +ml_analytics_projects_distinctCnt_cloud_blob_path: "projects/distinctCount/" ml_analytics_obs_distinctCnt_output_dir: "{{ WORKDIR }}/source/observations/distinctCount/output" ml_analytics_obs_distinctCnt_domain_output_dir: "{{ WORKDIR }}/source/observations/distinctCount_domain/output" ml_analytics_obs_distinctCnt_domain_criteria_output_dir: "{{ WORKDIR }}/source/observations/distinctCount_domain_criteria/output" ml_analytics_projects_distinctCnt_output_dir: "{{ WORKDIR }}/source/projects/distinctCount/output" -ml_analytics_survey_rollup_azure_blob_path: "survey/rollup/" +ml_analytics_survey_rollup_cloud_blob_path: "survey/rollup/" ml_analytics_druid_survey_rollup_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/survey/rollup/sl_survey_rollup.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-survey-status-rollup","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":true,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"iso"},"dimensionsSpec":{"dimensions":["survey_submission_id", "submission_status", "user_id", "user_sub_type", "user_type", "state_externalId", "block_externalId", "district_externalId", "cluster_externalId", "school_externalId", "state_name", "block_name", "district_name", "cluster_name", "school_name", "board_name", "organisation_id", "organisation_name", "program_externalId", "program_id", "program_name", "survey_name", "survey_id", "survey_externalId", "created_date", "submission_date", "updatedAt", "parent_channel",{"type":"long","name":"status_code"}, "solution_name", "solution_id"]},"metricsSpec":[{"name":"count","type":"count"},{"name":"sum___v","type":"longSum","fieldName":"__v"},{"name":"sum_status_code","type":"longMax","fieldName":"status_code"},{"type":"HLLSketchBuild","name":"count_of_user_id","fieldName":"user_id"},{"type":"HLLSketchBuild","name":"count_of_survey_submission_id","fieldName":"survey_submission_id"},{"type":"HLLSketchBuild","name":"count_of_solution_id","fieldName":"solution_id"},{"type":"HLLSketchBuild","name":"count_of_program_id","fieldName":"program_id"}]}}}' ml_analytics_survey_rollup_output_dir: "/opt/sparkjobs/source/survey/output" -ml_analytics_project_rollup_azure_blob_path: "projects/rollup" -ml_analytics_observation_rollup_azure_blob_path: "observation/rollup" +ml_analytics_project_rollup_cloud_blob_path: "projects/rollup" +ml_analytics_observation_rollup_cloud_blob_path: "observation/rollup" ml_analytics_project_rollup_output_dir: "/opt/sparkjobs/source/projects/output_rollup" ml_analytics_observation_status_rollup_output_dir: "/opt/sparkjobs/source/observations/output_rollup" ml_analytics_druid_project_rollup_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/projects/rollup/projects_rollup.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-status-rollup","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"project_updated_date","format":"iso"},"dimensionsSpec":{"dimensions":["project_title","project_goal","area_of_improvement","status_of_project","tasks_name","tasks_status","designation","task_evidence_status","project_id","task_id","project_created_type","parent_channel","program_id","program_name","project_updated_date","createdBy","program_externalId","private_program","task_deleted_flag","project_terms_and_condition","state_externalId","block_externalId","district_externalId","cluster_externalId","school_externalId","state_name","block_name","district_name","cluster_name","school_name","board_name","organisation_name","solution_id","organisation_id",{"name":"status_code","type":"long"}]},"metricsSpec":[{"name":"count","type":"count"},{"name":"sum___v","type":"longSum","fieldName":"__v"},{"name":"sum_status_code","type":"longMax","fieldName":"status_code"},{"type":"HLLSketchBuild","name":"count_of_createBy","fieldName":"createdBy"},{"type":"HLLSketchBuild","name":"count_of_project_id","fieldName":"project_id"},{"type":"HLLSketchBuild","name":"count_of_solution_id","fieldName":"solution_id"},{"type":"HLLSketchBuild","name":"count_of_program_id","fieldName":"program_id"}]}}}' ml_analytics_druid_observation_status_rollup_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/rollup/observation_status_rollup.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-observation-status-rollup","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"iso"},"dimensionsSpec":{"dimensions":["status","user_id","solution_id","submission_id","entity_name","completedDate","program_id","private_program","solution_type","updatedAt","role_title","solution_name","program_name","channel","parent_channel","block_name","district_name","school_name","cluster_name","state_name","organisation_name","board_name","district_externalId","state_externalId","block_externalId","cluster_externalId","school_externalId","organisation_id",{"type":"long","name":"status_code"}]},"metricsSpec":[{"type":"count","name":"count"},{"type":"longSum","name":"sum___v","fieldName":"__v","expression":null},{"type":"HLLSketchBuild","name":"count_distinct_solution","fieldName":"solution_id","lgK":12,"tgtHllType":"HLL_4","round":false},{"type":"HLLSketchBuild","name":"count_distinct_submission_id","fieldName":"submission_id","lgK":12,"tgtHllType":"HLL_4","round":false},{"type":"HLLSketchBuild","name":"count_distinct_user_id","fieldName":"user_id","lgK":12,"tgtHllType":"HLL_4","round":false}]}}}' ml_analytics_druid_rollup_url: "{{groups['druid'][0]}}:8081" -ml_analytics_AWS_access_key: "{{ cloud_private_storage_accountname }}" -ml_analytics_AWS_secret_access_key: "{{ cloud_private_storage_secret }}" -ml_analytics_AWS_region_name: "{{ cloud_private_storage_region }}" -ml_analytics_AWS_bucket_name: "{{ cloud_storage_telemetry_bucketname }}" ml_analytics_druid_distinctCnt_prglevel_projects_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/projects/distinctCountPrglevel/ml_projects_distinctCount_prgmlevel.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-programLevel-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"status_of_project"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"private_program"},{"type":"string","name":"project_created_type"},{"type":"string","name":"parent_channel"},{"type":"long","name":"unique_projects"},{"type":"long","name":"unique_users"},{"type":"long","name":"no_of_imp_with_evidence"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' ml_analytics_projects_distinctCnt_prglevel_output_dir: "{{ WORKDIR }}/source/projects/distinctCountPrglevel/output" -ml_analytics_projects_distinctCnt_prglevel_azure_blob_path: "projects/distinctCountPrglevel/" +ml_analytics_projects_distinctCnt_prglevel_cloud_blob_path: "projects/distinctCountPrglevel/" ml_analytics_survey_status_output_dir : "{{ WORKDIR }}/source/survey/status/output" -ml_analytics_survey_azure_blob_path : "survey/status/" +ml_analytics_survey_cloud_blob_path : "survey/status/" ml_analytics_druid_survey_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/survey/status/sl_survey_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-survey-status","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":true,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"iso"},"dimensionsSpec":{"dimensions":["survey_submission_id", "submission_status", "user_id", "user_sub_type", "user_type", "state_externalId", "block_externalId", "district_externalId", "cluster_externalId", "school_externalId", "state_name", "block_name", "district_name", "cluster_name", "school_name", "board_name", "organisation_id", "organisation_name", "program_externalId", "program_id", "program_name", "survey_name", "survey_id", "survey_externalId", "created_date", "submission_date", "updatedAt", "parent_channel", "solution_name", "solution_id","private_program"]},"metricsSpec":[]}}}' ml_analytics_slack_token: "{{ ml_slack_token | default('') }}" ml_analytics_channel_name: "{{ ml_slack_channel | default('') }}" -ml_analytics_program_dashboard_azure_blob_path: "{{ ml_program_blob_path | default('') }}" +ml_analytics_program_dashboard_cloud_blob_path: "{{ ml_program_blob_path | default('') }}" ml_druid_query_data: "{{ ml_druid_query | default('') }}" ml_program_dashboard_data: "{{ ml_program_data | default('') }}" ml_analytics_druid_query_url: "{{groups['druid'][0]}}:8082" ml_analytics_druid_observation_query_spec: '{"queryType":"scan","dataSource":"sl-observation","resultFormat":"list","columns":["completedDate","createdAt","createdBy","criteriaExternalId","criteriaId","criteriaName","entityType","entityTypeId","observationId","observationName","observationSubmissionId","questionAnswer","questionECM","questionExternalId","questionId","questionName","questionResponseLabel","questionResponseType","solutionExternalId","solutionId","solutionName","updatedAt","instanceParentId","instanceId","instanceParentResponsetype","instanceParentQuestion","questionSequenceByEcm","maxScore","minScore","percentageScore","pointsBasedScoreInParent","totalScore","scoreAchieved","totalpercentage","instanceParentExternalId","instanceParentEcmSequence","remarks","total_evidences","evidence_count","school","block","district","cluster","state","schoolName","blockName","districtName","clusterName","stateName","schoolExternalId","blockExternalId","districtExternalId","clusterExternalId","stateExternalId","schoolTypes","administrationTypes","instanceParentCriteriaId","instanceParentCriteriaExternalId","instanceParentCriteriaName","role_title","location_validated_with_geotag","distance_in_meters","entity","entityExternalId","entityName","isAPrivateProgram","programId","programName","programExternalId","questionResponseLabel_number","criteriaLevel","criteriaScore","submissionNumber","submissionTitle","channel","parent_channel","user_districtName","user_blockName","user_clusterName","appName","evidences","user_stateName","domainName","domainExternalId","childName","childType","childExternalid","level","criteriaDescription","programDescription","solutionDescription","label","imp_project_id","imp_project_title","imp_project_goal","imp_project_externalId","ancestorName","scoringSystem","domainLevel","domainScore","criteriaLevelReport","user_schoolName","user_schoolId","user_schoolUDISE_code","solution_type","organisation_name","user_boardName","district_externalId","state_externalId","block_externalId","cluster_externalId","organisation_id","user_type"],"intervals":["1901-01-01T00:00:00+00:00/2101-01-01T00:00:00+00:00"]}' ml_analytics_druid_observation_batch_ingestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "azure","uris": ["azure://telemetry-data-store/observation/batchDeletion/druidData.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-observation","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"completedDate","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"completedDate"},{"type":"string","name":"createdAt"},{"type":"string","name":"createdBy"},{"type":"string","name":"criteriaExternalId"},{"type":"string","name":"criteriaId"},{"type":"string","name":"criteriaName"},{"type":"string","name":"entityType"},{"type":"string","name":"entityTypeId"},{"type":"string","name":"observationId"},{"type":"string","name":"observationName"},{"type":"string","name":"observationSubmissionId"},{"type":"string","name":"questionAnswer"},{"type":"string","name":"questionECM"},{"type":"string","name":"questionExternalId"},{"type":"string","name":"questionId"},{"type":"string","name":"questionName"},{"type":"string","name":"questionResponseLabel"},{"type":"string","name":"questionResponseType"},{"type":"string","name":"solutionExternalId"},{"type":"string","name":"solutionId"},{"type":"string","name":"solutionName"},{"type":"string","name":"updatedAt"},{"type":"string","name":"instanceParentId"},{"type":"string","name":"instanceId"},{"type":"string","name":"instanceParentResponsetype"},{"type":"string","name":"instanceParentQuestion"},{"type":"string","name":"questionSequenceByEcm"},{"type":"string","name":"maxScore"},{"type":"string","name":"minScore"},{"type":"string","name":"percentageScore"},{"type":"string","name":"pointsBasedScoreInParent"},{"type":"string","name":"totalScore"},{"type":"string","name":"scoreAchieved"},{"type":"string","name":"totalpercentage"},{"type":"string","name":"instanceParentExternalId"},{"type":"string","name":"instanceParentEcmSequence"},{"type":"string","name":"remarks"},{"type":"string","name":"total_evidences"},{"type":"string","name":"evidence_count"},{"type":"string","name":"school"},{"type":"string","name":"block"},{"type":"string","name":"district"},{"type":"string","name":"cluster"},{"type":"string","name":"state"},{"type":"string","name":"schoolName"},{"type":"string","name":"blockName"},{"type":"string","name":"districtName"},{"type":"string","name":"clusterName"},{"type":"string","name":"stateName"},{"type":"string","name":"schoolExternalId"},{"type":"string","name":"blockExternalId"},{"type":"string","name":"districtExternalId"},{"type":"string","name":"clusterExternalId"},{"type":"string","name":"stateExternalId"},{"type":"string","name":"schoolTypes"},{"type":"string","name":"administrationTypes"},{"type":"string","name":"instanceParentCriteriaId"},{"type":"string","name":"instanceParentCriteriaExternalId"},{"type":"string","name":"instanceParentCriteriaName"},{"type":"string","name":"role_title"},{"type":"string","name":"location_validated_with_geotag"},{"type":"string","name":"distance_in_meters"},{"type":"string","name":"entity"},{"type":"string","name":"entityExternalId"},{"type":"string","name":"entityName"},{"type":"string","name":"isAPrivateProgram"},{"type":"string","name":"programId"},{"type":"string","name":"programName"},{"type":"string","name":"programExternalId"},{"name":"questionResponseLabel_number","type":"float"},{"type":"string","name":"criteriaLevel"},{"type":"string","name":"criteriaScore"},{"type":"string","name":"submissionNumber"},{"type":"string","name":"submissionTitle"},{"type":"string","name":"channel"},{"type":"string","name":"parent_channel"},{"type":"string","name":"user_districtName"},{"type":"string","name":"user_blockName"},{"type":"string","name":"user_clusterName"},{"type":"string","name":"appName"},{"type":"string","name":"evidences"},{"type":"string","name":"user_stateName"},{"type":"string","name":"domainName"},{"type":"string","name":"domainExternalId"},{"type":"string","name":"childName"},{"type":"string","name":"childType"},{"type":"string","name":"childExternalid"},{"type":"string","name":"level"},{"type":"string","name":"criteriaDescription"},{"type":"string","name":"programDescription"},{"type":"string","name":"solutionDescription"},{"type":"string","name":"label"},{"type":"string","name":"imp_project_id"},{"type":"string","name":"imp_project_title"},{"type":"string","name":"imp_project_goal"},{"type":"string","name":"imp_project_externalId"},{"type":"string","name":"ancestorName"},{"type":"string","name":"scoringSystem"},{"type":"string","name":"domainLevel"},{"type":"string","name":"domainScore"},{"name":"criteriaLevelReport","type":"boolean"},{"type":"string","name":"user_schoolName"},{"type":"string","name":"user_schoolId"},{"type":"string","name":"user_schoolUDISE_code"},{"type":"string","name":"solution_type"},{"type":"string","name":"organisation_name"},{"type":"string","name":"user_boardName"},{"type":"string","name":"district_externalId"},{"type":"string","name":"state_externalId"},{"type":"string","name":"block_externalId"},{"type":"string","name":"cluster_externalId"},{"type":"string","name":"organisation_id"},{"type":"string","name":"user_type"},{"type":"string","name":"isSubmissionDeleted"}]},"metricsSpec":[{"type":"floatSum","name":"question_response_number","fieldName":"questionResponseLabel_number"}]}}}' -ml_analytics_observation_batchupdate_azure_blob_path: "observation/batchDeletion" +ml_analytics_observation_batchupdate_cloud_blob_path: "observation/batchDeletion" ml_analytics_observation_submission_id_filepath: "{{ WORKDIR }}/ml-analytics-service/observations/submissions.csv" ml_analytics_observation_batchupdate_output_dir: "{{ WORKDIR }}/source/observations/" ml_analytics_druid_survey_query_spec : '{"queryType":"scan","dataSource":"sl-survey","resultFormat":"list","columns":["completedDate","createdAt","createdBy","criteriaExternalId","criteriaId","criteriaName","surveyId","surveyName","surveySubmissionId","questionAnswer","questionECM","questionExternalId","questionId","questionName","questionResponseLabel","questionResponseType","solutionExternalId","solutionId","solutionName","updatedAt","instanceParentId","instanceId","instanceParentResponsetype","instanceParentQuestion","questionSequenceByEcm","maxScore","minScore","percentageScore","pointsBasedScoreInParent","totalScore","scoreAchieved","totalpercentage","instanceParentExternalId","instanceParentEcmSequence","remarks","total_evidences","evidence_count","instanceParentCriteriaId","instanceParentCriteriaExternalId","instanceParentCriteriaName","isAPrivateProgram","programId","programName","programExternalId","questionResponseLabel_number","channel","parent_channel","appName","organisation_name","user_subtype","user_type","board_name","district_code","district_name","district_externalId","block_code","block_name","block_externalId","school_code","school_name","school_externalId","cluster_code","cluster_name","cluster_externalId","state_code","state_name","state_externalId","organisation_id","evidences"],"intervals":["1901-01-01T00:00:00+00:00/2101-01-01T00:00:00+00:00"]}' ml_analytics_druid_survey_batch_ingestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris": ["azure://telemetry-data-store/survey/batchDeletion/druidData.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-survey","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"completedDate","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"completedDate"},{"type":"string","name":"createdAt"},{"type":"string","name":"createdBy"},{"type":"string","name":"criteriaExternalId"},{"type":"string","name":"criteriaId"},{"type":"string","name":"criteriaName"},{"type":"string","name":"surveyId"},{"type":"string","name":"surveyName"},{"type":"string","name":"surveySubmissionId"},{"type":"string","name":"questionAnswer"},{"type":"string","name":"questionECM"},{"type":"string","name":"questionExternalId"},{"type":"string","name":"questionId"},{"type":"string","name":"questionName"},{"type":"string","name":"questionResponseLabel"},{"type":"string","name":"questionResponseType"},{"type":"string","name":"solutionExternalId"},{"type":"string","name":"solutionId"},{"type":"string","name":"solutionName"},{"type":"string","name":"updatedAt"},{"type":"string","name":"instanceParentId"},{"type":"string","name":"instanceId"},{"type":"string","name":"instanceParentResponsetype"},{"type":"string","name":"instanceParentQuestion"},{"type":"string","name":"questionSequenceByEcm"},{"type":"string","name":"maxScore"},{"type":"string","name":"minScore"},{"type":"string","name":"percentageScore"},{"type":"string","name":"pointsBasedScoreInParent"},{"type":"string","name":"totalScore"},{"type":"string","name":"scoreAchieved"},{"type":"string","name":"totalpercentage"},{"type":"string","name":"instanceParentExternalId"},{"type":"string","name":"instanceParentEcmSequence"},{"type":"string","name":"remarks"},{"type":"string","name":"total_evidences"},{"type":"string","name":"evidence_count"},{"type":"string","name":"evidences"},{"type":"string","name":"instanceParentCriteriaId"},{"type":"string","name":"instanceParentCriteriaExternalId"},{"type":"string","name":"instanceParentCriteriaName"},{"type":"string","name":"isAPrivateProgram"},{"type":"string","name":"programId"},{"type":"string","name":"programName"},{"type":"string","name":"programExternalId"},{"name":"questionResponseLabel_number","type":"float"},{"type":"string","name":"channel"},{"type":"string","name":"parent_channel"},{"type":"string","name":"appName"},{"type":"string","name":"organisation_name"},{"type":"string","name":"user_subtype"},{"type":"string","name":"user_type"},{"type":"string","name":"board_name"},{"type":"string","name":"district_code"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_code"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"school_code"},{"type":"string","name":"school_name"},{"type":"string","name":"school_externalId"},{"type":"string","name":"cluster_code"},{"type":"string","name":"cluster_name"},{"type":"string","name":"cluster_externalId"},{"type":"string","name":"state_code"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"organisation_id"},{"type":"string","name":"isSubmissionDeleted"}]},"metricsSpec":[{"type":"floatSum","name":"question_response_number","fieldName":"questionResponseLabel_number"}]}}}' -ml_analytics_survey_batchupdate_azure_blob_path : "survey/batchDeletion" +ml_analytics_survey_batchupdate_cloud_blob_path : "survey/batchDeletion" ml_analytics_survey_submission_id_filepath : "{{ WORKDIR }}/ml-analytics-service/survey/submissions.csv" ml_analytics_survey_batchupdate_output_dir : "{{ WORKDIR }}/source/survey/" ml_analytics_druid_interval_list: '["1901-01-01T00:00:00+00:00/2020-01-01T00:00:00+00:00","2020-01-01T00:00:00+00:00/2020-06-01T00:00:00+00:00","2020-06-01T00:00:00+00:00/2021-01-01T00:00:00+00:00","2021-01-01T00:00:00+00:00/2021-06-01T00:00:00+00:00","2021-06-01T00:00:00+00:00/2022-01-01T00:00:00+00:00","2022-01-01T00:00:00+00:00/2022-03-01T00:00:00+00:00","2022-03-01T00:00:00+00:00/2022-06-01T00:00:00+00:00","2022-06-01T00:00:00+00:00/2022-09-01T00:00:00+00:00","2022-09-01T00:00:00+00:00/2023-01-01T00:00:00+00:00"]' -ml_analytics_azure_account_key: "{{ cloud_private_storage_secret }}" ML_Cloud_Service_Provider: "{{ cloud_service_provider | default('azure') }}" ## Valid options - ORACLE, gcloud, aws & azure ml_analytics_cloud_package_path: "{{ config_path }}/cloud_storage" ml_analytics_cname_url: "https://{{ cloud_private_storage_accountname }}.blob.core.windows.net/{{ cloud_storage_telemetry_bucketname }}" -ml_GCP_secret_json_file: "gcp_secrets.json" -ml_GCP_bucket_name: "{{ cloud_storage_telemetry_bucketname }}" -ml_GCP_Secrets: +ml_Cloud_secret_json_file: "cloud_secrets.json" +ml_Cloud_Secrets: account_name: "{{ cloud_private_storage_accountname }}" account_key: "{{ cloud_private_storage_secret }}" +cloud_private_storage_accountname: "{{ cloud_private_storage_accountname }}" +cloud_storage_telemetry_bucketname: "{{ cloud_storage_telemetry_bucketname }}" +cloud_private_storage_secret: "{{ cloud_private_storage_secret }}" +cloud_private_storage_region: "{{ cloud_private_storage_region }}" +cloud_private_storage_endpoint: "{{ cloud_private_storage_endpoint }}" diff --git a/ansible/roles/ml-analytics-service/tasks/main.yml b/ansible/roles/ml-analytics-service/tasks/main.yml index dfa015c99c..ee609b8806 100755 --- a/ansible/roles/ml-analytics-service/tasks/main.yml +++ b/ansible/roles/ml-analytics-service/tasks/main.yml @@ -106,7 +106,7 @@ backup: yes - name: Copy GCP Secrets to JSON file - copy: dest="{{config_path}}/{{ml_GCP_secret_json_file}}" content="{{ ml_GCP_Secrets | to_nice_json}}" mode=0400 owner="{{ USER }}" + copy: dest="{{config_path}}/{{ml_Cloud_secret_json_file}}" content="{{ ml_Cloud_Secrets | to_nice_json}}" mode=0400 owner="{{ USER }}" when: ML_Cloud_Service_Provider == 'gcloud' - name: Templating the shell_script_config.j2 to shell_script_config diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index 770de394cb..70160c64c0 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -154,50 +154,51 @@ survey_streaming_error = {{ ml_analytics_survey_log_folder_path }}/error.log [ORACLE] -endpoint_url = {{ ml_ORACLE_endpoint_url }} +endpoint_url = {{ cloud_private_storage_endpoint }} -access_key = {{ ml_ORACLE_access_key }} +access_key = {{ cloud_private_storage_accountname }} -secret_access_key = {{ ml_ORACLE_secret_access_key }} +secret_access_key = {{ cloud_private_storage_secret }} -region_name = {{ ml_ORACLE_region_name }} +region_name = {{ cloud_private_storage_region }} -bucket_name = {{ ml_ORACLE_bucket_name }} +bucket_name = {{ cloud_storage_telemetry_bucketname }} {% elif ML_Cloud_Service_Provider is eq 'gcloud' %} [GCP] -secret_data = {{ ml_GCP_secret_json_file }} +secret_data = {{ ml_Cloud_secret_json_file }} -bucket_name = {{ ml_GCP_bucket_name }} +bucket_name = {{ cloud_storage_telemetry_bucketname }} {% elif ML_Cloud_Service_Provider is eq 'aws' %} [AWS] -service_name = {{ ml_AWS_service_name }} +service_name = S3 -access_key = {{ ml_AWS_access_key }} +access_key = {{ cloud_private_storage_accountname }} -secret_access_key = {{ ml_AWS_secret_access_key }} +secret_access_key = {{ cloud_private_storage_secret }} -region_name = {{ ml_AWS_region_name }} +region_name = {{ cloud_private_storage_region }} -bucket_name = {{ ml_AWS_bucket_name }} +bucket_name = {{ cloud_storage_telemetry_bucketname }} {% else %} [AZURE] -account_name = {{ ml_analytics_azure_account_name }} +account_name = {{ cloud_private_storage_accountname }} -sas_token = {{ ml_analytics_azure_sas_token }} +sas_token = {{ cloud_private_storage_secret }} -container_name = {{ ml_analytics_azure_container_name }} +container_name = {{ cloud_storage_telemetry_bucketname }} -account_key = {{ ml_analytics_azure_account_key }} +account_key = {{ cloud_private_storage_secret }} +{% endif %} [OUTPUT_DIR] @@ -250,32 +251,32 @@ program_dashboard_data = {{ ml_program_dashboard_data }} cloud_module_path = {{ ml_analytics_cloud_package_path }} -observation_blob_path = {{ ml_analytics_observation_azure_blob_path }} +observation_blob_path = {{ ml_analytics_observation_cloud_blob_path }} -projects_blob_path = {{ ml_analytics_project_azure_blob_path }} +projects_blob_path = {{ ml_analytics_project_cloud_blob_path }} -observation_distinctCount_blob_path = {{ ml_analytics_obs_distinctCnt_azure_blob_path }} +observation_distinctCount_blob_path = {{ ml_analytics_obs_distinctCnt_cloud_blob_path }} -observation_distinctCount_domain_blob_path = {{ ml_analytics_obs_distinctCnt_domain_azure_blob_path }} +observation_distinctCount_domain_blob_path = {{ ml_analytics_obs_distinctCnt_domain_cloud_blob_path }} -observation_distinctCount_domain_criteria_blob_path = {{ ml_analytics_obs_distinctCnt_domain_criteria_azure_blob_path }} +observation_distinctCount_domain_criteria_blob_path = {{ ml_analytics_obs_distinctCnt_domain_criteria_cloud_blob_path }} -projects_distinctCnt_blob_path = {{ ml_analytics_projects_distinctCnt_azure_blob_path }} +projects_distinctCnt_blob_path = {{ ml_analytics_projects_distinctCnt_cloud_blob_path }} -projects_distinctCnt_prgmlevel_blob_path = {{ ml_analytics_projects_distinctCnt_prglevel_azure_blob_path }} +projects_distinctCnt_prgmlevel_blob_path = {{ ml_analytics_projects_distinctCnt_prglevel_cloud_blob_path }} -projects_rollup_blob_path = {{ ml_analytics_project_rollup_azure_blob_path }} +projects_rollup_blob_path = {{ ml_analytics_project_rollup_cloud_blob_path }} -observation_rollup_blob_path = {{ ml_analytics_observation_rollup_azure_blob_path }} +observation_rollup_blob_path = {{ ml_analytics_observation_rollup_cloud_blob_path }} -survey_rollup_blob_path = {{ ml_analytics_survey_rollup_azure_blob_path }} +survey_rollup_blob_path = {{ ml_analytics_survey_rollup_cloud_blob_path }} -survey_blob_path = {{ ml_analytics_survey_azure_blob_path }} +survey_blob_path = {{ ml_analytics_survey_cloud_blob_path }} -projects_program_csv = {{ ml_analytics_program_dashboard_azure_blob_path }} +projects_program_csv = {{ ml_analytics_program_dashboard_cloud_blob_path }} -observation_batch_ingestion_data_del = {{ ml_analytics_observation_batchupdate_azure_blob_path }} +observation_batch_ingestion_data_del = {{ ml_analytics_observation_batchupdate_cloud_blob_path }} -survey_batch_ingestion_data_del = {{ ml_analytics_survey_batchupdate_azure_blob_path}} +survey_batch_ingestion_data_del = {{ ml_analytics_survey_batchupdate_cloud_blob_path}} cname_url = {{ ml_analytics_cname_url }} From e942e5df1f6b47b64c1c3f404952da9d31b11136 Mon Sep 17 00:00:00 2001 From: Akash Shah Date: Tue, 6 Dec 2022 14:26:47 +0530 Subject: [PATCH 185/434] Add kafka_bootstrap_address env key Add kafka_bootstrap_address env key --- kubernetes/helm_charts/sunbird-RC/registry/values.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/kubernetes/helm_charts/sunbird-RC/registry/values.j2 b/kubernetes/helm_charts/sunbird-RC/registry/values.j2 index 7668715b20..c582ae8941 100644 --- a/kubernetes/helm_charts/sunbird-RC/registry/values.j2 +++ b/kubernetes/helm_charts/sunbird-RC/registry/values.j2 @@ -52,6 +52,7 @@ rccoreenv: KAFKA_BROKER_ID: {{ registry_kafka_broker_id|default('1')}} KAFKA_ZOOKEEPER_CONNECT: "{{groups['processing-cluster-zookeepers']|join(':2181,')}}:2181" KAFKA_ADVERTISED_LISTENERS: "{{groups['processing-cluster-kafka']|join(':9092,')}}:9092" + kafka_bootstrap_address: "{{groups['processing-cluster-kafka']|join(':9092,')}}:9092" KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: {{ registry_listener_security_protocol_map|default('INTERNAL:PLAINTEXT,OUTSIDE:PLAINTEXT')}} KAFKA_INTER_BROKER_LISTENER_NAME: {{ registry_inter_broker_listener_name|default('INTERNAL')}} KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: {{ registry_offsets_topic_replication_factor|default('1')}} From e7f3b0f70e86af5bbc42322bb3ebfb8c3009c956 Mon Sep 17 00:00:00 2001 From: Rajesh Kumaravel Date: Tue, 6 Dec 2022 14:44:53 +0530 Subject: [PATCH 186/434] Issue #ED-536 feat: Added fetch all API for form --- ansible/roles/kong-api/defaults/main.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index ff4323914e..2e431aa0cb 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9815,3 +9815,24 @@ kong_apis: - name: opa-checks config.required: true config.enabled: true + +- name: fetchAllForm + uris: "{{ data_service_prefix }}/v1/form/fetchAll" + upstream_url: "{{ player_service_url }}/plugin/v1/form/fetchAll" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - appAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ small_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false From 6930cd7ec16b5bdef9be97d499f70528bdc2dca4 Mon Sep 17 00:00:00 2001 From: Rajesh Kumaravel Date: Tue, 6 Dec 2022 17:34:02 +0530 Subject: [PATCH 187/434] Issue #ED-536 fix: fetch all api added --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 2e431aa0cb..bb6e0c7c56 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9826,7 +9826,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - appAdmin + - formUpdate - name: rate-limiting config.policy: local config.hour: "{{ small_rate_limit_per_hour }}" From 87981d713391fba5e71181d303e880153418a9d2 Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Wed, 7 Dec 2022 11:07:14 +0530 Subject: [PATCH 188/434] LR-126 cloud variable name changes --- ansible/inventory/env/group_vars/all.yml | 10 +++++----- .../templates/sunbird_learner-service.env | 6 +++--- .../stack-sunbird/templates/sunbird_lms-service.env | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index d8da227a81..e4572b2b1d 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -36,7 +36,7 @@ sunbird_keycloak_required_action_link_expiration_seconds: 2592000 sunbird_es_port: 9300 mail_server_port: 587 -upstream_url: "{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}" +upstream_url: "{{cloud_public_storage_accountname}}.blob.core.windows.net/{{cloud_storage_content_bucketname}}" # Learner sunbird_user_profile_field_default_visibility: private @@ -363,7 +363,7 @@ content_service_blacklisted_resourcetype: '' content_service_whitelisted_resourcetype: '' content_service_whitelisted_mimetype: '' content_service_blacklisted_mimetype: '' -sunbird_cloud_storage_urls: 'https://s3.ap-south-1.amazonaws.com/ekstep-public-{{ekstep_s3_env}}/,https://ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com/,https://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{sunbird_content_azure_storage_container}}/' +sunbird_cloud_storage_urls: 'https://s3.ap-south-1.amazonaws.com/ekstep-public-{{ekstep_s3_env}}/,https://ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com/,https://{{cloud_public_storage_accountname}}.blob.core.windows.net/{{cloud_storage_content_bucketname}}/' sunbird_email_max_recipients_limit: 100 sunbird_cassandra_consistency_level: quorum sunbird_cassandra_replication_strategy: '{"class":"SimpleStrategy","replication_factor":"1"}' @@ -411,7 +411,7 @@ sunbird_health_check_enable: 'true' ## Release 1.15 ## sunbird_keycloak_user_federation_provider_id: "{{core_vault_sunbird_keycloak_user_federation_provider_id}}" # Learner-service -sunbird_course_metrics_base_url: https://{{sunbird_private_storage_account_name}}.blob.core.windows.net/ +sunbird_course_metrics_base_url: https://{{cloud_private_storage_accountname}}.blob.core.windows.net/ sunbird_gzip_size_threshold: 262144 prometheus_mount_point: "/root/dockerdata/prometheus/data/" @@ -449,7 +449,7 @@ kafka_urls: "{{groups['processing-cluster-kafka']|join(':9092,')}}:9092" kafka_topics_certificate_instruction: "{{env_name}}.issue.certificate.request" kafka_topics_contentstate_invalid: "{{env_name}}.contentstate.invalid" kafka_enrolment_sync_topic: "{{env_name}}.batch.enrolment.sync.request" -cert_service_container_name: "{{env}}-e-credentials" +cert_service_container_name: "{{cloud_storage_certservice_bucketname}}" cert_service_cloud_storage_type: "{{cert_service_cloud_storage_type}}" ### Release-2.4.0 ### @@ -508,7 +508,7 @@ sunbird_portal_updateLoginTimeEnabled: false # Desktop app vars #sunbird_offline_azure_storage_account: "" #added this var for adopter usecase offline_installer_container_name: "" #added this var for adopter usecase -cloud_storage_url: "{{ sunbird_public_storage_account_name }}.blob.core.windows.net" +cloud_storage_url: "{{ cloud_public_storage_accountname }}.blob.core.windows.net" # Search-service search_index_host: "{{ groups['composite-search-cluster']|join(':9200,')}}:9200" diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index f0d9addffd..a1d0d6ea81 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -79,7 +79,7 @@ sunbird_course_batch_notification_enabled={{sunbird_course_batch_notification_en sunbird_course_batch_notification_signature={{sunbird_course_batch_notification_signature}} sunbird_otp_expiration={{sunbird_otp_expiration}} sunbird_otp_length={{sunbird_otp_length}} -sunbird_content_azure_storage_container={{sunbird_content_azure_storage_container}} +sunbird_content_cloud_storage_container={{cloud_storage_content_bucketname}} # Release-1.14 sunbird_time_zone={{sunbird_time_zone}} # Release-1.15 @@ -88,8 +88,8 @@ sunbird_keycloak_user_federation_provider_id={{core_vault_sunbird_keycloak_user_ sunbird_gzip_enable={{sunbird_gzip_enable}} sunbird_course_metrics_base_url={{sunbird_course_metrics_base_url}} sunbird_gzip_size_threshold={{sunbird_gzip_size_threshold | default(262144)}} -sunbird_analytics_blob_account_name={{sunbird_private_storage_account_name}} -sunbird_analytics_blob_account_key={{sunbird_private_storage_account_key}} +sunbird_analytics_blob_account_name={{cloud_private_storage_accountname}} +sunbird_analytics_blob_account_key={{cloud_private_storage_secret}} # Optional for caching sunbird_cache_enable={{sunbird_cache_enable | default(false)}} # Set below variables if above true diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 6e652f27df..7057b32917 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -80,7 +80,7 @@ sunbird_course_batch_notification_enabled={{sunbird_course_batch_notification_en sunbird_course_batch_notification_signature={{sunbird_course_batch_notification_signature}} sunbird_otp_expiration={{sunbird_otp_expiration}} sunbird_otp_length={{sunbird_otp_length}} -sunbird_content_azure_storage_container={{sunbird_content_azure_storage_container}} +sunbird_content_cloud_storage_container={{cloud_storage_content_bucketname}} # Release-1.14 sunbird_time_zone={{sunbird_time_zone}} # Release-1.15 From 9aef1be4b81af6927643fa8acff6c30075bb5d79 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Wed, 7 Dec 2022 11:09:30 +0530 Subject: [PATCH 189/434] Update main.yml (#3649) --- ansible/roles/ml-analytics-service/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index da571d3bed..a480b01ccd 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -44,7 +44,7 @@ ml_analytics_kafka_survey_druid_topic_name: "{{ env_name }}.ml.survey.druid" ml_analytics_observation_log_folder_path: "{{ WORKDIR }}/logs/observation" ml_analytics_project_log_folder_path: "{{ WORKDIR }}/logs/project" ml_analytics_survey_log_folder_path: "{{ WORKDIR }}/logs/survey" -ml_analytics_observation_azure_blob_path: "observation/status/" +ml_analytics_observation_cloud_blob_path: "observation/status/" ml_analytics_project_cloud_blob_path: "projects/" ml_analytics_redis_host: "{{ml_redis_host | default(groups['dp-redis'][0])}}" ml_analytics_redis_port: "{{ ml_redis_device_port | default('6379') }}" From 2bbfe4eca53e631db698d37128992434660f61a4 Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Wed, 7 Dec 2022 11:25:32 +0530 Subject: [PATCH 190/434] Release 5.1.0 vars change (#3650) --- ansible/artifacts-download.yml | 11 +++++------ ansible/artifacts-upload.yml | 11 +++++------ ansible/assets-upload.yml | 4 ++-- ansible/deploy-plugins.yml | 17 +++++++++-------- ansible/desktop-faq-upload.yml | 12 ++++++------ ansible/dial_upload-schema.yml | 9 ++++----- ansible/kp_upload-schema.yml | 9 ++++----- ansible/plugins.yml | 10 +++++----- .../roles/cassandra-backup/defaults/main.yml | 6 +++++- ansible/roles/cassandra-backup/tasks/main.yml | 9 ++++----- .../roles/cassandra-restore/defaults/main.yml | 5 ++++- ansible/roles/cassandra-restore/tasks/main.yml | 7 +++---- ansible/roles/cert-templates/defaults/main.yml | 2 +- ansible/roles/cert-templates/tasks/main.yml | 9 ++++----- ansible/roles/desktop-deploy/defaults/main.yml | 2 +- ansible/roles/desktop-deploy/tasks/main.yml | 12 ++++++------ ansible/roles/es-azure-snapshot/tasks/main.yml | 4 ++-- .../es6/tasks/plugins/repository-azure.yml | 6 +++--- .../roles/gcp-cloud-storage/defaults/main.yml | 6 +++--- .../roles/gcp-cloud-storage/tasks/download.yml | 4 ++-- .../tasks/upload-batch-no-poll.yml | 2 +- .../gcp-cloud-storage/tasks/upload-batch.yml | 2 +- .../roles/gcp-cloud-storage/tasks/upload.yml | 2 +- ansible/roles/grafana-backup/defaults/main.yml | 6 ++++-- ansible/roles/grafana-backup/tasks/main.yml | 7 +++---- .../jenkins-backup-upload/defaults/main.yml | 5 ++++- .../roles/jenkins-backup-upload/tasks/main.yml | 7 +++---- .../log-es6/tasks/plugins/repository-azure.yml | 6 +++--- ansible/roles/mongodb-backup/defaults/main.yml | 5 ++++- ansible/roles/mongodb-backup/tasks/main.yml | 7 +++---- .../defaults/main.yml | 5 ++++- .../tasks/main.yml | 7 +++---- .../defaults/main.yml | 6 +++++- .../tasks/main.yml | 7 +++---- .../roles/postgresql-backup/defaults/main.yml | 3 +++ ansible/roles/postgresql-backup/tasks/main.yml | 9 ++++----- .../roles/postgresql-restore/defaults/main.yml | 5 ++++- ansible/roles/postgresql-restore/tasks/main.yml | 7 +++---- .../prometheus-backup-v2/defaults/main.yml | 5 ++++- .../roles/prometheus-backup-v2/tasks/main.yml | 7 +++---- .../roles/prometheus-backup/defaults/main.yml | 5 ++++- ansible/roles/prometheus-backup/tasks/main.yml | 7 +++---- .../roles/prometheus-restore/defaults/main.yml | 5 ++++- ansible/roles/prometheus-restore/tasks/main.yml | 7 +++---- ansible/roles/redis-backup/defaults/main.yml | 5 ++++- ansible/roles/redis-backup/tasks/main.yml | 7 +++---- ansible/uploadFAQs.yml | 4 ++-- 47 files changed, 164 insertions(+), 141 deletions(-) diff --git a/ansible/artifacts-download.yml b/ansible/artifacts-download.yml index 043446554d..25869f80a3 100644 --- a/ansible/artifacts-download.yml +++ b/ansible/artifacts-download.yml @@ -12,8 +12,8 @@ blob_container_name: "{{ artifacts_container }}" blob_file_name: "{{ artifact }}" local_file_or_folder_path: "{{ artifact_path }}" - storage_account_name: "{{ azure_artifact_storage_account_name }}" - storage_account_key: "{{ azure_artifact_storage_account_key }}" + storage_account_name: "{{ cloud_artifact_storage_accountname }}" + storage_account_key: "{{ cloud_artifact_storage_secret }}" when: cloud_service_provider == "azure" - name: download artifact from gcloud storage @@ -21,9 +21,8 @@ name: gcp-cloud-storage tasks_from: download.yml vars: - gcp_bucket_name: "{{ gcloud_artifact_bucket_name }}" - dest_folder_name: "{{ artifacts_container }}" - dest_file_name: "{{ artifact }}" + gcp_bucket_name: "{{ cloud_storage_artifacts_bucketname }}" + gcp_path: "{{ artifact }}" local_file_or_folder_path: "{{ artifact_path }}" when: cloud_service_provider == "gcloud" @@ -38,4 +37,4 @@ aws_default_region: "{{ aws_region }}" aws_access_key_id: "{{ aws_artifact_bucket_access_key }}" aws_secret_access_key: "{{ aws_artifact_bucket_secret_access_key }}" - when: cloud_service_provider == "aws" \ No newline at end of file + when: cloud_service_provider == "aws" diff --git a/ansible/artifacts-upload.yml b/ansible/artifacts-upload.yml index 32e866808c..31f2589a68 100644 --- a/ansible/artifacts-upload.yml +++ b/ansible/artifacts-upload.yml @@ -13,8 +13,8 @@ container_public_access: "off" blob_file_name: "{{ artifact }}" local_file_or_folder_path: "{{ artifact_path }}" - storage_account_name: "{{ azure_artifact_storage_account_name }}" - storage_account_key: "{{ azure_artifact_storage_account_key }}" + storage_account_name: "{{ cloud_artifact_storage_accountname }}" + storage_account_key: "{{ cloud_artifact_storage_secret }}" when: cloud_service_provider == "azure" - name: upload artifact to gcloud storage @@ -22,9 +22,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: - gcp_bucket_name: "{{ gcloud_artifact_bucket_name }}" - dest_folder_name: "{{ artifacts_container }}" - dest_file_name: "{{ artifact }}" + gcp_bucket_name: "{{ cloud_storage_artifacts_bucketname }}" + gcp_path: "{{ artifact }}" local_file_or_folder_path: "{{ artifact_path }}" when: cloud_service_provider == "gcloud" @@ -39,4 +38,4 @@ aws_default_region: "{{ aws_region }}" aws_access_key_id: "{{ aws_artifact_bucket_access_key }}" aws_secret_access_key: "{{ aws_artifact_bucket_secret_access_key }}" - when: cloud_service_provider == "aws" \ No newline at end of file + when: cloud_service_provider == "aws" diff --git a/ansible/assets-upload.yml b/ansible/assets-upload.yml index 12021680fe..8adf3cae74 100644 --- a/ansible/assets-upload.yml +++ b/ansible/assets-upload.yml @@ -18,8 +18,8 @@ blob_container_name: "{{ player_cdn_storage }}" container_public_access: "container" blob_container_folder_path: "" - storage_account_name: "{{ azure_public_storage_account_name }}" - storage_account_key: "{{ azure_public_storage_account_key }}" + storage_account_name: "{{ cloud_public_storage_accountname }}" + storage_account_key: "{{ cloud_public_storage_secret }}" storage_account_sas_token: "{{ azure_public_storage_account_sas }}" - name: delete files and folders from azure storage using azcopy diff --git a/ansible/deploy-plugins.yml b/ansible/deploy-plugins.yml index 6f5460809f..ae7f21637a 100644 --- a/ansible/deploy-plugins.yml +++ b/ansible/deploy-plugins.yml @@ -24,8 +24,8 @@ set_fact: blob_container_name: "{{ plugin_storage }}" container_public_access: "container" - storage_account_name: "{{ azure_public_storage_account_name }}" - storage_account_key: "{{ azure_public_storage_account_key }}" + storage_account_name: "{{ cloud_public_storage_accountname }}" + storage_account_key: "{{ cloud_public_storage_secret }}" storage_account_sas_token: "{{ azure_public_storage_account_sas }}" tags: - always @@ -92,8 +92,9 @@ block: - name: set common gcloud variables set_fact: - dest_folder_name: "{{ plugin_storage }}" - gcp_bucket_name: "{{ gcloud_public_bucket_name }}" + gcp_bucket_name: "{{ cloud_storage_content_bucketname }}" + gcp_path: "" + tags: - always @@ -103,7 +104,7 @@ name: gcp-cloud-storage tasks_from: delete-batch.yml vars: - file_delete_pattern: "{{ dest_folder_name }}/{{ folder_name }}" + file_delete_pattern: "{{ folder_name }}" tags: - content-editor - collection-editor @@ -116,7 +117,7 @@ name: gcp-cloud-storage tasks_from: upload-batch.yml vars: - dest_folder_path: "{{ folder_name }}" + gcp_path: "{{ folder_name }}" local_file_or_folder_path: "{{ source_name }}" tags: - content-editor @@ -132,7 +133,7 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: - dest_file_name: "artefacts/content-player/content-player-{{ player_version_number }}.zip" + gcp_path: "artefacts/content-player/content-player-{{ player_version_number }}.zip" local_file_or_folder_path: "{{ source_file_name }}" tags: - preview @@ -149,7 +150,7 @@ tasks_from: "{{ item[0] }}" vars: file_delete_pattern: "content-plugins/{{ item[1] }}/*" - dest_folder_path: "content-plugins/{{ item[1] }}" + gcp_path: "content-plugins/{{ item[1] }}" local_file_or_folder_path: "{{ source_folder }}/{{ item[1] }}" with_nested: - ['delete-batch-no-poll.yml', 'upload-batch-no-poll.yml'] diff --git a/ansible/desktop-faq-upload.yml b/ansible/desktop-faq-upload.yml index 911153576b..d36b0e3721 100644 --- a/ansible/desktop-faq-upload.yml +++ b/ansible/desktop-faq-upload.yml @@ -20,8 +20,8 @@ tasks_from: blob-upload.yml vars: container_public_access: "container" - storage_account_name: "{{ azure_public_storage_account_name }}" - storage_account_key: "{{ azure_public_storage_account_key }}" + storage_account_name: "{{ cloud_public_storage_accountname }}" + storage_account_key: "{{ cloud_public_storage_secret }}" tags: - upload-desktop-faq @@ -32,8 +32,8 @@ tasks_from: blob-upload.yml vars: container_public_access: "off" - storage_account_name: "{{ azure_private_storage_account_name }}" - storage_account_key: "{{ azure_private_storage_account_key }}" + storage_account_name: "{{ cloud_private_storage_accountname }}" + storage_account_key: "{{ cloud_private_storage_secret }}" tags: - upload-label @@ -44,8 +44,8 @@ tasks_from: blob-upload-batch.yml vars: container_public_access: "container" - storage_account_name: "{{ azure_public_storage_account_name }}" - storage_account_key: "{{ azure_public_storage_account_key }}" + storage_account_name: "{{ cloud_public_storage_accountname }}" + storage_account_key: "{{ cloud_public_storage_secret }}" tags: - upload-chatbot-config - upload-batch diff --git a/ansible/dial_upload-schema.yml b/ansible/dial_upload-schema.yml index f046e63462..6572c12e55 100644 --- a/ansible/dial_upload-schema.yml +++ b/ansible/dial_upload-schema.yml @@ -35,8 +35,8 @@ container_public_access: "blob" blob_container_folder_path: "/schemas/local" local_file_or_folder_path: "dial_schema_template_files" - storage_account_name: "{{ azure_public_storage_account_name }}" - storage_account_key: "{{ azure_public_storage_account_key }}" + storage_account_name: "{{ cloud_public_storage_accountname }}" + storage_account_key: "{{ cloud_public_storage_secret }}" when: cloud_service_provider == "azure" - name: upload batch of files to aws s3 @@ -57,9 +57,8 @@ name: gcp-cloud-storage tasks_from: upload-batch.yml vars: - dest_folder_name: "{{ dial_plugin_storage }}" - dest_folder_path: "schemas/local" + gcp_bucket_name: "{{ cloud_storage_dial_bucketname }}" + gcp_path: "schemas/local" local_file_or_folder_path: "dial_schema_template_files" - gcp_bucket_name: "{{ gcloud_public_bucket_name }}" when: cloud_service_provider == "gcloud" diff --git a/ansible/kp_upload-schema.yml b/ansible/kp_upload-schema.yml index aecdab077a..2b09dac310 100644 --- a/ansible/kp_upload-schema.yml +++ b/ansible/kp_upload-schema.yml @@ -19,8 +19,8 @@ container_public_access: "container" blob_container_folder_path: "/schemas/local" local_file_or_folder_path: "{{ source_name }}" - storage_account_name: "{{ azure_public_storage_account_name }}" - storage_account_key: "{{ azure_public_storage_account_key }}" + storage_account_name: "{{ cloud_public_storage_accountname }}" + storage_account_key: "{{ cloud_public_storage_secret }}" when: cloud_service_provider == "azure" - name: upload batch of files to aws s3 @@ -41,8 +41,7 @@ name: gcp-cloud-storage tasks_from: upload-batch.yml vars: - dest_folder_name: "{{ plugin_storage }}" - dest_folder_path: "schemas/local" + gcp_bucket_name: "{{ cloud_storage_content_bucketname }}" + gcp_path: "{{ schemas/local" local_file_or_folder_path: "{{ source_name }}" - gcp_bucket_name: "{{ gcloud_public_bucket_name }}" when: cloud_service_provider == "gcloud" diff --git a/ansible/plugins.yml b/ansible/plugins.yml index ab32d9f756..fa5967b462 100644 --- a/ansible/plugins.yml +++ b/ansible/plugins.yml @@ -20,8 +20,8 @@ blob_delete_pattern: "content-plugins/{{ plugins_name }}" blob_container_folder_path: "/content-plugins/{{ plugins_name }}" local_file_or_folder_path: "{{ source_file }}" - storage_account_name: "{{ azure_public_storage_account_name }}" - storage_account_key: "{{ azure_public_storage_account_key }}" + storage_account_name: "{{ cloud_public_storage_accountname }}" + storage_account_key: "{{ cloud_public_storage_secret }}" - name: delete batch of files from azure storage include_role: @@ -34,14 +34,14 @@ tasks_from: blob-upload-batch.yml when: cloud_service_provider == "azure" +### GCP tasks ### - name: this block consists of tasks related to gcloud storage block: - name: set common gcloud variables set_fact: - dest_folder_name: "{{ plugin_storage }}" - gcp_bucket_name: "{{ gcloud_public_bucket_name }}" + gcp_bucket_name: "{{ cloud_storage_content_bucketname }}" + gcp_path: "/content-plugins/{{ plugins_name }}" file_delete_pattern: "content-plugins/{{ plugins_name }}" - dest_folder_path: "/content-plugins/{{ plugins_name }}" local_file_or_folder_path: "{{ source_file }}" - name: delete files and folders from gcloud storage diff --git a/ansible/roles/cassandra-backup/defaults/main.yml b/ansible/roles/cassandra-backup/defaults/main.yml index 139fd1d810..dffec63096 100644 --- a/ansible/roles/cassandra-backup/defaults/main.yml +++ b/ansible/roles/cassandra-backup/defaults/main.yml @@ -1,5 +1,6 @@ cassandra_root_dir: '/etc/cassandra' data_dir: '/var/lib/cassandra/data' + cassandra_backup_azure_container_name: core-cassandra # This variable is added for the below reason - @@ -7,4 +8,7 @@ cassandra_backup_azure_container_name: core-cassandra # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos -cassandra_backup_storage: "{{ cassandra_backup_azure_container_name }}" \ No newline at end of file +cassandra_backup_storage: "{{ cassandra_backup_azure_container_name }}" + +cloud_storage_cassandrabackup_bucketname: "{{cloud_storage_management_bucketname}}" +cloud_storage_cassandrabackup_foldername: 'cassandra-backup' diff --git a/ansible/roles/cassandra-backup/tasks/main.yml b/ansible/roles/cassandra-backup/tasks/main.yml index 507aeb190b..304385515c 100755 --- a/ansible/roles/cassandra-backup/tasks/main.yml +++ b/ansible/roles/cassandra-backup/tasks/main.yml @@ -37,11 +37,11 @@ name: azure-cloud-storage tasks_from: upload-using-azcopy.yml vars: - blob_container_name: "{{ cassandra_backup_storage }}" + blob_container_name: "{{ cloud_storage_cassandrabackup_bucketname }}" container_public_access: "off" blob_container_folder_path: "" local_file_or_folder_path: "/data/cassandra/backup/{{ cassandra_backup_folder_name }}" - storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_name: "{{ cloud_management_storage_accountname }}" storage_account_sas_token: "{{ azure_management_storage_account_sas }}" when: cloud_service_provider == "azure" @@ -63,9 +63,8 @@ name: gcp-cloud-storage tasks_from: upload-batch.yml vars: - gcp_bucket_name: "{{ gcloud_management_bucket_name }}" - dest_folder_name: "{{ cassandra_backup_storage }}" - dest_folder_path: "" + gcp_bucket_name: "{{ cloud_storage_cassandrabackup_bucketname }}" + gcp_path: "{{ cloud_storage_cassandrabackup_foldername }}" local_file_or_folder_path: "/data/cassandra/backup/{{ cassandra_backup_folder_name }}" when: cloud_service_provider == "gcloud" diff --git a/ansible/roles/cassandra-restore/defaults/main.yml b/ansible/roles/cassandra-restore/defaults/main.yml index 4a4828144e..834c103d58 100644 --- a/ansible/roles/cassandra-restore/defaults/main.yml +++ b/ansible/roles/cassandra-restore/defaults/main.yml @@ -5,4 +5,7 @@ user_home: "/home/{{ ansible_ssh_user }}/" # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos -cassandra_backup_storage: "{{ cassandra_backup_azure_container_name }}" \ No newline at end of file +cassandra_backup_storage: "{{ cassandra_backup_azure_container_name }}" + +cloud_storage_cassandrabackup_bucketname: "{{cloud_storage_management_bucketname}}" +cloud_storage_cassandrabackup_foldername: 'cassandra-backup' diff --git a/ansible/roles/cassandra-restore/tasks/main.yml b/ansible/roles/cassandra-restore/tasks/main.yml index 8a47ab7089..304c9b8b09 100755 --- a/ansible/roles/cassandra-restore/tasks/main.yml +++ b/ansible/roles/cassandra-restore/tasks/main.yml @@ -14,7 +14,7 @@ blob_container_name: "{{ cassandra_backup_storage }}" blob_file_name: "{{ cassandra_restore_gzip_file_name }}" local_file_or_folder_path: "{{ cassandra_restore_gzip_file_path }}" - storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_name: "{{ cloud_management_storage_accountname }}" storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" @@ -37,9 +37,8 @@ name: gcp-cloud-storage tasks_from: download.yml vars: - gcp_bucket_name: "{{ gcloud_management_bucket_name }}" - dest_folder_name: "{{ cassandra_backup_storage }}" - dest_file_name: "{{ cassandra_restore_gzip_file_name }}" + gcp_bucket_name: "{{ cloud_storage_cassandrabackup_bucketname }}" + gcp_path: "{{ cloud_storage_cassandrabackup_foldername }}/{{ cassandra_restore_gzip_file_name }}" local_file_or_folder_path: "{{ cassandra_restore_gzip_file_path }}" when: cloud_service_provider == "gcloud" diff --git a/ansible/roles/cert-templates/defaults/main.yml b/ansible/roles/cert-templates/defaults/main.yml index c621d6ddb8..1ca7f44958 100644 --- a/ansible/roles/cert-templates/defaults/main.yml +++ b/ansible/roles/cert-templates/defaults/main.yml @@ -8,4 +8,4 @@ certs_badge_key_id: "" # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos -cert_service_storage: "{{ cert_service_container_name }}" \ No newline at end of file +cert_service_storage: "{{ cert_service_container_name }}" diff --git a/ansible/roles/cert-templates/tasks/main.yml b/ansible/roles/cert-templates/tasks/main.yml index 78f1f769b3..0700f1e61a 100644 --- a/ansible/roles/cert-templates/tasks/main.yml +++ b/ansible/roles/cert-templates/tasks/main.yml @@ -40,8 +40,8 @@ container_public_access: "off" blob_container_folder_path: "" local_file_or_folder_path: "{{ cert_location }}/cert-templates/certUtilScripts/out" - storage_account_name: "{{ azure_private_storage_account_name }}" - storage_account_key: "{{ azure_private_storage_account_key }}" + storage_account_name: "{{ cloud_private_storage_accountname }}" + storage_account_key: "{{ cloud_private_storage_secret }}" when: cloud_service_provider == "azure" - name: upload batch of files to aws s3 @@ -62,8 +62,7 @@ name: gcp-cloud-storage tasks_from: upload-batch.yml vars: - dest_folder_name: "{{ cert_service_storage }}" - dest_folder_path: "" + gcp_bucket_name: "{{ cloud_storage_certservice_bucketname }}" + gcp_path: "" local_file_or_folder_path: "{{ cert_location }}/cert-templates/certUtilScripts/out" - gcp_bucket_name: "{{ gcloud_private_bucket_name }}" when: cloud_service_provider == "gcloud" diff --git a/ansible/roles/desktop-deploy/defaults/main.yml b/ansible/roles/desktop-deploy/defaults/main.yml index 3010db2349..06bdd6fe1f 100644 --- a/ansible/roles/desktop-deploy/defaults/main.yml +++ b/ansible/roles/desktop-deploy/defaults/main.yml @@ -7,4 +7,4 @@ offline_installer_container_name: "{{env}}-offlineinstaller" # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos -offline_installer_storage: "{{ offline_installer_container_name }}" \ No newline at end of file +offline_installer_storage: "{{ offline_installer_container_name }}" diff --git a/ansible/roles/desktop-deploy/tasks/main.yml b/ansible/roles/desktop-deploy/tasks/main.yml index 09c41300ef..70fa94cb1d 100644 --- a/ansible/roles/desktop-deploy/tasks/main.yml +++ b/ansible/roles/desktop-deploy/tasks/main.yml @@ -55,8 +55,8 @@ set_fact: blob_container_name: "{{ offline_installer_storage }}" container_public_access: "blob" - storage_account_name: "{{ azure_public_storage_account_name }}" - storage_account_key: "{{ azure_public_storage_account_key }}" + storage_account_name: "{{ cloud_public_storage_accountname }}" + storage_account_key: "{{ cloud_public_storage_secret }}" - name: upload batch of files to azure storage include_role: @@ -103,19 +103,19 @@ local_file_or_folder_path: "{{ offline_repo_location }}/desktop_uploader_assets/{{ time }}/" when: cloud_service_provider == "aws" +### GCP Tasks ### - name: this block consists of tasks related to gcloud storage block: - name: set common gcloud variables set_fact: - dest_folder_name: "{{ offline_installer_storage }}" - gcp_bucket_name: "{{ gcloud_public_bucket_name }}" + gcp_bucket_name: "{{ cloud_storage_offlineinstaller_bucketname }}" - name: upload batch of files to gcloud storage include_role: name: gcp-cloud-storage tasks_from: upload-batch.yml vars: - dest_folder_path: "" + gcp_path: "" local_file_or_folder_path: "{{ offline_repo_location }}/desktop_uploader_assets" - name: upload batch of files to gcloud storage @@ -123,6 +123,6 @@ name: gcp-cloud-storage tasks_from: upload-batch.yml vars: - dest_folder_path: "latest" + gcp_path: "latest" local_file_or_folder_path: "{{ offline_repo_location }}/desktop_uploader_assets/{{ time }}/" when: cloud_service_provider == "gcloud" diff --git a/ansible/roles/es-azure-snapshot/tasks/main.yml b/ansible/roles/es-azure-snapshot/tasks/main.yml index 8ce0fcd267..23be535db9 100644 --- a/ansible/roles/es-azure-snapshot/tasks/main.yml +++ b/ansible/roles/es-azure-snapshot/tasks/main.yml @@ -13,8 +13,8 @@ vars: blob_container_name: "{{ es_backup_storage }}" container_public_access: "off" - storage_account_name: "{{ azure_management_storage_account_name }}" - storage_account_key: "{{ azure_management_storage_account_key }}" + storage_account_name: "{{ cloud_management_storage_accountname }}" + storage_account_key: "{{ cloud_management_storage_secret }}" - name: Create Azure Repository uri: diff --git a/ansible/roles/es6/tasks/plugins/repository-azure.yml b/ansible/roles/es6/tasks/plugins/repository-azure.yml index 170a84000e..dd7fcc3a20 100644 --- a/ansible/roles/es6/tasks/plugins/repository-azure.yml +++ b/ansible/roles/es6/tasks/plugins/repository-azure.yml @@ -1,7 +1,7 @@ --- - name: Add default azure account name for backups become: yes - shell: echo "{{ azure_management_storage_account_name }}" | {{ es_home }}/bin/elasticsearch-keystore add -f azure.client.default.account + shell: echo "{{ cloud_management_storage_accountname }}" | {{ es_home }}/bin/elasticsearch-keystore add -f azure.client.default.account no_log: True environment: ES_PATH_CONF: "{{ conf_dir }}" @@ -9,7 +9,7 @@ - name: Add default azure account key for backups become: yes - shell: echo "{{ azure_management_storage_account_key }}" | {{ es_home }}/bin/elasticsearch-keystore add -f azure.client.default.key + shell: echo "{{ cloud_management_storage_secret }}" | {{ es_home }}/bin/elasticsearch-keystore add -f azure.client.default.key no_log: True environment: - ES_PATH_CONF: "{{ conf_dir }}" \ No newline at end of file + ES_PATH_CONF: "{{ conf_dir }}" diff --git a/ansible/roles/gcp-cloud-storage/defaults/main.yml b/ansible/roles/gcp-cloud-storage/defaults/main.yml index 086cf9c50d..b0fd847b26 100644 --- a/ansible/roles/gcp-cloud-storage/defaults/main.yml +++ b/ansible/roles/gcp-cloud-storage/defaults/main.yml @@ -10,8 +10,8 @@ gcp_storage_key_file: "" # Folder name in GCP bucket # Example - -# dest_folder_name: "my-destination-folder" -dest_folder_name: "" +# gcp_path: "my-destination-folder" +gcp_path: "" # The delete pattern to delete files and folder # Example - @@ -36,7 +36,7 @@ dest_file_name: "" # The folder path in gcloud storage to upload the files starting from the root of the bucket # This path should start with / if we provide a value for this variable since we are going to append this path as below -# {{ bucket_name }}{{ dest_folder_name }} +# {{ bucket_name }}{{ gcp_path }} # The above translates to "my-bucket/my-folder-path" # Example - # dest_folder_path: "/my-folder/json-files-folder" diff --git a/ansible/roles/gcp-cloud-storage/tasks/download.yml b/ansible/roles/gcp-cloud-storage/tasks/download.yml index c8c6e956ad..73bf76bb04 100644 --- a/ansible/roles/gcp-cloud-storage/tasks/download.yml +++ b/ansible/roles/gcp-cloud-storage/tasks/download.yml @@ -3,9 +3,9 @@ include_tasks: gcloud-auth.yml - name: Download from gcloud storage - shell: gsutil cp "gs://{{ gcp_bucket_name }}/{{ dest_folder_name }}/{{ dest_file_name }}" "{{ local_file_or_folder_path }}" + shell: gsutil cp "gs://{{ gcp_bucket_name }}/{{ gcp_path }}" "{{ local_file_or_folder_path }}" async: 3600 poll: 10 - name: Revoke gcloud access - include_tasks: gcloud-revoke.yml \ No newline at end of file + include_tasks: gcloud-revoke.yml diff --git a/ansible/roles/gcp-cloud-storage/tasks/upload-batch-no-poll.yml b/ansible/roles/gcp-cloud-storage/tasks/upload-batch-no-poll.yml index 0d8755ab26..40e9b8a66a 100644 --- a/ansible/roles/gcp-cloud-storage/tasks/upload-batch-no-poll.yml +++ b/ansible/roles/gcp-cloud-storage/tasks/upload-batch-no-poll.yml @@ -1,5 +1,5 @@ --- - name: Upload files from a local directory gcp storage - shell: gsutil -m cp -r "{{ local_file_or_folder_path }}" "gs://{{ gcp_bucket_name }}/{{ dest_folder_name }}/{{ dest_folder_path }}" + shell: gsutil -m cp -r "{{ local_file_or_folder_path }}" "gs://{{ gcp_bucket_name }}/{{ gcp_path }}" async: 1800 poll: 0 diff --git a/ansible/roles/gcp-cloud-storage/tasks/upload-batch.yml b/ansible/roles/gcp-cloud-storage/tasks/upload-batch.yml index 49abd5b822..dc103969aa 100644 --- a/ansible/roles/gcp-cloud-storage/tasks/upload-batch.yml +++ b/ansible/roles/gcp-cloud-storage/tasks/upload-batch.yml @@ -3,7 +3,7 @@ include_tasks: gcloud-auth.yml - name: Upload files from a local directory gcp storage - shell: gsutil -m cp -r "{{ local_file_or_folder_path }}" "gs://{{ gcp_bucket_name }}/{{ dest_folder_name }}/{{ dest_folder_path }}" + shell: gsutil -m cp -r "{{ local_file_or_folder_path }}" "gs://{{ gcp_bucket_name }}/{{ gcp_path}}" async: 3600 poll: 10 diff --git a/ansible/roles/gcp-cloud-storage/tasks/upload.yml b/ansible/roles/gcp-cloud-storage/tasks/upload.yml index 2f88d9407f..de766a94c7 100644 --- a/ansible/roles/gcp-cloud-storage/tasks/upload.yml +++ b/ansible/roles/gcp-cloud-storage/tasks/upload.yml @@ -3,7 +3,7 @@ include_tasks: gcloud-auth.yml - name: Upload to gcloud storage - shell: gsutil cp "{{ local_file_or_folder_path }}" "gs://{{ gcp_bucket_name }}/{{ dest_folder_name }}/{{ dest_file_name }}" + shell: gsutil cp "{{ local_file_or_folder_path }}" "gs://{{ gcp_bucket_name }}/{{ gcp_path }}" async: 3600 poll: 10 diff --git a/ansible/roles/grafana-backup/defaults/main.yml b/ansible/roles/grafana-backup/defaults/main.yml index fc62843964..b6850bee97 100644 --- a/ansible/roles/grafana-backup/defaults/main.yml +++ b/ansible/roles/grafana-backup/defaults/main.yml @@ -5,10 +5,12 @@ grafana_data_dir: /var/dockerdata/grafana/grafana.db sunbird_management_storage_account_name: sunbird_management_storage_account_key: '' grafana_backup_azure_container_name: grafana-backup - # This variable is added for the below reason - # 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos -grafana_backup_storage: "{{ grafana_backup_azure_container_name }}" \ No newline at end of file +grafana_backup_storage: "{{ grafana_backup_azure_container_name }}" + +cloud_storage_grafanabackup_bucketname: "{{ cloud_storage_management_bucketname }}" +cloud_storage_grafanabackup_foldername: 'grafana-backup' diff --git a/ansible/roles/grafana-backup/tasks/main.yml b/ansible/roles/grafana-backup/tasks/main.yml index 2c8520030c..c309d409fb 100644 --- a/ansible/roles/grafana-backup/tasks/main.yml +++ b/ansible/roles/grafana-backup/tasks/main.yml @@ -28,7 +28,7 @@ container_public_access: "off" blob_file_name: "{{ grafana_backup_gzip_file_name }}" local_file_or_folder_path: "{{ grafana_backup_gzip_file_path }}" - storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_name: "{{ cloud_management_storage_accountname }}" storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" @@ -50,9 +50,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: - gcp_bucket_name: "{{ gcloud_management_bucket_name }}" - dest_folder_name: "{{ grafana_backup_storage }}" - dest_file_name: "{{ grafana_backup_gzip_file_name }}" + gcp_bucket_name: "{{ cloud_storage_grafanabackup_bucketname }}" + gcp_path: "{{ cloud_storage_grafanabackup_foldername }}/{{ grafana_backup_gzip_file_name }}" local_file_or_folder_path: "{{ grafana_backup_gzip_file_path }}" when: cloud_service_provider == "gcloud" diff --git a/ansible/roles/jenkins-backup-upload/defaults/main.yml b/ansible/roles/jenkins-backup-upload/defaults/main.yml index 40a231d3d5..d9c5c9f58a 100644 --- a/ansible/roles/jenkins-backup-upload/defaults/main.yml +++ b/ansible/roles/jenkins-backup-upload/defaults/main.yml @@ -9,4 +9,7 @@ jenkins_backup_max_delay_in_days: 1 # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos -jenkins_backup_storage: "{{ jenkins_backup_azure_container_name }}" \ No newline at end of file +jenkins_backup_storage: "{{ jenkins_backup_azure_container_name }}" + +cloud_storage_jenkinsbackup_bucketname: "{{cloud_storage_management_bucketname}}" +cloud_storage_jenkinsbackup_foldername: 'jenkins-backup' diff --git a/ansible/roles/jenkins-backup-upload/tasks/main.yml b/ansible/roles/jenkins-backup-upload/tasks/main.yml index a94e57fe4a..018a9498f1 100644 --- a/ansible/roles/jenkins-backup-upload/tasks/main.yml +++ b/ansible/roles/jenkins-backup-upload/tasks/main.yml @@ -21,7 +21,7 @@ container_public_access: "off" blob_file_name: "{{ LATEST_BACKUP_DIR.stdout }}.zip" local_file_or_folder_path: "/tmp/{{ LATEST_BACKUP_DIR.stdout }}.zip" - storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_name: "{{ cloud_management_storage_accountname }}" storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" @@ -43,9 +43,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: - gcp_bucket_name: "{{ gcloud_management_bucket_name }}" - dest_folder_name: "{{ jenkins_backup_storage }}" - dest_file_name: "{{ LATEST_BACKUP_DIR.stdout }}.zip" + gcp_bucket_name: "{{ cloud_storage_jenkinsbackup_bucketname }}" + gcp_path: "{{ cloud_storage_jenkinsbackup_foldername }}/{{ LATEST_BACKUP_DIR.stdout }}.zip" local_file_or_folder_path: "/tmp/{{ LATEST_BACKUP_DIR.stdout }}.zip" when: cloud_service_provider == "gcloud" diff --git a/ansible/roles/log-es6/tasks/plugins/repository-azure.yml b/ansible/roles/log-es6/tasks/plugins/repository-azure.yml index 9c3b9d3774..43d512803f 100644 --- a/ansible/roles/log-es6/tasks/plugins/repository-azure.yml +++ b/ansible/roles/log-es6/tasks/plugins/repository-azure.yml @@ -1,7 +1,7 @@ --- - name: Add default azure account name for backups become: yes - shell: echo "{{ azure_management_storage_account_name }}" | {{ es_home }}/bin/elasticsearch-keystore add -f azure.client.default.account + shell: echo "{{ cloud_management_storage_accountname }}" | {{ es_home }}/bin/elasticsearch-keystore add -f azure.client.default.account no_log: True environment: ES_PATH_CONF: "{{ es_conf_dir }}" @@ -9,7 +9,7 @@ - name: Add default azure account key for backups become: yes - shell: echo "{{ azure_management_storage_account_key }}" | {{ es_home }}/bin/elasticsearch-keystore add -f azure.client.default.key + shell: echo "{{ cloud_management_storage_secret }}" | {{ es_home }}/bin/elasticsearch-keystore add -f azure.client.default.key no_log: True environment: - ES_PATH_CONF: "{{ es_conf_dir }}" \ No newline at end of file + ES_PATH_CONF: "{{ es_conf_dir }}" diff --git a/ansible/roles/mongodb-backup/defaults/main.yml b/ansible/roles/mongodb-backup/defaults/main.yml index da5a0f710f..1d54a69541 100644 --- a/ansible/roles/mongodb-backup/defaults/main.yml +++ b/ansible/roles/mongodb-backup/defaults/main.yml @@ -6,4 +6,7 @@ mongo_backup_azure_container_name: "mongodb-backup" # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos -mongo_backup_storage: "{{ mongo_backup_azure_container_name }}" \ No newline at end of file +mongo_backup_storage: "{{ mongo_backup_azure_container_name }}" + +cloud_storage_mongodbbackup_bucketname: "{{cloud_storage_management_bucketname}}" +cloud_storage_mongodbbackup_foldername: 'mongodb-backup' diff --git a/ansible/roles/mongodb-backup/tasks/main.yml b/ansible/roles/mongodb-backup/tasks/main.yml index 0762f2754f..94b157648a 100644 --- a/ansible/roles/mongodb-backup/tasks/main.yml +++ b/ansible/roles/mongodb-backup/tasks/main.yml @@ -23,7 +23,7 @@ container_public_access: "off" blob_file_name: "{{ mongo_backup_file_name }}.tar.gz" local_file_or_folder_path: "{{ mongo_backup_file_path }}.tar.gz" - storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_name: "{{ cloud_management_storage_accountname }}" storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" @@ -45,9 +45,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: - gcp_bucket_name: "{{ gcloud_management_bucket_name }}" - dest_folder_name: "{{ mongo_backup_storage }}" - dest_file_name: "{{ mongo_backup_file_name }}.tar.gz" + gcp_bucket_name: "{{ cloud_storage_mongodbbackup_bucketname }}" + gcp_path: "{{ cloud_storage_mongodbbackup_foldername }}/{{ mongo_backup_file_name }}.tar.gz" local_file_or_folder_path: "{{ mongo_backup_file_path }}.tar.gz" when: cloud_service_provider == "gcloud" diff --git a/ansible/roles/postgres-managed-service-backup/defaults/main.yml b/ansible/roles/postgres-managed-service-backup/defaults/main.yml index 6e637bf3ce..6af37d7f96 100644 --- a/ansible/roles/postgres-managed-service-backup/defaults/main.yml +++ b/ansible/roles/postgres-managed-service-backup/defaults/main.yml @@ -14,4 +14,7 @@ postgres_password: "{{postgres_password}}" # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos -postgresql_backup_storage: "{{ postgresql_backup_azure_container_name }}" \ No newline at end of file +postgresql_backup_storage: "{{ postgresql_backup_azure_container_name }}" + +cloud_storage_postgresqlbackup_bucketname: "{{ cloud_storage_management_bucketname }}" +cloud_storage_postgresqlbackup_foldername: postgresql-backup diff --git a/ansible/roles/postgres-managed-service-backup/tasks/main.yml b/ansible/roles/postgres-managed-service-backup/tasks/main.yml index ea206146b3..660814d9bd 100644 --- a/ansible/roles/postgres-managed-service-backup/tasks/main.yml +++ b/ansible/roles/postgres-managed-service-backup/tasks/main.yml @@ -50,7 +50,7 @@ container_public_access: "off" blob_file_name: "{{ postgresql_backup_gzip_file_name }}.zip" local_file_or_folder_path: "{{ postgresql_backup_gzip_file_path }}" - storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_name: "{{ cloud_management_storage_accountname }}" storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" @@ -72,9 +72,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: - gcp_bucket_name: "{{ gcloud_management_bucket_name }}" - dest_folder_name: "{{ postgresql_backup_storage }}" - dest_file_name: "{{ postgresql_backup_gzip_file_name }}.zip" + gcp_bucket_name: "{{ cloud_storage_postgresqlbackup_bucketname }}" + gcp_path: "{{ cloud_storage_postgresqlbackup_foldername }}/{{ postgresql_backup_gzip_file_name }}.zip" local_file_or_folder_path: "{{ postgresql_backup_gzip_file_path }}" when: cloud_service_provider == "gcloud" diff --git a/ansible/roles/postgres-managed-service-restore/defaults/main.yml b/ansible/roles/postgres-managed-service-restore/defaults/main.yml index 4ac0d62151..41164b445c 100644 --- a/ansible/roles/postgres-managed-service-restore/defaults/main.yml +++ b/ansible/roles/postgres-managed-service-restore/defaults/main.yml @@ -18,4 +18,8 @@ postgres_env: # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos -postgres_backup_storage: "{{ postgres_backup_azure_container_name }}" \ No newline at end of file +postgres_backup_storage: "{{ postgres_backup_azure_container_name }}" + + +cloud_storage_postgresqlbackup_bucketname: "{{ cloud_storage_management_bucketname }}" +cloud_storage_postgresqlbackup_foldername: postgresql-backup diff --git a/ansible/roles/postgres-managed-service-restore/tasks/main.yml b/ansible/roles/postgres-managed-service-restore/tasks/main.yml index 0299ff3f73..8efa3dd561 100644 --- a/ansible/roles/postgres-managed-service-restore/tasks/main.yml +++ b/ansible/roles/postgres-managed-service-restore/tasks/main.yml @@ -17,7 +17,7 @@ blob_container_name: "{{ postgres_backup_storage }}" blob_file_name: "{{ postgres_backup_filename }}" local_file_or_folder_path: "{{ postgres_restore_dir }}/{{ postgres_backup_filepath }}" - storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_name: "{{ cloud_management_storage_accountname }}" storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" @@ -39,9 +39,8 @@ name: gcp-cloud-storage tasks_from: download.yml vars: - gcp_bucket_name: "{{ gcloud_management_bucket_name }}" - dest_folder_name: "{{ postgres_backup_storage }}" - dest_file_name: "{{ postgres_backup_filename }}" + gcp_bucket_name: "{{ cloud_storage_postgresqlbackup_bucketname }}" + gcp_path: "{{ cloud_storage_postgresqlbackup_foldername }}/{{ postgres_backup_filename }}" local_file_or_folder_path: "{{ postgres_restore_dir }}/{{ postgres_backup_filepath }}" when: cloud_service_provider == "gcloud" diff --git a/ansible/roles/postgresql-backup/defaults/main.yml b/ansible/roles/postgresql-backup/defaults/main.yml index 0b6a9bca4a..30902eac17 100644 --- a/ansible/roles/postgresql-backup/defaults/main.yml +++ b/ansible/roles/postgresql-backup/defaults/main.yml @@ -8,3 +8,6 @@ postgresql_backup_azure_container_name: postgresql-backup # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos postgresql_backup_storage: "{{ postgresql_backup_azure_container_name }}" + +cloud_storage_postgresqlbackup_bucketname: "{{ cloud_storage_management_bucketname }}" +cloud_storage_postgresqlbackup_foldername: postgresql-backup diff --git a/ansible/roles/postgresql-backup/tasks/main.yml b/ansible/roles/postgresql-backup/tasks/main.yml index 65116bede0..6710e49503 100644 --- a/ansible/roles/postgresql-backup/tasks/main.yml +++ b/ansible/roles/postgresql-backup/tasks/main.yml @@ -22,7 +22,7 @@ container_public_access: "off" blob_file_name: "{{ postgresql_backup_gzip_file_name }}" local_file_or_folder_path: "{{ postgresql_backup_gzip_file_path }}" - storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_name: "{{ cloud_management_storage_accountname }}" storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" @@ -44,11 +44,10 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: - gcp_bucket_name: "{{ gcloud_management_bucket_name }}" - dest_folder_name: "{{ postgresql_backup_storage }}" - dest_file_name: "{{ postgresql_backup_gzip_file_name }}" + gcp_bucket_name: "{{ cloud_storage_postgresqlbackup_bucketname }}" + gcp_path: "{{ cloud_storage_postgresqlbackup_foldername }}/{{ postgresql_backup_gzip_file_name }}" local_file_or_folder_path: "{{ postgresql_backup_gzip_file_path }}" when: cloud_service_provider == "gcloud" - name: clean up backup dir after upload - file: path="{{ postgresql_backup_dir }}" state=absent \ No newline at end of file + file: path="{{ postgresql_backup_dir }}" state=absent diff --git a/ansible/roles/postgresql-restore/defaults/main.yml b/ansible/roles/postgresql-restore/defaults/main.yml index 5f0708ed34..2bcc525469 100644 --- a/ansible/roles/postgresql-restore/defaults/main.yml +++ b/ansible/roles/postgresql-restore/defaults/main.yml @@ -10,4 +10,7 @@ postgresql_restore_azure_container_name: postgresql-backup # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos -postgresql_restore_storage: "{{ postgresql_restore_azure_container_name }}" \ No newline at end of file +postgresql_restore_storage: "{{ postgresql_restore_azure_container_name }}" + +cloud_storage_postgresqlbackup_bucketname: "{{ cloud_storage_management_bucketname }}" +cloud_storage_postgresqlbackup_foldername: postgresql-backup diff --git a/ansible/roles/postgresql-restore/tasks/main.yml b/ansible/roles/postgresql-restore/tasks/main.yml index 877e178987..b3411c5445 100644 --- a/ansible/roles/postgresql-restore/tasks/main.yml +++ b/ansible/roles/postgresql-restore/tasks/main.yml @@ -12,7 +12,7 @@ blob_container_name: "{{ postgresql_restore_storage }}" blob_file_name: "{{ postgresql_restore_gzip_file_name }}" local_file_or_folder_path: "{{ postgresql_restore_gzip_file_path }}" - storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_name: "{{ cloud_management_storage_accountname }}" storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" @@ -34,9 +34,8 @@ name: gcp-cloud-storage tasks_from: download.yml vars: - gcp_bucket_name: "{{ gcloud_management_bucket_name }}" - dest_folder_name: "{{ postgresql_restore_storage }}" - dest_file_name: "{{ postgresql_restore_gzip_file_name }}" + gcp_bucket_name: "{{ cloud_storage_postgresqlbackup_bucketname }}" + gcp_path: "{{ cloud_storage_postgresqlbackup_foldername }}/{{ postgresql_restore_gzip_file_name }}" local_file_or_folder_path: "{{ postgresql_restore_gzip_file_path }}" when: cloud_service_provider == "gcloud" diff --git a/ansible/roles/prometheus-backup-v2/defaults/main.yml b/ansible/roles/prometheus-backup-v2/defaults/main.yml index e3752a693f..430c9df4cb 100644 --- a/ansible/roles/prometheus-backup-v2/defaults/main.yml +++ b/ansible/roles/prometheus-backup-v2/defaults/main.yml @@ -7,4 +7,7 @@ prometheus_backup_azure_container_name: prometheus-backup # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos -prometheus_backup_storage: "{{ prometheus_backup_azure_container_name }}" \ No newline at end of file +prometheus_backup_storage: "{{ prometheus_backup_azure_container_name }}" + +cloud_storage_prometheusbackup_bucketname: "{{ cloud_storage_management_bucketname }}" +cloud_storage_prometheusbackup_foldername: prometheus-backup diff --git a/ansible/roles/prometheus-backup-v2/tasks/main.yml b/ansible/roles/prometheus-backup-v2/tasks/main.yml index 3831080dbc..9b25fc465c 100644 --- a/ansible/roles/prometheus-backup-v2/tasks/main.yml +++ b/ansible/roles/prometheus-backup-v2/tasks/main.yml @@ -25,7 +25,7 @@ container_public_access: "off" blob_file_name: "{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" local_file_or_folder_path: "/tmp/{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" - storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_name: "{{ cloud_management_storage_accountname }}" storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" @@ -47,9 +47,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: - gcp_bucket_name: "{{ gcloud_management_bucket_name }}" - dest_folder_name: "{{ prometheus_backup_storage }}" - dest_file_name: "{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" + gcp_bucket_name: "{{ cloud_storage_prometheusbackup_bucketname }}" + gcp_path: "{{ cloud_storage_prometheusbackup_foldername }}/{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" local_file_or_folder_path: "/tmp/{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" when: cloud_service_provider == "gcloud" diff --git a/ansible/roles/prometheus-backup/defaults/main.yml b/ansible/roles/prometheus-backup/defaults/main.yml index 17425092ee..3bba75124c 100644 --- a/ansible/roles/prometheus-backup/defaults/main.yml +++ b/ansible/roles/prometheus-backup/defaults/main.yml @@ -11,4 +11,7 @@ backup_storage_key: '' # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos -prometheus_backup_storage: "{{ prometheus_backup_azure_container_name }}" \ No newline at end of file +prometheus_backup_storage: "{{ prometheus_backup_azure_container_name }}" + +cloud_storage_prometheusbackup_bucketname: "{{ cloud_storage_management_bucketname }}" +cloud_storage_prometheusbackup_foldername: prometheus-backup diff --git a/ansible/roles/prometheus-backup/tasks/main.yml b/ansible/roles/prometheus-backup/tasks/main.yml index 55a51287ae..14cc74a41a 100644 --- a/ansible/roles/prometheus-backup/tasks/main.yml +++ b/ansible/roles/prometheus-backup/tasks/main.yml @@ -34,7 +34,7 @@ container_public_access: "off" blob_file_name: "{{ prometheus_backup_gzip_file_name }}" local_file_or_folder_path: "{{ prometheus_backup_gzip_file_path }}" - storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_name: "{{ cloud_management_storage_accountname }}" storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" @@ -56,9 +56,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: - gcp_bucket_name: "{{ gcloud_management_bucket_name }}" - dest_folder_name: "{{ prometheus_backup_storage }}" - dest_file_name: "{{ prometheus_backup_gzip_file_name }}" + gcp_bucket_name: "{{ cloud_storage_prometheusbackup_bucketname }}" + gcp_path: "{{ cloud_storage_prometheusbackup_foldername }}/{{ prometheus_backup_gzip_file_name }}" local_file_or_folder_path: "{{ prometheus_backup_gzip_file_path }}" when: cloud_service_provider == "gcloud" diff --git a/ansible/roles/prometheus-restore/defaults/main.yml b/ansible/roles/prometheus-restore/defaults/main.yml index bee405457a..580e865060 100644 --- a/ansible/roles/prometheus-restore/defaults/main.yml +++ b/ansible/roles/prometheus-restore/defaults/main.yml @@ -6,4 +6,7 @@ prometheus_backup_azure_container_name: prometheus-backup # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos -prometheus_backup_storage: "{{ prometheus_backup_azure_container_name }}" \ No newline at end of file +prometheus_backup_storage: "{{ prometheus_backup_azure_container_name }}" + +cloud_storage_prometheusbackup_bucketname: "{{ cloud_storage_management_bucketname }}" +cloud_storage_prometheusbackup_foldername: prometheus-backup diff --git a/ansible/roles/prometheus-restore/tasks/main.yml b/ansible/roles/prometheus-restore/tasks/main.yml index 2232770fdd..0c9b0749a9 100644 --- a/ansible/roles/prometheus-restore/tasks/main.yml +++ b/ansible/roles/prometheus-restore/tasks/main.yml @@ -10,7 +10,7 @@ blob_container_name: "{{ prometheus_backup_storage }}" blob_file_name: "{{ prometheus_backup_filename }}" local_file_or_folder_path: "{{ prometheus_backup_dir }}/{{ prometheus_backup_filepath }}" - storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_name: "{{ cloud_management_storage_accountname }}" storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" @@ -32,9 +32,8 @@ name: gcp-cloud-storage tasks_from: download.yml vars: - gcp_bucket_name: "{{ gcloud_management_bucket_name }}" - dest_folder_name: "{{ prometheus_backup_storage }}" - dest_file_name: "{{ prometheus_backup_filename }}" + gcp_bucket_name: "{{ cloud_storage_prometheusbackup_bucketname }}" + gcp_path: "{{ cloud_storage_prometheusbackup_foldername }}/{{ prometheus_backup_filename }}" local_file_or_folder_path: "{{ prometheus_backup_dir }}/{{ prometheus_backup_filepath }}" when: cloud_service_provider == "gcloud" diff --git a/ansible/roles/redis-backup/defaults/main.yml b/ansible/roles/redis-backup/defaults/main.yml index 9f6055682a..6aacb354d6 100644 --- a/ansible/roles/redis-backup/defaults/main.yml +++ b/ansible/roles/redis-backup/defaults/main.yml @@ -7,4 +7,7 @@ learner_user: learning # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo # or other default files and just assign the value to the newly introduced common variable # 3. After few releases, we will remove the older variables and use only the new variables across the repos -nodebb_redis_backup_storage: "{{ nodebb_redis_backup_azure_container_name }}" \ No newline at end of file +nodebb_redis_backup_storage: "{{ nodebb_redis_backup_azure_container_name }}" + +cloud_storage_redisbackup_bucketname: "{{ cloud_storage_management_bucketname }}" +cloud_storage_redisbackup_foldername: nodebb-redis-backup diff --git a/ansible/roles/redis-backup/tasks/main.yml b/ansible/roles/redis-backup/tasks/main.yml index 5359a362c8..9f0c15a815 100644 --- a/ansible/roles/redis-backup/tasks/main.yml +++ b/ansible/roles/redis-backup/tasks/main.yml @@ -22,7 +22,7 @@ container_public_access: "off" blob_file_name: "{{ redis_backup_file_name }}" local_file_or_folder_path: "{{ redis_backup_file_path }}" - storage_account_name: "{{ azure_management_storage_account_name }}" + storage_account_name: "{{ cloud_management_storage_accountname }}" storage_account_key: "{{ azure_management_storage_account_key }}" when: cloud_service_provider == "azure" @@ -44,9 +44,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: - gcp_bucket_name: "{{ gcloud_management_bucket_name }}" - dest_folder_name: "{{ nodebb_redis_backup_storage }}" - dest_file_name: "{{ redis_backup_file_name }}" + gcp_bucket_name: "{{ cloud_storage_redisbackup_bucketname }}" + gcp_path: "{{ cloud_storage_redisbackup_foldername }}/{{ redis_backup_file_name }}" local_file_or_folder_path: "{{ redis_backup_file_path }}" when: cloud_service_provider == "gcloud" diff --git a/ansible/uploadFAQs.yml b/ansible/uploadFAQs.yml index b37398b874..88d17aba81 100644 --- a/ansible/uploadFAQs.yml +++ b/ansible/uploadFAQs.yml @@ -24,8 +24,8 @@ container_public_access: "container" blob_container_folder_path: "" local_file_or_folder_path: "{{ playbook_dir }}/../utils/{{ item }}" - storage_account_name: "{{ azure_public_storage_account_name }}" - storage_account_key: "{{ azure_public_storage_account_key }}" + storage_account_name: "{{ cloud_public_storage_accountname }}" + storage_account_key: "{{ cloud_public_storage_secret }}" with_items: - "{{ source_folder.split(',') }}" when: cloud_service_provider == "azure" From 146c793dbbb3119dbfd4c887d819d04b117fe1f4 Mon Sep 17 00:00:00 2001 From: G33tha Date: Thu, 8 Dec 2022 13:42:45 +0530 Subject: [PATCH 191/434] updated knowlgbb service changes --- ansible/roles/stack-sunbird/defaults/main.yml | 5 +++++ pipelines/deploy/ContentFramework/Jenkinsfile | 1 + pipelines/upload/schema/dial/Jenkinsfile | 4 ++-- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index 8b600f04a1..0c8c86242d 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -1048,3 +1048,8 @@ kong_desktop_device_consumer_names_for_opa: '["desktop"]' # Audience claim check is disabled as of now # List of keycloak clients as these can come in audience field of a JWT token # keycloak_allowed_aud: '"{{ keycloak_auth_server_url }}/realms/{{ keycloak_realm }}", "account", "realm-management"' + + +cloudstorage_relative_path_prefix_content: "CONTENT_STORAGE_BASE_PATH" +cloudstorage_relative_path_prefix_dial: "DIAL_STORAGE_BASE_PATH" +cloudstorage_metadata_list: '["appIcon", "artifactUrl", "posterImage", "previewUrl", "thumbnail", "assetsMap", "certTemplate", "itemSetPreviewUrl", "grayScaleAppIcon", "sourceURL", "variants", "downloadUrl", "streamingUrl", "toc_url", "data", "question", "solutions", "editorState", "media", "pdfUrl"]' \ No newline at end of file diff --git a/pipelines/deploy/ContentFramework/Jenkinsfile b/pipelines/deploy/ContentFramework/Jenkinsfile index c495bce266..a02c72eb69 100644 --- a/pipelines/deploy/ContentFramework/Jenkinsfile +++ b/pipelines/deploy/ContentFramework/Jenkinsfile @@ -44,6 +44,7 @@ node() { sh """ zip -r content-editor-artifact.zip ansible/content-editor cd ansible/content-editor + sudo npm install -g gulp npm install npm install promise gulp minifyJs diff --git a/pipelines/upload/schema/dial/Jenkinsfile b/pipelines/upload/schema/dial/Jenkinsfile index dd74b2f23f..553dcfd840 100644 --- a/pipelines/upload/schema/dial/Jenkinsfile +++ b/pipelines/upload/schema/dial/Jenkinsfile @@ -28,8 +28,8 @@ node() { rm -rf sunbird-dial-service git clone https://github.com/project-sunbird/sunbird-dial-service.git -b ${params.dial_branch_or_tag} """ - ansiblePlaybook = "${currentWs}/ansible/dial_upload-schema.yml" - ansibleExtraArgs = "--extra-vars \" source_name=${currentWs}/sunbird-dial-service/schemas\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansiblePlaybook = "${currentWs}/ansible/dial_upload-schema.yml" + ansibleExtraArgs = "--extra-vars \" source_name=${currentWs}/sunbird-dial-service/jsonld-schema \" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('currentWs', currentWs) values.put('env', envDir) values.put('module', module) From 012961fa2520435d977ed27a8e58ff98139e82af Mon Sep 17 00:00:00 2001 From: G33tha Date: Thu, 8 Dec 2022 13:45:41 +0530 Subject: [PATCH 192/434] updated knowlgbb service changes --- pipelines/upload/schema/dial/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pipelines/upload/schema/dial/Jenkinsfile b/pipelines/upload/schema/dial/Jenkinsfile index 553dcfd840..a91956eaf1 100644 --- a/pipelines/upload/schema/dial/Jenkinsfile +++ b/pipelines/upload/schema/dial/Jenkinsfile @@ -28,7 +28,7 @@ node() { rm -rf sunbird-dial-service git clone https://github.com/project-sunbird/sunbird-dial-service.git -b ${params.dial_branch_or_tag} """ - ansiblePlaybook = "${currentWs}/ansible/dial_upload-schema.yml" + ansiblePlaybook = "${currentWs}/ansible/dial_upload-schema.yml" ansibleExtraArgs = "--extra-vars \" source_name=${currentWs}/sunbird-dial-service/jsonld-schema \" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('currentWs', currentWs) values.put('env', envDir) From 5db7065a368ddd6aeb0df17500d177cea76376a0 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Thu, 8 Dec 2022 13:55:03 +0530 Subject: [PATCH 193/434] Issue #KN-439 chore: Mering the changes from release-5.2.0-knowlg to release-5.2.0 --- ansible/roles/kong-api/defaults/main.yml | 167 +++++++++++++++++- .../content-service_application.conf | 11 +- .../templates/dial-service_application.conf | 10 ++ .../taxonomy-service_application.conf | 8 + 4 files changed, 194 insertions(+), 2 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index bb6e0c7c56..d7589ae22e 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -127,6 +127,7 @@ assessment_prefix: /assessment # Service URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" learning_service_url: "http://learner-service:9000" +dial_service_url: "http://dial-service:9000" vm_learning_service_url: "http://{{learningservice_ip}}:8080/learning-service" telemetry_service_url: "http://telemetry-service:9001" player_service_url: "http://player:3000" @@ -2494,7 +2495,7 @@ kong_apis: - name: publishContent uris: "{{ content_prefix }}/v1/publish" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/publish" + upstream_url: "{{ content_service_url }}/content/v3/publish" strip_uri: true plugins: - name: jwt @@ -9836,3 +9837,167 @@ kong_apis: - name: opa-checks config.required: false config.enabled: false + +- name: releaseDialcodeContentV2 + uris: "{{ content_prefix }}/v2/dialcode/release" + upstream_url: "{{ content_service_url }}/content/v4/dialcode/release" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: true + config.enabled: true + +- name: releaseDialcodeCollection + uris: "{{ collection_prefix }}/v1/dialcode/release" + upstream_url: "{{ content_service_url }}/collection/v4/dialcode/release" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: true + config.enabled: true + +- name: publishContentV2 + uris: "{{ content_prefix }}/v2/publish" + upstream_url: "{{ content_service_url }}/content/v4/publish" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: true + config.enabled: true + +- name: unlistedPublishContent + uris: "{{ content_prefix }}/v1/unlisted/publish" + upstream_url: "{{ content_service_url }}/content/v3/unlisted/publish" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: true + config.enabled: true + +- name: unlistedPublishContentV2 + uris: "{{ content_prefix }}/v2/unlisted/publish" + upstream_url: "{{ content_service_url }}/content/v4/unlisted/publish" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: true + config.enabled: true + +- name: publishCollection + uris: "{{ collection_prefix }}/v1/publish" + upstream_url: "{{ content_service_url }}/collection/v4/publish" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: true + config.enabled: true + +- name: unlistedPublishCollection + uris: "{{ collection_prefix }}/v1/unlisted/publish" + upstream_url: "{{ content_service_url }}/collection/v4/unlisted/publish" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: true + config.enabled: true + +- name: readDIALCodesBatchInfo + uris: "{{ dialcode_service_prefix }}/v2/read/batch" + upstream_url: "{{ dial_service_url }}/dialcode/v4/batch/read" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: true + config.enabled: true \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/content-service_application.conf b/ansible/roles/stack-sunbird/templates/content-service_application.conf index fb5a2e7667..bb44a71828 100644 --- a/ansible/roles/stack-sunbird/templates/content-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/content-service_application.conf @@ -382,7 +382,7 @@ content { } h5p { library { - path: "{{ h5p_library_path }}" + path: "{{ h5p_library_path | default('https://sunbirddev.blob.core.windows.net/sunbird-content-dev/h5p-standalone-1.3.4.zip') }}" } } copy { @@ -494,6 +494,7 @@ kafka { urls : "{{ kafka_urls }}" topic.send.enable : true topics.instruction : "{{ env_name }}.learning.job.request" + publish.request.topic : "{{ env_name }}.publish.job.request" } # DIAL Link Config @@ -637,3 +638,11 @@ collection { } plugin.media.base.url="{{ plugin_media_base_url }}" + +cloudstorage { + metadata.replace_absolute_path={{ cloudstorage_replace_absolute_path | default('false') }} + relative_path_prefix={{ cloudstorage_relative_path_prefix_content }} + metadata.list={{ cloudstorage_metadata_list }} + read_base_path="{{ cloudstorage_base_path }}" + write_base_path={{ valid_cloudstorage_base_urls }} +} diff --git a/ansible/roles/stack-sunbird/templates/dial-service_application.conf b/ansible/roles/stack-sunbird/templates/dial-service_application.conf index 745a8b9bfe..dd7b11dbeb 100644 --- a/ansible/roles/stack-sunbird/templates/dial-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/dial-service_application.conf @@ -150,6 +150,10 @@ system.config.table="system_config" publisher.keyspace.name="{{ env_name }}_dialcode_store" publisher.keyspace.table="publisher" +#QRCodes Configuration +qrcodes.keyspace.name="dialcodes" +qrcodes.keyspace.table="dialcode_batch" + #DIAL Code Generator Configuration dialcode.strip.chars="0" dialcode.length=6.0 @@ -191,3 +195,9 @@ jsonld { sb_schema = ["http://store.knowlg.sunbird.org/dial/specs/sb/schema.jsonld"] } +cloudstorage { + metadata.replace_absolute_path="{{ cloudstorage_replace_absolute_path | default('false') }}" + relative_path_prefix="{{ cloudstorage_relative_path_prefix_dial | default('DIAL_STORAGE_BASE_PATH') }}" + read_base_path="{{ cloudstorage_base_path }}" +} +cloud_storage_container="{{ cloud_storage_dial_bucketname | default('dial') }}" diff --git a/ansible/roles/stack-sunbird/templates/taxonomy-service_application.conf b/ansible/roles/stack-sunbird/templates/taxonomy-service_application.conf index e1298a1b92..332206c502 100644 --- a/ansible/roles/stack-sunbird/templates/taxonomy-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/taxonomy-service_application.conf @@ -398,3 +398,11 @@ objectcategorydefinition.keyspace="{{ lp_cassandra_keyspace_prefix }}_category_s # Framework master category validation Supported values are Yes/No master.category.validation.enabled="{{ master_category_validation_enabled | default('Yes') }}" + +cloudstorage { + metadata.replace_absolute_path={{ cloudstorage_replace_absolute_path | default('false') }} + relative_path_prefix={{ cloudstorage_relative_path_prefix_content }} + metadata.list={{ cloudstorage_metadata_list }} + read_base_path="{{ cloudstorage_base_path }}" + write_base_path={{ valid_cloudstorage_base_urls }} +} From 484731bcdbe3106a1c9f83a971369e9046267dce Mon Sep 17 00:00:00 2001 From: swayangjit Date: Thu, 8 Dec 2022 15:52:41 +0530 Subject: [PATCH 194/434] Issue #ED-354 chore: Update aab firebase upload logic. --- ansible/roles/firebase_deploy/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/firebase_deploy/tasks/main.yml b/ansible/roles/firebase_deploy/tasks/main.yml index 0403ff7dab..8ebd281250 100644 --- a/ansible/roles/firebase_deploy/tasks/main.yml +++ b/ansible/roles/firebase_deploy/tasks/main.yml @@ -9,7 +9,7 @@ src: "uploadToGdrive.sh" dest: "./uploadToGdrive.sh" - name: Uploading build to {{ env_name }} firebase - shell: find ../ -maxdepth 1 -iregex ".*{{env_name}}.apk" -exec bash deployToFirebase.sh {} \; + shell: find ../ -maxdepth 1 -iregex ".*{{env_name}}.*.aab" -exec bash deployToFirebase.sh {} \; when: env_name!='production' - name: Uploading build to {{ env_name }} Gdrive shell: find ../ -maxdepth 1 -iregex ".*[0-9].apk" -exec bash uploadToGdrive.sh -v -r {} \; From b14d6de817d42373514f6013cdf83f8b4108ad17 Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Thu, 8 Dec 2022 20:45:54 +0530 Subject: [PATCH 195/434] Release 5.1.0 vars change (#3658) --- ansible/artifacts-download.yml | 12 +- ansible/artifacts-upload.yml | 12 +- ansible/assets-upload.yml | 27 ++-- ansible/deploy-plugins.yml | 25 ++-- ansible/desktop-faq-upload.yml | 120 ++++++++++++++---- ansible/dial_upload-schema.yml | 19 +-- ansible/inventory/env/group_vars/all.yml | 1 - ansible/kp_upload-schema.yml | 19 +-- .../roles/cassandra-backup/defaults/main.yml | 10 -- ansible/roles/cassandra-backup/tasks/main.yml | 12 +- .../roles/cassandra-restore/defaults/main.yml | 7 - .../roles/cassandra-restore/tasks/main.yml | 14 +- .../roles/cert-templates/defaults/main.yml | 7 - ansible/roles/cert-templates/tasks/main.yml | 12 +- .../roles/desktop-deploy/defaults/main.yml | 7 - ansible/roles/desktop-deploy/tasks/main.yml | 10 +- .../roles/grafana-backup/defaults/main.yml | 7 - ansible/roles/grafana-backup/tasks/main.yml | 14 +- .../jenkins-backup-upload/defaults/main.yml | 8 -- .../jenkins-backup-upload/tasks/main.yml | 14 +- .../roles/mongodb-backup/defaults/main.yml | 8 -- ansible/roles/mongodb-backup/tasks/main.yml | 12 +- .../defaults/main.yml | 9 -- .../tasks/main.yml | 14 +- .../defaults/main.yml | 10 -- .../tasks/main.yml | 14 +- .../roles/postgresql-backup/defaults/main.yml | 8 -- .../roles/postgresql-backup/tasks/main.yml | 14 +- .../postgresql-restore/defaults/main.yml | 8 -- .../roles/postgresql-restore/tasks/main.yml | 14 +- .../prometheus-backup-v2/defaults/main.yml | 8 -- .../roles/prometheus-backup-v2/tasks/main.yml | 12 +- .../roles/prometheus-backup/defaults/main.yml | 9 -- .../roles/prometheus-backup/tasks/main.yml | 14 +- .../prometheus-restore/defaults/main.yml | 9 -- .../roles/prometheus-restore/tasks/main.yml | 14 +- ansible/roles/redis-backup/defaults/main.yml | 8 -- ansible/roles/redis-backup/tasks/main.yml | 14 +- ansible/uploadFAQs.yml | 62 +++++++-- .../UploadCollectionHierarchyCSV/config.xml | 11 +- .../jobs/UploadChatbotConfig/config.xml | 11 +- .../UploadCollectionHierarchyCSV/config.xml | 13 +- .../jobs/UploadDiscussionUIDocs/config.xml | 11 +- .../Kubernetes/jobs/UploadFAQs/config.xml | 9 -- .../jobs/UploadPortalLabel/config.xml | 9 -- .../Sunbird-RC/jobs/UploadRCSchema/config.xml | 9 -- pipelines/deploy/desktop-faq/Jenkinsfile | 2 +- pipelines/upload/chatbot/Jenkinsfile | 2 +- pipelines/upload/discussion-UI/Jenkinsfile | 2 +- pipelines/upload/faqs/Jenkinsfile | 2 +- pipelines/upload/portal-csv/Jenkinsfile | 2 +- 51 files changed, 300 insertions(+), 401 deletions(-) diff --git a/ansible/artifacts-download.yml b/ansible/artifacts-download.yml index 25869f80a3..46167180e4 100644 --- a/ansible/artifacts-download.yml +++ b/ansible/artifacts-download.yml @@ -9,7 +9,7 @@ name: azure-cloud-storage tasks_from: blob-download.yml vars: - blob_container_name: "{{ artifacts_container }}" + blob_container_name: "{{ cloud_storage_artifacts_bucketname }}" blob_file_name: "{{ artifact }}" local_file_or_folder_path: "{{ artifact_path }}" storage_account_name: "{{ cloud_artifact_storage_accountname }}" @@ -32,9 +32,9 @@ tasks_from: download.yml vars: local_file_or_folder_path: "{{ artifact_path }}" - s3_bucket_name: "{{ aws_artifact_s3_bucket_name }}" - s3_path: "{{ artifacts_container }}/{{ artifact }}" - aws_default_region: "{{ aws_region }}" - aws_access_key_id: "{{ aws_artifact_bucket_access_key }}" - aws_secret_access_key: "{{ aws_artifact_bucket_secret_access_key }}" + s3_bucket_name: "{{ cloud_storage_artifacts_bucketname }}" + s3_path: "{{ artifact }}" + aws_default_region: "{{ cloud_public_storage_region }}" + aws_access_key_id: "{{ cloud_artifact_storage_accountname }}" + aws_secret_access_key: "{{ cloud_artifact_storage_secret }}" when: cloud_service_provider == "aws" diff --git a/ansible/artifacts-upload.yml b/ansible/artifacts-upload.yml index 31f2589a68..3bdbe73017 100644 --- a/ansible/artifacts-upload.yml +++ b/ansible/artifacts-upload.yml @@ -9,7 +9,7 @@ name: azure-cloud-storage tasks_from: blob-upload.yml vars: - blob_container_name: "{{ artifacts_container }}" + blob_container_name: "{{ cloud_storage_artifacts_bucketname }}" container_public_access: "off" blob_file_name: "{{ artifact }}" local_file_or_folder_path: "{{ artifact_path }}" @@ -33,9 +33,9 @@ tasks_from: upload.yml vars: local_file_or_folder_path: "{{ artifact_path }}" - s3_bucket_name: "{{ aws_artifact_s3_bucket_name }}" - s3_path: "{{ artifacts_container }}/{{ artifact }}" - aws_default_region: "{{ aws_region }}" - aws_access_key_id: "{{ aws_artifact_bucket_access_key }}" - aws_secret_access_key: "{{ aws_artifact_bucket_secret_access_key }}" + s3_bucket_name: "{{ cloud_storage_artifacts_bucketname }}" + s3_path: "{{ artifact }}" + aws_default_region: "{{ cloud_public_storage_region }}" + aws_access_key_id: "{{ cloud_artifact_storage_accountname }}" + aws_secret_access_key: "{{ cloud_artifact_storage_secret }}" when: cloud_service_provider == "aws" diff --git a/ansible/assets-upload.yml b/ansible/assets-upload.yml index 8adf3cae74..2d8d4b1bc2 100644 --- a/ansible/assets-upload.yml +++ b/ansible/assets-upload.yml @@ -2,20 +2,13 @@ - hosts: localhost vars_files: - ['{{inventory_dir}}/secrets.yml', 'secrets/{{env}}.yml'] - # The vars: section is added for the below reason - # 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name - # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo - # or other default files and just assign the value to the newly introduced common variable - # 3. After few releases, we will remove the older variables and use only the new variables across the repos - vars: - player_cdn_storage: "{{ player_cdn_container }}" # Azure tasks: - name: this block consists of tasks related to azure storage block: - name: set common azure variables set_fact: - blob_container_name: "{{ player_cdn_storage }}" + blob_container_name: "{{ cloud_storage_playercdn_bucketname }}" container_public_access: "container" blob_container_folder_path: "" storage_account_name: "{{ cloud_public_storage_accountname }}" @@ -40,11 +33,11 @@ block: - name: set common aws variables set_fact: - s3_bucket_name: "{{ aws_public_s3_bucket_name }}" - s3_path: "{{ player_cdn_storage }}" - aws_default_region: "{{ aws_region }}" - aws_access_key_id: "{{ aws_public_bucket_access_key }}" - aws_secret_access_key: "{{ aws_public_bucket_secret_access_key }}" + s3_bucket_name: "{{ cloud_storage_playercdn_bucketname }}" + s3_path: "" + aws_default_region: "{{ cloud_public_storage_region }}" + aws_access_key_id: "{{ cloud_public_storage_accountname }}" + aws_secret_access_key: "{{ cloud_public_storage_secret }}" - name: delete files and folders from s3 include_role: @@ -64,10 +57,10 @@ block: - name: set common gcloud variables set_fact: - dest_folder_name: "{{ player_cdn_storage }}" - dest_folder_path: "" - file_delete_pattern: "{{ player_cdn_storage }}/" - gcp_bucket_name: "{{ gcloud_public_bucket_name }}" + gcp_bucket_name: "{{ cloud_storage_playercdn_bucketname }}" + gcp_path: "" + file_delete_pattern: "" + - name: delete files and folders from gcloud storage include_role: diff --git a/ansible/deploy-plugins.yml b/ansible/deploy-plugins.yml index ae7f21637a..6d048b18c4 100644 --- a/ansible/deploy-plugins.yml +++ b/ansible/deploy-plugins.yml @@ -2,13 +2,6 @@ gather_facts: no vars_files: - "{{inventory_dir}}/secrets.yml" - # The vars: section is added for the below reason - # 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name - # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo - # or other default files and just assign the value to the newly introduced common variable - # 3. After few releases, we will remove the older variables and use only the new variables across the repos - vars: - plugin_storage: "{{ plugin_container_name }}" tasks: - name: rename env_domain in preview_cdn.html for CDN shell: | @@ -22,7 +15,7 @@ block: - name: set common azure variables set_fact: - blob_container_name: "{{ plugin_storage }}" + blob_container_name: "{{ cloud_storage_content_bucketname }}" container_public_access: "container" storage_account_name: "{{ cloud_public_storage_accountname }}" storage_account_key: "{{ cloud_public_storage_secret }}" @@ -169,10 +162,10 @@ block: - name: set common aws variables set_fact: - aws_default_region: "{{ aws_region }}" - s3_bucket_name: "{{ aws_public_s3_bucket_name }}" - aws_access_key_id: "{{ aws_public_bucket_access_key }}" - aws_secret_access_key: "{{ aws_public_bucket_secret_access_key }}" + aws_default_region: "{{ cloud_public_storage_region }}" + s3_bucket_name: "{{ cloud_storage_content_bucketname }}" + aws_access_key_id: "{{ cloud_public_storage_accountname }}" + aws_secret_access_key: "{{ cloud_public_storage_secret }}" tags: - always @@ -182,7 +175,7 @@ name: aws-cloud-storage tasks_from: delete-folder.yml vars: - s3_path: "{{ plugin_storage }}/{{ folder_name }}" + s3_path: "{{ folder_name }}" tags: - content-editor - collection-editor @@ -195,7 +188,7 @@ name: aws-cloud-storage tasks_from: upload-folder.yml vars: - s3_path: "{{ plugin_storage }}/{{ folder_name }}" + s3_path: "{{ folder_name }}" local_file_or_folder_path: "{{ source_name }}" tags: - content-editor @@ -211,14 +204,14 @@ name: aws-cloud-storage tasks_from: upload.yml vars: - s3_path: "{{ plugin_storage }}/artefacts/content-player/content-player-{{ player_version_number }}.zip" + s3_path: "artefacts/content-player/content-player-{{ player_version_number }}.zip" local_file_or_folder_path: "{{ source_file_name }}" tags: - preview - block: - name: run the s3_copy.sh script - shell: "bash {{ s3_file_path }} {{ plugin_storage }} {{ source_file }} {{ aws_public_s3_bucket_name }}" + shell: "bash {{ s3_file_path }} {{ source_file }} {{ cloud_public_storage_accountname }}" async: 3600 poll: 10 environment: diff --git a/ansible/desktop-faq-upload.yml b/ansible/desktop-faq-upload.yml index d36b0e3721..3683202043 100644 --- a/ansible/desktop-faq-upload.yml +++ b/ansible/desktop-faq-upload.yml @@ -6,7 +6,7 @@ block: - name: set common azure variables set_fact: - blob_container_name: "{{ upload_storage }}" + blob_container_name: "" blob_file_name: "{{ destination_path }}" blob_container_folder_path: "/{{ destination_path }}" local_file_or_folder_path: "{{ playbook_dir }}/../{{ src_file_path }}" @@ -20,6 +20,7 @@ tasks_from: blob-upload.yml vars: container_public_access: "container" + blob_container_name: "{{ cloud_storage_public_bucketname }}" storage_account_name: "{{ cloud_public_storage_accountname }}" storage_account_key: "{{ cloud_public_storage_secret }}" tags: @@ -32,32 +33,58 @@ tasks_from: blob-upload.yml vars: container_public_access: "off" + blob_container_name: "{{ cloud_storage_label_bucketname }}" storage_account_name: "{{ cloud_private_storage_accountname }}" storage_account_key: "{{ cloud_private_storage_secret }}" tags: - upload-label - block: - - name: upload batch of files to azure storage + - name: upload batch of files to azure storage - chatbot include_role: name: azure-cloud-storage tasks_from: blob-upload-batch.yml vars: container_public_access: "container" + blob_container_name: "{{ cloud_storage_chatbot_bucketname }}" storage_account_name: "{{ cloud_public_storage_accountname }}" storage_account_key: "{{ cloud_public_storage_secret }}" tags: - upload-chatbot-config - - upload-batch + + - block: + - name: upload batch of files to azure storage - csv-template + include_role: + name: azure-cloud-storage + tasks_from: blob-upload-batch.yml + vars: + container_public_access: "container" + blob_container_name: "{{ cloud_storage_sourcing_bucketname }}" + storage_account_name: "{{ cloud_public_storage_accountname }}" + storage_account_key: "{{ cloud_public_storage_secret }}" + tags: + - upload-csv-template + + - block: + - name: upload batch of files to azure storage - discussion-ui + include_role: + name: azure-cloud-storage + tasks_from: blob-upload-batch.yml + vars: + container_public_access: "container" + blob_container_name: "{{ cloud_storage_discussionui_bucketname }}" + storage_account_name: "{{ cloud_public_storage_accountname }}" + storage_account_key: "{{ cloud_public_storage_secret }}" + tags: + - upload-discussion-ui when: cloud_service_provider == "azure" +### GCP tasks ### - name: this block consists of tasks related to gcloud storage block: - name: set common gcloud variables set_fact: - dest_folder_name: "{{ upload_storage }}" - dest_file_name: "{{ destination_path }}" - dest_folder_path: "{{ destination_path }}" + gcp_path: "{{ destination_path }}" local_file_or_folder_path: "{{ playbook_dir }}/../{{ src_file_path }}" tags: - always @@ -68,7 +95,7 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: - gcp_bucket_name: "{{ gcloud_public_bucket_name }}" + gcp_bucket_name: "{{ cloud_storage_public_bucketname }}" tags: - upload-desktop-faq @@ -78,20 +105,39 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: - gcp_bucket_name: "{{ gcloud_private_bucket_name }}" + gcp_bucket_name: "{{ cloud_storage_label_bucketname }}" tags: - upload-label - block: - - name: upload batch of files to gcloud storage + - name: upload batch of files to gcloud storage - chatbot include_role: name: gcp-cloud-storage tasks_from: upload-batch.yml vars: - gcp_bucket_name: "{{ gcloud_public_bucket_name }}" + gcp_bucket_name: "{{ cloud_storage_chatbot_bucketname }}" tags: - upload-chatbot-config - - upload-batch + + - block: + - name: upload batch of files to gcloud storage - csv-template + include_role: + name: gcp-cloud-storage + tasks_from: upload-batch.yml + vars: + gcp_bucket_name: "{{ cloud_storage_sourcing_bucketname }}" + tags: + - upload-csv-template + + - block: + - name: upload batch of files to gcloud storage - discussion-ui + include_role: + name: gcp-cloud-storage + tasks_from: upload-batch.yml + vars: + gcp_bucket_name: "{{ cloud_storage_discussionui_bucketname }}" + tags: + - upload-discussion-ui when: cloud_service_provider == "gcloud" ######################## AWS tasks ######################################### @@ -100,9 +146,9 @@ block: - name: set common aws variables set_fact: - aws_default_region: "{{ aws_region }}" + aws_default_region: "{{ cloud_public_storage_region }}" local_file_or_folder_path: "{{ playbook_dir }}/../{{ src_file_path }}" - s3_path: "{{ upload_storage }}/{{ destination_path }}" + s3_path: "{{ destination_path }}" tags: - always @@ -112,9 +158,9 @@ name: aws-cloud-storage tasks_from: upload.yml vars: - s3_bucket_name: "{{ aws_public_s3_bucket_name }}" - aws_access_key_id: "{{ aws_public_bucket_access_key }}" - aws_secret_access_key: "{{ aws_public_bucket_secret_access_key }}" + s3_bucket_name: "{{ cloud_storage_public_bucketname }}" + aws_access_key_id: "{{ cloud_public_storage_accountname }}" + aws_secret_access_key: "{{ cloud_public_storage_secret }}" tags: - upload-desktop-faq @@ -124,23 +170,45 @@ name: aws-cloud-storage tasks_from: upload.yml vars: - s3_bucket_name: "{{ aws_private_s3_bucket_name }}" - aws_access_key_id: "{{ aws_private_bucket_access_key }}" - aws_secret_access_key: "{{ aws_private_bucket_secret_access_key }}" + s3_bucket_name: "{{ cloud_storage_label_bucketname }}" + aws_access_key_id: "{{ cloud_private_storage_accountname }}" + aws_secret_access_key: "{{ cloud_private_storage_secret }}" tags: - upload-label - block: - - name: upload folder to aws s3 + - name: upload folder to aws s3 - chatbot include_role: name: aws-cloud-storage tasks_from: upload-folder.yml vars: - s3_bucket_name: "{{ aws_public_s3_bucket_name }}" - aws_access_key_id: "{{ aws_public_bucket_access_key }}" - aws_secret_access_key: "{{ aws_public_bucket_secret_access_key }}" + s3_bucket_name: "{{ cloud_storage_chatbot_bucketname }}" + aws_access_key_id: "{{ cloud_public_storage_accountname }}" + aws_secret_access_key: "{{ cloud_public_storage_secret }}" tags: - upload-chatbot-config - - upload-batch - when: cloud_service_provider == "aws" - \ No newline at end of file + + - block: + - name: upload folder to aws s3 - csv-template + include_role: + name: aws-cloud-storage + tasks_from: upload-folder.yml + vars: + s3_bucket_name: "{{ cloud_storage_sourcing_bucketname }}" + aws_access_key_id: "{{ cloud_public_storage_accountname }}" + aws_secret_access_key: "{{ cloud_public_storage_secret }}" + tags: + - upload-csv-template + + - block: + - name: upload folder to aws s3 - discussion-ui + include_role: + name: aws-cloud-storage + tasks_from: upload-folder.yml + vars: + s3_bucket_name: "{{ cloud_storage_discussionui_bucketname }}" + aws_access_key_id: "{{ cloud_public_storage_accountname }}" + aws_secret_access_key: "{{ cloud_public_storage_secret }}" + tags: + - upload-discussion-ui + when: cloud_service_provider == "aws" diff --git a/ansible/dial_upload-schema.yml b/ansible/dial_upload-schema.yml index 6572c12e55..757a80f6e5 100644 --- a/ansible/dial_upload-schema.yml +++ b/ansible/dial_upload-schema.yml @@ -2,13 +2,6 @@ gather_facts: no vars_files: - "{{inventory_dir}}/secrets.yml" - # The vars: section is added for the below reason - # 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name - # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo - # or other default files and just assign the value to the newly introduced common variable - # 3. After few releases, we will remove the older variables and use only the new variables across the repos - vars: - dial_plugin_storage: "{{ dial_plugin_container_name }}" tasks: - name: Create directories file: @@ -31,7 +24,7 @@ name: azure-cloud-storage tasks_from: blob-upload-batch.yml vars: - blob_container_name: "{{ dial_plugin_storage }}" + blob_container_name: "{{ cloud_storage_dial_bucketname }}" container_public_access: "blob" blob_container_folder_path: "/schemas/local" local_file_or_folder_path: "dial_schema_template_files" @@ -44,12 +37,12 @@ name: aws-cloud-storage tasks_from: upload-folder.yml vars: - s3_bucket_name: "{{ aws_public_s3_bucket_name }}" - aws_access_key_id: "{{ aws_public_bucket_access_key }}" - aws_secret_access_key: "{{ aws_public_bucket_secret_access_key }}" - aws_default_region: "{{ aws_region }}" + s3_bucket_name: "{{ cloud_storage_dial_bucketname }}" + aws_access_key_id: "{{ cloud_public_storage_accountname }}" + aws_secret_access_key: "{{ cloud_public_storage_secret }}" + aws_default_region: "{{ cloud_public_storage_region }}" local_file_or_folder_path: "dial_schema_template_files" - s3_path: "{{ dial_plugin_storage }}/schemas/local" + s3_path: "schemas/local" when: cloud_service_provider == "aws" - name: upload batch of files to gcloud storage diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 62cac6441d..8dfdd8a43d 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -128,7 +128,6 @@ cassandra_version: '3.9' cassandra_port: 9042 cassandra_rpc_address: 0.0.0.0 cassandra_restore_dir: "/home/{{ ansible_ssh_user }}/" -cassandra_backup_azure_container_name: cassandra-backup cassandra_backup_dir: /data/cassandra/backup ### Release 5.0.0 ### cassandra_multi_dc_enabled: false diff --git a/ansible/kp_upload-schema.yml b/ansible/kp_upload-schema.yml index 2b09dac310..d12b74433d 100644 --- a/ansible/kp_upload-schema.yml +++ b/ansible/kp_upload-schema.yml @@ -2,20 +2,13 @@ gather_facts: no vars_files: - "{{inventory_dir}}/secrets.yml" - # The vars: section is added for the below reason - # 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name - # 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo - # or other default files and just assign the value to the newly introduced common variable - # 3. After few releases, we will remove the older variables and use only the new variables across the repos - vars: - plugin_storage: "{{ plugin_container_name }}" tasks: - name: upload batch of files to azure storage include_role: name: azure-cloud-storage tasks_from: blob-upload-batch.yml vars: - blob_container_name: "{{ plugin_storage }}" + blob_container_name: "{{ cloud_storage_content_bucketname }}" container_public_access: "container" blob_container_folder_path: "/schemas/local" local_file_or_folder_path: "{{ source_name }}" @@ -28,12 +21,12 @@ name: aws-cloud-storage tasks_from: upload-folder.yml vars: - s3_bucket_name: "{{ aws_public_s3_bucket_name }}" - aws_access_key_id: "{{ aws_public_bucket_access_key }}" - aws_secret_access_key: "{{ aws_public_bucket_secret_access_key }}" - aws_default_region: "{{ aws_region }}" + s3_bucket_name: "{{ cloud_storage_content_bucketname }}" + aws_access_key_id: "{{ cloud_public_storage_accountname }}" + aws_secret_access_key: "{{ cloud_public_storage_secret }}" + aws_default_region: "{{ cloud_public_storage_region }}" local_file_or_folder_path: "{{ source_name }}" - s3_path: "{{ plugin_storage }}/schemas/local" + s3_path: "schemas/local" when: cloud_service_provider == "aws" - name: upload batch of files to gcloud storage diff --git a/ansible/roles/cassandra-backup/defaults/main.yml b/ansible/roles/cassandra-backup/defaults/main.yml index dffec63096..4481570cc6 100644 --- a/ansible/roles/cassandra-backup/defaults/main.yml +++ b/ansible/roles/cassandra-backup/defaults/main.yml @@ -1,14 +1,4 @@ cassandra_root_dir: '/etc/cassandra' data_dir: '/var/lib/cassandra/data' - -cassandra_backup_azure_container_name: core-cassandra - -# This variable is added for the below reason - -# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name -# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo -# or other default files and just assign the value to the newly introduced common variable -# 3. After few releases, we will remove the older variables and use only the new variables across the repos -cassandra_backup_storage: "{{ cassandra_backup_azure_container_name }}" - cloud_storage_cassandrabackup_bucketname: "{{cloud_storage_management_bucketname}}" cloud_storage_cassandrabackup_foldername: 'cassandra-backup' diff --git a/ansible/roles/cassandra-backup/tasks/main.yml b/ansible/roles/cassandra-backup/tasks/main.yml index 304385515c..ce0e646662 100755 --- a/ansible/roles/cassandra-backup/tasks/main.yml +++ b/ansible/roles/cassandra-backup/tasks/main.yml @@ -37,7 +37,7 @@ name: azure-cloud-storage tasks_from: upload-using-azcopy.yml vars: - blob_container_name: "{{ cloud_storage_cassandrabackup_bucketname }}" + blob_container_name: "{{ cloud_storage_cassandrabackup_foldername }}" container_public_access: "off" blob_container_folder_path: "" local_file_or_folder_path: "/data/cassandra/backup/{{ cassandra_backup_folder_name }}" @@ -51,11 +51,11 @@ tasks_from: upload-folder.yml vars: local_file_or_folder_path: "/data/cassandra/backup/{{ cassandra_backup_folder_name }}" - s3_bucket_name: "{{ aws_management_s3_bucket_name }}" - s3_path: "{{ cassandra_backup_storage }}" - aws_default_region: "{{ aws_region }}" - aws_access_key_id: "{{ aws_management_bucket_access_key }}" - aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" + s3_bucket_name: "{{ cloud_storage_cassandrabackup_bucketname }}" + s3_path: "{{ cloud_storage_cassandrabackup_foldername }}" + aws_default_region: "{{ cloud_public_storage_region }}" + aws_access_key_id: "{{ cloud_management_storage_accountname }}" + aws_secret_access_key: "{{ cloud_management_storage_secret }}" when: cloud_service_provider == "aws" - name: upload file to gcloud storage diff --git a/ansible/roles/cassandra-restore/defaults/main.yml b/ansible/roles/cassandra-restore/defaults/main.yml index 834c103d58..9ac0c38f95 100644 --- a/ansible/roles/cassandra-restore/defaults/main.yml +++ b/ansible/roles/cassandra-restore/defaults/main.yml @@ -1,11 +1,4 @@ user_home: "/home/{{ ansible_ssh_user }}/" -# This variable is added for the below reason - -# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name -# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo -# or other default files and just assign the value to the newly introduced common variable -# 3. After few releases, we will remove the older variables and use only the new variables across the repos -cassandra_backup_storage: "{{ cassandra_backup_azure_container_name }}" - cloud_storage_cassandrabackup_bucketname: "{{cloud_storage_management_bucketname}}" cloud_storage_cassandrabackup_foldername: 'cassandra-backup' diff --git a/ansible/roles/cassandra-restore/tasks/main.yml b/ansible/roles/cassandra-restore/tasks/main.yml index 304c9b8b09..4bd8c05991 100755 --- a/ansible/roles/cassandra-restore/tasks/main.yml +++ b/ansible/roles/cassandra-restore/tasks/main.yml @@ -11,11 +11,11 @@ name: azure-cloud-storage tasks_from: blob-download.yml vars: - blob_container_name: "{{ cassandra_backup_storage }}" + blob_container_name: "{{ cloud_storage_cassandrabackup_foldername }}" blob_file_name: "{{ cassandra_restore_gzip_file_name }}" local_file_or_folder_path: "{{ cassandra_restore_gzip_file_path }}" storage_account_name: "{{ cloud_management_storage_accountname }}" - storage_account_key: "{{ azure_management_storage_account_key }}" + storage_account_key: "{{ cloud_management_storage_secret }}" when: cloud_service_provider == "azure" - name: download a file from aws s3 @@ -24,12 +24,12 @@ name: aws-cloud-storage tasks_from: download.yml vars: - s3_bucket_name: "{{ aws_management_s3_bucket_name }}" - aws_access_key_id: "{{ aws_management_bucket_access_key }}" - aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" - aws_default_region: "{{ aws_region }}" + s3_bucket_name: "{{ cloud_storage_cassandrabackup_bucketname }}" + aws_access_key_id: "{{ cloud_management_storage_accountname }}" + aws_secret_access_key: "{{ cloud_management_storage_secret }}" + aws_default_region: "{{ cloud_public_storage_region }}" local_file_or_folder_path: "{{ cassandra_restore_gzip_file_path }}" - s3_path: "{{ cassandra_backup_storage }}/{{ cassandra_restore_gzip_file_name }}" + s3_path: "{{ cloud_storage_cassandrabackup_foldername }}/{{ cassandra_restore_gzip_file_name }}" when: cloud_service_provider == "aws" - name: download file from gcloud storage diff --git a/ansible/roles/cert-templates/defaults/main.yml b/ansible/roles/cert-templates/defaults/main.yml index 1ca7f44958..c8710dd9d9 100644 --- a/ansible/roles/cert-templates/defaults/main.yml +++ b/ansible/roles/cert-templates/defaults/main.yml @@ -2,10 +2,3 @@ certs_badge_upload_retry_count: 3 certs_badge_criteria: "" certs_badge_batch_id: "" certs_badge_key_id: "" - -# This variable is added for the below reason - -# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name -# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo -# or other default files and just assign the value to the newly introduced common variable -# 3. After few releases, we will remove the older variables and use only the new variables across the repos -cert_service_storage: "{{ cert_service_container_name }}" diff --git a/ansible/roles/cert-templates/tasks/main.yml b/ansible/roles/cert-templates/tasks/main.yml index 0700f1e61a..0caf2b1bfe 100644 --- a/ansible/roles/cert-templates/tasks/main.yml +++ b/ansible/roles/cert-templates/tasks/main.yml @@ -36,7 +36,7 @@ name: azure-cloud-storage tasks_from: blob-upload-batch.yml vars: - blob_container_name: "{{ cert_service_storage }}" + blob_container_name: "{{ cloud_storage_certservice_bucketname }}" container_public_access: "off" blob_container_folder_path: "" local_file_or_folder_path: "{{ cert_location }}/cert-templates/certUtilScripts/out" @@ -49,12 +49,12 @@ name: aws-cloud-storage tasks_from: upload-folder.yml vars: - s3_bucket_name: "{{ aws_private_s3_bucket_name }}" - aws_access_key_id: "{{ aws_private_bucket_access_key }}" - aws_secret_access_key: "{{ aws_private_bucket_secret_access_key }}" - aws_default_region: "{{ aws_region }}" + s3_bucket_name: "{{ cloud_storage_certservice_bucketname }}" + aws_access_key_id: "{{ cloud_private_storage_accountname }}" + aws_secret_access_key: "{{ cloud_private_storage_secret }}" + aws_default_region: "{{ cloud_public_storage_region }}" local_file_or_folder_path: "{{ cert_location }}/cert-templates/certUtilScripts/out" - s3_path: "{{ cert_service_storage }}" + s3_path: "" when: cloud_service_provider == "aws" - name: upload batch of files to gcloud storage diff --git a/ansible/roles/desktop-deploy/defaults/main.yml b/ansible/roles/desktop-deploy/defaults/main.yml index 06bdd6fe1f..2cff6657c7 100644 --- a/ansible/roles/desktop-deploy/defaults/main.yml +++ b/ansible/roles/desktop-deploy/defaults/main.yml @@ -1,10 +1,3 @@ --- time: "YEAR-MONTH-DATE-HOUR-MINUTE-SECOND-INSTALLERTYPE" offline_installer_container_name: "{{env}}-offlineinstaller" - -# This variable is added for the below reason - -# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name -# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo -# or other default files and just assign the value to the newly introduced common variable -# 3. After few releases, we will remove the older variables and use only the new variables across the repos -offline_installer_storage: "{{ offline_installer_container_name }}" diff --git a/ansible/roles/desktop-deploy/tasks/main.yml b/ansible/roles/desktop-deploy/tasks/main.yml index 70fa94cb1d..ba077b778f 100644 --- a/ansible/roles/desktop-deploy/tasks/main.yml +++ b/ansible/roles/desktop-deploy/tasks/main.yml @@ -53,7 +53,7 @@ block: - name: set common azure variables set_fact: - blob_container_name: "{{ offline_installer_storage }}" + blob_container_name: "{{ cloud_storage_offlineinstaller_bucketname }}" container_public_access: "blob" storage_account_name: "{{ cloud_public_storage_accountname }}" storage_account_key: "{{ cloud_public_storage_secret }}" @@ -81,10 +81,10 @@ block: - name: set common aws variables set_fact: - s3_bucket_name: "{{ aws_public_s3_bucket_name }}" - aws_access_key_id: "{{ aws_public_bucket_access_key }}" - aws_secret_access_key: "{{ aws_public_bucket_secret_access_key }}" - aws_default_region: "{{ aws_region }}" + s3_bucket_name: "{{ cloud_storage_offlineinstaller_bucketname }}" + aws_access_key_id: "{{ cloud_public_storage_accountname }}" + aws_secret_access_key: "{{ cloud_public_storage_secret }}" + aws_default_region: "{{ cloud_public_storage_region }}" - name: upload batch of files to aws s3 include_role: diff --git a/ansible/roles/grafana-backup/defaults/main.yml b/ansible/roles/grafana-backup/defaults/main.yml index b6850bee97..70bd76ff82 100644 --- a/ansible/roles/grafana-backup/defaults/main.yml +++ b/ansible/roles/grafana-backup/defaults/main.yml @@ -4,13 +4,6 @@ grafana_data_dir: /var/dockerdata/grafana/grafana.db # Override these values in group_vars sunbird_management_storage_account_name: sunbird_management_storage_account_key: '' -grafana_backup_azure_container_name: grafana-backup -# This variable is added for the below reason - -# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name -# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo -# or other default files and just assign the value to the newly introduced common variable -# 3. After few releases, we will remove the older variables and use only the new variables across the repos -grafana_backup_storage: "{{ grafana_backup_azure_container_name }}" cloud_storage_grafanabackup_bucketname: "{{ cloud_storage_management_bucketname }}" cloud_storage_grafanabackup_foldername: 'grafana-backup' diff --git a/ansible/roles/grafana-backup/tasks/main.yml b/ansible/roles/grafana-backup/tasks/main.yml index c309d409fb..90dc3526ca 100644 --- a/ansible/roles/grafana-backup/tasks/main.yml +++ b/ansible/roles/grafana-backup/tasks/main.yml @@ -24,12 +24,12 @@ name: azure-cloud-storage tasks_from: blob-upload.yml vars: - blob_container_name: "{{ grafana_backup_storage }}" + blob_container_name: "{{ cloud_storage_grafanabackup_foldername }}" container_public_access: "off" blob_file_name: "{{ grafana_backup_gzip_file_name }}" local_file_or_folder_path: "{{ grafana_backup_gzip_file_path }}" storage_account_name: "{{ cloud_management_storage_accountname }}" - storage_account_key: "{{ azure_management_storage_account_key }}" + storage_account_key: "{{ cloud_management_storage_secret }}" when: cloud_service_provider == "azure" - name: upload file to aws s3 @@ -37,12 +37,12 @@ name: aws-cloud-storage tasks_from: upload.yml vars: - s3_bucket_name: "{{ aws_management_s3_bucket_name }}" - aws_access_key_id: "{{ aws_management_bucket_access_key }}" - aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" - aws_default_region: "{{ aws_region }}" + s3_bucket_name: "{{ cloud_storage_grafanabackup_bucketname }}" + aws_access_key_id: "{{ cloud_management_storage_accountname }}" + aws_secret_access_key: "{{ cloud_management_storage_secret }}" + aws_default_region: "{{ cloud_public_storage_region }}" local_file_or_folder_path: "{{ grafana_backup_gzip_file_path }}" - s3_path: "{{ grafana_backup_storage }}/{{ grafana_backup_gzip_file_name }}" + s3_path: "{{ cloud_storage_grafanabackup_foldername }}/{{ grafana_backup_gzip_file_name }}" when: cloud_service_provider == "aws" - name: upload file to gcloud storage diff --git a/ansible/roles/jenkins-backup-upload/defaults/main.yml b/ansible/roles/jenkins-backup-upload/defaults/main.yml index d9c5c9f58a..9fd90050bf 100644 --- a/ansible/roles/jenkins-backup-upload/defaults/main.yml +++ b/ansible/roles/jenkins-backup-upload/defaults/main.yml @@ -1,15 +1,7 @@ jenkins_user: jenkins jenkins_group: jenkins jenkins_backup_base_dir: /var/lib/jenkins/jenkins-backup -jenkins_backup_azure_container_name: jenkins-backup jenkins_backup_max_delay_in_days: 1 -# This variable is added for the below reason - -# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name -# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo -# or other default files and just assign the value to the newly introduced common variable -# 3. After few releases, we will remove the older variables and use only the new variables across the repos -jenkins_backup_storage: "{{ jenkins_backup_azure_container_name }}" - cloud_storage_jenkinsbackup_bucketname: "{{cloud_storage_management_bucketname}}" cloud_storage_jenkinsbackup_foldername: 'jenkins-backup' diff --git a/ansible/roles/jenkins-backup-upload/tasks/main.yml b/ansible/roles/jenkins-backup-upload/tasks/main.yml index 018a9498f1..89d8f3e29c 100644 --- a/ansible/roles/jenkins-backup-upload/tasks/main.yml +++ b/ansible/roles/jenkins-backup-upload/tasks/main.yml @@ -17,12 +17,12 @@ name: azure-cloud-storage tasks_from: blob-upload.yml vars: - blob_container_name: "{{ jenkins_backup_storage }}" + blob_container_name: "{{ cloud_storage_jenkinsbackup_foldername }}" container_public_access: "off" blob_file_name: "{{ LATEST_BACKUP_DIR.stdout }}.zip" local_file_or_folder_path: "/tmp/{{ LATEST_BACKUP_DIR.stdout }}.zip" storage_account_name: "{{ cloud_management_storage_accountname }}" - storage_account_key: "{{ azure_management_storage_account_key }}" + storage_account_key: "{{ cloud_management_storage_secret }}" when: cloud_service_provider == "azure" - name: upload file to aws s3 @@ -30,12 +30,12 @@ name: aws-cloud-storage tasks_from: upload.yml vars: - s3_bucket_name: "{{ aws_management_s3_bucket_name }}" - aws_access_key_id: "{{ aws_management_bucket_access_key }}" - aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" - aws_default_region: "{{ aws_region }}" + s3_bucket_name: "{{ cloud_storage_jenkinsbackup_bucketname }}" + aws_access_key_id: "{{ cloud_management_storage_accountname }}" + aws_secret_access_key: "{{ cloud_management_storage_secret }}" + aws_default_region: "{{ cloud_public_storage_region }}" local_file_or_folder_path: "/tmp/{{ LATEST_BACKUP_DIR.stdout }}.zip" - s3_path: "{{ jenkins_backup_storage }}/{{ LATEST_BACKUP_DIR.stdout }}.zip" + s3_path: "{{ cloud_storage_jenkinsbackup_foldername }}/{{ LATEST_BACKUP_DIR.stdout }}.zip" when: cloud_service_provider == "aws" - name: upload file to gcloud storage diff --git a/ansible/roles/mongodb-backup/defaults/main.yml b/ansible/roles/mongodb-backup/defaults/main.yml index 1d54a69541..547137f0ca 100644 --- a/ansible/roles/mongodb-backup/defaults/main.yml +++ b/ansible/roles/mongodb-backup/defaults/main.yml @@ -1,12 +1,4 @@ mongo_backup_dir: '/tmp/mongo-backup' -mongo_backup_azure_container_name: "mongodb-backup" - -# This variable is added for the below reason - -# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name -# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo -# or other default files and just assign the value to the newly introduced common variable -# 3. After few releases, we will remove the older variables and use only the new variables across the repos -mongo_backup_storage: "{{ mongo_backup_azure_container_name }}" cloud_storage_mongodbbackup_bucketname: "{{cloud_storage_management_bucketname}}" cloud_storage_mongodbbackup_foldername: 'mongodb-backup' diff --git a/ansible/roles/mongodb-backup/tasks/main.yml b/ansible/roles/mongodb-backup/tasks/main.yml index 94b157648a..f51216b14f 100644 --- a/ansible/roles/mongodb-backup/tasks/main.yml +++ b/ansible/roles/mongodb-backup/tasks/main.yml @@ -19,12 +19,12 @@ name: azure-cloud-storage tasks_from: blob-upload.yml vars: - blob_container_name: "{{ mongo_backup_storage }}" + blob_container_name: "{{ cloud_storage_mongodbbackup_foldername }}" container_public_access: "off" blob_file_name: "{{ mongo_backup_file_name }}.tar.gz" local_file_or_folder_path: "{{ mongo_backup_file_path }}.tar.gz" storage_account_name: "{{ cloud_management_storage_accountname }}" - storage_account_key: "{{ azure_management_storage_account_key }}" + storage_account_key: "{{ cloud_management_storage_secret }}" when: cloud_service_provider == "azure" - name: upload file to aws s3 @@ -32,10 +32,10 @@ name: aws-cloud-storage tasks_from: upload.yml vars: - s3_bucket_name: "{{ aws_public_s3_bucket_name }}" - aws_access_key_id: "{{ aws_public_bucket_access_key }}" - aws_secret_access_key: "{{ aws_public_bucket_secret_access_key }}" - aws_default_region: "{{ aws_region }}" + s3_bucket_name: "{{ cloud_storage_mongodbbackup_bucketname }}" + aws_access_key_id: "{{ cloud_management_storage_accountname }}" + aws_secret_access_key: "{{ cloud_management_storage_secret }}" + aws_default_region: "{{ cloud_public_storage_region }}" local_file_or_folder_path: "{{ mongo_backup_file_path }}.tar.gz" s3_path: "{{ mongo_backup_storage }}/{{ mongo_backup_file_name }}.tar.gz" when: cloud_service_provider == "aws" diff --git a/ansible/roles/postgres-managed-service-backup/defaults/main.yml b/ansible/roles/postgres-managed-service-backup/defaults/main.yml index 6af37d7f96..ed62efd66b 100644 --- a/ansible/roles/postgres-managed-service-backup/defaults/main.yml +++ b/ansible/roles/postgres-managed-service-backup/defaults/main.yml @@ -1,7 +1,5 @@ postgresql_user: postgres postgresql_backup_dir: /tmp/postgres -postgresql_backup_azure_container_name: postgresql-backup - db_name: db: ['keycloak', 'api_manager_{{ postgres_env }}', 'quartz'] @@ -9,12 +7,5 @@ postgres_admin_user: "{{sunbird_pg_user}}" postgres_hostname: "{{groups['postgresql-master-1'][0]}}" postgres_password: "{{postgres_password}}" -# This variable is added for the below reason - -# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name -# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo -# or other default files and just assign the value to the newly introduced common variable -# 3. After few releases, we will remove the older variables and use only the new variables across the repos -postgresql_backup_storage: "{{ postgresql_backup_azure_container_name }}" - cloud_storage_postgresqlbackup_bucketname: "{{ cloud_storage_management_bucketname }}" cloud_storage_postgresqlbackup_foldername: postgresql-backup diff --git a/ansible/roles/postgres-managed-service-backup/tasks/main.yml b/ansible/roles/postgres-managed-service-backup/tasks/main.yml index 660814d9bd..ba101e2509 100644 --- a/ansible/roles/postgres-managed-service-backup/tasks/main.yml +++ b/ansible/roles/postgres-managed-service-backup/tasks/main.yml @@ -46,12 +46,12 @@ name: azure-cloud-storage tasks_from: blob-upload.yml vars: - blob_container_name: "{{ postgresql_backup_storage }}" + blob_container_name: "{{ cloud_storage_postgresqlbackup_foldername }}" container_public_access: "off" blob_file_name: "{{ postgresql_backup_gzip_file_name }}.zip" local_file_or_folder_path: "{{ postgresql_backup_gzip_file_path }}" storage_account_name: "{{ cloud_management_storage_accountname }}" - storage_account_key: "{{ azure_management_storage_account_key }}" + storage_account_key: "{{ cloud_management_storage_secret }}" when: cloud_service_provider == "azure" - name: upload file to aws s3 @@ -59,12 +59,12 @@ name: aws-cloud-storage tasks_from: upload.yml vars: - s3_bucket_name: "{{ aws_management_s3_bucket_name }}" - aws_access_key_id: "{{ aws_management_bucket_access_key }}" - aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" - aws_default_region: "{{ aws_region }}" + s3_bucket_name: "{{ cloud_storage_postgresqlbackup_bucketname }}" + aws_access_key_id: "{{ cloud_management_storage_accountname }}" + aws_secret_access_key: "{{ cloud_management_storage_secret }}" + aws_default_region: "{{ cloud_public_storage_region }}" local_file_or_folder_path: "{{ postgresql_backup_gzip_file_path }}" - s3_path: "{{ postgresql_backup_storage }}/{{ postgresql_backup_gzip_file_name }}.zip" + s3_path: "{{ cloud_storage_postgresqlbackup_foldername }}/{{ postgresql_backup_gzip_file_name }}.zip" when: cloud_service_provider == "aws" - name: upload file to gcloud storage diff --git a/ansible/roles/postgres-managed-service-restore/defaults/main.yml b/ansible/roles/postgres-managed-service-restore/defaults/main.yml index 41164b445c..8893425000 100644 --- a/ansible/roles/postgres-managed-service-restore/defaults/main.yml +++ b/ansible/roles/postgres-managed-service-restore/defaults/main.yml @@ -1,6 +1,4 @@ postgresql_restore_dir: /tmp/postgres-restore -postgres_backup_azure_container_name: postgresql-backup - db: name: ['keycloak', 'api_manager_{{ postgres_env }}', 'quartz'] role: ['keycloak', 'api_manager_{{ postgres_env }}', 'quartz'] @@ -13,13 +11,5 @@ postgres_password: postgres_hostname: postgres_env: -# This variable is added for the below reason - -# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name -# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo -# or other default files and just assign the value to the newly introduced common variable -# 3. After few releases, we will remove the older variables and use only the new variables across the repos -postgres_backup_storage: "{{ postgres_backup_azure_container_name }}" - - cloud_storage_postgresqlbackup_bucketname: "{{ cloud_storage_management_bucketname }}" cloud_storage_postgresqlbackup_foldername: postgresql-backup diff --git a/ansible/roles/postgres-managed-service-restore/tasks/main.yml b/ansible/roles/postgres-managed-service-restore/tasks/main.yml index 8efa3dd561..c3d518db56 100644 --- a/ansible/roles/postgres-managed-service-restore/tasks/main.yml +++ b/ansible/roles/postgres-managed-service-restore/tasks/main.yml @@ -14,11 +14,11 @@ name: azure-cloud-storage tasks_from: blob-download.yml vars: - blob_container_name: "{{ postgres_backup_storage }}" + blob_container_name: "{{ cloud_storage_postgresqlbackup_foldername }}" blob_file_name: "{{ postgres_backup_filename }}" local_file_or_folder_path: "{{ postgres_restore_dir }}/{{ postgres_backup_filepath }}" storage_account_name: "{{ cloud_management_storage_accountname }}" - storage_account_key: "{{ azure_management_storage_account_key }}" + storage_account_key: "{{ cloud_management_storage_secret }}" when: cloud_service_provider == "azure" - name: download a file from aws s3 @@ -26,12 +26,12 @@ name: aws-cloud-storage tasks_from: download.yml vars: - s3_bucket_name: "{{ aws_management_s3_bucket_name }}" - aws_access_key_id: "{{ aws_management_bucket_access_key }}" - aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" - aws_default_region: "{{ aws_region }}" + s3_bucket_name: "{{ cloud_storage_management_bucketname }}" + aws_access_key_id: "{{ cloud_management_storage_accountname }}" + aws_secret_access_key: "{{ cloud_management_storage_secret }}" + aws_default_region: "{{ cloud_public_storage_region }}" local_file_or_folder_path: "{{ postgres_restore_dir }}/{{ postgres_backup_filepath }}" - s3_path: "{{ postgres_backup_storage }}/{{ postgres_backup_filename }}" + s3_path: "{{ cloud_storage_postgresqlbackup_foldername }}/{{ postgres_backup_filename }}" when: cloud_service_provider == "aws" - name: download file from gcloud storage diff --git a/ansible/roles/postgresql-backup/defaults/main.yml b/ansible/roles/postgresql-backup/defaults/main.yml index 30902eac17..341b1c23ed 100644 --- a/ansible/roles/postgresql-backup/defaults/main.yml +++ b/ansible/roles/postgresql-backup/defaults/main.yml @@ -1,13 +1,5 @@ postgresql_backup_dir: /tmp/postgresql-backup postgresql_user: postgres -postgresql_backup_azure_container_name: postgresql-backup - -# This variable is added for the below reason - -# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name -# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo -# or other default files and just assign the value to the newly introduced common variable -# 3. After few releases, we will remove the older variables and use only the new variables across the repos -postgresql_backup_storage: "{{ postgresql_backup_azure_container_name }}" cloud_storage_postgresqlbackup_bucketname: "{{ cloud_storage_management_bucketname }}" cloud_storage_postgresqlbackup_foldername: postgresql-backup diff --git a/ansible/roles/postgresql-backup/tasks/main.yml b/ansible/roles/postgresql-backup/tasks/main.yml index 6710e49503..5b3303bf97 100644 --- a/ansible/roles/postgresql-backup/tasks/main.yml +++ b/ansible/roles/postgresql-backup/tasks/main.yml @@ -18,12 +18,12 @@ name: azure-cloud-storage tasks_from: blob-upload.yml vars: - blob_container_name: "{{ postgresql_backup_storage }}" + blob_container_name: "{{ cloud_storage_postgresqlbackup_foldername }}" container_public_access: "off" blob_file_name: "{{ postgresql_backup_gzip_file_name }}" local_file_or_folder_path: "{{ postgresql_backup_gzip_file_path }}" storage_account_name: "{{ cloud_management_storage_accountname }}" - storage_account_key: "{{ azure_management_storage_account_key }}" + storage_account_key: "{{ cloud_management_storage_secret }}" when: cloud_service_provider == "azure" - name: upload file to aws s3 @@ -31,12 +31,12 @@ name: aws-cloud-storage tasks_from: upload.yml vars: - s3_bucket_name: "{{ aws_management_s3_bucket_name }}" - aws_access_key_id: "{{ aws_management_bucket_access_key }}" - aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" - aws_default_region: "{{ aws_region }}" + s3_bucket_name: "{{ cloud_storage_postgresqlbackup_bucketname }}" + aws_access_key_id: "{{ cloud_management_storage_accountname }}" + aws_secret_access_key: "{{ cloud_management_storage_secret }}" + aws_default_region: "{{ cloud_public_storage_region }}" local_file_or_folder_path: "{{ postgresql_backup_gzip_file_path }}" - s3_path: "{{ postgresql_backup_storage }}/{{ postgresql_backup_gzip_file_name }}" + s3_path: "{{ cloud_storage_postgresqlbackup_foldername }}/{{ postgresql_backup_gzip_file_name }}" when: cloud_service_provider == "aws" - name: upload file to gcloud storage diff --git a/ansible/roles/postgresql-restore/defaults/main.yml b/ansible/roles/postgresql-restore/defaults/main.yml index 2bcc525469..feeed7d6bb 100644 --- a/ansible/roles/postgresql-restore/defaults/main.yml +++ b/ansible/roles/postgresql-restore/defaults/main.yml @@ -3,14 +3,6 @@ postgresql_user: postgres postgresql_port: 5432 postgresql_cluster_version: 9.5 postgresql_cluster_name: main -postgresql_restore_azure_container_name: postgresql-backup - -# This variable is added for the below reason - -# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name -# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo -# or other default files and just assign the value to the newly introduced common variable -# 3. After few releases, we will remove the older variables and use only the new variables across the repos -postgresql_restore_storage: "{{ postgresql_restore_azure_container_name }}" cloud_storage_postgresqlbackup_bucketname: "{{ cloud_storage_management_bucketname }}" cloud_storage_postgresqlbackup_foldername: postgresql-backup diff --git a/ansible/roles/postgresql-restore/tasks/main.yml b/ansible/roles/postgresql-restore/tasks/main.yml index b3411c5445..e076590f23 100644 --- a/ansible/roles/postgresql-restore/tasks/main.yml +++ b/ansible/roles/postgresql-restore/tasks/main.yml @@ -9,11 +9,11 @@ name: azure-cloud-storage tasks_from: blob-download.yml vars: - blob_container_name: "{{ postgresql_restore_storage }}" + blob_container_name: "{{ cloud_storage_postgresqlbackup_foldername }}" blob_file_name: "{{ postgresql_restore_gzip_file_name }}" local_file_or_folder_path: "{{ postgresql_restore_gzip_file_path }}" storage_account_name: "{{ cloud_management_storage_accountname }}" - storage_account_key: "{{ azure_management_storage_account_key }}" + storage_account_key: "{{ cloud_management_storage_secret }}" when: cloud_service_provider == "azure" - name: download a file from aws s3 @@ -21,12 +21,12 @@ name: aws-cloud-storage tasks_from: download.yml vars: - s3_bucket_name: "{{ aws_management_s3_bucket_name }}" - aws_access_key_id: "{{ aws_management_bucket_access_key }}" - aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" - aws_default_region: "{{ aws_region }}" + s3_bucket_name: "{{ cloud_storage_postgresqlbackup_bucketname }}" + aws_access_key_id: "{{ cloud_management_storage_accountname }}" + aws_secret_access_key: "{{ cloud_management_storage_secret }}" + aws_default_region: "{{ cloud_public_storage_region }}" local_file_or_folder_path: "{{ postgresql_restore_gzip_file_path }}" - s3_path: "{{ postgres_backup_storage }}/{{ postgresql_restore_gzip_file_name }}" + s3_path: "{{ cloud_storage_postgresqlbackup_foldername }}/{{ postgresql_restore_gzip_file_name }}" when: cloud_service_provider == "aws" - name: download file from gcloud storage diff --git a/ansible/roles/prometheus-backup-v2/defaults/main.yml b/ansible/roles/prometheus-backup-v2/defaults/main.yml index 430c9df4cb..919dcd82d9 100644 --- a/ansible/roles/prometheus-backup-v2/defaults/main.yml +++ b/ansible/roles/prometheus-backup-v2/defaults/main.yml @@ -1,13 +1,5 @@ --- # defaults file for ansible/roles/prometheus-backup-v2 -prometheus_backup_azure_container_name: prometheus-backup - -# This variable is added for the below reason - -# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name -# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo -# or other default files and just assign the value to the newly introduced common variable -# 3. After few releases, we will remove the older variables and use only the new variables across the repos -prometheus_backup_storage: "{{ prometheus_backup_azure_container_name }}" cloud_storage_prometheusbackup_bucketname: "{{ cloud_storage_management_bucketname }}" cloud_storage_prometheusbackup_foldername: prometheus-backup diff --git a/ansible/roles/prometheus-backup-v2/tasks/main.yml b/ansible/roles/prometheus-backup-v2/tasks/main.yml index 9b25fc465c..4a65bb6f8f 100644 --- a/ansible/roles/prometheus-backup-v2/tasks/main.yml +++ b/ansible/roles/prometheus-backup-v2/tasks/main.yml @@ -26,7 +26,7 @@ blob_file_name: "{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" local_file_or_folder_path: "/tmp/{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" storage_account_name: "{{ cloud_management_storage_accountname }}" - storage_account_key: "{{ azure_management_storage_account_key }}" + storage_account_key: "{{ cloud_management_storage_secret }}" when: cloud_service_provider == "azure" - name: upload file to aws s3 @@ -34,12 +34,12 @@ name: aws-cloud-storage tasks_from: upload.yml vars: - s3_bucket_name: "{{ aws_management_s3_bucket_name }}" - aws_access_key_id: "{{ aws_management_bucket_access_key }}" - aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" - aws_default_region: "{{ aws_region }}" + s3_bucket_name: "{{ cloud_storage_prometheusbackup_bucketname }}" + aws_access_key_id: "{{ cloud_management_storage_accountname }}" + aws_secret_access_key: "{{ cloud_management_storage_secret }}" + aws_default_region: "{{ cloud_public_storage_region }}" local_file_or_folder_path: "/tmp/{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" - s3_path: "{{ prometheus_backup_storage }}/{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" + s3_path: "{{ cloud_storage_prometheusbackup_foldername }}/{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" when: cloud_service_provider == "aws" - name: upload file to gcloud storage diff --git a/ansible/roles/prometheus-backup/defaults/main.yml b/ansible/roles/prometheus-backup/defaults/main.yml index 3bba75124c..e5a4ecdcb3 100644 --- a/ansible/roles/prometheus-backup/defaults/main.yml +++ b/ansible/roles/prometheus-backup/defaults/main.yml @@ -1,17 +1,8 @@ prometheus_backup_dir: /tmp/prometheus-backup -prometheus_backup_azure_container_name: prometheus-backup - # Set these vars per environment as show in example below # Override these values in group_vars backup_storage_name: backups backup_storage_key: '' -# This variable is added for the below reason - -# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name -# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo -# or other default files and just assign the value to the newly introduced common variable -# 3. After few releases, we will remove the older variables and use only the new variables across the repos -prometheus_backup_storage: "{{ prometheus_backup_azure_container_name }}" - cloud_storage_prometheusbackup_bucketname: "{{ cloud_storage_management_bucketname }}" cloud_storage_prometheusbackup_foldername: prometheus-backup diff --git a/ansible/roles/prometheus-backup/tasks/main.yml b/ansible/roles/prometheus-backup/tasks/main.yml index 14cc74a41a..10d8e2fb3b 100644 --- a/ansible/roles/prometheus-backup/tasks/main.yml +++ b/ansible/roles/prometheus-backup/tasks/main.yml @@ -30,12 +30,12 @@ name: azure-cloud-storage tasks_from: blob-upload.yml vars: - blob_container_name: "{{ prometheus_backup_storage }}" + blob_container_name: "{{ cloud_storage_prometheusbackup_foldername }}" container_public_access: "off" blob_file_name: "{{ prometheus_backup_gzip_file_name }}" local_file_or_folder_path: "{{ prometheus_backup_gzip_file_path }}" storage_account_name: "{{ cloud_management_storage_accountname }}" - storage_account_key: "{{ azure_management_storage_account_key }}" + storage_account_key: "{{ cloud_management_storage_secret }}" when: cloud_service_provider == "azure" - name: upload file to aws s3 @@ -43,12 +43,12 @@ name: aws-cloud-storage tasks_from: upload.yml vars: - s3_bucket_name: "{{ aws_management_s3_bucket_name }}" - aws_access_key_id: "{{ aws_management_bucket_access_key }}" - aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" - aws_default_region: "{{ aws_region }}" + s3_bucket_name: "{{ cloud_storage_prometheusbackup_bucketname }}" + aws_access_key_id: "{{ cloud_management_storage_accountname }}" + aws_secret_access_key: "{{ cloud_management_storage_secret }}" + aws_default_region: "{{ cloud_public_storage_region }}" local_file_or_folder_path: "{{ prometheus_backup_gzip_file_path }}" - s3_path: "{{ prometheus_backup_storage }}/{{ prometheus_backup_gzip_file_name }}" + s3_path: "{{ cloud_storage_prometheusbackup_foldername }}/{{ prometheus_backup_gzip_file_name }}" when: cloud_service_provider == "aws" - name: upload file to gcloud storage diff --git a/ansible/roles/prometheus-restore/defaults/main.yml b/ansible/roles/prometheus-restore/defaults/main.yml index 580e865060..f5f1511216 100644 --- a/ansible/roles/prometheus-restore/defaults/main.yml +++ b/ansible/roles/prometheus-restore/defaults/main.yml @@ -1,12 +1,3 @@ prometheus_backup_dir: /tmp/prometheus-backup -prometheus_backup_azure_container_name: prometheus-backup - -# This variable is added for the below reason - -# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name -# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo -# or other default files and just assign the value to the newly introduced common variable -# 3. After few releases, we will remove the older variables and use only the new variables across the repos -prometheus_backup_storage: "{{ prometheus_backup_azure_container_name }}" - cloud_storage_prometheusbackup_bucketname: "{{ cloud_storage_management_bucketname }}" cloud_storage_prometheusbackup_foldername: prometheus-backup diff --git a/ansible/roles/prometheus-restore/tasks/main.yml b/ansible/roles/prometheus-restore/tasks/main.yml index 0c9b0749a9..440b777fe4 100644 --- a/ansible/roles/prometheus-restore/tasks/main.yml +++ b/ansible/roles/prometheus-restore/tasks/main.yml @@ -7,11 +7,11 @@ name: azure-cloud-storage tasks_from: blob-download.yml vars: - blob_container_name: "{{ prometheus_backup_storage }}" + blob_container_name: "{{ cloud_storage_prometheusbackup_foldername }}" blob_file_name: "{{ prometheus_backup_filename }}" local_file_or_folder_path: "{{ prometheus_backup_dir }}/{{ prometheus_backup_filepath }}" storage_account_name: "{{ cloud_management_storage_accountname }}" - storage_account_key: "{{ azure_management_storage_account_key }}" + storage_account_key: "{{ cloud_management_storage_secret }}" when: cloud_service_provider == "azure" - name: download a file from aws s3 @@ -19,12 +19,12 @@ name: aws-cloud-storage tasks_from: download.yml vars: - s3_bucket_name: "{{ aws_management_s3_bucket_name }}" - aws_access_key_id: "{{ aws_management_bucket_access_key }}" - aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" - aws_default_region: "{{ aws_region }}" + s3_bucket_name: "{{ cloud_storage_prometheusbackup_bucketname }}" + aws_access_key_id: "{{ cloud_management_storage_accountname }}" + aws_secret_access_key: "{{ cloud_management_storage_secret }}" + aws_default_region: "{{ cloud_public_storage_region }}" local_file_or_folder_path: "{{ prometheus_backup_dir }}/{{ prometheus_backup_filepath }}" - s3_path: "{{ prometheus_backup_storage }}/{{ prometheus_backup_filename }}" + s3_path: "{{ cloud_storage_prometheusbackup_foldername }}/{{ prometheus_backup_filename }}" when: cloud_service_provider == "aws" - name: download file from gcloud storage diff --git a/ansible/roles/redis-backup/defaults/main.yml b/ansible/roles/redis-backup/defaults/main.yml index 6aacb354d6..54b7c60a89 100644 --- a/ansible/roles/redis-backup/defaults/main.yml +++ b/ansible/roles/redis-backup/defaults/main.yml @@ -1,13 +1,5 @@ redis_backup_dir: /tmp/redis-backup -nodebb_redis_backup_azure_container_name: nodebb-redis-backup learner_user: learning -# This variable is added for the below reason - -# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name -# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo -# or other default files and just assign the value to the newly introduced common variable -# 3. After few releases, we will remove the older variables and use only the new variables across the repos -nodebb_redis_backup_storage: "{{ nodebb_redis_backup_azure_container_name }}" - cloud_storage_redisbackup_bucketname: "{{ cloud_storage_management_bucketname }}" cloud_storage_redisbackup_foldername: nodebb-redis-backup diff --git a/ansible/roles/redis-backup/tasks/main.yml b/ansible/roles/redis-backup/tasks/main.yml index 9f0c15a815..f1cf35622f 100644 --- a/ansible/roles/redis-backup/tasks/main.yml +++ b/ansible/roles/redis-backup/tasks/main.yml @@ -18,12 +18,12 @@ name: azure-cloud-storage tasks_from: blob-upload.yml vars: - blob_container_name: "{{ nodebb_redis_backup_storage }}" + blob_container_name: "{{ cloud_storage_redisbackup_foldername }}" container_public_access: "off" blob_file_name: "{{ redis_backup_file_name }}" local_file_or_folder_path: "{{ redis_backup_file_path }}" storage_account_name: "{{ cloud_management_storage_accountname }}" - storage_account_key: "{{ azure_management_storage_account_key }}" + storage_account_key: "{{ cloud_management_storage_secret }}" when: cloud_service_provider == "azure" - name: upload file to aws s3 @@ -31,12 +31,12 @@ name: aws-cloud-storage tasks_from: upload.yml vars: - s3_bucket_name: "{{ aws_management_s3_bucket_name }}" - aws_access_key_id: "{{ aws_management_bucket_access_key }}" - aws_secret_access_key: "{{ aws_management_bucket_secret_access_key }}" - aws_default_region: "{{ aws_region }}" + s3_bucket_name: "{{ cloud_storage_redisbackup_bucketname }}" + aws_access_key_id: "{{ cloud_management_storage_accountname }}" + aws_secret_access_key: "{{ cloud_management_storage_secret }}" + aws_default_region: "{{ cloud_public_storage_region }}" local_file_or_folder_path: "{{ redis_backup_file_path }}" - s3_path: "{{ nodebb_redis_backup_storage }}/{{ redis_backup_file_name }}" + s3_path: "{{ cloud_storage_redisbackup_foldername }}/{{ redis_backup_file_name }}" when: cloud_service_provider == "aws" - name: upload file to gcloud storage diff --git a/ansible/uploadFAQs.yml b/ansible/uploadFAQs.yml index 88d17aba81..cf90e343d1 100644 --- a/ansible/uploadFAQs.yml +++ b/ansible/uploadFAQs.yml @@ -20,7 +20,7 @@ name: azure-cloud-storage tasks_from: blob-upload-batch.yml vars: - blob_container_name: "{{ upload_storage }}" + blob_container_name: "{{ cloud_storage_public_bucketname }}" container_public_access: "container" blob_container_folder_path: "" local_file_or_folder_path: "{{ playbook_dir }}/../utils/{{ item }}" @@ -35,12 +35,12 @@ name: aws-cloud-storage tasks_from: upload-folder.yml vars: - s3_bucket_name: "{{ aws_public_s3_bucket_name }}" - aws_default_region: "{{ aws_region }}" - aws_access_key_id: "{{ aws_public_bucket_access_key }}" - aws_secret_access_key: "{{ aws_public_bucket_secret_access_key }}" + s3_bucket_name: "{{ cloud_storage_public_bucketname }}" + aws_default_region: "{{ cloud_public_storage_region }}" + aws_access_key_id: "{{ cloud_public_storage_accountname }}" + aws_secret_access_key: "{{ cloud_public_storage_secret }}" local_file_or_folder_path: "{{ playbook_dir }}/../utils/{{ item }}" - s3_path: "{{ upload_storage }}" + s3_path: "" with_items: - "{{ source_folder.split(',') }}" when: cloud_service_provider == "aws" @@ -50,13 +50,59 @@ name: gcp-cloud-storage tasks_from: upload-batch.yml vars: - dest_folder_name: "{{ upload_storage }}" + gcp_bucket_name: "{{ cloud_storage_public_bucketname }}" dest_folder_path: "" local_file_or_folder_path: "{{ playbook_dir }}/../utils/{{ item }}" - gcp_bucket_name: "{{ gcloud_public_bucket_name }}" with_items: - "{{ source_folder.split(',') }}" when: cloud_service_provider == "gcloud" tags: - upload-faqs + +- hosts: localhost + vars_files: + - "{{inventory_dir}}/secrets.yml" + tasks: + - name: upload batch of files to azure storage + include_role: + name: azure-cloud-storage + tasks_from: blob-upload-batch.yml + vars: + blob_container_name: "{{ cloud_storage_content_bucketname }}" + container_public_access: "container" + blob_container_folder_path: "" + local_file_or_folder_path: "{{ playbook_dir }}/../utils/{{ item }}" + storage_account_name: "{{ cloud_public_storage_accountname }}" + storage_account_key: "{{ cloud_public_storage_secret }}" + with_items: + - "{{ source_folder.split(',') }}" + when: cloud_service_provider == "azure" + + - name: upload batch of files to s3 + include_role: + name: aws-cloud-storage + tasks_from: upload-folder.yml + vars: + s3_bucket_name: "{{ cloud_storage_content_bucketname }}" + aws_default_region: "{{ cloud_public_storage_region }}" + aws_access_key_id: "{{ cloud_public_storage_accountname }}" + aws_secret_access_key: "{{ cloud_public_storage_secret }}" + local_file_or_folder_path: "{{ playbook_dir }}/../utils/{{ item }}" + s3_path: "" + with_items: + - "{{ source_folder.split(',') }}" + when: cloud_service_provider == "aws" + + - name: upload batch of files to gcloud storage + include_role: + name: gcp-cloud-storage + tasks_from: upload-batch.yml + vars: + gcp_bucket_name: "{{ cloud_storage_content_bucketname }}" + dest_folder_path: "" + local_file_or_folder_path: "{{ playbook_dir }}/../utils/{{ item }}" + with_items: + - "{{ source_folder.split(',') }}" + when: cloud_service_provider == "gcloud" + tags: - upload-RC-schema diff --git a/deploy/jenkins/jobs/Deploy/jobs/Vidyadaan/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml b/deploy/jenkins/jobs/Deploy/jobs/Vidyadaan/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml index 0236cab0eb..1363bd3fcf 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/Vidyadaan/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/Vidyadaan/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml @@ -83,7 +83,7 @@ return """<b>This parameter is not used</b>""" - upload-batch + upload-csv-template @@ -102,15 +102,6 @@ return """<b>This parameter is not used</b>""" false - - upload_storage - - - - content-service - - - source_path diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadChatbotConfig/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadChatbotConfig/config.xml index defc3a0ddd..79d963a0e7 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadChatbotConfig/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadChatbotConfig/config.xml @@ -84,15 +84,6 @@ return """<b>This parameter is not used</b>""" master false - - upload_storage - - - - chatbot - - - source_path @@ -169,4 +160,4 @@ return """<b>This parameter is not used</b>""" false - \ No newline at end of file + diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml index d87aac4ee3..72d310489e 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadCollectionHierarchyCSV/config.xml @@ -83,7 +83,7 @@ return """<b>This parameter is not used</b>""" - upload-batch + upload-csv-template @@ -102,15 +102,6 @@ return """<b>This parameter is not used</b>""" false - - upload_storage - - - - sourcing - - - source_path @@ -175,4 +166,4 @@ return """<b>This parameter is not used</b>""" false - \ No newline at end of file + diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadDiscussionUIDocs/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadDiscussionUIDocs/config.xml index a801645925..66d749e86a 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadDiscussionUIDocs/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadDiscussionUIDocs/config.xml @@ -159,15 +159,6 @@ return """<b>This parameter is not used</b>""" ET_FORMATTED_HTML true - - upload_storage - - - - discussion-ui - - - source_path @@ -191,7 +182,7 @@ return """<b>This parameter is not used</b>""" - upload-batch + upload-discussion-ui diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadFAQs/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadFAQs/config.xml index 85b7c81efb..9a6fccc4b5 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadFAQs/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadFAQs/config.xml @@ -71,15 +71,6 @@ return """<b>This parameter is not used</b>""" ET_FORMATTED_HTML true - - upload_storage - - - - public - - - tag diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadPortalLabel/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadPortalLabel/config.xml index a75d9ee220..a1b8680986 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadPortalLabel/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UploadPortalLabel/config.xml @@ -71,15 +71,6 @@ return """<b>This parameter is not used</b>""" ET_FORMATTED_HTML true - - upload_storage - - - - label - - - destination_path diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Sunbird-RC/jobs/UploadRCSchema/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Sunbird-RC/jobs/UploadRCSchema/config.xml index ea47b8d14e..1ff2974d6d 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Sunbird-RC/jobs/UploadRCSchema/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Sunbird-RC/jobs/UploadRCSchema/config.xml @@ -71,15 +71,6 @@ return """<b>This parameter is not used</b>""" ET_FORMATTED_HTML true - - upload_storage - - - - sunbird-content-dev - - - tag diff --git a/pipelines/deploy/desktop-faq/Jenkinsfile b/pipelines/deploy/desktop-faq/Jenkinsfile index d282ec2884..1b1a8d7f0d 100644 --- a/pipelines/deploy/desktop-faq/Jenkinsfile +++ b/pipelines/deploy/desktop-faq/Jenkinsfile @@ -25,7 +25,7 @@ node() { jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "${currentWs}/ansible/desktop-faq-upload.yml" - ansibleExtraArgs = "--extra-vars \" upload_storage=${params.upload_storage} src_file_path=${params.src_file_path} destination_path=${params.destination_path} env_name=$envDir\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag}" + ansibleExtraArgs = "--extra-vars \" src_file_path=${params.src_file_path} destination_path=${params.destination_path} env_name=$envDir\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag}" values.put('currentWs', currentWs) values.put('env', envDir) values.put('module', module) diff --git a/pipelines/upload/chatbot/Jenkinsfile b/pipelines/upload/chatbot/Jenkinsfile index c97597c44c..da0774f382 100644 --- a/pipelines/upload/chatbot/Jenkinsfile +++ b/pipelines/upload/chatbot/Jenkinsfile @@ -38,7 +38,7 @@ node() { jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "${currentWs}/ansible/desktop-faq-upload.yml" - ansibleExtraArgs = "--extra-vars \" upload_storage=${params.upload_storage} src_file_path=${params.source_path} destination_path=${params.destination_path}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag}" + ansibleExtraArgs = "--extra-vars \" src_file_path=${params.source_path} destination_path=${params.destination_path}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag}" values.put('currentWs', currentWs) values.put('env', envDir) values.put('module', module) diff --git a/pipelines/upload/discussion-UI/Jenkinsfile b/pipelines/upload/discussion-UI/Jenkinsfile index c4d794fb3e..067158e445 100644 --- a/pipelines/upload/discussion-UI/Jenkinsfile +++ b/pipelines/upload/discussion-UI/Jenkinsfile @@ -30,7 +30,7 @@ node() { unzip ${artifact} """ ansiblePlaybook = "${currentWs}/ansible/desktop-faq-upload.yml" - ansibleExtraArgs = "--extra-vars \" upload_storage=${params.upload_storage} src_file_path=${params.source_path} destination_path=${params.destination_path}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag}" + ansibleExtraArgs = "--extra-vars \" src_file_path=${params.source_path} destination_path=${params.destination_path}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag}" values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) println values diff --git a/pipelines/upload/faqs/Jenkinsfile b/pipelines/upload/faqs/Jenkinsfile index 4f18801b4e..f44c1b5020 100644 --- a/pipelines/upload/faqs/Jenkinsfile +++ b/pipelines/upload/faqs/Jenkinsfile @@ -25,7 +25,7 @@ node() { jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "${currentWs}/ansible/uploadFAQs.yml" - ansibleExtraArgs = "--tags ${params.tag} --extra-vars \"upload_storage=${params.upload_storage} source_folder=${params.source_folder}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansibleExtraArgs = "--tags ${params.tag} --extra-vars \" source_folder=${params.source_folder}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('currentWs', currentWs) values.put('env', envDir) values.put('module', module) diff --git a/pipelines/upload/portal-csv/Jenkinsfile b/pipelines/upload/portal-csv/Jenkinsfile index 6e8453d3e2..502fadcdbb 100644 --- a/pipelines/upload/portal-csv/Jenkinsfile +++ b/pipelines/upload/portal-csv/Jenkinsfile @@ -27,7 +27,7 @@ node() { jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "${currentWs}/ansible/desktop-faq-upload.yml" - ansibleExtraArgs = "--extra-vars \" upload_storage=${params.upload_storage} src_file_path=${params.source_path} destination_path=${params.destination_path}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag}" + ansibleExtraArgs = "--extra-vars \" src_file_path=${params.source_path} destination_path=${params.destination_path}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass --tags ${params.tag}" values.put('currentWs', currentWs) values.put('env', envDir) values.put('module', module) From 8f5efcd39ec159cd90593895d679bcf25c9d85ec Mon Sep 17 00:00:00 2001 From: Kumar Gauraw Date: Mon, 12 Dec 2022 15:22:04 +0530 Subject: [PATCH 196/434] Issue #IQ-193 feat: updated config of assessment --- ansible/roles/stack-sunbird/defaults/main.yml | 12 +++++- .../assessment-service_application.conf | 39 ++++++++++--------- 2 files changed, 32 insertions(+), 19 deletions(-) diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index 0c8c86242d..036fda51bd 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -1052,4 +1052,14 @@ kong_desktop_device_consumer_names_for_opa: '["desktop"]' cloudstorage_relative_path_prefix_content: "CONTENT_STORAGE_BASE_PATH" cloudstorage_relative_path_prefix_dial: "DIAL_STORAGE_BASE_PATH" -cloudstorage_metadata_list: '["appIcon", "artifactUrl", "posterImage", "previewUrl", "thumbnail", "assetsMap", "certTemplate", "itemSetPreviewUrl", "grayScaleAppIcon", "sourceURL", "variants", "downloadUrl", "streamingUrl", "toc_url", "data", "question", "solutions", "editorState", "media", "pdfUrl"]' \ No newline at end of file +cloudstorage_metadata_list: '["appIcon", "artifactUrl", "posterImage", "previewUrl", "thumbnail", "assetsMap", "certTemplate", "itemSetPreviewUrl", "grayScaleAppIcon", "sourceURL", "variants", "downloadUrl", "streamingUrl", "toc_url", "data", "question", "solutions", "editorState", "media", "pdfUrl"]' + +### inQuiry assessment service default values +inquiry_schema_path: "{{ kp_schema_base_path }}" +inquiry_kafka_urls: "{{ kafka_urls }}" +inquiry_assessment_import_kafka_topic_name: "{{ env_name }}.object.import.request" +inquiry_assessment_publish_kafka_topic_name: "{{ env_name }}.assessment.publish.request" +inquiry_cassandra_connection: "{{ lp_cassandra_connection }}" +inquiry_cassandra_keyspace_prefix: "{{ lp_cassandra_keyspace_prefix }}" +inquiry_redis_host: "{{ sunbird_lp_redis_host }}" +inquiry_search_service_base_url: "{{ sunbird_search_service_api_base_url }}/v3/search" \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/assessment-service_application.conf b/ansible/roles/stack-sunbird/templates/assessment-service_application.conf index 60d129907a..c06a44f2d8 100644 --- a/ansible/roles/stack-sunbird/templates/assessment-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/assessment-service_application.conf @@ -336,14 +336,13 @@ play.filters { play.http.parser.maxMemoryBuffer = 50MB akka.http.parsing.max-content-length = 50MB -schema.base_path="{{ kp_schema_base_path | default('/home/sunbird/assessment-service-1.0-SNAPSHOT/schemas')}}" +schema.base_path="{{ inquiry_schema_path | default('/home/sunbird/assessment-service-1.0-SNAPSHOT/schemas')}}" # Cassandra Configuration -cassandra.lp.connection="{{ lp_cassandra_connection }}" -content.keyspace = "{{ lp_cassandra_keyspace_prefix }}_content_store" +cassandra.lp.connection="{{ inquiry_cassandra_connection }}" # Redis Configuration -redis.host="{{ sunbird_lp_redis_host }}" +redis.host="{{ inquiry_redis_host }}" redis.port=6379 redis.maxConnections=128 @@ -383,30 +382,24 @@ languageCode { telugu : "te" } -cloud_storage_type: "{{ cloud_service_provider }}" -cloud_storage_key: "{{ cloud_public_storage_accountname }}" -cloud_storage_secret: "{{ cloud_public_storage_secret }}" -cloud_storage_endpoint: "{{ cloud_public_storage_endpoint }}" -cloud_storage_container: "{{ cloud_storage_content_bucketname }}" - kafka { - urls : "{{ kafka_urls }}" + urls : "{{ inquiry_kafka_urls }}" topic.send.enable : true - topics.instruction : "{{ env_name }}.assessment.publish.request" + topics.instruction : "{{ inquiry_assessment_publish_kafka_topic_name }}" } -objectcategorydefinition.keyspace="{{ lp_cassandra_keyspace_prefix }}_category_store" -question.keyspace="{{ lp_cassandra_keyspace_prefix }}_question_store" -questionset.keyspace="{{ lp_cassandra_keyspace_prefix }}_hierarchy_store" +objectcategorydefinition.keyspace="{{ inquiry_cassandra_keyspace_prefix }}_category_store" +question.keyspace="{{ inquiry_cassandra_keyspace_prefix }}_question_store" +questionset.keyspace="{{ inquiry_cassandra_keyspace_prefix }}_hierarchy_store" composite { search { - url : "{{ sunbird_search_service_api_base_url }}/v3/search" + url : "{{ inquiry_search_service_base_url }}" } } import { request_size_limit : 300 - output_topic_name : "{{ env_name }}.object.import.request" + output_topic_name : "{{ inquiry_assessment_import_kafka_topic_name }}" required_props { question : ["name", "code", "mimeType", "framework", "channel"] questionset : ["name", "code", "mimeType", "framework", "channel"] @@ -426,4 +419,14 @@ assessment.copy.props_to_remove=["downloadUrl", "artifactUrl", "variants", "LastPublishedBy", "rejectReasons", "rejectComment", "gradeLevel", "subject", "medium", "board", "topic", "purpose", "subtopic", "contentCredits", "owner", "collaborators", "creators", "contributors", "badgeAssertions", "dialcodes", - "concepts", "keywords", "reservedDialcodes", "dialcodeRequired", "leafNodes", "sYS_INTERNAL_LAST_UPDATED_ON", "prevStatus", "lastPublishedBy", "streamingUrl"] \ No newline at end of file + "concepts", "keywords", "reservedDialcodes", "dialcodeRequired", "leafNodes", "sYS_INTERNAL_LAST_UPDATED_ON", "prevStatus", "lastPublishedBy", "streamingUrl"] + +cloud_storage_container: "{{ cloud_storage_content_bucketname }}" + +cloudstorage { + metadata.replace_absolute_path={{ cloudstorage_replace_absolute_path | default('false') }} + metadata.list={{ cloudstorage_metadata_list }} + relative_path_prefix="{{ cloudstorage_relative_path_prefix | default('CLOUD_STORAGE_BASE_PATH') }}" + read_base_path="{{ cloudstorage_base_path }}" + write_base_path={{ valid_cloudstorage_base_urls }} +} \ No newline at end of file From 08abafc3e0ae706d7ad8b3715cbac627f3579271 Mon Sep 17 00:00:00 2001 From: Ashwiniev95 <52481775+Ashwiniev95@users.noreply.github.com> Date: Mon, 12 Dec 2022 18:03:09 +0530 Subject: [PATCH 197/434] Add a new variable (#3661) --- ansible/roles/ml-analytics-service/defaults/main.yml | 1 + ansible/roles/ml-analytics-service/templates/config.j2 | 1 + 2 files changed, 2 insertions(+) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index a480b01ccd..6c9ea27e79 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -112,3 +112,4 @@ cloud_storage_telemetry_bucketname: "{{ cloud_storage_telemetry_bucketname }}" cloud_private_storage_secret: "{{ cloud_private_storage_secret }}" cloud_private_storage_region: "{{ cloud_private_storage_region }}" cloud_private_storage_endpoint: "{{ cloud_private_storage_endpoint }}" +ml_analytics_project_program : "{{ WORKDIR }}/ml-analytics-service/projects/program_ids.txt" diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index 70160c64c0..aa365dbb0c 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -232,6 +232,7 @@ survey_sub_ids = {{ml_analytics_survey_submission_id_filepath}} survey_druid_data = {{ml_analytics_survey_batchupdate_output_dir}} +program_text_file = {{ml_analytics_project_program}} [SLACK] From 0c14ae91c89dec4ce69ec3e7cdb728d992c14db4 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Tue, 13 Dec 2022 16:22:16 +0530 Subject: [PATCH 198/434] Update main.yml --- ansible/roles/ml-analytics-service/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 6c9ea27e79..6c40b8b6c0 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -102,7 +102,7 @@ ml_analytics_survey_batchupdate_output_dir : "{{ WORKDIR }}/source/survey/" ml_analytics_druid_interval_list: '["1901-01-01T00:00:00+00:00/2020-01-01T00:00:00+00:00","2020-01-01T00:00:00+00:00/2020-06-01T00:00:00+00:00","2020-06-01T00:00:00+00:00/2021-01-01T00:00:00+00:00","2021-01-01T00:00:00+00:00/2021-06-01T00:00:00+00:00","2021-06-01T00:00:00+00:00/2022-01-01T00:00:00+00:00","2022-01-01T00:00:00+00:00/2022-03-01T00:00:00+00:00","2022-03-01T00:00:00+00:00/2022-06-01T00:00:00+00:00","2022-06-01T00:00:00+00:00/2022-09-01T00:00:00+00:00","2022-09-01T00:00:00+00:00/2023-01-01T00:00:00+00:00"]' ML_Cloud_Service_Provider: "{{ cloud_service_provider | default('azure') }}" ## Valid options - ORACLE, gcloud, aws & azure ml_analytics_cloud_package_path: "{{ config_path }}/cloud_storage" -ml_analytics_cname_url: "https://{{ cloud_private_storage_accountname }}.blob.core.windows.net/{{ cloud_storage_telemetry_bucketname }}" +ml_analytics_cname_url: "{{ cloud_storage_url }}/{{ cloud_storage_samiksha_bucketname }}" ml_Cloud_secret_json_file: "cloud_secrets.json" ml_Cloud_Secrets: account_name: "{{ cloud_private_storage_accountname }}" @@ -113,3 +113,4 @@ cloud_private_storage_secret: "{{ cloud_private_storage_secret }}" cloud_private_storage_region: "{{ cloud_private_storage_region }}" cloud_private_storage_endpoint: "{{ cloud_private_storage_endpoint }}" ml_analytics_project_program : "{{ WORKDIR }}/ml-analytics-service/projects/program_ids.txt" +ml_analytics_projects_program_filename: "{{ config_path }}/projects/program_ids.txt" From f4f545de049adfdf53501fd59669c17acc6cf73b Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Tue, 13 Dec 2022 16:23:11 +0530 Subject: [PATCH 199/434] Update shell_script_config.j2 --- .../ml-analytics-service/templates/shell_script_config.j2 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ansible/roles/ml-analytics-service/templates/shell_script_config.j2 b/ansible/roles/ml-analytics-service/templates/shell_script_config.j2 index 6ecdeba31a..97e35a4db0 100644 --- a/ansible/roles/ml-analytics-service/templates/shell_script_config.j2 +++ b/ansible/roles/ml-analytics-service/templates/shell_script_config.j2 @@ -1,2 +1 @@ -mongo_url={{ ml_analytics_mongodb_url }} -mongo_db_name={{ ml_analytics_mongo_db_name }} +projects_program_filename={{ ml_analytics_projects_program_filename }} From ddeeff6721ef6460b7de5fd40d4f4c299c755aa7 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Tue, 13 Dec 2022 17:01:35 +0530 Subject: [PATCH 200/434] Update Ingestion Spec --- ansible/roles/ml-analytics-service/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 6c40b8b6c0..06fb010cdf 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -82,7 +82,7 @@ ml_analytics_projects_distinctCnt_prglevel_output_dir: "{{ WORKDIR }}/source/pro ml_analytics_projects_distinctCnt_prglevel_cloud_blob_path: "projects/distinctCountPrglevel/" ml_analytics_survey_status_output_dir : "{{ WORKDIR }}/source/survey/status/output" ml_analytics_survey_cloud_blob_path : "survey/status/" -ml_analytics_druid_survey_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/survey/status/sl_survey_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-survey-status","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":true,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"iso"},"dimensionsSpec":{"dimensions":["survey_submission_id", "submission_status", "user_id", "user_sub_type", "user_type", "state_externalId", "block_externalId", "district_externalId", "cluster_externalId", "school_externalId", "state_name", "block_name", "district_name", "cluster_name", "school_name", "board_name", "organisation_id", "organisation_name", "program_externalId", "program_id", "program_name", "survey_name", "survey_id", "survey_externalId", "created_date", "submission_date", "updatedAt", "parent_channel", "solution_name", "solution_id","private_program"]},"metricsSpec":[]}}}' +ml_analytics_druid_survey_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/survey/status/sl_survey_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-survey-status","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":true,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"iso"},"dimensionsSpec":{"dimensions":["survey_submission_id", "submission_status", "user_id", "user_sub_type", "user_type", "state_externalId", "block_externalId", "district_externalId", "cluster_externalId", "school_externalId", "state_name", "block_name", "district_name", "cluster_name", "school_name", "board_name", "organisation_id", "organisation_name", "program_externalId", "program_id", "program_name", "survey_name", "survey_id", "survey_externalId", "created_date", "submission_date", "updatedAt", "parent_channel", "solution_name", "solution_id","private_program","state_code","school_code","district_code","block_code","cluster_code"]},"metricsSpec":[]}}}' ml_analytics_slack_token: "{{ ml_slack_token | default('') }}" ml_analytics_channel_name: "{{ ml_slack_channel | default('') }}" ml_analytics_program_dashboard_cloud_blob_path: "{{ ml_program_blob_path | default('') }}" From fb320160c4fa076197b974d9d6308d21239bb813 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Wed, 14 Dec 2022 09:36:22 +0530 Subject: [PATCH 201/434] Remove SAS token --- ansible/roles/ml-analytics-service/templates/config.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index aa365dbb0c..c0ec68fd3e 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -192,8 +192,6 @@ bucket_name = {{ cloud_storage_telemetry_bucketname }} account_name = {{ cloud_private_storage_accountname }} -sas_token = {{ cloud_private_storage_secret }} - container_name = {{ cloud_storage_telemetry_bucketname }} account_key = {{ cloud_private_storage_secret }} From c0873da4e7fbcba65ca315179f98e5dd26c39c00 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Wed, 14 Dec 2022 13:06:34 +0530 Subject: [PATCH 202/434] Missing vars update (#3666) --- ansible/roles/ml-analytics-service/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 06fb010cdf..33d37d02a6 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -83,8 +83,8 @@ ml_analytics_projects_distinctCnt_prglevel_cloud_blob_path: "projects/distinctCo ml_analytics_survey_status_output_dir : "{{ WORKDIR }}/source/survey/status/output" ml_analytics_survey_cloud_blob_path : "survey/status/" ml_analytics_druid_survey_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/survey/status/sl_survey_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-survey-status","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":true,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"iso"},"dimensionsSpec":{"dimensions":["survey_submission_id", "submission_status", "user_id", "user_sub_type", "user_type", "state_externalId", "block_externalId", "district_externalId", "cluster_externalId", "school_externalId", "state_name", "block_name", "district_name", "cluster_name", "school_name", "board_name", "organisation_id", "organisation_name", "program_externalId", "program_id", "program_name", "survey_name", "survey_id", "survey_externalId", "created_date", "submission_date", "updatedAt", "parent_channel", "solution_name", "solution_id","private_program","state_code","school_code","district_code","block_code","cluster_code"]},"metricsSpec":[]}}}' -ml_analytics_slack_token: "{{ ml_slack_token | default('') }}" -ml_analytics_channel_name: "{{ ml_slack_channel | default('') }}" +ml_slack_token: "{{ ml_analytics_slack_token | default('') }}" +ml_slack_channel: "{{ ml_analytics_slack_channel | default('') }}" ml_analytics_program_dashboard_cloud_blob_path: "{{ ml_program_blob_path | default('') }}" ml_druid_query_data: "{{ ml_druid_query | default('') }}" ml_program_dashboard_data: "{{ ml_program_data | default('') }}" From c8dd939c932f8989e7874f4d70601ca85d944111 Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Wed, 14 Dec 2022 14:32:50 +0530 Subject: [PATCH 203/434] LR-110 removed un-necessary prefix --- .../sunbird-RC/registry/schemas/TrainingCertificate.json | 2 +- utils/sunbird-RC/schema/credential_template.json | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json b/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json index 5187b08e81..84dc1d5429 100644 --- a/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json +++ b/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json @@ -69,6 +69,6 @@ ], "systemFields": ["osCreatedAt", "osUpdatedAt", "osCreatedBy", "osUpdatedBy"], "enableLogin": false, - "credentialTemplate": "https://{{ upstream_url }}/schema/credential_template.json" + "credentialTemplate": "{{ upstream_url }}/schema/credential_template.json" } } diff --git a/utils/sunbird-RC/schema/credential_template.json b/utils/sunbird-RC/schema/credential_template.json index f96a3c0528..60477810b0 100644 --- a/utils/sunbird-RC/schema/credential_template.json +++ b/utils/sunbird-RC/schema/credential_template.json @@ -1,7 +1,7 @@ { "@context": [ - "https://{{ upstream_url }}/schema/v1_context.json", - "https://{{ upstream_url }}/schema/sunbird_context.json" + "{{ upstream_url }}/schema/v1_context.json", + "{{ upstream_url }}/schema/sunbird_context.json" ], "type": [ "VerifiableCredential" From 9c6b12f8cdb789744ef74c762899cc6130053450 Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Wed, 14 Dec 2022 15:03:51 +0530 Subject: [PATCH 204/434] Release 5.1.0 - csp changes (#3667) --- ansible/assets-upload.yml | 1 - ansible/deploy-plugins.yml | 1 - .../tasks/delete-using-azcopy.yml | 12 +++++++++++- .../tasks/upload-using-azcopy.yml | 12 +++++++++++- ansible/roles/cassandra-backup/tasks/main.yml | 2 +- .../postgres-managed-service-restore/tasks/main.yml | 2 +- 6 files changed, 24 insertions(+), 6 deletions(-) diff --git a/ansible/assets-upload.yml b/ansible/assets-upload.yml index 2d8d4b1bc2..09e7df6ceb 100644 --- a/ansible/assets-upload.yml +++ b/ansible/assets-upload.yml @@ -13,7 +13,6 @@ blob_container_folder_path: "" storage_account_name: "{{ cloud_public_storage_accountname }}" storage_account_key: "{{ cloud_public_storage_secret }}" - storage_account_sas_token: "{{ azure_public_storage_account_sas }}" - name: delete files and folders from azure storage using azcopy include_role: diff --git a/ansible/deploy-plugins.yml b/ansible/deploy-plugins.yml index 6d048b18c4..a78ce1c640 100644 --- a/ansible/deploy-plugins.yml +++ b/ansible/deploy-plugins.yml @@ -19,7 +19,6 @@ container_public_access: "container" storage_account_name: "{{ cloud_public_storage_accountname }}" storage_account_key: "{{ cloud_public_storage_secret }}" - storage_account_sas_token: "{{ azure_public_storage_account_sas }}" tags: - always no_log: True diff --git a/ansible/roles/azure-cloud-storage/tasks/delete-using-azcopy.yml b/ansible/roles/azure-cloud-storage/tasks/delete-using-azcopy.yml index 236169e86c..196de9c9b3 100644 --- a/ansible/roles/azure-cloud-storage/tasks/delete-using-azcopy.yml +++ b/ansible/roles/azure-cloud-storage/tasks/delete-using-azcopy.yml @@ -1,6 +1,16 @@ --- +- name: generate SAS token for azcopy + shell: | + sas_expiry=`date -u -d "1 hour" '+%Y-%m-%dT%H:%MZ'` + sas_token=?`az storage container generate-sas -n {{ blob_container_name }} --account-name {{ storage_account_name }} --account-key {{ storage_account_key }} --https-only --permissions dlrw --expiry $sas_expiry -o tsv` + echo $sas_token + register: sas_token + +- set_fact: + container_sas_token: "{{ sas_token.stdout}}" + - name: delete files and folders from azure storage using azcopy - shell: "azcopy rm 'https://{{ storage_account_name }}.blob.core.windows.net/{{ blob_container_name }}{{ blob_container_folder_path }}{{ storage_account_sas_token }}' --recursive" + shell: "azcopy rm 'https://{{ storage_account_name }}.blob.core.windows.net/{{ blob_container_name }}{{ blob_container_folder_path }}{{ container_sas_token }}' --recursive" environment: AZCOPY_CONCURRENT_FILES: "10" async: 10800 diff --git a/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml b/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml index affbc8c002..95da584c9b 100644 --- a/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml +++ b/ansible/roles/azure-cloud-storage/tasks/upload-using-azcopy.yml @@ -1,4 +1,14 @@ --- +- name: generate SAS token for azcopy + shell: | + sas_expiry=`date -u -d "1 hour" '+%Y-%m-%dT%H:%MZ'` + sas_token=?`az storage container generate-sas -n {{ blob_container_name }} --account-name {{ storage_account_name }} --account-key {{ storage_account_key }} --https-only --permissions dlrw --expiry $sas_expiry -o tsv` + echo $sas_token + register: sas_token + +- set_fact: + container_sas_token: "{{ sas_token.stdout}}" + - name: create container in azure storage if it doesn't exist include_role: name: azure-cloud-storage @@ -6,7 +16,7 @@ when: create_container == True - name: upload files and folders to azure storage using azcopy - shell: "azcopy copy {{ local_file_or_folder_path }} 'https://{{ storage_account_name }}.blob.core.windows.net/{{ blob_container_name }}{{ blob_container_folder_path }}{{ storage_account_sas_token }}' --recursive" + shell: "azcopy copy {{ local_file_or_folder_path }} 'https://{{ storage_account_name }}.blob.core.windows.net/{{ blob_container_name }}{{ blob_container_folder_path }}{{ container_sas_token }}' --recursive" environment: AZCOPY_CONCURRENT_FILES: "10" async: 10800 diff --git a/ansible/roles/cassandra-backup/tasks/main.yml b/ansible/roles/cassandra-backup/tasks/main.yml index ce0e646662..0e5ae87477 100755 --- a/ansible/roles/cassandra-backup/tasks/main.yml +++ b/ansible/roles/cassandra-backup/tasks/main.yml @@ -42,7 +42,7 @@ blob_container_folder_path: "" local_file_or_folder_path: "/data/cassandra/backup/{{ cassandra_backup_folder_name }}" storage_account_name: "{{ cloud_management_storage_accountname }}" - storage_account_sas_token: "{{ azure_management_storage_account_sas }}" + storage_account_key: "{{ cloud_management_storage_secret }}" when: cloud_service_provider == "azure" - name: upload backup to S3 diff --git a/ansible/roles/postgres-managed-service-restore/tasks/main.yml b/ansible/roles/postgres-managed-service-restore/tasks/main.yml index c3d518db56..58d2c53482 100644 --- a/ansible/roles/postgres-managed-service-restore/tasks/main.yml +++ b/ansible/roles/postgres-managed-service-restore/tasks/main.yml @@ -26,7 +26,7 @@ name: aws-cloud-storage tasks_from: download.yml vars: - s3_bucket_name: "{{ cloud_storage_management_bucketname }}" + s3_bucket_name: "{{ cloud_storage_postgresqlbackup_bucketname }}" aws_access_key_id: "{{ cloud_management_storage_accountname }}" aws_secret_access_key: "{{ cloud_management_storage_secret }}" aws_default_region: "{{ cloud_public_storage_region }}" From 061a993f8c85635eaad2388090aa5725b0cea239 Mon Sep 17 00:00:00 2001 From: VISHNUDAS <95604247+VISHNUDAS-tunerlabs@users.noreply.github.com> Date: Wed, 14 Dec 2022 15:26:06 +0530 Subject: [PATCH 205/434] Add logging level configuration for registry service (#3669) Add logging level configuration for registry service --- kubernetes/helm_charts/sunbird-RC/registry/values.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/kubernetes/helm_charts/sunbird-RC/registry/values.j2 b/kubernetes/helm_charts/sunbird-RC/registry/values.j2 index c582ae8941..433edbfc92 100644 --- a/kubernetes/helm_charts/sunbird-RC/registry/values.j2 +++ b/kubernetes/helm_charts/sunbird-RC/registry/values.j2 @@ -56,6 +56,7 @@ rccoreenv: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: {{ registry_listener_security_protocol_map|default('INTERNAL:PLAINTEXT,OUTSIDE:PLAINTEXT')}} KAFKA_INTER_BROKER_LISTENER_NAME: {{ registry_inter_broker_listener_name|default('INTERNAL')}} KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: {{ registry_offsets_topic_replication_factor|default('1')}} + logging.level.root : {{ registry_logging_level|default('INFO')}} {# The below should get enabled once the service has probes implemented #} {# {{ registry_liveness_readiness | to_nice_yaml }} #} From fadcdc00c7c0d2199d89b84df21076d7994d4c7b Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Wed, 14 Dec 2022 16:51:27 +0530 Subject: [PATCH 206/434] LR-110 added default context --- utils/sunbird-RC/schema/credential_template.json | 1 + 1 file changed, 1 insertion(+) diff --git a/utils/sunbird-RC/schema/credential_template.json b/utils/sunbird-RC/schema/credential_template.json index 60477810b0..a999eca8da 100644 --- a/utils/sunbird-RC/schema/credential_template.json +++ b/utils/sunbird-RC/schema/credential_template.json @@ -1,5 +1,6 @@ { "@context": [ + "https://www.w3.org/2018/credentials/v1", "{{ upstream_url }}/schema/v1_context.json", "{{ upstream_url }}/schema/sunbird_context.json" ], From 95a83a1a3c3000dbeb4d823370b057e7c01bf2e1 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Thu, 15 Dec 2022 15:53:08 +0530 Subject: [PATCH 207/434] Update config.j2 (#3673) --- .../ml-analytics-service/defaults/main.yml | 12 ++++++------ .../ml-analytics-service/templates/config.j2 | 18 +++++++++--------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 33d37d02a6..65274b1182 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -105,12 +105,12 @@ ml_analytics_cloud_package_path: "{{ config_path }}/cloud_storage" ml_analytics_cname_url: "{{ cloud_storage_url }}/{{ cloud_storage_samiksha_bucketname }}" ml_Cloud_secret_json_file: "cloud_secrets.json" ml_Cloud_Secrets: - account_name: "{{ cloud_private_storage_accountname }}" - account_key: "{{ cloud_private_storage_secret }}" -cloud_private_storage_accountname: "{{ cloud_private_storage_accountname }}" + account_name: "{{ cloud_public_storage_accountname }}" + account_key: "{{ cloud_public_storage_secret }}" +cloud_public_storage_accountname: "{{ cloud_public_storage_accountname }}" cloud_storage_telemetry_bucketname: "{{ cloud_storage_telemetry_bucketname }}" -cloud_private_storage_secret: "{{ cloud_private_storage_secret }}" -cloud_private_storage_region: "{{ cloud_private_storage_region }}" -cloud_private_storage_endpoint: "{{ cloud_private_storage_endpoint }}" +cloud_public_storage_secret: "{{ cloud_public_storage_secret }}" +cloud_public_storage_region: "{{ cloud_public_storage_region }}" +cloud_public_storage_endpoint: "{{ cloud_public_storage_endpoint }}" ml_analytics_project_program : "{{ WORKDIR }}/ml-analytics-service/projects/program_ids.txt" ml_analytics_projects_program_filename: "{{ config_path }}/projects/program_ids.txt" diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index c0ec68fd3e..52927ec957 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -154,13 +154,13 @@ survey_streaming_error = {{ ml_analytics_survey_log_folder_path }}/error.log [ORACLE] -endpoint_url = {{ cloud_private_storage_endpoint }} +endpoint_url = {{ cloud_public_storage_endpoint }} -access_key = {{ cloud_private_storage_accountname }} +access_key = {{ cloud_public_storage_accountname }} -secret_access_key = {{ cloud_private_storage_secret }} +secret_access_key = {{ cloud_public_storage_secret }} -region_name = {{ cloud_private_storage_region }} +region_name = {{ cloud_public_storage_region }} bucket_name = {{ cloud_storage_telemetry_bucketname }} @@ -178,11 +178,11 @@ bucket_name = {{ cloud_storage_telemetry_bucketname }} service_name = S3 -access_key = {{ cloud_private_storage_accountname }} +access_key = {{ cloud_public_storage_accountname }} -secret_access_key = {{ cloud_private_storage_secret }} +secret_access_key = {{ cloud_public_storage_secret }} -region_name = {{ cloud_private_storage_region }} +region_name = {{ cloud_public_storage_region }} bucket_name = {{ cloud_storage_telemetry_bucketname }} @@ -190,11 +190,11 @@ bucket_name = {{ cloud_storage_telemetry_bucketname }} [AZURE] -account_name = {{ cloud_private_storage_accountname }} +account_name = {{ cloud_public_storage_accountname }} container_name = {{ cloud_storage_telemetry_bucketname }} -account_key = {{ cloud_private_storage_secret }} +account_key = {{ cloud_public_storage_secret }} {% endif %} From a807916a3952fcbcced5141da58e42b5e2444b14 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Thu, 15 Dec 2022 20:54:11 +0530 Subject: [PATCH 208/434] fix: ED-573 jenkins job to kill spark jobs Signed-off-by: Keshav Prasad --- ansible/kill_spark_jobs.yaml | 12 ++++++ pipelines/ops/kill-spark-jobs/Jenkinsfile | 51 +++++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 ansible/kill_spark_jobs.yaml create mode 100644 pipelines/ops/kill-spark-jobs/Jenkinsfile diff --git a/ansible/kill_spark_jobs.yaml b/ansible/kill_spark_jobs.yaml new file mode 100644 index 0000000000..01c01c5bcf --- /dev/null +++ b/ansible/kill_spark_jobs.yaml @@ -0,0 +1,12 @@ +--- +- hosts: spark + become: yes + tasks: + - name: get pids of job manager which may be orphaned + shell: ps -ef | grep [j]ob. | awk '{print $2}' + register: pids_of_jobmanager + + - name: kill the orphan job manager pids + shell: "kill -9 {{ item | int }}" + with_items: + - "{{ pids_of_jobmanager.stdout_lines }}" diff --git a/pipelines/ops/kill-spark-jobs/Jenkinsfile b/pipelines/ops/kill-spark-jobs/Jenkinsfile new file mode 100644 index 0000000000..37bad74c46 --- /dev/null +++ b/pipelines/ops/kill-spark-jobs/Jenkinsfile @@ -0,0 +1,51 @@ +@Library('deploy-conf') _ +node() { + try { + String ANSI_GREEN = "\u001B[32m" + String ANSI_NORMAL = "\u001B[0m" + String ANSI_BOLD = "\u001B[1m" + String ANSI_RED = "\u001B[31m" + String ANSI_YELLOW = "\u001B[33m" + + stage('checkout public repo') { + folder = new File("$WORKSPACE/.git") + if (folder.exists()) + { + println "Found .git folder. Clearing it.." + sh'git clean -fxd' + } + checkout scm + } + + ansiColor('xterm') { + stage('deploy'){ + values = [:] + currentWs = sh(returnStdout: true, script: 'pwd').trim() + envDir = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-3].trim() + module = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-2].trim() + jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() + ansiblePlaybook = "${currentWs}/ansible/kill_spark_jobs.yaml" + ansibleExtraArgs = "-v" + values.put('currentWs', currentWs) + values.put('env', envDir) + values.put('module', module) + values.put('jobName', jobName) + values.put('ansiblePlaybook', ansiblePlaybook) + values.put('ansibleExtraArgs', ansibleExtraArgs) + println values + ansible_playbook_run(values) + currentBuild.result = 'SUCCESS' + currentBuild.description = "Private: ${params.private_branch}, Public: ${params.branch_or_tag}" + } + } + summary() + } + catch (err) { + currentBuild.result = 'FAILURE' + throw err + } + finally { + slack_notify(currentBuild.result) + email_notify() + } +} From ece7ed3685bab5395e4333927c9fdff1282fbc27 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Fri, 16 Dec 2022 11:30:33 +0530 Subject: [PATCH 209/434] Update ingestion specs (#3677) --- ansible/roles/ml-analytics-service/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 65274b1182..d73099451d 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -53,12 +53,12 @@ ml_analytics_project_output_dir: "{{ WORKDIR }}/source/projects/output" ml_analytics_observation_status_output_dir: "{{ WORKDIR }}/source/observations/status/output" ml_analytics_api_authorization_key: "{{ml_api_auth_token | default('sunbird_api_auth_token')}}" ml_analytics_api_access_token: "{{ml_api_access_token | default('ml_core_internal_access_token')}}" -ml_analytics_druid_observation_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "azure","uris": ["azure://telemetry-data-store/observation/status/sl_observation_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-observation-status","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"auto"},"dimensionsSpec":{"dimensions":["status","entity_externalId","entity_id","entity_type","solution_id","solution_externalId","submission_id","entity_name","solution_name","role_title","school_name","school_code","school_externalId","state_name","state_code","state_externalId","district_name","district_code","district_externalId","block_name","block_code","block_externalId","cluster_name","cluster_code","cluster_externalId","completedDate","channel","parent_channel","program_id","program_externalId","program_name","app_name","user_id","private_program","solution_type","organisation_name","ecm_marked_na","board_name","updatedAt","organisation_id","user_type","observed_school_name","observed_school_id","observed_school_code","observed_state_name","observed_state_id","observed_state_code","observed_district_name","observed_district_id","observed_district_code","observed_block_name","observed_block_id","observed_block_code","observed_cluster_name","observed_cluster_id","observed_cluster_code"]},"metricsSpec":[]}}}' +ml_analytics_druid_observation_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "azure","uris": ["azure://telemetry-data-store/observation/status/sl_observation_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-observation-status","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"auto"},"dimensionsSpec":{"dimensions":["status","entity_externalId","entity_id","entity_type","solution_id","solution_externalId","submission_id","entity_name","solution_name","role_title","school_name","school_code","school_externalId","state_name","state_code","state_externalId","district_name","district_code","district_externalId","block_name","block_code","block_externalId","cluster_name","cluster_code","cluster_externalId","completedDate","channel","parent_channel","program_id","program_externalId","program_name","app_name","user_id","private_program","solution_type","organisation_name","ecm_marked_na","board_name","updatedAt","organisation_id","user_type","observed_school_name","observed_school_id","observed_school_code","observed_state_name","observed_state_id","observed_state_code","observed_district_name","observed_district_id","observed_district_code","observed_block_name","observed_block_id","observed_block_code","observed_cluster_name","observed_cluster_id","observed_cluster_code","isRubricDriven","criteriaLevelReport"]},"metricsSpec":[]}}}' ml_analytics_druid_project_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "azure","uris": ["azure://telemetry-data-store/projects/sl_projects.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-project","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"project_updated_date","format":"auto"},"dimensionsSpec":{"dimensions":[]},"metricsSpec":[]}}}' ml_analytics_druid_distinctCnt_obs_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount/ml_observation_distinctCount_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"status"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' ml_analytics_druid_distinctCnt_obs_domain_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount_domain/ml_observation_distinctCount_domain.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-domain","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"string","name":"domain_name"},{"type":"string","name":"domain_externalId"},{"type":"string","name":"domain_level"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' ml_analytics_druid_distinctCnt_obs_domain_criteria_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount_domain_criteria/ml_observation_distinctCount_domain_criteria.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-domain-criteria","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"string","name":"domain_name"},{"type":"string","name":"domain_externalId"},{"type":"string","name":"domain_level"},{"type":"string","name":"criteria_name"},{"type":"string","name":"criteria_score"},{"type":"string","name":"criteria_id"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' -ml_analytics_druid_distinctCnt_projects_status_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/projects/distinctCount/ml_projects_distinctCount.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"project_title"},{"type":"string","name":"solution_id"},{"type":"string","name":"status_of_project"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"private_program"},{"type":"string","name":"project_created_type"},{"type":"string","name":"parent_channel"},{"type":"long","name":"unique_projects"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"long","name":"no_of_imp_with_evidence"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' +ml_analytics_druid_distinctCnt_projects_status_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/projects/distinctCount/ml_projects_distinctCount.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"project_title"},{"type":"string","name":"solution_id"},{"type":"string","name":"status_of_project"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"private_program"},{"type":"string","name":"project_created_type"},{"type":"string","name":"parent_channel"},{"type":"long","name":"unique_projects"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"long","name":"no_of_imp_with_evidence"},{"type":"string","name":"time_stamp"},{"type":"long","name":"no_of_certificate_issued"}]},"metricsSpec":[]}}}' ml_analytics_obs_distinctCnt_cloud_blob_path: "observation/distinctCount/" ml_analytics_obs_distinctCnt_domain_cloud_blob_path: "observation/distinctCount_domain/" ml_analytics_obs_distinctCnt_domain_criteria_cloud_blob_path: "observation/distinctCount_domain_criteria/" @@ -77,7 +77,7 @@ ml_analytics_observation_status_rollup_output_dir: "/opt/sparkjobs/source/observ ml_analytics_druid_project_rollup_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/projects/rollup/projects_rollup.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-status-rollup","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"project_updated_date","format":"iso"},"dimensionsSpec":{"dimensions":["project_title","project_goal","area_of_improvement","status_of_project","tasks_name","tasks_status","designation","task_evidence_status","project_id","task_id","project_created_type","parent_channel","program_id","program_name","project_updated_date","createdBy","program_externalId","private_program","task_deleted_flag","project_terms_and_condition","state_externalId","block_externalId","district_externalId","cluster_externalId","school_externalId","state_name","block_name","district_name","cluster_name","school_name","board_name","organisation_name","solution_id","organisation_id",{"name":"status_code","type":"long"}]},"metricsSpec":[{"name":"count","type":"count"},{"name":"sum___v","type":"longSum","fieldName":"__v"},{"name":"sum_status_code","type":"longMax","fieldName":"status_code"},{"type":"HLLSketchBuild","name":"count_of_createBy","fieldName":"createdBy"},{"type":"HLLSketchBuild","name":"count_of_project_id","fieldName":"project_id"},{"type":"HLLSketchBuild","name":"count_of_solution_id","fieldName":"solution_id"},{"type":"HLLSketchBuild","name":"count_of_program_id","fieldName":"program_id"}]}}}' ml_analytics_druid_observation_status_rollup_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/rollup/observation_status_rollup.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-observation-status-rollup","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"iso"},"dimensionsSpec":{"dimensions":["status","user_id","solution_id","submission_id","entity_name","completedDate","program_id","private_program","solution_type","updatedAt","role_title","solution_name","program_name","channel","parent_channel","block_name","district_name","school_name","cluster_name","state_name","organisation_name","board_name","district_externalId","state_externalId","block_externalId","cluster_externalId","school_externalId","organisation_id",{"type":"long","name":"status_code"}]},"metricsSpec":[{"type":"count","name":"count"},{"type":"longSum","name":"sum___v","fieldName":"__v","expression":null},{"type":"HLLSketchBuild","name":"count_distinct_solution","fieldName":"solution_id","lgK":12,"tgtHllType":"HLL_4","round":false},{"type":"HLLSketchBuild","name":"count_distinct_submission_id","fieldName":"submission_id","lgK":12,"tgtHllType":"HLL_4","round":false},{"type":"HLLSketchBuild","name":"count_distinct_user_id","fieldName":"user_id","lgK":12,"tgtHllType":"HLL_4","round":false}]}}}' ml_analytics_druid_rollup_url: "{{groups['druid'][0]}}:8081" -ml_analytics_druid_distinctCnt_prglevel_projects_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/projects/distinctCountPrglevel/ml_projects_distinctCount_prgmlevel.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-programLevel-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"status_of_project"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"private_program"},{"type":"string","name":"project_created_type"},{"type":"string","name":"parent_channel"},{"type":"long","name":"unique_projects"},{"type":"long","name":"unique_users"},{"type":"long","name":"no_of_imp_with_evidence"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' +ml_analytics_druid_distinctCnt_prglevel_projects_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/projects/distinctCountPrglevel/ml_projects_distinctCount_prgmlevel.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-programLevel-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"status_of_project"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"private_program"},{"type":"string","name":"project_created_type"},{"type":"string","name":"parent_channel"},{"type":"long","name":"unique_projects"},{"type":"long","name":"unique_users"},{"type":"long","name":"no_of_imp_with_evidence"},{"type":"string","name":"time_stamp"},{"type":"long","name":"no_of_certificate_issued"}]},"metricsSpec":[]}}}' ml_analytics_projects_distinctCnt_prglevel_output_dir: "{{ WORKDIR }}/source/projects/distinctCountPrglevel/output" ml_analytics_projects_distinctCnt_prglevel_cloud_blob_path: "projects/distinctCountPrglevel/" ml_analytics_survey_status_output_dir : "{{ WORKDIR }}/source/survey/status/output" From 6b868b4c347913291b98b4dd48b3af574e7d57a6 Mon Sep 17 00:00:00 2001 From: Akhil <30873558+saiakhil46@users.noreply.github.com> Date: Tue, 20 Dec 2022 10:58:13 +0530 Subject: [PATCH 210/434] updated jenkins version and plugins (#3679) --- deploy/jenkins/jenkins-plugins-setup.sh | 8 ++++---- deploy/jenkins/jenkins-server-setup.sh | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/deploy/jenkins/jenkins-plugins-setup.sh b/deploy/jenkins/jenkins-plugins-setup.sh index ed9a8c1756..c4256b3620 100755 --- a/deploy/jenkins/jenkins-plugins-setup.sh +++ b/deploy/jenkins/jenkins-plugins-setup.sh @@ -17,13 +17,13 @@ fi echo -e "\n\e[0;32m${bold}Downloading and copying jenkins plugin directory to Jenkins ${normal}" if [[ ! -d /var/lib/jenkins/plugins ]]; then -wget https://sunbirdpublic.blob.core.windows.net/installation/plugins.tar -tar -xf plugins.tar +wget https://sunbirdpublic.blob.core.windows.net/installation/plugins-2-319-3.tar +tar -xf plugins-2-319-3.tar mv plugins /var/lib/jenkins/ chown -R jenkins:jenkins /var/lib/jenkins/plugins else -wget https://sunbirdpublic.blob.core.windows.net/installation/plugins.tar -tar -xf plugins.tar +wget https://sunbirdpublic.blob.core.windows.net/installation/plugins-2-319-3.tar +tar -xf plugins-2-319-3.tar cp -rf plugins/* /var/lib/jenkins/plugins/ chown -R jenkins:jenkins /var/lib/jenkins/plugins fi diff --git a/deploy/jenkins/jenkins-server-setup.sh b/deploy/jenkins/jenkins-server-setup.sh index ad2b361671..f2ef322969 100755 --- a/deploy/jenkins/jenkins-server-setup.sh +++ b/deploy/jenkins/jenkins-server-setup.sh @@ -15,7 +15,7 @@ echo -e "\n\e[0;32m${bold}Installating Jenkins${normal}" wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | apt-key add - apt-add-repository "deb https://pkg.jenkins.io/debian-stable binary/" apt-get update -apt-get install -y jenkins=2.277.4 +apt-get install -y jenkins=2.319.3 echo -e "\n\e[0;32m${bold}Installating PIP${normal}" apt-get install -y python-pip From b61a35fad0362ea7eb0bb688ff0bc12ffc811571 Mon Sep 17 00:00:00 2001 From: Rajesh Kumaravel Date: Tue, 20 Dec 2022 10:59:31 +0530 Subject: [PATCH 211/434] Issue #ED-592 fix: Pdata version updated (#3678) --- .../artifacts/sunbird/login/resources/js/telemetry_service.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js b/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js index e1f88cc741..f9250fd425 100644 --- a/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js +++ b/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js @@ -2506,7 +2506,7 @@ if(client_id.toLowerCase() === 'android'){ "telemetry": { "pdata": { "id": pdataId, - "ver": "5.0.0", + "ver": "5.1.0", "pid": "sunbird-portal" } } @@ -2687,7 +2687,6 @@ if(client_id.toLowerCase() === 'android'){ function stringToHTML(str) { let parser = new DOMParser(); let doc = parser.parseFromString(str, 'text/html'); - console.log('Doc parse => ', doc); // TODO: log! return doc?.body?.innerText || document.createElement('body'); } From 3e1b3207fed9a61257b17f8cf13e41157149b162 Mon Sep 17 00:00:00 2001 From: SadanandGowda Date: Thu, 22 Dec 2022 14:49:57 +0530 Subject: [PATCH 212/434] csp migration variables update --- .../helm_charts/core/analytics/templates/deployment.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kubernetes/helm_charts/core/analytics/templates/deployment.yaml b/kubernetes/helm_charts/core/analytics/templates/deployment.yaml index 57198cb77b..b0d7aad44b 100644 --- a/kubernetes/helm_charts/core/analytics/templates/deployment.yaml +++ b/kubernetes/helm_charts/core/analytics/templates/deployment.yaml @@ -35,13 +35,13 @@ spec: value: {{ .Values.env.min_heap | quote }} - name: MAX_HEAP value: {{ .Values.env.max_heap | quote }} - - name: cloud_storage_secret + - name: azure_storage_secret value: {{ .Values.env.cloud_private_account_secret | quote }} - - name: cloud_storage_key + - name: azure_storage_key value: {{ .Values.env.cloud_private_account_name | quote }} - - name: public_cloud_storage_secret + - name: public_azure_storage_secret value: {{ .Values.env.cloud_public_account_secret | quote }} - - name: public_cloud_storage_key + - name: public_azure_storage_key value: {{ .Values.env.cloud_public_account_name | quote }} - name: _JAVA_OPTIONS value: -Dlog4j2.formatMsgNoLookups=true From 56ea8f9b418ebe6ee2c566fe7959eb02e1bc3ad2 Mon Sep 17 00:00:00 2001 From: SadanandGowda Date: Thu, 22 Dec 2022 14:51:00 +0530 Subject: [PATCH 213/434] csp migration variables update --- kubernetes/helm_charts/core/analytics/values.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kubernetes/helm_charts/core/analytics/values.j2 b/kubernetes/helm_charts/core/analytics/values.j2 index f86925ad5c..354dcab3d3 100644 --- a/kubernetes/helm_charts/core/analytics/values.j2 +++ b/kubernetes/helm_charts/core/analytics/values.j2 @@ -8,10 +8,10 @@ env: javaoptions: {{analytics_java_mem_limit|default('-Xmx600m')}} min_heap: {{analytics_min_heap_limit|default('-Xms1g')}} max_heap: {{analytics_max_heap_limit|default('-Xmx2g')}} - cloud_private_account_secret: {{ sunbird_private_storage_account_key }} - cloud_private_account_name: {{ sunbird_private_storage_account_name }} - cloud_public_account_secret: {{ sunbird_public_storage_account_key }} - cloud_public_account_name: {{ sunbird_public_storage_account_name }} + azure_private_account_secret: {{ sunbird_private_storage_account_key }} + azure_private_account_name: {{ sunbird_private_storage_account_name }} + azure_public_account_secret: {{ sunbird_public_storage_account_key }} + azure_public_account_name: {{ sunbird_public_storage_account_name }} replicaCount: {{analytics_replicacount|default(1)}} repository: {{analytics_repository|default('sunbird-analytics-service')}} From 94ec16350315841289c39bca6f703e3f8f6c4d1a Mon Sep 17 00:00:00 2001 From: Santhosh Gandham Date: Thu, 22 Dec 2022 14:54:09 +0530 Subject: [PATCH 214/434] Updated template value for dial ansible group (#3681) --- private_repo/ansible/inventory/dev/KnowledgePlatform/hosts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/private_repo/ansible/inventory/dev/KnowledgePlatform/hosts b/private_repo/ansible/inventory/dev/KnowledgePlatform/hosts index e735ac4c01..c144bc6fa2 100644 --- a/private_repo/ansible/inventory/dev/KnowledgePlatform/hosts +++ b/private_repo/ansible/inventory/dev/KnowledgePlatform/hosts @@ -17,7 +17,7 @@ learning1 redis1 [dial1] -18.3.1.5 +10.0.1.5 [dial:children] dial1 From 6c6eebff0ea49dbf0227d5d4e42f052a2105beba Mon Sep 17 00:00:00 2001 From: SadanandGowda Date: Thu, 22 Dec 2022 15:29:57 +0530 Subject: [PATCH 215/434] csp migration variables update --- kubernetes/helm_charts/core/analytics/values.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kubernetes/helm_charts/core/analytics/values.j2 b/kubernetes/helm_charts/core/analytics/values.j2 index 354dcab3d3..0a849d99b9 100644 --- a/kubernetes/helm_charts/core/analytics/values.j2 +++ b/kubernetes/helm_charts/core/analytics/values.j2 @@ -8,10 +8,10 @@ env: javaoptions: {{analytics_java_mem_limit|default('-Xmx600m')}} min_heap: {{analytics_min_heap_limit|default('-Xms1g')}} max_heap: {{analytics_max_heap_limit|default('-Xmx2g')}} - azure_private_account_secret: {{ sunbird_private_storage_account_key }} - azure_private_account_name: {{ sunbird_private_storage_account_name }} - azure_public_account_secret: {{ sunbird_public_storage_account_key }} - azure_public_account_name: {{ sunbird_public_storage_account_name }} + azure_private_account_secret: {{ cloud_private_account_secret }} + azure_private_account_name: {{ cloud_private_account_name }} + azure_public_account_secret: {{ cloud_public_account_secret }} + azure_public_account_name: {{ cloud_public_account_name }} replicaCount: {{analytics_replicacount|default(1)}} repository: {{analytics_repository|default('sunbird-analytics-service')}} From afe31e6358d0839145b7d320c0259a6204be7f01 Mon Sep 17 00:00:00 2001 From: SadanandGowda Date: Thu, 22 Dec 2022 15:31:16 +0530 Subject: [PATCH 216/434] csp migration variables update --- .../helm_charts/core/analytics/templates/deployment.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kubernetes/helm_charts/core/analytics/templates/deployment.yaml b/kubernetes/helm_charts/core/analytics/templates/deployment.yaml index b0d7aad44b..0926360f76 100644 --- a/kubernetes/helm_charts/core/analytics/templates/deployment.yaml +++ b/kubernetes/helm_charts/core/analytics/templates/deployment.yaml @@ -36,13 +36,13 @@ spec: - name: MAX_HEAP value: {{ .Values.env.max_heap | quote }} - name: azure_storage_secret - value: {{ .Values.env.cloud_private_account_secret | quote }} + value: {{ .Values.env.azure_private_account_secret | quote }} - name: azure_storage_key - value: {{ .Values.env.cloud_private_account_name | quote }} + value: {{ .Values.env.azure_private_account_name | quote }} - name: public_azure_storage_secret - value: {{ .Values.env.cloud_public_account_secret | quote }} + value: {{ .Values.env.azure_public_account_secret | quote }} - name: public_azure_storage_key - value: {{ .Values.env.cloud_public_account_name | quote }} + value: {{ .Values.env.azure_public_account_name | quote }} - name: _JAVA_OPTIONS value: -Dlog4j2.formatMsgNoLookups=true envFrom: From c7db90c106a7f82540d1cf211d42e419d6d10a75 Mon Sep 17 00:00:00 2001 From: Sadanand <100120230+SadanandGowda@users.noreply.github.com> Date: Thu, 22 Dec 2022 16:41:15 +0530 Subject: [PATCH 217/434] csp migration variables update (#3671) --- kubernetes/helm_charts/core/analytics/values.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kubernetes/helm_charts/core/analytics/values.j2 b/kubernetes/helm_charts/core/analytics/values.j2 index 354dcab3d3..0a849d99b9 100644 --- a/kubernetes/helm_charts/core/analytics/values.j2 +++ b/kubernetes/helm_charts/core/analytics/values.j2 @@ -8,10 +8,10 @@ env: javaoptions: {{analytics_java_mem_limit|default('-Xmx600m')}} min_heap: {{analytics_min_heap_limit|default('-Xms1g')}} max_heap: {{analytics_max_heap_limit|default('-Xmx2g')}} - azure_private_account_secret: {{ sunbird_private_storage_account_key }} - azure_private_account_name: {{ sunbird_private_storage_account_name }} - azure_public_account_secret: {{ sunbird_public_storage_account_key }} - azure_public_account_name: {{ sunbird_public_storage_account_name }} + azure_private_account_secret: {{ cloud_private_account_secret }} + azure_private_account_name: {{ cloud_private_account_name }} + azure_public_account_secret: {{ cloud_public_account_secret }} + azure_public_account_name: {{ cloud_public_account_name }} replicaCount: {{analytics_replicacount|default(1)}} repository: {{analytics_repository|default('sunbird-analytics-service')}} From 1195db50267581f35163107d7b6c5bea1433eed2 Mon Sep 17 00:00:00 2001 From: SadanandGowda Date: Thu, 22 Dec 2022 16:52:39 +0530 Subject: [PATCH 218/434] csp migration variables update --- kubernetes/helm_charts/core/analytics/values.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kubernetes/helm_charts/core/analytics/values.j2 b/kubernetes/helm_charts/core/analytics/values.j2 index 0a849d99b9..c3cd3b46f7 100644 --- a/kubernetes/helm_charts/core/analytics/values.j2 +++ b/kubernetes/helm_charts/core/analytics/values.j2 @@ -8,10 +8,10 @@ env: javaoptions: {{analytics_java_mem_limit|default('-Xmx600m')}} min_heap: {{analytics_min_heap_limit|default('-Xms1g')}} max_heap: {{analytics_max_heap_limit|default('-Xmx2g')}} - azure_private_account_secret: {{ cloud_private_account_secret }} - azure_private_account_name: {{ cloud_private_account_name }} - azure_public_account_secret: {{ cloud_public_account_secret }} - azure_public_account_name: {{ cloud_public_account_name }} + azure_private_account_secret: {{ cloud_private_storage_secret }} + azure_private_account_name: {{ cloud_private_storage_accountname }} + azure_public_account_secret: {{ cloud_public_storage_secret }} + azure_public_account_name: {{ cloud_public_storage_accountname }} replicaCount: {{analytics_replicacount|default(1)}} repository: {{analytics_repository|default('sunbird-analytics-service')}} From 35e9deae2ad28fa4334652b079c19588098f2cbc Mon Sep 17 00:00:00 2001 From: NIKHIL VARMA M <63706239+nikhilvarma940@users.noreply.github.com> Date: Fri, 23 Dec 2022 16:55:48 +0530 Subject: [PATCH 219/434] Ansible-postgres-patroni cluster (#3684) * Ansible-postgres-patroni cluster * README.md updated --- ansible/postgresql-patroni-cluster.yaml | 14 + ansible/roles/ansible-etcd/README.md | 100 +++++ ansible/roles/ansible-etcd/defaults/main.yml | 14 + ansible/roles/ansible-etcd/handlers/main.yml | 12 + ansible/roles/ansible-etcd/meta/main.yml | 52 +++ ansible/roles/ansible-etcd/tasks/main.yml | 19 + ansible/roles/ansible-etcd/templates/etcd.j2 | 403 ++++++++++++++++++ ansible/roles/ansible-etcd/vars/main.yml | 2 + ansible/roles/ansible-haproxy/README.md | 100 +++++ .../roles/ansible-haproxy/defaults/main.yml | 2 + .../roles/ansible-haproxy/handlers/main.yml | 12 + ansible/roles/ansible-haproxy/meta/main.yml | 52 +++ ansible/roles/ansible-haproxy/tasks/main.yml | 19 + .../ansible-haproxy/templates/haproxy.cfg.j2 | 26 ++ ansible/roles/ansible-haproxy/vars/main.yml | 2 + .../roles/ansible-postgres_patroni/README.md | 100 +++++ .../defaults/main.yml | 16 + .../handlers/main.yml | 18 + .../ansible-postgres_patroni/meta/main.yml | 52 +++ .../ansible-postgres_patroni/tasks/main.yml | 105 +++++ .../templates/patroni.service.j2 | 17 + .../templates/patroni.yaml.j2 | 58 +++ .../ansible-postgres_patroni/vars/main.yml | 2 + 23 files changed, 1197 insertions(+) create mode 100644 ansible/postgresql-patroni-cluster.yaml create mode 100644 ansible/roles/ansible-etcd/README.md create mode 100644 ansible/roles/ansible-etcd/defaults/main.yml create mode 100644 ansible/roles/ansible-etcd/handlers/main.yml create mode 100644 ansible/roles/ansible-etcd/meta/main.yml create mode 100644 ansible/roles/ansible-etcd/tasks/main.yml create mode 100644 ansible/roles/ansible-etcd/templates/etcd.j2 create mode 100644 ansible/roles/ansible-etcd/vars/main.yml create mode 100644 ansible/roles/ansible-haproxy/README.md create mode 100644 ansible/roles/ansible-haproxy/defaults/main.yml create mode 100644 ansible/roles/ansible-haproxy/handlers/main.yml create mode 100644 ansible/roles/ansible-haproxy/meta/main.yml create mode 100644 ansible/roles/ansible-haproxy/tasks/main.yml create mode 100644 ansible/roles/ansible-haproxy/templates/haproxy.cfg.j2 create mode 100644 ansible/roles/ansible-haproxy/vars/main.yml create mode 100644 ansible/roles/ansible-postgres_patroni/README.md create mode 100644 ansible/roles/ansible-postgres_patroni/defaults/main.yml create mode 100644 ansible/roles/ansible-postgres_patroni/handlers/main.yml create mode 100644 ansible/roles/ansible-postgres_patroni/meta/main.yml create mode 100644 ansible/roles/ansible-postgres_patroni/tasks/main.yml create mode 100644 ansible/roles/ansible-postgres_patroni/templates/patroni.service.j2 create mode 100644 ansible/roles/ansible-postgres_patroni/templates/patroni.yaml.j2 create mode 100644 ansible/roles/ansible-postgres_patroni/vars/main.yml diff --git a/ansible/postgresql-patroni-cluster.yaml b/ansible/postgresql-patroni-cluster.yaml new file mode 100644 index 0000000000..7fcae245a4 --- /dev/null +++ b/ansible/postgresql-patroni-cluster.yaml @@ -0,0 +1,14 @@ +- hosts: etcd + become: yes + roles: + - ansible-etcd + +- hosts: postgresql + become: yes + roles: + - ansible-postgres_patroni + +- hosts: haproxy + become: yes + roles: + - ansible-haproxy diff --git a/ansible/roles/ansible-etcd/README.md b/ansible/roles/ansible-etcd/README.md new file mode 100644 index 0000000000..15c49e336a --- /dev/null +++ b/ansible/roles/ansible-etcd/README.md @@ -0,0 +1,100 @@ +Role Name +========= +``` +postgresql-cluster-ansible +``` +Requirements +------------ +``` +1. comment or uncomment the properties in templates of the roles available as per the requirement. +2. provide the variables where ever required. +``` +Role Variables +-------------- +``` +In hosts files: +1. etcd_ip : +2. postgresql_origin: +3. postgresql_1: +4. postgresql_2: +5. postgresql_3: + + +etcd Role variables: +postgres_patroni_etcd_name: "postgres-etcd" # cluster name +postgres_patroni_etcd_initial_cluster: "{{ etcd_name }}=http://{{ etcd_ip }}:2380" # initial cluster +postgres_patroni_etcd_initial_cluster_state: "postgres" # initial cluster state +postgres_patroni_etcd_initial_cluster_token: "etcd-cluster-postgres" # initial cluster token +postgres_patroni_etcd_initial_advertise_peer_urls: "http://{{ etcd_ip }}:2380" # initial advertise peer urls +postgres_patroni_etcd_listen_peer_urls: "http://{{ etcd_ip }}:2380" # listen peer urls +postgres_patroni_etcd_listen_client_urls: "http://{{ etcd_ip }}:2379,http://127.0.0.1:2379" # listen client urls +postgres_patroni_etcd_advertise_client_urls: "http://{{ etcd_ip }}:2379" # advertise client urls + +Ansible-postgres_patroni role Variables: +#patroni .yaml config +postgres_cluster_name: postgresql-prod # Cluster name + +# users admin password +postgres_patroni_admin_password: admin # Admin Password + +#Authentication +# Replication +postgres_patroni_replication_username: replicator # Replication Username +postgres_patroni_replication_password: password # Replication password + +#SuperUser +postgres_patroni_superuser_username: postgres # Superuser username +postgres_patroni_superuser_password: password # Superuser Password +``` +Architecture +------------ +![Untitled Diagram (1)](https://user-images.githubusercontent.com/63706239/203470986-f8ec3d56-a6d2-4678-b594-dc20a29ec972.jpg) + +``` +Description: +Ansible postgres cluter role is used to setup a postgres cluster with 1 Primary and 2 replicas where we are using the patroni as HA solution for postgres cluster.Patroni can be configured to handle tasks like replication, backups and restorations.We are also using HAProxy load Balancer to route the traffic and Etcd is a fault-tolerant, distributed key-value store that is used to store the state of the Postgres cluster. Via Patroni, all of the Postgres nodes make use of etcd to keep the Postgres cluster up and running. + +Users and applications can access the postgres server using Haproxy IP and Port defined in the haproxy configuration rules. +``` + +Inventory hosts file as shown Below +----------------------------------- +``` +[etcd] +192.168.245.129 etcd_ip=192.168.245.129 ansible_ssh_user=ubuntu + +[postgresql] +192.168.245.129 postgresql_origin=192.168.245.129 postgresql_1=192.168.245.129 postgresql_2=192.168.245.130 postgresql_3=192.168.245.131 etcd_ip=192.168.245.129 ansible_ssh_user=ubuntu + postgresql_origin= postgresql_1= postgresql_2= postgresql_3= etcd_ip=192.168.245.129 ansible_ssh_user=ubuntu + postgresql_origin= postgresql_1= postgresql_2= postgresql_3= etcd_ip=192.168.245.129 ansible_ssh_user=ubuntu + +[haproxy] +192.168.245.129 postgresql_1=192.168.245.129 postgresql_2=192.168.245.130 postgresql_3=192.168.245.131 ansible_ssh_user=ubuntu +``` + +License +------- +``` +BSD +``` +Author Information +------------------ +``` +Nikhil Varma + +Senior DevOps Engineer +``` + +postgres cluster setup using ansible +----------------------------------- + +``` +# Command to run Ansibe-postgresql role + +$ ansible-playbook -i inventory/hosts main.yaml -K --ask-pass + +# Commands to run postgresql roles by using the tags and skipping the tags + +$ ansible-playbook -i inventory/hosts main.yaml -K --ask-pass --tags="" +$ ansible-playbook -i inventory/hosts main.yaml -K --ask-pass --skip-tags="" +``` diff --git a/ansible/roles/ansible-etcd/defaults/main.yml b/ansible/roles/ansible-etcd/defaults/main.yml new file mode 100644 index 0000000000..0478f26652 --- /dev/null +++ b/ansible/roles/ansible-etcd/defaults/main.yml @@ -0,0 +1,14 @@ +--- +# defaults file for ansible-etcd + + +# etcd cluster variables +postgres_patroni_etcd_name: "postgres-etcd" +postgres_patroni_etcd_initial_cluster: "{{ etcd_name }}=http://{{ etcd_ip }}:2380" +postgres_patroni_etcd_initial_cluster_state: "postgres" +postgres_patroni_etcd_initial_cluster_token: "etcd-cluster-postgres" +postgres_patroni_etcd_initial_advertise_peer_urls: "http://{{ etcd_ip }}:2380" +postgres_patroni_etcd_listen_peer_urls: "http://{{ etcd_ip }}:2380" +postgres_patroni_etcd_listen_client_urls: "http://{{ etcd_ip }}:2379,http://127.0.0.1:2379" +postgres_patroni_etcd_advertise_client_urls: "http://{{ etcd_ip }}:2379" +#etcd_data_dir: \ No newline at end of file diff --git a/ansible/roles/ansible-etcd/handlers/main.yml b/ansible/roles/ansible-etcd/handlers/main.yml new file mode 100644 index 0000000000..33d54607a2 --- /dev/null +++ b/ansible/roles/ansible-etcd/handlers/main.yml @@ -0,0 +1,12 @@ +--- +# handlers file for ansible-etcd +- name: Restart etcd systemd + systemd: + name: etcd.service + state: restarted + daemon_reload: yes + +- name: Restart etcd service + systemd: + name: etcd.service + state: restarted \ No newline at end of file diff --git a/ansible/roles/ansible-etcd/meta/main.yml b/ansible/roles/ansible-etcd/meta/main.yml new file mode 100644 index 0000000000..6b5d1fd295 --- /dev/null +++ b/ansible/roles/ansible-etcd/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: Nikhil Varma + description: Ansible-etcd for distributed key store for postgresql cluster +# company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. \ No newline at end of file diff --git a/ansible/roles/ansible-etcd/tasks/main.yml b/ansible/roles/ansible-etcd/tasks/main.yml new file mode 100644 index 0000000000..5e6d329bc1 --- /dev/null +++ b/ansible/roles/ansible-etcd/tasks/main.yml @@ -0,0 +1,19 @@ +--- +# tasks file for ansible-etcd +- name: Install etcd after updating apt + apt: + name: + - etcd + state: present + update_cache: yes + tags: + - etcd Install + +- name: Template configuration file to etcd + template: + src: etcd.j2 + dest: '/etc/default/etcd' + notify: + - Restart etcd service + tags: + - Restart etcd \ No newline at end of file diff --git a/ansible/roles/ansible-etcd/templates/etcd.j2 b/ansible/roles/ansible-etcd/templates/etcd.j2 new file mode 100644 index 0000000000..09e6ad6450 --- /dev/null +++ b/ansible/roles/ansible-etcd/templates/etcd.j2 @@ -0,0 +1,403 @@ +## etcd(1) daemon options +## See "/usr/share/doc/etcd-server/op-guide/configuration.md.gz" + +### Member flags + +##### --name +## Human-readable name for this member. +## This value is referenced as this node's own entries listed in the +## `--initial-cluster` flag (e.g., `default=http://localhost:2380`). This +## needs to match the key used in the flag if using static bootstrapping. When +## using discovery, each member must have a unique name. `Hostname` or +## `machine-id` can be a good choice. +## default: "default" +#ETCD_NAME="postgres-etcd" + +##### --data-dir +## Path to the data directory. +## default: "${name}.etcd" +# ETCD_DATA_DIR="/var/lib/etcd/default" + +##### --wal-dir +## Path to the dedicated wal directory. If this flag is set, etcd will write +## the WAL files to the walDir rather than the dataDir. This allows a +## dedicated disk to be used, and helps avoid io competition between logging +## and other IO operations. +## default: "" +# ETCD_WAL_DIR + +##### --snapshot-count +## Number of committed transactions to trigger a snapshot to disk. +## default: "100000" +# ETCD_SNAPSHOT_COUNT="100000" + +##### --heartbeat-interval +## Time (in milliseconds) of a heartbeat interval. +## default: "100" +# ETCD_HEARTBEAT_INTERVAL="100" + +##### --election-timeout +## Time (in milliseconds) for an election to timeout. See +## /usr/share/doc/etcd-server/tuning.md.gz for details. +## default: "1000" +# ETCD_ELECTION_TIMEOUT="1000" + +##### --listen-peer-urls +## List of URLs to listen on for peer traffic. This flag tells the etcd to +## accept incoming requests from its peers on the specified scheme://IP:port +## combinations. Scheme can be either http or https.If 0.0.0.0 is specified as +## the IP, etcd listens to the given port on all interfaces. If an IP address is +## given as well as a port, etcd will listen on the given port and interface. +## Multiple URLs may be used to specify a number of addresses and ports to listen +## on. The etcd will respond to requests from any of the listed addresses and +## ports. +## default: "http://localhost:2380" +## example: "http://10.0.0.1:2380" +## invalid example: "http://example.com:2380" (domain name is invalid for binding) +#ETCD_LISTEN_PEER_URLS="http://172.51.1.29:2380" + +##### --listen-client-urls +## List of URLs to listen on for client traffic. This flag tells the etcd to +## accept incoming requests from the clients on the specified scheme://IP:port +## combinations. Scheme can be either http or https. If 0.0.0.0 is specified as +## the IP, etcd listens to the given port on all interfaces. If an IP address is +## given as well as a port, etcd will listen on the given port and interface. +## Multiple URLs may be used to specify a number of addresses and ports to listen +## on. The etcd will respond to requests from any of the listed addresses and +## ports. +## default: "http://localhost:2379" +## example: "http://10.0.0.1:2379" +## invalid example: "http://example.com:2379" (domain name is invalid for binding) +#ETCD_LISTEN_CLIENT_URLS="http://172.51.1.29:2379,http://127.0.0.1:2379" + +##### --max-snapshots +## Maximum number of snapshot files to retain (0 is unlimited) +## The default for users on Windows is unlimited, and manual purging down to 5 +## (or some preference for safety) is recommended. +## default: 5 +# ETCD_MAX_SNAPSHOTS="5" + +##### --max-wals +## Maximum number of wal files to retain (0 is unlimited) +## The default for users on Windows is unlimited, and manual purging down to 5 +## (or some preference for safety) is recommended. +## default: 5 +# ETCD_MAX_WALS="5" + +##### --cors +## Comma-separated white list of origins for CORS (cross-origin resource +## sharing). +## default: none +# ETCD_CORS + +#### --quota-backend-bytes +## Raise alarms when backend size exceeds the given quota (0 defaults to low +## space quota). +## default: 0 +# ETCD_QUOTA_BACKEND_BYTES="0" + +#### --backend-batch-limit +## BackendBatchLimit is the maximum operations before commit the backend +## transaction. +## default: 0 +# ETCD_BACKEND_BATCH_LIMIT="0" + +#### --backend-batch-interval +## BackendBatchInterval is the maximum time before commit the backend +## transaction. +## default: 0 +# ETCD_BACKEND_BATCH_INTERVAL="0" + +#### --max-txn-ops +## Maximum number of operations permitted in a transaction. +## default: 128 +# ETCD_MAX_TXN_OPS="128" + +#### --max-request-bytes +## Maximum client request size in bytes the server will accept. +## default: 1572864 +# ETCD_MAX_REQUEST_BYTES="1572864" + +#### --grpc-keepalive-min-time +## Minimum duration interval that a client should wait before pinging server. +## default: 5s +# ETCD_GRPC_KEEPALIVE_MIN_TIME="5" + +#### --grpc-keepalive-interval +## Frequency duration of server-to-client ping to check if a connection is +## alive (0 to disable). +## default: 2h +# ETCD_GRPC_KEEPALIVE_INTERVAL="2h" + +#### --grpc-keepalive-timeout +## Additional duration of wait before closing a non-responsive connection +## (0 to disable). +## default: 20s +# ETCD_GRPC_KEEPALIVE_TIMEOUT="20s" + + +### Clustering flags + +# `--initial` prefix flags are used in bootstrapping (static bootstrap, +# discovery-service bootstrap or runtime reconfiguration) a new member, and +# ignored when restarting an existing member. + +# `--discovery` prefix flags need to be set when using discovery service. + +##### --initial-advertise-peer-urls + +## List of this member's peer URLs to advertise to the rest of the cluster. +## These addresses are used for communicating etcd data around the cluster. At +## least one must be routable to all cluster members. These URLs can contain +## domain names. +## default: "http://localhost:2380" +## example: "http://example.com:2380, http://10.0.0.1:2380" +#ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.51.1.29:2380" + +##### --initial-cluster +## Initial cluster configuration for bootstrapping. +## The key is the value of the `--name` flag for each node provided. The +## default uses `default` for the key because this is the default for the +## `--name` flag. +## default: "default=http://localhost:2380" +#ETCD_INITIAL_CLUSTER="postgres-etcd=http://172.51.1.29:2380" + +##### --initial-cluster-state +## Initial cluster state ("new" or "existing"). Set to `new` for all members +## present during initial static or DNS bootstrapping. If this option is set to +## `existing`, etcd will attempt to join the existing cluster. If the wrong value +## is set, etcd will attempt to start but fail safely. +## default: "new" +# ETCD_INITIAL_CLUSTER_STATE="new" + +##### --initial-cluster-token +## Initial cluster token for the etcd cluster during bootstrap. +## default: "etcd-cluster" +#ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" + +##### --advertise-client-urls +## List of this member's client URLs to advertise to the rest of the cluster. +## These URLs can contain domain names. +## Be careful if advertising URLs such as http://localhost:2379 from a cluster +## member and are using the proxy feature of etcd. This will cause loops, because +## the proxy will be forwarding requests to itself until its resources (memory, +## file descriptors) are eventually depleted. +## default: "http://localhost:2379" +## example: "http://example.com:2379, http://10.0.0.1:2379" +#ETCD_ADVERTISE_CLIENT_URLS="http://172.51.1.29:2379" + +##### --discovery +## Discovery URL used to bootstrap the cluster. +## default: none +# ETCD_DISCOVERY + +##### --discovery-srv +## DNS srv domain used to bootstrap the cluster. +## default: none +# ETCD_DISCOVERY_SRV + +##### --discovery-fallback +## Expected behavior ("exit" or "proxy") when discovery services fails. "proxy" +## supports v2 API only. +## default: "proxy" +# ETCD_DISCOVERY_FALLBACK="proxy" + +##### --discovery-proxy +## HTTP proxy to use for traffic to discovery service. +## default: none +# ETCD_DISCOVERY_PROXY + +##### --strict-reconfig-check +## Reject reconfiguration requests that would cause quorum loss. +## default: false +# ETCD_STRICT_RECONFIG_CHECK + +##### --auto-compaction-retention +## Auto compaction retention for mvcc key value store in hour. 0 means disable +## auto compaction. +## default: 0 +# ETCD_AUTO_COMPACTION_RETENTION="0" + +##### --enable-v2 +## Accept etcd V2 client requests +## default: true +# ETCD_ENABLE_V2="true" + + +### Proxy flags + +# `--proxy` prefix flags configures etcd to run in proxy mode. "proxy" supports +# v2 API only. + +##### --proxy +## Proxy mode setting ("off", "readonly" or "on"). +## default: "off" +# ETCD_PROXY="off" + +##### --proxy-failure-wait +## Time (in milliseconds) an endpoint will be held in a failed state before +## being reconsidered for proxied requests. +## default: 5000 +# ETCD_PROXY_FAILURE_WAIT="5000" + +##### --proxy-refresh-interval +## Time (in milliseconds) of the endpoints refresh interval. +## default: 30000 +# ETCD_PROXY_REFRESH_INTERVAL="30000" + +##### --proxy-dial-timeout +## Time (in milliseconds) for a dial to timeout or 0 to disable the timeout +## default: 1000 +# ETCD_PROXY_DIAL_TIMEOUT="1000" + +##### --proxy-write-timeout +## Time (in milliseconds) for a write to timeout or 0 to disable the timeout. +## default: 5000 +# ETCD_PROXY_WRITE_TIMEOUT="5000" + +##### --proxy-read-timeout +## Time (in milliseconds) for a read to timeout or 0 to disable the timeout. +## Don't change this value if using watches because use long polling requests. +## default: 0 +# ETCD_PROXY_READ_TIMEOUT="0" + + +### Security flags + +# The security flags help to build a secure etcd cluster. + +##### --ca-file (**DEPRECATED**) +## Path to the client server TLS CA file. `--ca-file ca.crt` could be replaced +## by `--trusted-ca-file ca.crt --client-cert-auth` and etcd will perform the +## same. +## default: none +# ETCD_CA_FILE + +##### --cert-file +## Path to the client server TLS cert file. +## default: none +# ETCD_CERT_FILE + +##### --key-file +## Path to the client server TLS key file. +## default: none +# ETCD_KEY_FILE + +##### --client-cert-auth +## Enable client cert authentication. +## CN authentication is not supported by gRPC-gateway. +## default: false +# ETCD_CLIENT_CERT_AUTH + +#### --client-crl-file +## Path to the client certificate revocation list file. +## default: "" +# ETCD_CLIENT_CRL_FILE + +##### --trusted-ca-file +## Path to the client server TLS trusted CA key file. +## default: none +# ETCD_TRUSTED_CA_FILE + +##### --auto-tls +## Client TLS using generated certificates +## default: false +# ETCD_AUTO_TLS + +##### --peer-ca-file (**DEPRECATED**) +## Path to the peer server TLS CA file. `--peer-ca-file ca.crt` could be +## replaced by `--peer-trusted-ca-file ca.crt --peer-client-cert-auth` and etcd +## will perform the same. +## default: none +# ETCD_PEER_CA_FILE + +##### --peer-cert-file +## Path to the peer server TLS cert file. +## default: none +# ETCD_PEER_CERT_FILE + +##### --peer-key-file +## Path to the peer server TLS key file. +## default: none +# ETCD_PEER_KEY_FILE + +##### --peer-client-cert-auth +## Enable peer client cert authentication. +## default: false +# ETCD_PEER_CLIENT_CERT_AUTH + +#### --peer-crl-file +## Path to the peer certificate revocation list file. +## default: "" +# ETCD_PEER_CRL_FILE + +##### --peer-trusted-ca-file +## Path to the peer server TLS trusted CA file. +## default: none +# ETCD_PEER_TRUSTED_CA_FILE + +##### --peer-auto-tls +## Peer TLS using generated certificates +## default: false +# ETCD_PEER_AUTO_TLS + +#### --peer-cert-allowed-cn +## Allowed CommonName for inter peer authentication. +## default: none +# ETCD_PEER_CERT_ALLOWED_CN + +#### --cipher-suites +## Comma-separated list of supported TLS cipher suites between server/client and +## peers. +## default: "" +# ETCD_CIPHER_SUITES + +#### --experimental-peer-skip-client-san-verification +## Skip verification of SAN field in client certificate for peer connections. +## default: false +#+ ETCD_EXPERIMENTAL_PEER_SKIP_CLIENT_SAN_VERIFICATION + + +### Logging flags + +#### --log-outputs +## Specify 'stdout' or 'stderr' to skip journald logging even when running +## under systemd, or list of comma separated output targets. +## default: default +# ETCD_LOG_OUTPUTS + +##### --debug +## Drop the default log level to DEBUG for all subpackages. +## default: false (INFO for all packages) +# ETCD_DEBUG + +##### --log-package-levels +## Set individual etcd subpackages to specific log levels. An example being +## `etcdserver=WARNING,security=DEBUG` +## default: none (INFO for all packages) +# ETCD_LOG_PACKAGE_LEVELS + + +### Unsafe flags + +# Please be CAUTIOUS when using unsafe flags because it will break the guarantees given by the consensus protocol. +# For example, it may panic if other members in the cluster are still alive. +# Follow the instructions when using these flags. + +##### --force-new-cluster +## Force to create a new one-member cluster. It commits configuration changes +## forcing to remove all existing members in the cluster and add itself. It needs +## to be set to restore a backup. +## default: false +# ETCD_FORCE_NEW_CLUSTER +# +# +ETCD_INITIAL_CLUSTER="{{ postgres_patroni_etcd_initial_cluster }}" +ETCD_INITIAL_CLUSTER_STATE="{{ postgres_patroni_etcd_initial_cluster_state }}" +ETCD_INITIAL_CLUSTER_TOKEN="{{ postgres_patroni_etcd_initial_cluster_token }}" +ETCD_INITIAL_ADVERTISE_PEER_URLS="{{ postgres_patroni_etcd_initial_advertise_peer_urls }}" +#ETCD_DATA_DIR="/var/etcd" +ETCD_LISTEN_PEER_URLS="{{ postgres_patroni_etcd_listen_peer_urls }}" +ETCD_LISTEN_CLIENT_URLS="{{ postgres_patroni_etcd_listen_client_urls }}" +ETCD_ADVERTISE_CLIENT_URLS="{{ postgres_patroni_etcd_advertise_client_urls }}" +ETCD_NAME="{{ postgres_patroni_etcd_name }}" \ No newline at end of file diff --git a/ansible/roles/ansible-etcd/vars/main.yml b/ansible/roles/ansible-etcd/vars/main.yml new file mode 100644 index 0000000000..411544ecd6 --- /dev/null +++ b/ansible/roles/ansible-etcd/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for ansible-etcd \ No newline at end of file diff --git a/ansible/roles/ansible-haproxy/README.md b/ansible/roles/ansible-haproxy/README.md new file mode 100644 index 0000000000..15c49e336a --- /dev/null +++ b/ansible/roles/ansible-haproxy/README.md @@ -0,0 +1,100 @@ +Role Name +========= +``` +postgresql-cluster-ansible +``` +Requirements +------------ +``` +1. comment or uncomment the properties in templates of the roles available as per the requirement. +2. provide the variables where ever required. +``` +Role Variables +-------------- +``` +In hosts files: +1. etcd_ip : +2. postgresql_origin: +3. postgresql_1: +4. postgresql_2: +5. postgresql_3: + + +etcd Role variables: +postgres_patroni_etcd_name: "postgres-etcd" # cluster name +postgres_patroni_etcd_initial_cluster: "{{ etcd_name }}=http://{{ etcd_ip }}:2380" # initial cluster +postgres_patroni_etcd_initial_cluster_state: "postgres" # initial cluster state +postgres_patroni_etcd_initial_cluster_token: "etcd-cluster-postgres" # initial cluster token +postgres_patroni_etcd_initial_advertise_peer_urls: "http://{{ etcd_ip }}:2380" # initial advertise peer urls +postgres_patroni_etcd_listen_peer_urls: "http://{{ etcd_ip }}:2380" # listen peer urls +postgres_patroni_etcd_listen_client_urls: "http://{{ etcd_ip }}:2379,http://127.0.0.1:2379" # listen client urls +postgres_patroni_etcd_advertise_client_urls: "http://{{ etcd_ip }}:2379" # advertise client urls + +Ansible-postgres_patroni role Variables: +#patroni .yaml config +postgres_cluster_name: postgresql-prod # Cluster name + +# users admin password +postgres_patroni_admin_password: admin # Admin Password + +#Authentication +# Replication +postgres_patroni_replication_username: replicator # Replication Username +postgres_patroni_replication_password: password # Replication password + +#SuperUser +postgres_patroni_superuser_username: postgres # Superuser username +postgres_patroni_superuser_password: password # Superuser Password +``` +Architecture +------------ +![Untitled Diagram (1)](https://user-images.githubusercontent.com/63706239/203470986-f8ec3d56-a6d2-4678-b594-dc20a29ec972.jpg) + +``` +Description: +Ansible postgres cluter role is used to setup a postgres cluster with 1 Primary and 2 replicas where we are using the patroni as HA solution for postgres cluster.Patroni can be configured to handle tasks like replication, backups and restorations.We are also using HAProxy load Balancer to route the traffic and Etcd is a fault-tolerant, distributed key-value store that is used to store the state of the Postgres cluster. Via Patroni, all of the Postgres nodes make use of etcd to keep the Postgres cluster up and running. + +Users and applications can access the postgres server using Haproxy IP and Port defined in the haproxy configuration rules. +``` + +Inventory hosts file as shown Below +----------------------------------- +``` +[etcd] +192.168.245.129 etcd_ip=192.168.245.129 ansible_ssh_user=ubuntu + +[postgresql] +192.168.245.129 postgresql_origin=192.168.245.129 postgresql_1=192.168.245.129 postgresql_2=192.168.245.130 postgresql_3=192.168.245.131 etcd_ip=192.168.245.129 ansible_ssh_user=ubuntu + postgresql_origin= postgresql_1= postgresql_2= postgresql_3= etcd_ip=192.168.245.129 ansible_ssh_user=ubuntu + postgresql_origin= postgresql_1= postgresql_2= postgresql_3= etcd_ip=192.168.245.129 ansible_ssh_user=ubuntu + +[haproxy] +192.168.245.129 postgresql_1=192.168.245.129 postgresql_2=192.168.245.130 postgresql_3=192.168.245.131 ansible_ssh_user=ubuntu +``` + +License +------- +``` +BSD +``` +Author Information +------------------ +``` +Nikhil Varma + +Senior DevOps Engineer +``` + +postgres cluster setup using ansible +----------------------------------- + +``` +# Command to run Ansibe-postgresql role + +$ ansible-playbook -i inventory/hosts main.yaml -K --ask-pass + +# Commands to run postgresql roles by using the tags and skipping the tags + +$ ansible-playbook -i inventory/hosts main.yaml -K --ask-pass --tags="" +$ ansible-playbook -i inventory/hosts main.yaml -K --ask-pass --skip-tags="" +``` diff --git a/ansible/roles/ansible-haproxy/defaults/main.yml b/ansible/roles/ansible-haproxy/defaults/main.yml new file mode 100644 index 0000000000..2b616ee2c8 --- /dev/null +++ b/ansible/roles/ansible-haproxy/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for ansible-haproxy diff --git a/ansible/roles/ansible-haproxy/handlers/main.yml b/ansible/roles/ansible-haproxy/handlers/main.yml new file mode 100644 index 0000000000..0f55472f28 --- /dev/null +++ b/ansible/roles/ansible-haproxy/handlers/main.yml @@ -0,0 +1,12 @@ +--- +# handlers file for ansible-haproxy +- name: Restart haproxy systemd + systemd: + name: haproxy.service + state: restarted + daemon_reload: yes + +- name: Restart haproxy service + systemd: + name: haproxy.service + state: restarted \ No newline at end of file diff --git a/ansible/roles/ansible-haproxy/meta/main.yml b/ansible/roles/ansible-haproxy/meta/main.yml new file mode 100644 index 0000000000..bb6de485a4 --- /dev/null +++ b/ansible/roles/ansible-haproxy/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: Nikhil Varma + description: Ansible HAProxy for postgresql cluster + #company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/ansible/roles/ansible-haproxy/tasks/main.yml b/ansible/roles/ansible-haproxy/tasks/main.yml new file mode 100644 index 0000000000..2c01238c57 --- /dev/null +++ b/ansible/roles/ansible-haproxy/tasks/main.yml @@ -0,0 +1,19 @@ +--- +# tasks file for ansible-haproxy +- name: Install HaProxy after updating apt + apt: + name: + - haproxy + state: present + update_cache: yes + tags: + - HaProxy Install + +- name: Template configuration file to haproxy.cfg + template: + src: haproxy.cfg.j2 + dest: '/etc/haproxy/haproxy.cfg' + notify: + - Restart haproxy service + tags: + - Restart haproxy \ No newline at end of file diff --git a/ansible/roles/ansible-haproxy/templates/haproxy.cfg.j2 b/ansible/roles/ansible-haproxy/templates/haproxy.cfg.j2 new file mode 100644 index 0000000000..0a85d2b27b --- /dev/null +++ b/ansible/roles/ansible-haproxy/templates/haproxy.cfg.j2 @@ -0,0 +1,26 @@ +global + maxconn 100 + +defaults + log global + mode tcp + retries 2 + timeout client 30m + timeout connect 4s + timeout server 30m + timeout check 5s + +listen stats + mode http + bind *:7000 + stats enable + stats uri / + +listen postgres + bind *:5000 + option httpchk + http-check expect status 200 + default-server inter 3s fall 3 rise 2 on-marked-down shutdown-sessions + server postgresql_{{ postgresql_1 }}_5432 {{ postgresql_1 }}:5432 maxconn 100 check port 8008 + server postgresql_{{ postgresql_2 }}_5432 {{ postgresql_2 }}:5432 maxconn 100 check port 8008 + server postgresql_{{ postgresql_3 }}_5432 {{ postgresql_3 }}:5432 maxconn 100 check port 8008 \ No newline at end of file diff --git a/ansible/roles/ansible-haproxy/vars/main.yml b/ansible/roles/ansible-haproxy/vars/main.yml new file mode 100644 index 0000000000..2070e21bba --- /dev/null +++ b/ansible/roles/ansible-haproxy/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for ansible-haproxy diff --git a/ansible/roles/ansible-postgres_patroni/README.md b/ansible/roles/ansible-postgres_patroni/README.md new file mode 100644 index 0000000000..37f2988184 --- /dev/null +++ b/ansible/roles/ansible-postgres_patroni/README.md @@ -0,0 +1,100 @@ +Role Name +========= +``` +postgresql-cluster-ansible +``` +Requirements +------------ +``` +1. comment or uncomment the properties in templates of the roles available as per the requirement. +2. provide the variables where ever required. +``` +Role Variables +-------------- +``` +In hosts files: +1. etcd_ip : +2. postgresql_origin: +3. postgresql_1: +4. postgresql_2: +5. postgresql_3: + + +etcd Role variables: +postgres_patroni_etcd_name: "postgres-etcd" # cluster name +postgres_patroni_etcd_initial_cluster: "{{ etcd_name }}=http://{{ etcd_ip }}:2380" # initial cluster +postgres_patroni_etcd_initial_cluster_state: "postgres" # initial cluster state +postgres_patroni_etcd_initial_cluster_token: "etcd-cluster-postgres" # initial cluster token +postgres_patroni_etcd_initial_advertise_peer_urls: "http://{{ etcd_ip }}:2380" # initial advertise peer urls +postgres_patroni_etcd_listen_peer_urls: "http://{{ etcd_ip }}:2380" # listen peer urls +postgres_patroni_etcd_listen_client_urls: "http://{{ etcd_ip }}:2379,http://127.0.0.1:2379" # listen client urls +postgres_patroni_etcd_advertise_client_urls: "http://{{ etcd_ip }}:2379" # advertise client urls + +Ansible-postgres_patroni role Variables: +#patroni .yaml config +Postgres_cluster_name: postgresql-prod # Cluster name + +# users admin password +postgres_patroni_admin_password: admin # Admin Password + +#Authentication +# Replication +postgres_patroni_replication_username: replicator # Replication Username +postgres_patroni_replication_password: password # Replication password + +#SuperUser +postgres_patroni_superuser_username: postgres # Superuser username +postgres_patroni_superuser_password: password # Superuser Password +``` +Architecture +------------ +![Untitled Diagram (1)](https://user-images.githubusercontent.com/63706239/203470986-f8ec3d56-a6d2-4678-b594-dc20a29ec972.jpg) + +``` +Description: +Ansible postgres cluter role is used to setup a postgres cluster with 1 Primary and 2 replicas where we are using the patroni as HA solution for postgres cluster.Patroni can be configured to handle tasks like replication, backups and restorations.We are also using HAProxy load Balancer to route the traffic and Etcd is a fault-tolerant, distributed key-value store that is used to store the state of the Postgres cluster. Via Patroni, all of the Postgres nodes make use of etcd to keep the Postgres cluster up and running. + +Users and applications can access the postgres server using Haproxy IP and Port defined in the haproxy configuration rules. +``` + +Inventory hosts file as shown Below +----------------------------------- +``` +[etcd] +192.168.245.129 etcd_ip=192.168.245.129 ansible_ssh_user=ubuntu + +[postgresql] +192.168.245.129 postgresql_origin=192.168.245.129 postgresql_1=192.168.245.129 postgresql_2=192.168.245.130 postgresql_3=192.168.245.131 etcd_ip=192.168.245.129 ansible_ssh_user=ubuntu + postgresql_origin= postgresql_1= postgresql_2= postgresql_3= etcd_ip=192.168.245.129 ansible_ssh_user=ubuntu + postgresql_origin= postgresql_1= postgresql_2= postgresql_3= etcd_ip=192.168.245.129 ansible_ssh_user=ubuntu + +[haproxy] +192.168.245.129 postgresql_1=192.168.245.129 postgresql_2=192.168.245.130 postgresql_3=192.168.245.131 ansible_ssh_user=ubuntu +``` + +License +------- +``` +BSD +``` +Author Information +------------------ +``` +Nikhil Varma + +Senior DevOps Engineer +``` + +postgres cluster setup using ansible +----------------------------------- + +``` +# Command to run Ansibe-postgresql role + +$ ansible-playbook -i inventory/hosts main.yaml -K --ask-pass + +# Commands to run postgresql roles by using the tags and skipping the tags + +$ ansible-playbook -i inventory/hosts main.yaml -K --ask-pass --tags="" +$ ansible-playbook -i inventory/hosts main.yaml -K --ask-pass --skip-tags="" +``` diff --git a/ansible/roles/ansible-postgres_patroni/defaults/main.yml b/ansible/roles/ansible-postgres_patroni/defaults/main.yml new file mode 100644 index 0000000000..5257a8524d --- /dev/null +++ b/ansible/roles/ansible-postgres_patroni/defaults/main.yml @@ -0,0 +1,16 @@ +--- +# defaults file for ansible-postgres_patroni +#patroni .yaml config +postgres_cluster_name: postgresql-prod + +# users admin password +postgres_patroni_admin_password: admin + +#Authentication +# Replication +postgres_patroni_replication_username: replicator +postgres_patroni_replication_password: password + +#SuperUser +postgres_patroni_superuser_username: postgres +postgres_patroni_superuser_password: password \ No newline at end of file diff --git a/ansible/roles/ansible-postgres_patroni/handlers/main.yml b/ansible/roles/ansible-postgres_patroni/handlers/main.yml new file mode 100644 index 0000000000..91f2ff6304 --- /dev/null +++ b/ansible/roles/ansible-postgres_patroni/handlers/main.yml @@ -0,0 +1,18 @@ +--- +# handlers file for ansible-postgres_patroni +- name: Restart patroni systemd + systemd: + name: patroni.service + state: restarted + daemon_reload: yes + +- name: Restart patroni service + systemd: + name: patroni.service + state: restarted + +- name: Start the postgresql service + systemd: + name: postgresql.service + state: started + enabled: yes \ No newline at end of file diff --git a/ansible/roles/ansible-postgres_patroni/meta/main.yml b/ansible/roles/ansible-postgres_patroni/meta/main.yml new file mode 100644 index 0000000000..0538e5f1cd --- /dev/null +++ b/ansible/roles/ansible-postgres_patroni/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: Nikhil Varma + description: Ansible role for setting up postgresql cluster + #company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/ansible/roles/ansible-postgres_patroni/tasks/main.yml b/ansible/roles/ansible-postgres_patroni/tasks/main.yml new file mode 100644 index 0000000000..75f16a30d5 --- /dev/null +++ b/ansible/roles/ansible-postgres_patroni/tasks/main.yml @@ -0,0 +1,105 @@ +--- +# tasks file for ansible-postgres_patroni + +- name: Install postgresql after updating apt + apt: + name: + - postgresql + - postgresql-contrib + state: present + update_cache: yes + tags: + - postgresql Install + +- name: Stop the postgresql service + systemd: + name: postgresql.service + state: stopped + enabled: yes + tags: + - postgresql_service + +- name: creating softlink for postgres + ansible.builtin.shell: + cmd: ln -s /usr/lib/postgresql/15/bin/* /usr/sbin/ + tags: + - softlink + +- name: Install and update python and pip + apt: + name: + - python3-pip + - python3-dev + - libpq-dev + state: present + tags: + - pip_python + +- name: Upgrade pip to latest vesion + pip: + name: pip + extra_args: --upgrade + state: latest + tags: + - upgrade_pip + +- name: Install patroni and dependencies + pip: + name: + - patroni + - python-etcd + - psycopg2 + state: present + tags: + - install patroni + +- name: Creates data directory for patroni + file: + path: /data + state: directory + mode: 0700 + owner: postgres + group: postgres + tags: + - create_data_dir + +- name: Creates data directory for patroni + file: + path: /data/patroni + state: directory + mode: 0700 + owner: postgres + group: postgres + tags: + - create_patroni_dir + + +- name: Template patroni systemd service file to /etc/systemd/system/patroni.service + template: + src: patroni.service.j2 + dest: /etc/systemd/system/patroni.service + tags: + - patroni_service + +- name: Restart patroni systemd + systemd: + name: patroni.service + state: restarted + daemon_reload: yes + +- name: Template configuration file to patroni.yaml + template: + src: patroni.yaml.j2 + dest: '/etc/patroni.yaml' + tags: + - patroni_config + +- name: Restart patroni service + systemd: + name: patroni.service + state: restarted + +- name: Restart postgres service + systemd: + name: postgresql.service + state: restarted diff --git a/ansible/roles/ansible-postgres_patroni/templates/patroni.service.j2 b/ansible/roles/ansible-postgres_patroni/templates/patroni.service.j2 new file mode 100644 index 0000000000..d2bbe844e0 --- /dev/null +++ b/ansible/roles/ansible-postgres_patroni/templates/patroni.service.j2 @@ -0,0 +1,17 @@ +[Unit] +Description=Runners to orchestrate a high-availability PostgreSQL +After=syslog.target network.target + +[Service] +Type=simple + +User=postgres +Group=postgres + +ExecStart=/usr/local/bin/patroni /etc/patroni.yaml +KillMode=process +TimeoutSec=30 +Restart=no + +[Install] +WantedBy=multi-user.targ \ No newline at end of file diff --git a/ansible/roles/ansible-postgres_patroni/templates/patroni.yaml.j2 b/ansible/roles/ansible-postgres_patroni/templates/patroni.yaml.j2 new file mode 100644 index 0000000000..92d5635e46 --- /dev/null +++ b/ansible/roles/ansible-postgres_patroni/templates/patroni.yaml.j2 @@ -0,0 +1,58 @@ +scope: postgres +namespace: /db/ +name: {{ postgres_cluster_name }} + +restapi: + listen: {{ postgresql_origin }}:8008 + connect_address: {{ postgresql_origin }}:8008 + +etcd: + host: {{ etcd_ip }}:2379 + +bootstrap: + dcs: + ttl: 30 + loop_wait: 10 + retry_timeout: 10 + maximum_lag_on_failover: 1048576 + postgresql: + use_pg_rewind: true + + initdb: + - encoding: UTF8 + - data-checksums + + pg_hba: + - host replication replicator 127.0.0.1/32 md5 + - host replication replicator {{ postgresql_1 }}/0 md5 + - host replication replicator {{ postgresql_2 }}/0 md5 + - host replication replicator {{ postgresql_3 }}/0 md5 + - host all all 0.0.0.0/0 md5 + + users: + admin: + password: {{ postgres_patroni_admin_password }} + options: + - createrole + - createdb + +postgresql: + listen: {{ postgresql_origin }}:5432 + connect_address: {{ postgresql_origin }}:5432 + data_dir: /data/patroni + pgpass: /tmp/pgpass + authentication: + replication: + username: {{ postgres_patroni_replication_username }} + password: {{ postgres_patroni_replication_password }} + superuser: + username: {{ postgres_patroni_superuser_username }} + password: {{ postgres_patroni_superuser_password }} + parameters: + unix_socket_directories: '.' + +tags: + nofailover: false + noloadbalance: false + clonefrom: false + nosync: false \ No newline at end of file diff --git a/ansible/roles/ansible-postgres_patroni/vars/main.yml b/ansible/roles/ansible-postgres_patroni/vars/main.yml new file mode 100644 index 0000000000..bf8074823c --- /dev/null +++ b/ansible/roles/ansible-postgres_patroni/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for ansible-postgres_patroni From ba01495ad7aafcf3556ad053ba02563bd2e29975 Mon Sep 17 00:00:00 2001 From: Rekha Date: Mon, 26 Dec 2022 16:34:25 +0530 Subject: [PATCH 220/434] Prashnavali reminder query added --- .../roles/postgres-migration/files/sunbird_programs/V5.1.0.sql | 1 + 1 file changed, 1 insertion(+) create mode 100644 ansible/roles/postgres-migration/files/sunbird_programs/V5.1.0.sql diff --git a/ansible/roles/postgres-migration/files/sunbird_programs/V5.1.0.sql b/ansible/roles/postgres-migration/files/sunbird_programs/V5.1.0.sql new file mode 100644 index 0000000000..1780b3118b --- /dev/null +++ b/ansible/roles/postgres-migration/files/sunbird_programs/V5.1.0.sql @@ -0,0 +1 @@ +INSERT INTO "public"."configuration" ("key", "value", "status") VALUES ('PrashnavaliReminder', ' VidyaDaan: Reminder to kindly create or review pending questions for the Project:$projectName by $projectDate. Log in via https://vdn.diksha.gov.in/contribute. Please ignore if work has already been completed.', 'active'); From 8a73f684521c48c35c0a3253131c3b055ab8330e Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Tue, 27 Dec 2022 12:04:46 +0530 Subject: [PATCH 221/434] added new jenkins adhoc job for ml-analytics #ED-569 (#3675) --- ansible/ml-analytics-adhoc.yaml | 4 + .../ml-analytics-adhoc-jobs/tasks/main.yaml | 106 ++++++++++++++ .../roles/ml-analytics-service/tasks/main.yml | 2 +- .../jobs/ml-analytics-adhoc/config.xml | 130 ++++++++++++++++++ .../deploy/ml-analytics-adhoc/Jenkinsfile | 47 +++++++ 5 files changed, 288 insertions(+), 1 deletion(-) create mode 100644 ansible/ml-analytics-adhoc.yaml create mode 100644 ansible/roles/ml-analytics-adhoc-jobs/tasks/main.yaml create mode 100644 deploy/jenkins/jobs/Deploy/jobs/dev/jobs/managed-learn/jobs/ml-analytics-adhoc/config.xml create mode 100644 pipelines/deploy/ml-analytics-adhoc/Jenkinsfile diff --git a/ansible/ml-analytics-adhoc.yaml b/ansible/ml-analytics-adhoc.yaml new file mode 100644 index 0000000000..f870c5434e --- /dev/null +++ b/ansible/ml-analytics-adhoc.yaml @@ -0,0 +1,4 @@ +- hosts: ml-analytics-service + become: yes + roles: + - ml-analytics-adhoc-jobs diff --git a/ansible/roles/ml-analytics-adhoc-jobs/tasks/main.yaml b/ansible/roles/ml-analytics-adhoc-jobs/tasks/main.yaml new file mode 100644 index 0000000000..abfb50e3bb --- /dev/null +++ b/ansible/roles/ml-analytics-adhoc-jobs/tasks/main.yaml @@ -0,0 +1,106 @@ +- name: Fetch Config file + synchronize: src="{{ item }}" dest="../output/" mode=pull recursive=yes rsync_path=rsync + with_items: + - "/opt/sparkjobs/ml-analytics-service/config.ini" + tags: + - fetch-config + +- name: Execute run.sh + become: yes + become_user: data-pipeline + shell: "/opt/sparkjobs/ml-analytics-service/run.sh > /opt/sparkjobs/ml-analytics-service/run_job.log" + tags: + - run-job + +- name: Fetch run_job.log + synchronize: src="{{ item }}" dest="../output/" mode=pull recursive=yes rsync_path=rsync + with_items: + - "/opt/sparkjobs/ml-analytics-service/run_job.log" + tags: + - run-job + +- name: Execute run_weekly.sh + become: yes + become_user: data-pipeline + shell: "/opt/sparkjobs/ml-analytics-service/run_weekly.sh > /opt/sparkjobs/ml-analytics-service/run_weekly_job.log" + tags: + - run-weekly + +- name: Fetch run_weekly.log + synchronize: src="{{ item }}" dest="../output/" mode=pull recursive=yes rsync_path=rsync + with_items: + - "/opt/sparkjobs/ml-analytics-service/run_weekly_job.log" + tags: + - run-weekly + +- name: Execute run_program.sh + become: yes + become_user: data-pipeline + shell: "/opt/sparkjobs/ml-analytics-service/run_program.sh > /opt/sparkjobs/ml-analytics-service/run_program_job.log" + tags: + - run-program + +- name: Fetch run_program_job.log + synchronize: src="{{ item }}" dest="../output/" mode=pull recursive=yes rsync_path=rsync + with_items: + - "/opt/sparkjobs/ml-analytics-service/run_program_job.log" + tags: + - run-program + +- name: Execute Observation ingest/refresh + become: yes + become_user: data-pipeline + shell: "source /opt/sparkjobs/spark_venv/bin/activate && /opt/sparkjobs/spark_venv/lib/python3.8/site-packages/pyspark/bin/spark-submit --driver-memory 50g --executor-memory 50g /opt/sparkjobs/ml-analytics-service/observations/pyspark_observation_status_batch.py" + register: out + tags: + - observation-refresh-ingest + +- debug: + var: out.stdout_lines + tags: + - observation-refresh-ingest + +- name: Execute Survey ingest/refresh + become: yes + become_user: data-pipeline + shell: "source /opt/sparkjobs/spark_venv/bin/activate && /opt/sparkjobs/spark_venv/lib/python3.8/site-packages/pyspark/bin/spark-submit --driver-memory 50g --executor-memory 50g /opt/sparkjobs/ml-analytics-service/survey/pyspark_survey_status.py" + register: out + args: + executable: /bin/bash + tags: + - survey-refresh-ingest + +- debug: + var: out.stdout_lines + tags: + - survey-refresh-ingest + +- name: Execute Project Refresh + become: yes + become_user: data-pipeline + shell: "source /opt/sparkjobs/spark_venv/bin/activate && /opt/sparkjobs/spark_venv/lib/python3.8/site-packages/pyspark/bin/spark-submit --driver-memory 50g --executor-memory 50g /opt/sparkjobs/ml-analytics-service/projects/pyspark_project_deletion_batch.py" + register: out + args: + executable: /bin/bash + tags: + - project-refresh + +- debug: + var: out.stdout_lines + tags: + - project-refresh + +- name: Execute Project ingest + become: yes + become_user: data-pipeline + shell: "source /opt/sparkjobs/spark_venv/bin/activate && /opt/sparkjobs/spark_venv/lib/python3.8/site-packages/pyspark/bin/spark-submit --driver-memory 50g --executor-memory 50g /opt/sparkjobs/ml-analytics-service/projects/pyspark_project_batch.py" + register: out + args: + executable: /bin/bash + tags: + - project-ingest + +- debug: + var: out.stdout_lines + tags: + - project-ingest diff --git a/ansible/roles/ml-analytics-service/tasks/main.yml b/ansible/roles/ml-analytics-service/tasks/main.yml index ee609b8806..30b61a06cd 100755 --- a/ansible/roles/ml-analytics-service/tasks/main.yml +++ b/ansible/roles/ml-analytics-service/tasks/main.yml @@ -145,4 +145,4 @@ minute: "30" hour: "7" weekday: "4" - job: "{{ BASEPATH }}/run_weekly.sh > {{ BASEPATH }}/ml-analytics-service/nvsk_data_weekly.logs" + job: "{{ BASEPATH }}/ml-analytics-service/run_weekly.sh > {{ BASEPATH }}/ml-analytics-service/nvsk_data_weekly.logs" diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/managed-learn/jobs/ml-analytics-adhoc/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/managed-learn/jobs/ml-analytics-adhoc/config.xml new file mode 100644 index 0000000000..eeb6fdfe2b --- /dev/null +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/managed-learn/jobs/ml-analytics-adhoc/config.xml @@ -0,0 +1,130 @@ + + + + false + + + false + false + + + + + private_branch + choice-parameter-3803648169564146 + 1 + + true + + + + true + + + ml-analytics-adhoc + Deploy/dev/managed-learn/ml-analytics-adhoc + + + ET_FORMATTED_HTML + true + + + branch_or_tag + choice-parameter-3803648170694062 + 1 + + true + + + + true + + + ml-analytics-adhoc + Deploy/dev/managed-learn/ml-analytics-adhoc + + + ET_FORMATTED_HTML + true + + + action + <font color=green size=2><b>Choose the job names to run. Multi-selection is available.</b></font> + choice-parameter-3812862131559945 + 1 + + true + + + + ml-analytics-adhoc + Deploy/dev/managed-learn/ml-analytics-adhoc + + + PT_MULTI_SELECT + false + 1 + + + + + 0 + 0 + + false + project + false + + + + + + + 2 + + + https://github.com/project-sunbird/sunbird-devops.git + github-cred + + + + + ${branch_or_tag} + + + false + + + + pipelines/deploy/ml-analytics-adhoc/Jenkinsfile + false + + + false + diff --git a/pipelines/deploy/ml-analytics-adhoc/Jenkinsfile b/pipelines/deploy/ml-analytics-adhoc/Jenkinsfile new file mode 100644 index 0000000000..8a2f010d6b --- /dev/null +++ b/pipelines/deploy/ml-analytics-adhoc/Jenkinsfile @@ -0,0 +1,47 @@ +@Library('deploy-conf') _ +node() { + try { + String ANSI_GREEN = "\u001B[32m" + String ANSI_NORMAL = "\u001B[0m" + String ANSI_BOLD = "\u001B[1m" + String ANSI_RED = "\u001B[31m" + String ANSI_YELLOW = "\u001B[33m" + + stage('checkout public repo') { + cleanWs() + checkout scm + } + ansiColor('xterm') { + + stage('Deploy') { + values = [:] + sh 'echo "${currentWs} is this"' + currentWs = sh(returnStdout: true, script: 'pwd').trim() + envDir = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-3].trim() + module = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-2].trim() + jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() + values.put('currentWs', currentWs) + values.put('env', envDir) + values.put('module', module) + values.put('jobName', jobName) + ansiblePlaybook = "${currentWs}/ansible/ml-analytics-adhoc.yaml" + ansibleExtraArgs = "--tags ${params.action} --vault-password-file /var/lib/jenkins/secrets/vault-pass" + values.put('ansiblePlaybook', ansiblePlaybook) + values.put('ansibleExtraArgs', ansibleExtraArgs) + println values + ansible_playbook_run(values) + currentBuild.result = "SUCCESS" + currentBuild.description = "Artifact: ${values.artifact_version}, Private: ${params.private_branch}, Public: ${params.branch_or_tag}" + } + summary() + } + } + catch (err) { + currentBuild.result = "FAILURE" + throw err + } + finally { + slack_notify(currentBuild.result) + email_notify() + } +} From b2c76008bb427b2260f8f9ee64d4d46f8ac69332 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Tue, 27 Dec 2022 13:59:06 +0530 Subject: [PATCH 222/434] fix: https:// already part of another url Signed-off-by: Keshav Prasad --- .../helm_charts/core/nginx-public-ingress/values.j2 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index c1331e76a5..1b9a670a37 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -557,7 +557,7 @@ proxyconfig: |- add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Methods GET; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/v3/preview/$url_full; + proxy_pass $s3_bucket/v3/preview/$url_full; } location ~ /content-editor/telemetry|collection-editor/telemetry { rewrite ^/(.*) /$1 break; @@ -604,7 +604,7 @@ proxyconfig: |- add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Methods GET; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/content-editor/$url_full; + proxy_pass $s3_bucket/content-editor/$url_full; } location ~* ^/discussion-ui/(.*) { # Enabling compression @@ -628,7 +628,7 @@ proxyconfig: |- add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Methods GET; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/discussion-ui/$url_full; + proxy_pass $s3_bucket/discussion-ui/$url_full; } location ~* ^/collection-editor/(.*) { # Enabling compression @@ -661,7 +661,7 @@ proxyconfig: |- add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Methods GET; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/collection-editor/$url_full; + proxy_pass $s3_bucket/collection-editor/$url_full; } location ~* ^/generic-editor/(.*) { # Enabling compression @@ -694,7 +694,7 @@ proxyconfig: |- add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Methods GET; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/generic-editor/$url_full; + proxy_pass $s3_bucket/generic-editor/$url_full; } location ~* ^/content-plugins/(.*) { # Enabling cache for Response code 200 @@ -731,7 +731,7 @@ proxyconfig: |- add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Methods GET; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$s3_bucket/content-plugins/$url_full; + proxy_pass $s3_bucket/content-plugins/$url_full; } location /thirdparty { # Enabling cache for Response code 200 From 3da4be417edb55763bc5a33d470fdb0e6a0ac54d Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Tue, 27 Dec 2022 14:43:55 +0530 Subject: [PATCH 223/434] fix: updated split logic based on url value Signed-off-by: Keshav Prasad --- .../stack-proxy/templates/proxy-default.conf | 16 ++++++------- .../core/nginx-public-ingress/values.j2 | 24 +++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/ansible/roles/stack-proxy/templates/proxy-default.conf b/ansible/roles/stack-proxy/templates/proxy-default.conf index f98ba2aae9..9ff34d8dcb 100644 --- a/ansible/roles/stack-proxy/templates/proxy-default.conf +++ b/ansible/roles/stack-proxy/templates/proxy-default.conf @@ -306,7 +306,7 @@ server { set $bucket "{{upstream_url}}"; set $url_full '$1'; proxy_http_version 1.1; - proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}"; + proxy_set_header Host "{{upstream_url.split('/')[2]|lower}}"; proxy_set_header Authorization ''; proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Methods; @@ -339,10 +339,10 @@ server { return 200; } - set $s3_bucket "{{plugin_upstream_url}}"; + set $bucket "{{plugin_upstream_url}}"; set $url_full '$1'; proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Host "{{plugin_upstream_url.split('/')[2]|lower}}"; proxy_set_header Authorization ''; proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Methods; @@ -354,7 +354,7 @@ server { proxy_intercept_errors on; add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Methods GET; - proxy_pass https://$s3_bucket/v3/preview/$url_full; + proxy_pass https://$bucket/v3/preview/$url_full; } location ~* ^/content-plugins/(.*) { @@ -378,11 +378,11 @@ location ~* ^/content-plugins/(.*) { add_header Content-Type text/plain; return 200; } - set $s3_bucket "{{plugin_upstream_url}}"; + set $bucket "{{plugin_upstream_url}}"; set $url_full '$1'; proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Host "{{plugin_upstream_url.split('/')[2]|lower}}"; proxy_set_header Authorization ''; proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Methods; @@ -394,7 +394,7 @@ location ~* ^/content-plugins/(.*) { proxy_intercept_errors on; add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Methods GET; - proxy_pass https://$s3_bucket/content-plugins/$url_full; + proxy_pass https://$bucket/content-plugins/$url_full; } location /thirdparty { @@ -448,7 +448,7 @@ location ~* ^/desktop/(.*) { set $url_full '$1'; proxy_http_version 1.1; - proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[0]|lower}}"; + proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[2]|lower}}"; proxy_set_header Authorization ''; proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Methods; diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 1b9a670a37..678a12bb4d 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -541,7 +541,7 @@ proxyconfig: |- add_header Content-Type text/plain; return 200; } - set $s3_bucket "{{plugin_upstream_url}}"; + set $bucket "{{plugin_upstream_url}}"; set $url_full '$1'; proxy_http_version 1.1; proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; @@ -557,7 +557,7 @@ proxyconfig: |- add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Methods GET; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $s3_bucket/v3/preview/$url_full; + proxy_pass $bucket/v3/preview/$url_full; } location ~ /content-editor/telemetry|collection-editor/telemetry { rewrite ^/(.*) /$1 break; @@ -588,7 +588,7 @@ proxyconfig: |- add_header Content-Type text/plain; return 200; } - set $s3_bucket "{{plugin_upstream_url}}"; + set $bucket "{{plugin_upstream_url}}"; set $url_full '$1'; proxy_http_version 1.1; proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; @@ -604,7 +604,7 @@ proxyconfig: |- add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Methods GET; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $s3_bucket/content-editor/$url_full; + proxy_pass $bucket/content-editor/$url_full; } location ~* ^/discussion-ui/(.*) { # Enabling compression @@ -612,7 +612,7 @@ proxyconfig: |- gzip_min_length 100000; gzip_proxied expired no-cache no-store private auth; gzip_types application/javascript application/x-javascript text/css text/javascript; - set $s3_bucket "{{discussion_upstream_url}}"; + set $bucket "{{discussion_upstream_url}}"; set $url_full '$1'; proxy_http_version 1.1; proxy_set_header Host "{{discussion_upstream_url.split('/')[0]|lower}}"; @@ -628,7 +628,7 @@ proxyconfig: |- add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Methods GET; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $s3_bucket/discussion-ui/$url_full; + proxy_pass $bucket/discussion-ui/$url_full; } location ~* ^/collection-editor/(.*) { # Enabling compression @@ -645,7 +645,7 @@ proxyconfig: |- add_header Content-Type text/plain; return 200; } - set $s3_bucket "{{plugin_upstream_url}}"; + set $bucket "{{plugin_upstream_url}}"; set $url_full '$1'; proxy_http_version 1.1; proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; @@ -661,7 +661,7 @@ proxyconfig: |- add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Methods GET; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $s3_bucket/collection-editor/$url_full; + proxy_pass $bucket/collection-editor/$url_full; } location ~* ^/generic-editor/(.*) { # Enabling compression @@ -678,7 +678,7 @@ proxyconfig: |- add_header Content-Type text/plain; return 200; } - set $s3_bucket "{{plugin_upstream_url}}"; + set $bucket "{{plugin_upstream_url}}"; set $url_full '$1'; proxy_http_version 1.1; proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; @@ -694,7 +694,7 @@ proxyconfig: |- add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Methods GET; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $s3_bucket/generic-editor/$url_full; + proxy_pass $bucket/generic-editor/$url_full; } location ~* ^/content-plugins/(.*) { # Enabling cache for Response code 200 @@ -715,7 +715,7 @@ proxyconfig: |- add_header Content-Type text/plain; return 200; } - set $s3_bucket "{{plugin_upstream_url}}"; + set $bucket "{{plugin_upstream_url}}"; set $url_full '$1'; proxy_http_version 1.1; proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; @@ -731,7 +731,7 @@ proxyconfig: |- add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Methods GET; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass $s3_bucket/content-plugins/$url_full; + proxy_pass $bucket/content-plugins/$url_full; } location /thirdparty { # Enabling cache for Response code 200 From d3e9c94d9404b1b1f22000d608ce618255d435bd Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Tue, 27 Dec 2022 14:46:37 +0530 Subject: [PATCH 224/434] fix: removed https:// url string Signed-off-by: Keshav Prasad --- ansible/roles/stack-proxy/templates/proxy-default.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/roles/stack-proxy/templates/proxy-default.conf b/ansible/roles/stack-proxy/templates/proxy-default.conf index 9ff34d8dcb..9f78549da2 100644 --- a/ansible/roles/stack-proxy/templates/proxy-default.conf +++ b/ansible/roles/stack-proxy/templates/proxy-default.conf @@ -318,7 +318,7 @@ server { proxy_intercept_errors on; add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Methods GET; - proxy_pass https://$bucket/$url_full; + proxy_pass $bucket/$url_full; } @@ -354,7 +354,7 @@ server { proxy_intercept_errors on; add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Methods GET; - proxy_pass https://$bucket/v3/preview/$url_full; + proxy_pass $bucket/v3/preview/$url_full; } location ~* ^/content-plugins/(.*) { @@ -394,7 +394,7 @@ location ~* ^/content-plugins/(.*) { proxy_intercept_errors on; add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Methods GET; - proxy_pass https://$bucket/content-plugins/$url_full; + proxy_pass $bucket/content-plugins/$url_full; } location /thirdparty { @@ -460,7 +460,7 @@ location ~* ^/desktop/(.*) { proxy_intercept_errors on; add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Methods GET; - proxy_pass https://$offline_bucket/$url_full; + proxy_pass $offline_bucket/$url_full; } location / { From 854398a2f2af283fbf1e5f4319e72ec856b5ec69 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Tue, 27 Dec 2022 14:52:42 +0530 Subject: [PATCH 225/434] fix: update url array index Signed-off-by: Keshav Prasad --- .../core/nginx-public-ingress/values.j2 | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 678a12bb4d..cbc2e40f4e 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -511,7 +511,7 @@ proxyconfig: |- set $bucket "{{upstream_url}}"; set $url_full '$1'; proxy_http_version 1.1; - proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}"; + proxy_set_header Host "{{upstream_url.split('/')[2]|lower}}"; proxy_set_header Authorization ''; proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Methods; @@ -544,7 +544,7 @@ proxyconfig: |- set $bucket "{{plugin_upstream_url}}"; set $url_full '$1'; proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Host "{{plugin_upstream_url.split('/')[2]|lower}}"; proxy_set_header Authorization ''; proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Methods; @@ -591,7 +591,7 @@ proxyconfig: |- set $bucket "{{plugin_upstream_url}}"; set $url_full '$1'; proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Host "{{plugin_upstream_url.split('/')[2]|lower}}"; proxy_set_header Authorization ''; proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Methods; @@ -615,7 +615,7 @@ proxyconfig: |- set $bucket "{{discussion_upstream_url}}"; set $url_full '$1'; proxy_http_version 1.1; - proxy_set_header Host "{{discussion_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Host "{{discussion_upstream_url.split('/')[2]|lower}}"; proxy_set_header Authorization ''; proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Methods; @@ -648,7 +648,7 @@ proxyconfig: |- set $bucket "{{plugin_upstream_url}}"; set $url_full '$1'; proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Host "{{plugin_upstream_url.split('/')[2]|lower}}"; proxy_set_header Authorization ''; proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Methods; @@ -681,7 +681,7 @@ proxyconfig: |- set $bucket "{{plugin_upstream_url}}"; set $url_full '$1'; proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Host "{{plugin_upstream_url.split('/')[2]|lower}}"; proxy_set_header Authorization ''; proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Methods; @@ -718,7 +718,7 @@ proxyconfig: |- set $bucket "{{plugin_upstream_url}}"; set $url_full '$1'; proxy_http_version 1.1; - proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; + proxy_set_header Host "{{plugin_upstream_url.split('/')[2]|lower}}"; proxy_set_header Authorization ''; proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Methods; @@ -778,7 +778,7 @@ proxyconfig: |- set $offline_bucket "{{ sunbird_offline_azure_storage_account_url }}"; set $url_full '$1'; proxy_http_version 1.1; - proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[0]|lower}}"; + proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[2]|lower}}"; proxy_set_header Authorization ''; proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Methods; From 045d158e1199dfed0908325ee0a7fb6be4a332a8 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Tue, 27 Dec 2022 17:37:04 +0530 Subject: [PATCH 226/434] fix: remove hardcoded https from proxy_pass value (#3688) --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index cbc2e40f4e..e0699cdb50 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -524,7 +524,7 @@ proxyconfig: |- add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Methods GET; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$bucket/$url_full; + proxy_pass $bucket/$url_full; } location ~* ^/content/preview/(.*) { # Enabling compression From b87d0d3c3843891baf465ba6afa48c11c50e5a72 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Wed, 28 Dec 2022 13:41:06 +0530 Subject: [PATCH 227/434] fix: remove https as its included in the var Signed-off-by: Keshav Prasad --- ansible/roles/stack-sunbird/templates/sunbird_player.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_player.env b/ansible/roles/stack-sunbird/templates/sunbird_player.env index 9cb6473418..30d4e1830f 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_player.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_player.env @@ -195,7 +195,7 @@ sunbird_telemetry_service_local_url={{sunbird_telemetry_service_local_url | defa #Release-4.4.0 sunbird_portal_video_max_size={{sunbird_portal_video_max_size | default(150)}} sunbird_default_file_size={{sunbird_default_file_size | default(150)}} -sunbird_portal_uci_blob_url={{ sunbird_portal_uci_blob_url | default('https://' + cloud_storage_url + '/uci') }} +sunbird_portal_uci_blob_url={{ sunbird_portal_uci_blob_url | default(cloud_storage_url + '/uci') }} portal_redirect_error_callback_domain={{portal_redirect_error_callback_domain | default("https://"+domain_name)}} sunbird_portal_uci_bot_phone_number={{sunbird_portal_uci_bot_phone_number | default(+912249757677)}} From 15394c46e23de68a5aa74b818e82b1e4ff9eccc6 Mon Sep 17 00:00:00 2001 From: VISHNUDAS <95604247+VISHNUDAS-tunerlabs@users.noreply.github.com> Date: Wed, 28 Dec 2022 21:59:39 +0530 Subject: [PATCH 228/434] Project certificate download uris edited (#3691) typo correction --- ansible/roles/kong-api/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index d7589ae22e..7af41e2149 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9795,7 +9795,7 @@ kong_apis: config.enabled: true - name: getProjectRCCertificate - uris: "{{ registry_service_prefix }}/projetCertificate/v1/download" + uris: "{{ registry_service_prefix }}/projectCertificate/v1/download" upstream_url: "{{ registry_service_url }}/api/v1/ProjectCertificate" strip_uri: true plugins: @@ -10000,4 +10000,4 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: true - config.enabled: true \ No newline at end of file + config.enabled: true From e9978e75870c46a5eb7f33071eb1d9d1d657f949 Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Thu, 29 Dec 2022 11:28:00 +0530 Subject: [PATCH 229/434] Release 5.1.0 - CSP changes (#3692) * Update management bucketname for ES * Update ES snapshot roles --- ansible/roles/es-azure-snapshot/defaults/main.yml | 12 +++--------- ansible/roles/es-gcs-snapshot/defaults/main.yml | 9 ++++++--- ansible/roles/es-s3-snapshot/defaults/main.yml | 9 ++++++--- ansible/roles/es6/tasks/plugins/repository-gcs.yml | 4 ++-- ansible/roles/es6/tasks/plugins/repository-s3.yml | 4 ++-- .../roles/log-es6/tasks/plugins/repository-gcs.yml | 4 ++-- .../roles/log-es6/tasks/plugins/repository-s3.yml | 4 ++-- 7 files changed, 23 insertions(+), 23 deletions(-) diff --git a/ansible/roles/es-azure-snapshot/defaults/main.yml b/ansible/roles/es-azure-snapshot/defaults/main.yml index 396746aa32..df52870977 100644 --- a/ansible/roles/es-azure-snapshot/defaults/main.yml +++ b/ansible/roles/es-azure-snapshot/defaults/main.yml @@ -1,7 +1,7 @@ snapshot_create_request_body: { type: azure, settings: { - container: "{{ es_backup_storage }}", + container: "{{ cloud_storage_esbackup_foldername }}", base_path: "{{ snapshot_base_path }}_{{ base_path_date }}" } } @@ -10,11 +10,5 @@ snapshot_create_request_body: { es_snapshot_host: "localhost" snapshot_base_path: "default" -es_azure_backup_container_name: "elasticsearch-snapshots" - -# This variable is added for the below reason - -# 1. Introduce a common variable for various clouds. In case of azure, it refers to container name, in case of aws / gcp, it refers to folder name -# 2. We want to avoid too many new variable introduction / replacement in first phase. Hence we will reuse the existing variable defined in private repo -# or other default files and just assign the value to the newly introduced common variable -# 3. After few releases, we will remove the older variables and use only the new variables across the repos -es_backup_storage: "{{ es_azure_backup_container_name }}" \ No newline at end of file +cloud_storage_esbackup_bucketname: "{{ cloud_storage_management_bucketname }}" +cloud_storage_esbackup_foldername: "elasticsearch-snapshots" diff --git a/ansible/roles/es-gcs-snapshot/defaults/main.yml b/ansible/roles/es-gcs-snapshot/defaults/main.yml index 5e3cbece6f..23fa7c5ef1 100644 --- a/ansible/roles/es-gcs-snapshot/defaults/main.yml +++ b/ansible/roles/es-gcs-snapshot/defaults/main.yml @@ -1,12 +1,15 @@ snapshot_create_request_body: { type: gcs, settings: { - bucket: "{{ gcs_management_bucket_name }}", - base_path: "{{ es_backup_storage }}/{{ snapshot_base_path }}_{{ base_path_date }}" + bucket: "{{ cloud_storage_management_bucketname }}", + base_path: "{{ cloud_storage_esbackup_foldername }}/{{ snapshot_base_path }}_{{ base_path_date }}" } } # Override these values es_snapshot_host: "localhost" snapshot_base_path: "default" -es_backup_storage: "elasticsearch-snapshots" \ No newline at end of file +es_backup_storage: "elasticsearch-snapshots" + +cloud_storage_esbackup_bucketname: "{{ cloud_storage_management_bucketname }}" +cloud_storage_esbackup_foldername: "elasticsearch-snapshots" diff --git a/ansible/roles/es-s3-snapshot/defaults/main.yml b/ansible/roles/es-s3-snapshot/defaults/main.yml index 7ddda6ebd0..3a55471ccf 100644 --- a/ansible/roles/es-s3-snapshot/defaults/main.yml +++ b/ansible/roles/es-s3-snapshot/defaults/main.yml @@ -1,12 +1,15 @@ snapshot_create_request_body: { type: s3, settings: { - bucket: "{{ aws_management_bucket_name }}", - base_path: "{{ es_backup_storage }}/{{ snapshot_base_path }}_{{ base_path_date }}" + bucket: "{{ cloud_storage_esbackup_bucketname }}", + base_path: "{{ cloud_storage_esbackup_foldername }}/{{ snapshot_base_path }}_{{ base_path_date }}" } } # Override these values es_snapshot_host: "localhost" snapshot_base_path: "default" -es_backup_storage: "elasticsearch-snapshots" \ No newline at end of file +es_backup_storage: "elasticsearch-snapshots" + +cloud_storage_esbackup_bucketname: "{{ cloud_storage_management_bucketname }}" +cloud_storage_esbackup_foldername: "elasticsearch-snapshots" diff --git a/ansible/roles/es6/tasks/plugins/repository-gcs.yml b/ansible/roles/es6/tasks/plugins/repository-gcs.yml index 7d5c32e52e..6a32c0051a 100644 --- a/ansible/roles/es6/tasks/plugins/repository-gcs.yml +++ b/ansible/roles/es6/tasks/plugins/repository-gcs.yml @@ -3,7 +3,7 @@ become: yes copy: dest: "{{ conf_dir }}/gcs_management_bucket_service_account.json" - content: "{{ gcs_management_bucket_service_account }}" + content: "{{ cloud_management_storage_secret }}" - name: Add gcs service account file to keystore become: yes @@ -15,4 +15,4 @@ - name: Remove the service account file file: path: "{{ conf_dir }}/gcs_management_bucket_service_account.json" - state: absent \ No newline at end of file + state: absent diff --git a/ansible/roles/es6/tasks/plugins/repository-s3.yml b/ansible/roles/es6/tasks/plugins/repository-s3.yml index b5897792ab..07655d6746 100644 --- a/ansible/roles/es6/tasks/plugins/repository-s3.yml +++ b/ansible/roles/es6/tasks/plugins/repository-s3.yml @@ -1,14 +1,14 @@ --- - name: Add default aws account name for backups become: yes - shell: echo "{{ aws_management_bucket_user_access_key }}" | {{ es_home }}/bin/elasticsearch-keystore add -f s3.client.default.access_key + shell: echo "{{ cloud_management_storage_accountname }}" | {{ es_home }}/bin/elasticsearch-keystore add -f s3.client.default.access_key no_log: True environment: ES_PATH_CONF: "{{ conf_dir }}" - name: Add default aws account key for backups become: yes - shell: echo "{{ aws_management_bucket_user_secret_key }}" | {{ es_home }}/bin/elasticsearch-keystore add -f s3.client.default.secret_key + shell: echo "{{ cloud_management_storage_secret }}" | {{ es_home }}/bin/elasticsearch-keystore add -f s3.client.default.secret_key no_log: True environment: ES_PATH_CONF: "{{ conf_dir }}" diff --git a/ansible/roles/log-es6/tasks/plugins/repository-gcs.yml b/ansible/roles/log-es6/tasks/plugins/repository-gcs.yml index 81078e173d..7d1c1fbd4a 100644 --- a/ansible/roles/log-es6/tasks/plugins/repository-gcs.yml +++ b/ansible/roles/log-es6/tasks/plugins/repository-gcs.yml @@ -3,7 +3,7 @@ become: yes copy: dest: "{{ es_conf_dir }}/gcs_management_bucket_service_account.json" - content: "{{ gcs_management_bucket_service_account }}" + content: "{{ cloud_management_storage_secret }}" - name: Add gcs service account file to keystore become: yes @@ -15,4 +15,4 @@ - name: Remove the service account file file: path: "{{ es_conf_dir }}/gcs_management_bucket_service_account.json" - state: absent \ No newline at end of file + state: absent diff --git a/ansible/roles/log-es6/tasks/plugins/repository-s3.yml b/ansible/roles/log-es6/tasks/plugins/repository-s3.yml index 344af29e6e..2c05927255 100644 --- a/ansible/roles/log-es6/tasks/plugins/repository-s3.yml +++ b/ansible/roles/log-es6/tasks/plugins/repository-s3.yml @@ -1,14 +1,14 @@ --- - name: Add default aws account name for backups become: yes - shell: echo "{{ aws_management_bucket_user_access_key }}" | {{ es_home }}/bin/elasticsearch-keystore add -f s3.client.default.access_key + shell: echo "{{ cloud_management_storage_accountname }}" | {{ es_home }}/bin/elasticsearch-keystore add -f s3.client.default.access_key no_log: True environment: ES_PATH_CONF: "{{ es_conf_dir }}" - name: Add default aws account key for backups become: yes - shell: echo "{{ aws_management_bucket_user_secret_key }}" | {{ es_home }}/bin/elasticsearch-keystore add -f s3.client.default.secret_key + shell: echo "{{ cloud_management_storage_secret }}" | {{ es_home }}/bin/elasticsearch-keystore add -f s3.client.default.secret_key no_log: True environment: ES_PATH_CONF: "{{ es_conf_dir }}" From 13dfc4709969435a7e735048f098f8e23b2f98bc Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Thu, 29 Dec 2022 11:27:06 +0530 Subject: [PATCH 230/434] ED-621: added placeholder variable --- ansible/inventory/env/group_vars/all.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 8dfdd8a43d..d86c71d018 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -133,6 +133,7 @@ cassandra_backup_dir: /data/cassandra/backup cassandra_multi_dc_enabled: false # Release-5.0.1 cloud_storage_base_url: "{{cloud_storage_base_url}}" +cloud_store_base_path_placeholder: "{{ cloud_store_base_path_placeholder }}" keycloak_realm: sunbird sunbird_content_player_url: "http://kong:8000/" From bf68b0d50a4383d90f4ad0b0c1c526eabda8f2bf Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Thu, 29 Dec 2022 11:41:08 +0530 Subject: [PATCH 231/434] removed variable --- ansible/inventory/env/group_vars/all.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index d86c71d018..8dfdd8a43d 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -133,7 +133,6 @@ cassandra_backup_dir: /data/cassandra/backup cassandra_multi_dc_enabled: false # Release-5.0.1 cloud_storage_base_url: "{{cloud_storage_base_url}}" -cloud_store_base_path_placeholder: "{{ cloud_store_base_path_placeholder }}" keycloak_realm: sunbird sunbird_content_player_url: "http://kong:8000/" From fd9a8f4be0fa8552ff2036b419b95131c4595d61 Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Thu, 29 Dec 2022 18:20:21 +0530 Subject: [PATCH 232/434] ED-621: added placeholder variable --- ansible/inventory/env/group_vars/all.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 8dfdd8a43d..153be0f813 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -133,6 +133,7 @@ cassandra_backup_dir: /data/cassandra/backup cassandra_multi_dc_enabled: false # Release-5.0.1 cloud_storage_base_url: "{{cloud_storage_base_url}}" +cloud_store_base_path_placeholder: "$CLOUD_BASE_PATH" keycloak_realm: sunbird sunbird_content_player_url: "http://kong:8000/" From 891b73c7b3c5ee97ec8e93502d8eda804ce746f0 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Thu, 29 Dec 2022 18:35:42 +0530 Subject: [PATCH 233/434] Issue #KN-439 chore: Added the transcripts in cloudstorage_metadata_list. --- ansible/roles/stack-sunbird/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index 036fda51bd..65268e7477 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -1052,7 +1052,7 @@ kong_desktop_device_consumer_names_for_opa: '["desktop"]' cloudstorage_relative_path_prefix_content: "CONTENT_STORAGE_BASE_PATH" cloudstorage_relative_path_prefix_dial: "DIAL_STORAGE_BASE_PATH" -cloudstorage_metadata_list: '["appIcon", "artifactUrl", "posterImage", "previewUrl", "thumbnail", "assetsMap", "certTemplate", "itemSetPreviewUrl", "grayScaleAppIcon", "sourceURL", "variants", "downloadUrl", "streamingUrl", "toc_url", "data", "question", "solutions", "editorState", "media", "pdfUrl"]' +cloudstorage_metadata_list: '["appIcon", "artifactUrl", "posterImage", "previewUrl", "thumbnail", "assetsMap", "certTemplate", "itemSetPreviewUrl", "grayScaleAppIcon", "sourceURL", "variants", "downloadUrl", "streamingUrl", "toc_url", "data", "question", "solutions", "editorState", "media", "pdfUrl", "transcripts"]' ### inQuiry assessment service default values inquiry_schema_path: "{{ kp_schema_base_path }}" From 389013a3ff93736d670486ddc8df1f198fb5c1fa Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Fri, 30 Dec 2022 09:58:27 +0530 Subject: [PATCH 234/434] Add gcp vars for service accounts (#3696) --- ansible/artifacts-download.yml | 2 ++ ansible/artifacts-upload.yml | 2 ++ ansible/assets-upload.yml | 2 ++ ansible/deploy-plugins.yml | 2 ++ ansible/desktop-faq-upload.yml | 10 ++++++++++ ansible/dial_upload-schema.yml | 2 ++ ansible/kp_upload-schema.yml | 2 ++ ansible/roles/cassandra-backup/tasks/main.yml | 2 ++ ansible/roles/cassandra-restore/tasks/main.yml | 2 ++ ansible/roles/cert-templates/tasks/main.yml | 2 ++ ansible/roles/desktop-deploy/tasks/main.yml | 2 ++ ansible/roles/gcp-cloud-storage/defaults/main.yml | 5 +++++ ansible/roles/grafana-backup/tasks/main.yml | 2 ++ ansible/roles/jenkins-backup-upload/tasks/main.yml | 2 ++ ansible/roles/mongodb-backup/tasks/main.yml | 2 ++ .../postgres-managed-service-backup/tasks/main.yml | 2 ++ .../postgres-managed-service-restore/tasks/main.yml | 2 ++ ansible/roles/postgresql-backup/tasks/main.yml | 2 ++ ansible/roles/postgresql-restore/tasks/main.yml | 2 ++ ansible/roles/prometheus-backup-v2/tasks/main.yml | 2 ++ ansible/roles/prometheus-backup/tasks/main.yml | 2 ++ ansible/roles/prometheus-restore/tasks/main.yml | 2 ++ ansible/roles/redis-backup/tasks/main.yml | 2 ++ ansible/uploadFAQs.yml | 2 ++ 24 files changed, 59 insertions(+) diff --git a/ansible/artifacts-download.yml b/ansible/artifacts-download.yml index 46167180e4..2fc2748229 100644 --- a/ansible/artifacts-download.yml +++ b/ansible/artifacts-download.yml @@ -21,6 +21,8 @@ name: gcp-cloud-storage tasks_from: download.yml vars: + gcp_storage_service_account_name: "{{ cloud_artifact_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_artifact_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_artifacts_bucketname }}" gcp_path: "{{ artifact }}" local_file_or_folder_path: "{{ artifact_path }}" diff --git a/ansible/artifacts-upload.yml b/ansible/artifacts-upload.yml index 3bdbe73017..305492afc2 100644 --- a/ansible/artifacts-upload.yml +++ b/ansible/artifacts-upload.yml @@ -22,6 +22,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: + gcp_storage_service_account_name: "{{ cloud_artifact_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_artifact_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_artifacts_bucketname }}" gcp_path: "{{ artifact }}" local_file_or_folder_path: "{{ artifact_path }}" diff --git a/ansible/assets-upload.yml b/ansible/assets-upload.yml index 09e7df6ceb..b8d5836cc6 100644 --- a/ansible/assets-upload.yml +++ b/ansible/assets-upload.yml @@ -56,6 +56,8 @@ block: - name: set common gcloud variables set_fact: + gcp_storage_service_account_name: "{{ cloud_public_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_public_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_playercdn_bucketname }}" gcp_path: "" file_delete_pattern: "" diff --git a/ansible/deploy-plugins.yml b/ansible/deploy-plugins.yml index a78ce1c640..5774a12454 100644 --- a/ansible/deploy-plugins.yml +++ b/ansible/deploy-plugins.yml @@ -141,6 +141,8 @@ name: gcp-cloud-storage tasks_from: "{{ item[0] }}" vars: + gcp_storage_service_account_name: "{{ cloud_public_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_public_storage_secret }}" file_delete_pattern: "content-plugins/{{ item[1] }}/*" gcp_path: "content-plugins/{{ item[1] }}" local_file_or_folder_path: "{{ source_folder }}/{{ item[1] }}" diff --git a/ansible/desktop-faq-upload.yml b/ansible/desktop-faq-upload.yml index 3683202043..a95e8828e7 100644 --- a/ansible/desktop-faq-upload.yml +++ b/ansible/desktop-faq-upload.yml @@ -95,6 +95,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: + gcp_storage_service_account_name: "{{ cloud_public_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_public_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_public_bucketname }}" tags: - upload-desktop-faq @@ -105,6 +107,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: + gcp_storage_service_account_name: "{{ cloud_private_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_private_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_label_bucketname }}" tags: - upload-label @@ -115,6 +119,8 @@ name: gcp-cloud-storage tasks_from: upload-batch.yml vars: + gcp_storage_service_account_name: "{{ cloud_public_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_public_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_chatbot_bucketname }}" tags: - upload-chatbot-config @@ -125,6 +131,8 @@ name: gcp-cloud-storage tasks_from: upload-batch.yml vars: + gcp_storage_service_account_name: "{{ cloud_public_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_public_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_sourcing_bucketname }}" tags: - upload-csv-template @@ -135,6 +143,8 @@ name: gcp-cloud-storage tasks_from: upload-batch.yml vars: + gcp_storage_service_account_name: "{{ cloud_public_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_public_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_discussionui_bucketname }}" tags: - upload-discussion-ui diff --git a/ansible/dial_upload-schema.yml b/ansible/dial_upload-schema.yml index 757a80f6e5..75609bde68 100644 --- a/ansible/dial_upload-schema.yml +++ b/ansible/dial_upload-schema.yml @@ -50,6 +50,8 @@ name: gcp-cloud-storage tasks_from: upload-batch.yml vars: + gcp_storage_service_account_name: "{{ cloud_public_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_public_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_dial_bucketname }}" gcp_path: "schemas/local" local_file_or_folder_path: "dial_schema_template_files" diff --git a/ansible/kp_upload-schema.yml b/ansible/kp_upload-schema.yml index d12b74433d..0f029d7cbd 100644 --- a/ansible/kp_upload-schema.yml +++ b/ansible/kp_upload-schema.yml @@ -34,6 +34,8 @@ name: gcp-cloud-storage tasks_from: upload-batch.yml vars: + gcp_storage_service_account_name: "{{ cloud_public_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_public_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_content_bucketname }}" gcp_path: "{{ schemas/local" local_file_or_folder_path: "{{ source_name }}" diff --git a/ansible/roles/cassandra-backup/tasks/main.yml b/ansible/roles/cassandra-backup/tasks/main.yml index 0e5ae87477..54941f8343 100755 --- a/ansible/roles/cassandra-backup/tasks/main.yml +++ b/ansible/roles/cassandra-backup/tasks/main.yml @@ -63,6 +63,8 @@ name: gcp-cloud-storage tasks_from: upload-batch.yml vars: + gcp_storage_service_account_name: "{{ cloud_management_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_management_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_cassandrabackup_bucketname }}" gcp_path: "{{ cloud_storage_cassandrabackup_foldername }}" local_file_or_folder_path: "/data/cassandra/backup/{{ cassandra_backup_folder_name }}" diff --git a/ansible/roles/cassandra-restore/tasks/main.yml b/ansible/roles/cassandra-restore/tasks/main.yml index 4bd8c05991..8d74c4c695 100755 --- a/ansible/roles/cassandra-restore/tasks/main.yml +++ b/ansible/roles/cassandra-restore/tasks/main.yml @@ -37,6 +37,8 @@ name: gcp-cloud-storage tasks_from: download.yml vars: + gcp_storage_service_account_name: "{{ cloud_management_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_management_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_cassandrabackup_bucketname }}" gcp_path: "{{ cloud_storage_cassandrabackup_foldername }}/{{ cassandra_restore_gzip_file_name }}" local_file_or_folder_path: "{{ cassandra_restore_gzip_file_path }}" diff --git a/ansible/roles/cert-templates/tasks/main.yml b/ansible/roles/cert-templates/tasks/main.yml index 0caf2b1bfe..893e0776f4 100644 --- a/ansible/roles/cert-templates/tasks/main.yml +++ b/ansible/roles/cert-templates/tasks/main.yml @@ -62,6 +62,8 @@ name: gcp-cloud-storage tasks_from: upload-batch.yml vars: + gcp_storage_service_account_name: "{{ cloud_private_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_private_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_certservice_bucketname }}" gcp_path: "" local_file_or_folder_path: "{{ cert_location }}/cert-templates/certUtilScripts/out" diff --git a/ansible/roles/desktop-deploy/tasks/main.yml b/ansible/roles/desktop-deploy/tasks/main.yml index ba077b778f..6a01f97b0c 100644 --- a/ansible/roles/desktop-deploy/tasks/main.yml +++ b/ansible/roles/desktop-deploy/tasks/main.yml @@ -108,6 +108,8 @@ block: - name: set common gcloud variables set_fact: + gcp_storage_service_account_name: "{{ cloud_public_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_public_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_offlineinstaller_bucketname }}" - name: upload batch of files to gcloud storage diff --git a/ansible/roles/gcp-cloud-storage/defaults/main.yml b/ansible/roles/gcp-cloud-storage/defaults/main.yml index b0fd847b26..a9f4247d42 100644 --- a/ansible/roles/gcp-cloud-storage/defaults/main.yml +++ b/ansible/roles/gcp-cloud-storage/defaults/main.yml @@ -1,3 +1,8 @@ +# GCP service account name +# Example - +# gcp_storage_service_account_name: test@sunbird.iam.gserviceaccount.com +gcp_storage_service_account_name: "" + # GCP bucket name # Example - # bucket_name: "sunbird-dev-public" diff --git a/ansible/roles/grafana-backup/tasks/main.yml b/ansible/roles/grafana-backup/tasks/main.yml index 90dc3526ca..a41b01c2aa 100644 --- a/ansible/roles/grafana-backup/tasks/main.yml +++ b/ansible/roles/grafana-backup/tasks/main.yml @@ -50,6 +50,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: + gcp_storage_service_account_name: "{{ cloud_management_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_management_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_grafanabackup_bucketname }}" gcp_path: "{{ cloud_storage_grafanabackup_foldername }}/{{ grafana_backup_gzip_file_name }}" local_file_or_folder_path: "{{ grafana_backup_gzip_file_path }}" diff --git a/ansible/roles/jenkins-backup-upload/tasks/main.yml b/ansible/roles/jenkins-backup-upload/tasks/main.yml index 89d8f3e29c..612557a61b 100644 --- a/ansible/roles/jenkins-backup-upload/tasks/main.yml +++ b/ansible/roles/jenkins-backup-upload/tasks/main.yml @@ -43,6 +43,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: + gcp_storage_service_account_name: "{{ cloud_management_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_management_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_jenkinsbackup_bucketname }}" gcp_path: "{{ cloud_storage_jenkinsbackup_foldername }}/{{ LATEST_BACKUP_DIR.stdout }}.zip" local_file_or_folder_path: "/tmp/{{ LATEST_BACKUP_DIR.stdout }}.zip" diff --git a/ansible/roles/mongodb-backup/tasks/main.yml b/ansible/roles/mongodb-backup/tasks/main.yml index f51216b14f..fe0aa286bd 100644 --- a/ansible/roles/mongodb-backup/tasks/main.yml +++ b/ansible/roles/mongodb-backup/tasks/main.yml @@ -45,6 +45,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: + gcp_storage_service_account_name: "{{ cloud_management_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_management_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_mongodbbackup_bucketname }}" gcp_path: "{{ cloud_storage_mongodbbackup_foldername }}/{{ mongo_backup_file_name }}.tar.gz" local_file_or_folder_path: "{{ mongo_backup_file_path }}.tar.gz" diff --git a/ansible/roles/postgres-managed-service-backup/tasks/main.yml b/ansible/roles/postgres-managed-service-backup/tasks/main.yml index ba101e2509..588b8fc5b5 100644 --- a/ansible/roles/postgres-managed-service-backup/tasks/main.yml +++ b/ansible/roles/postgres-managed-service-backup/tasks/main.yml @@ -72,6 +72,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: + gcp_storage_service_account_name: "{{ cloud_management_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_management_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_postgresqlbackup_bucketname }}" gcp_path: "{{ cloud_storage_postgresqlbackup_foldername }}/{{ postgresql_backup_gzip_file_name }}.zip" local_file_or_folder_path: "{{ postgresql_backup_gzip_file_path }}" diff --git a/ansible/roles/postgres-managed-service-restore/tasks/main.yml b/ansible/roles/postgres-managed-service-restore/tasks/main.yml index 58d2c53482..1b499e338f 100644 --- a/ansible/roles/postgres-managed-service-restore/tasks/main.yml +++ b/ansible/roles/postgres-managed-service-restore/tasks/main.yml @@ -39,6 +39,8 @@ name: gcp-cloud-storage tasks_from: download.yml vars: + gcp_storage_service_account_name: "{{ cloud_management_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_management_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_postgresqlbackup_bucketname }}" gcp_path: "{{ cloud_storage_postgresqlbackup_foldername }}/{{ postgres_backup_filename }}" local_file_or_folder_path: "{{ postgres_restore_dir }}/{{ postgres_backup_filepath }}" diff --git a/ansible/roles/postgresql-backup/tasks/main.yml b/ansible/roles/postgresql-backup/tasks/main.yml index 5b3303bf97..fd4da5b8cc 100644 --- a/ansible/roles/postgresql-backup/tasks/main.yml +++ b/ansible/roles/postgresql-backup/tasks/main.yml @@ -44,6 +44,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: + gcp_storage_service_account_name: "{{ cloud_management_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_management_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_postgresqlbackup_bucketname }}" gcp_path: "{{ cloud_storage_postgresqlbackup_foldername }}/{{ postgresql_backup_gzip_file_name }}" local_file_or_folder_path: "{{ postgresql_backup_gzip_file_path }}" diff --git a/ansible/roles/postgresql-restore/tasks/main.yml b/ansible/roles/postgresql-restore/tasks/main.yml index e076590f23..e57a321a29 100644 --- a/ansible/roles/postgresql-restore/tasks/main.yml +++ b/ansible/roles/postgresql-restore/tasks/main.yml @@ -34,6 +34,8 @@ name: gcp-cloud-storage tasks_from: download.yml vars: + gcp_storage_service_account_name: "{{ cloud_management_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_management_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_postgresqlbackup_bucketname }}" gcp_path: "{{ cloud_storage_postgresqlbackup_foldername }}/{{ postgresql_restore_gzip_file_name }}" local_file_or_folder_path: "{{ postgresql_restore_gzip_file_path }}" diff --git a/ansible/roles/prometheus-backup-v2/tasks/main.yml b/ansible/roles/prometheus-backup-v2/tasks/main.yml index 4a65bb6f8f..0323ed4d84 100644 --- a/ansible/roles/prometheus-backup-v2/tasks/main.yml +++ b/ansible/roles/prometheus-backup-v2/tasks/main.yml @@ -47,6 +47,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: + gcp_storage_service_account_name: "{{ cloud_management_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_management_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_prometheusbackup_bucketname }}" gcp_path: "{{ cloud_storage_prometheusbackup_foldername }}/{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" local_file_or_folder_path: "/tmp/{{ prometheus_backup_prefix }}_{{ snapshot_name }}.tar.gz" diff --git a/ansible/roles/prometheus-backup/tasks/main.yml b/ansible/roles/prometheus-backup/tasks/main.yml index 10d8e2fb3b..a665540f8a 100644 --- a/ansible/roles/prometheus-backup/tasks/main.yml +++ b/ansible/roles/prometheus-backup/tasks/main.yml @@ -56,6 +56,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: + gcp_storage_service_account_name: "{{ cloud_management_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_management_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_prometheusbackup_bucketname }}" gcp_path: "{{ cloud_storage_prometheusbackup_foldername }}/{{ prometheus_backup_gzip_file_name }}" local_file_or_folder_path: "{{ prometheus_backup_gzip_file_path }}" diff --git a/ansible/roles/prometheus-restore/tasks/main.yml b/ansible/roles/prometheus-restore/tasks/main.yml index 440b777fe4..60d9bd39bd 100644 --- a/ansible/roles/prometheus-restore/tasks/main.yml +++ b/ansible/roles/prometheus-restore/tasks/main.yml @@ -32,6 +32,8 @@ name: gcp-cloud-storage tasks_from: download.yml vars: + gcp_storage_service_account_name: "{{ cloud_management_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_management_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_prometheusbackup_bucketname }}" gcp_path: "{{ cloud_storage_prometheusbackup_foldername }}/{{ prometheus_backup_filename }}" local_file_or_folder_path: "{{ prometheus_backup_dir }}/{{ prometheus_backup_filepath }}" diff --git a/ansible/roles/redis-backup/tasks/main.yml b/ansible/roles/redis-backup/tasks/main.yml index f1cf35622f..9863fe5f28 100644 --- a/ansible/roles/redis-backup/tasks/main.yml +++ b/ansible/roles/redis-backup/tasks/main.yml @@ -44,6 +44,8 @@ name: gcp-cloud-storage tasks_from: upload.yml vars: + gcp_storage_service_account_name: "{{ cloud_management_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_management_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_redisbackup_bucketname }}" gcp_path: "{{ cloud_storage_redisbackup_foldername }}/{{ redis_backup_file_name }}" local_file_or_folder_path: "{{ redis_backup_file_path }}" diff --git a/ansible/uploadFAQs.yml b/ansible/uploadFAQs.yml index cf90e343d1..b38f2ff99a 100644 --- a/ansible/uploadFAQs.yml +++ b/ansible/uploadFAQs.yml @@ -50,6 +50,8 @@ name: gcp-cloud-storage tasks_from: upload-batch.yml vars: + gcp_storage_service_account_name: "{{ cloud_public_storage_accountname }}" + gcp_storage_key_file: "{{ cloud_public_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_public_bucketname }}" dest_folder_path: "" local_file_or_folder_path: "{{ playbook_dir }}/../utils/{{ item }}" From fe6b33643928c377a2a9a9c66ac07ecf66fed547 Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Mon, 2 Jan 2023 14:23:28 +0530 Subject: [PATCH 235/434] Fix the command to get deployed image (#3698) --- kubernetes/ansible/roles/helm-deploy/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/ansible/roles/helm-deploy/tasks/main.yml b/kubernetes/ansible/roles/helm-deploy/tasks/main.yml index 8f4881089a..86c3386a1e 100644 --- a/kubernetes/ansible/roles/helm-deploy/tasks/main.yml +++ b/kubernetes/ansible/roles/helm-deploy/tasks/main.yml @@ -118,7 +118,7 @@ ignore_errors: true - name: Get deployed image name - deployments - shell: kubectl get deployments.apps {{ release_name }} -o json -n {{ namespace }} | jq -r '.spec.template.spec.containers[0].image | split("/")[1]' + shell: kubectl get deployments.apps {{ release_name }} -o json -n {{ namespace }} | jq -r '.spec.template.spec.containers[0].image | split("/")[-1]' register: image - set_fact: From 084eb4feec8d35a7e971e0a3898410a85d0a9f5d Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Mon, 2 Jan 2023 17:23:45 +0530 Subject: [PATCH 236/434] Fix gcp deploy issues (#3699) * Fix typo * Fix the command to get deployed image --- ansible/kp_upload-schema.yml | 2 +- kubernetes/ansible/roles/deploy-player/tasks/main.yml | 2 +- kubernetes/ansible/roles/helm-daemonset/tasks/main.yml | 2 +- kubernetes/ansible/roles/helm-deploy/tasks/main.yml | 4 ++-- kubernetes/ansible/roles/sunbird-deploy/tasks/main.yml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ansible/kp_upload-schema.yml b/ansible/kp_upload-schema.yml index 0f029d7cbd..3a28ce5782 100644 --- a/ansible/kp_upload-schema.yml +++ b/ansible/kp_upload-schema.yml @@ -37,6 +37,6 @@ gcp_storage_service_account_name: "{{ cloud_public_storage_accountname }}" gcp_storage_key_file: "{{ cloud_public_storage_secret }}" gcp_bucket_name: "{{ cloud_storage_content_bucketname }}" - gcp_path: "{{ schemas/local" + gcp_path: "schemas/local" local_file_or_folder_path: "{{ source_name }}" when: cloud_service_provider == "gcloud" diff --git a/kubernetes/ansible/roles/deploy-player/tasks/main.yml b/kubernetes/ansible/roles/deploy-player/tasks/main.yml index 52500df2e3..0aa27af993 100644 --- a/kubernetes/ansible/roles/deploy-player/tasks/main.yml +++ b/kubernetes/ansible/roles/deploy-player/tasks/main.yml @@ -74,7 +74,7 @@ delay: 30 - name: Get deployed image name - shell: kubectl get deployments.apps {{ release_name }} -o json -n {{ namespace }} | jq -r '.spec.template.spec.containers[0].image | split("/")[1]' + shell: kubectl get deployments.apps {{ release_name }} -o json -n {{ namespace }} | jq -r '.spec.template.spec.containers[0].image | split("/")[-1]' register: deployed_image - set_fact: diff --git a/kubernetes/ansible/roles/helm-daemonset/tasks/main.yml b/kubernetes/ansible/roles/helm-daemonset/tasks/main.yml index e04c4f137f..91fcc9f979 100644 --- a/kubernetes/ansible/roles/helm-daemonset/tasks/main.yml +++ b/kubernetes/ansible/roles/helm-daemonset/tasks/main.yml @@ -25,7 +25,7 @@ delay: 30 - name: Get deployed image name - shell: "kubectl get daemonsets {{ release_name }} -o json -n {{ namespace }} | jq '.spec.template.spec.containers | .[].image' -r | awk -F/ '{print $2}'" + shell: "kubectl get daemonsets {{ release_name }} -o json -n {{ namespace }} | jq -r '.spec.template.spec.containers[].image | split("/")[-1]'" register: deployed_image - set_fact: diff --git a/kubernetes/ansible/roles/helm-deploy/tasks/main.yml b/kubernetes/ansible/roles/helm-deploy/tasks/main.yml index 86c3386a1e..16b62ee9d6 100644 --- a/kubernetes/ansible/roles/helm-deploy/tasks/main.yml +++ b/kubernetes/ansible/roles/helm-deploy/tasks/main.yml @@ -132,7 +132,7 @@ ignore_errors: true - name: Get deployed image name - daemonsets - shell: "kubectl get daemonsets {{ release_name }} -o json -n {{ namespace }} | jq '.spec.template.spec.containers | .[].image' -r | awk -F/ '{print $2}'" + shell: kubectl get daemonsets {{ release_name }} -o json -n {{ namespace }} | jq -r '.spec.template.spec.containers[].image | split("/")[-1]' register: image - set_fact: @@ -146,7 +146,7 @@ ignore_errors: true - name: Get deployed image name - statefulsets - shell: "kubectl get statefulsets {{ release_name }} -o json -n {{ namespace }} | jq '.spec.template.spec.containers | .[].image' -r | awk -F/ '{print $2}'" + shell: kubectl get statefulsets {{ release_name }} -o json -n {{ namespace }} | jq -r '.spec.template.spec.containers[].image | split("/")[-1]' register: image - set_fact: diff --git a/kubernetes/ansible/roles/sunbird-deploy/tasks/main.yml b/kubernetes/ansible/roles/sunbird-deploy/tasks/main.yml index 09e96cf25e..6d0b7ef387 100644 --- a/kubernetes/ansible/roles/sunbird-deploy/tasks/main.yml +++ b/kubernetes/ansible/roles/sunbird-deploy/tasks/main.yml @@ -89,7 +89,7 @@ delay: 30 - name: Get deployed image name - shell: kubectl get deployments.apps {{ release_name }} -o json -n {{ namespace }} | jq -r '.spec.template.spec.containers[0].image | split("/")[1]' + shell: kubectl get deployments.apps {{ release_name }} -o json -n {{ namespace }} | jq -r '.spec.template.spec.containers[0].image | split("/")[-1]' register: deployed_image - set_fact: From 16e0cd771206f9a035b349f8696ed2aac1e13bc4 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Tue, 3 Jan 2023 17:51:36 +0530 Subject: [PATCH 237/434] Added new variables (#3701) --- ansible/roles/ml-analytics-service/defaults/main.yml | 2 ++ ansible/roles/ml-analytics-service/templates/config.j2 | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index d73099451d..15f9b438c4 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -114,3 +114,5 @@ cloud_public_storage_region: "{{ cloud_public_storage_region }}" cloud_public_storage_endpoint: "{{ cloud_public_storage_endpoint }}" ml_analytics_project_program : "{{ WORKDIR }}/ml-analytics-service/projects/program_ids.txt" ml_analytics_projects_program_filename: "{{ config_path }}/projects/program_ids.txt" +ml_analytics_nvsk_imp_projects_data_local_path: "{{ config_path }}/urgent_data_metrics/output/" +ml_analytics_nvsk_imp_projects_data_blob_path: "Manage_Learn_Data/micro_improvement/" diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index 52927ec957..27da8be26b 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -279,3 +279,7 @@ observation_batch_ingestion_data_del = {{ ml_analytics_observation_batchupdate_c survey_batch_ingestion_data_del = {{ ml_analytics_survey_batchupdate_cloud_blob_path}} cname_url = {{ ml_analytics_cname_url }} + +nvsk_imp_projects_data_local_path = {{ ml_analytics_nvsk_imp_projects_data_local_path }} + +nvsk_imp_projects_data_blob_path = {{ ml_analytics_nvsk_imp_projects_data_blob_path }} From ea44249610b7107c30e9d5f5f8fa635240a66bd9 Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Thu, 5 Jan 2023 14:52:30 +0530 Subject: [PATCH 238/434] ED-621:updated configurations for release-5.1.0 --- ansible/inventory/env/group_vars/all.yml | 3 +-- .../stack-sunbird/templates/sunbird_cert-service.env | 12 ++++++------ .../stack-sunbird/templates/sunbird_lms-service.env | 7 +++++-- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 153be0f813..6cbd63ec03 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -131,9 +131,8 @@ cassandra_restore_dir: "/home/{{ ansible_ssh_user }}/" cassandra_backup_dir: /data/cassandra/backup ### Release 5.0.0 ### cassandra_multi_dc_enabled: false -# Release-5.0.1 +### Release-5.0.1 ### cloud_storage_base_url: "{{cloud_storage_base_url}}" -cloud_store_base_path_placeholder: "$CLOUD_BASE_PATH" keycloak_realm: sunbird sunbird_content_player_url: "http://kong:8000/" diff --git a/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env b/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env index c43c23171b..19a9a6c46c 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env @@ -1,13 +1,13 @@ -CONTAINER_NAME={{cert_service_container_name}} +CONTAINER_NAME={{cloud_storage_certservice_bucketname}} CLOUD_STORAGE_TYPE={{cloud_service_provider}} -PRIVATE_CLOUD_STORAGE_SECRET={{sunbird_private_storage_account_key}} -PRIVATE_CLOUD_STORAGE_KEY={{sunbird_private_storage_account_name}} +PRIVATE_CLOUD_STORAGE_SECRET={{cloud_private_storage_secret}} +PRIVATE_CLOUD_STORAGE_KEY={{cloud_private_storage_accountname}} sunbird_cert_domain_url={{proto}}://{{proxy_server_name}} sunbird_cert_enc_service_url=http://enc-service:8013 download_link_expiry_timeout=600 es_conn_info={{groups['es']|join(':9200,')}}:9200 ITEXT_LICENSE_ENABLED={{itext_license_enabled}} ITEXT_LICENSE_PATH=/home/sunbird/itext_trail_license.xml -PUBLIC_CLOUD_STORAGE_KEY={{sunbird_public_storage_account_name}} -PUBLIC_CLOUD_STORAGE_SECRET={{sunbird_public_storage_account_key}} -PUBLIC_CONTAINER_NAME={{sunbird_cert_qr_container_name}} +PUBLIC_CLOUD_STORAGE_KEY={{cloud_public_storage_accountname}} +PUBLIC_CLOUD_STORAGE_SECRET={{cloud_public_storage_secret}} +PUBLIC_CONTAINER_NAME={{cloud_storage_certqr_bucketname}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 1b3fdba3ca..946bf3af10 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -80,7 +80,7 @@ sunbird_course_batch_notification_enabled={{sunbird_course_batch_notification_en sunbird_course_batch_notification_signature={{sunbird_course_batch_notification_signature}} sunbird_otp_expiration={{sunbird_otp_expiration}} sunbird_otp_length={{sunbird_otp_length}} -sunbird_content_azure_storage_container={{sunbird_content_azure_storage_container}} +sunbird_content_cloud_storage_container={{cloud_storage_content_bucketname}} # Release-1.14 sunbird_time_zone={{sunbird_time_zone}} # Release-1.15 @@ -143,4 +143,7 @@ enrollment_list_size={{ enrollment_list_size | default(1000) }} # Release-5.0.0 sunbird_cloud_service_provider={{cloud_service_provider}} -isMultiDCEnabled={{cassandra_multi_dc_enabled}} \ No newline at end of file +isMultiDCEnabled={{cassandra_multi_dc_enabled}} + +# Release-5.0.1 +cloud_storage_base_url={{cloud_storage_base_url}} \ No newline at end of file From 1b8fe739a0ec590730f16ae2578f05064464659b Mon Sep 17 00:00:00 2001 From: Akhil <30873558+saiakhil46@users.noreply.github.com> Date: Thu, 5 Jan 2023 17:05:03 +0530 Subject: [PATCH 239/434] Updated private_repo template with CSP changes (#3689) --- .../ansible/inventory/dev/Core/common.yml | 166 +++++++++++++----- .../ansible/inventory/dev/Core/secrets.yml | 72 ++++---- .../inventory/dev/DataPipeline/common.yml | 141 +++++++++++++-- .../inventory/dev/DataPipeline/secrets.yml | 46 +++-- .../dev/KnowledgePlatform/common.yml | 159 ++++++++++++++--- .../dev/KnowledgePlatform/secrets.yml | 45 ++++- .../ansible/inventory/dev/UCI/common.yml | 1 + private_repo/ansible/inventory/dev/UCI/hosts | 1 + .../ansible/inventory/dev/UCI/secrets.yml | 1 + .../inventory/dev/managed-learn/common.yml | 1 + .../ansible/inventory/dev/managed-learn/hosts | 1 + .../inventory/dev/managed-learn/secrets.yml | 1 + 12 files changed, 499 insertions(+), 136 deletions(-) create mode 120000 private_repo/ansible/inventory/dev/UCI/common.yml create mode 120000 private_repo/ansible/inventory/dev/UCI/hosts create mode 120000 private_repo/ansible/inventory/dev/UCI/secrets.yml create mode 120000 private_repo/ansible/inventory/dev/managed-learn/common.yml create mode 120000 private_repo/ansible/inventory/dev/managed-learn/hosts create mode 120000 private_repo/ansible/inventory/dev/managed-learn/secrets.yml diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index 1984bcd2b3..bee6dc7028 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -20,41 +20,97 @@ sunbird_mail_server_from_email: "support@myorg.com" # Email ID that should # List of mail ids to whome the monitoring alerts should be sent. alerts_mailing_list : "devops@myorg.com" # Comma separated mail list for Alerts; eg: user1@mail.com, user2@mail.com - -# Define the below if you are using Azure Cloud -# Note - You can use the same azure account for the below variables or have separate azure accounts -sunbird_public_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing public data (like contents) -sunbird_private_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing private data (like reports, telemetry data) -sunbird_management_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing backup data (like cassandra backups) -sunbird_artifact_storage_account_name: "{{ sunbird_management_storage_account_name }}" # Azure account name for storing artifacts data (like jenkins build zip files) - -azure_public_storage_account_name: "{{ sunbird_public_storage_account_name }}" -azure_private_storage_account_name: "{{ sunbird_private_storage_account_name }}" -azure_management_storage_account_name: "{{ sunbird_management_storage_account_name }}" -azure_artifact_storage_account_name: "{{ sunbird_artifact_storage_account_name }}" - -# Define the below if you are using AWS Cloud -aws_region: "" -aws_management_s3_bucket_name: "" -aws_artifact_s3_bucket_name: "" -aws_public_s3_bucket_name: "" -aws_private_s3_bucket_name: "" - -# Define the below if you are using Google Cloud -gcloud_private_bucket_name: "" -gcloud_public_bucket_name: "" -gcloud_artifact_bucket_name: "" -gcloud_management_bucket_name: "" - -gcloud_private_bucket_projectId: "" +# Cloud Service Provider Variables +# If cloud_service_provider is AWS then update with access key as value +# Example: cloud_public_storage_accountname: "AKSHKSJHFJDHJDSHFKSD" +# If cloud_service_provider is gloud(GCP) then update with service account name +# Example: cloud_public_storage_accountname: "cloudstorage-gcp-test.iam.gserviceaccount.com" +# If cloud_service_provider is AZURE then update with stoage account name +# Example: cloud_public_storage_accountname: "azurestotageaccount" +cloud_public_storage_accountname: "" +# If cloud_service_provider is AWS then update with region +# Example: cloud_public_storage_region: us-east-1 +cloud_public_storage_region: "" +# If cloud_service_provider is gcp then update this variable with project id +# Example: cloud_public_storage_project: "sunbird-gcp-test" +cloud_public_storage_project: "" + + +# Create object storage for each below mentioned variables and update accordingly +# If cloud_service_provider is AWS update with bucket name +# If cloud_service_provider is gcloud(GCP) update with bucket name +# If cloud_service_provider is AZURE update with container name +# Example: cloud_storage_certqr_bucketname: "certqr-storage" +cloud_storage_certqr_bucketname: "" +# This storage contains chatbot related data +# Example: cloud_storage_chatbot_bucketname: "chatbot-storage" +cloud_storage_chatbot_bucketname: "" +# This storage contains dial related data +# Example: cloud_storage_dial_bucketname: "dial-storage" +cloud_storage_dial_bucketname: "" +# This storage contains flink checkpoint data +# Example: cloud_storage_flink_bucketname: "flink-storage" +cloud_storage_flink_bucketname: "" +# This storage contains portal cdn file +# Example: cloud_storage_playercdn_bucketname: "playercdn-storage" +cloud_storage_playercdn_bucketname: "" +# This storage contains public data +# Example: cloud_storage_public_bucketname: "public-storage" +cloud_storage_public_bucketname: "" +# This storage contains public reports data +# Example: cloud_storage_publicreports_bucketname: "publicreports-storage" +cloud_storage_publicreports_bucketname: "" +# This storage contains private reports data +# Example: cloud_storage_privatereports_bucketname: "privatereports-storage" +cloud_storage_privatereports_bucketname: "" +# This storage contains samiksha data +# Example: cloud_storage_samiksha_bucketname: "samiksha-storage" +cloud_storage_samiksha_bucketname: "" +# This storage contains schema data +# Example: cloud_storage_schema_bucketname: "schema-storage" +cloud_storage_schema_bucketname: "" +# This storage contains sourcing related data +# Example: cloud_storage_sourcing_bucketname: "sourcing-storage" +cloud_storage_sourcing_bucketname: "" +# This storage contains desktop app data +# Example: cloud_storage_offlineinstaller_bucketname: "offlineinstaller-storage" +cloud_storage_offlineinstaller_bucketname: "" +# This storage contains public schemas, contents +# Example: cloud_storage_content_bucketname: "content-storage" +cloud_storage_content_bucketname: "" +# This storage contains telemetry data +# Example: cloud_storage_telemetry_bucketname: "telemetry-storage" +cloud_storage_telemetry_bucketname: "" +# This storage contains T & C data +# Example: cloud_storage_termsandcondtions_bucketname: "termsandconditions-storage" +cloud_storage_termsandcondtions_bucketname: "" +# Example: cloud_storage_user_bucketname: "user-storage" +cloud_storage_user_bucketname: "" +# This storage contains crashlogs +# Example: cloud_storage_desktopappcrashlogs_bucketname: "desktopappcrashlogs-storage" +cloud_storage_desktopappcrashlogs_bucketname: "" +# This storage contains labels data +# Example: cloud_storage_label_bucketname: "label-storage" +cloud_storage_label_bucketname: "" +# Example: cloud_storage_certservice_bucketname: "certservice-storage" +cloud_storage_certservice_bucketname: "" +# This storage contains UCI services data +# Example: cloud_storage_uci_bucketname: "uci-storage" +cloud_storage_uci_bucketname: "" +# This storage contains artifacts data +# Example: cloud_storage_artifacts_bucketname: "artifact-storage" +cloud_storage_artifacts_bucketname: "" +# This storage contains backups data +# Example: cloud_storage_management_bucketname: "management-storage" +cloud_storage_management_bucketname: "" # Uncomment the variable based on your cloud provider (as a default we have kept Azure variable uncommented) # GCP -# cloud_storage_url: https://storage.cloud.google.com/{{ gcloud_public_bucket_name }} +# cloud_storage_url: https://storage.googleapis.com # AWS -# cloud_storage_url: "https://{{aws_public_s3_bucket_name}}.s3.{{aws_region}}.amazonaws.com" +# cloud_storage_url: "https://s3.{{ cloud_public_storage_region }}.amazonaws.com" # Azure -cloud_storage_url: "https://{{ sunbird_public_storage_account_name }}.blob.core.windows.net" +cloud_storage_url: "https://{{ cloud_public_storage_accountname }}.blob.core.windows.net" # ------------------------------------------------------------------------------------------------------------ # # Cloud / Infra Specific values - Check these and update accordingly @@ -81,10 +137,6 @@ proto: https # http or https, preferably https sunbird_default_channel: sunbird # default sunbird channel name environment_id: "10000003" # A 8 digit number for example like 1000000, should be same as defined in KP common.yml -# SB-31155 - This should be deprecated in future in favour of content_storage defined in all.yml -sunbird_content_azure_storage_container: contents # Azure container name for storing public data (like contents), should be same as azure_public_container defined in KP common.yml - - # This sms sender id should be verified by your provider. This is the sender id which will be used for `From Address`. For example, # # From: SBSMS @@ -131,19 +183,12 @@ postgres: db_admin_password: "{{core_vault_postgres_password}}" -# Azure account related vars -sunbird_azure_public_storage_account_name: "{{ sunbird_public_storage_account_name }}" -azure_plugin_storage_account_name: "{{sunbird_azure_public_storage_account_name}}" -azure_plugin_storage_account_key: "{{sunbird_public_storage_account_key}}" -plugin_container_name: "{{sunbird_content_azure_storage_container}}" - keycloak_api_management_user_email: "admin@sunbird.org" sunbird_installation_email: "admin@sunbird.org" # Other vars cert_service_container_name: e-credentials # Conatiner name for cert service to store cert templates cert_service_cloud_storage_type: azure # Changes this if you use other clouds like aws, gcp -artifacts_container: artifacts # Azure blob container name to save built artifacts, default it can be arti dataexhaust_super_admin_channel: sunbird dedup_redis_host: "{{ groups['dp-redis'][0] }}" # for router service namespace: "{{ env }}" # required for bot and router, these helm charts should be moved to devops repo @@ -157,6 +202,45 @@ monitor_alerts_mail_from_email: "{{ sunbird_mail_server_from_email }}" ekstep_s3_env: "" # This variable is not used and leave the value as empty freshDesk_token: "" +# Below endpoint is not required in current release +cloud_public_storage_endpoint: "" + +# Update below vars if seperate object storage is required +cloud_private_storage_accountname: "{{ cloud_public_storage_accountname }}" +cloud_private_storage_endpoint: "{{ cloud_public_storage_endpoint }}" +cloud_private_storage_region: "{{ cloud_public_storage_region }}" +cloud_private_storage_project: "{{ cloud_public_storage_project }}" + +cloud_management_storage_accountname: "{{ cloud_public_storage_accountname }}" +cloud_management_storage_endpoint: "{{ cloud_public_storage_endpoint }}" +cloud_management_storage_region: "{{ cloud_public_storage_region }}" +cloud_management_storage_project: "{{ cloud_public_storage_project }}" + +cloud_artifact_storage_accountname: "{{ cloud_public_storage_accountname }}" +cloud_artifact_storage_endpoint: "{{ cloud_public_storage_endpoint }}" +cloud_artifact_storage_region: "{{ cloud_public_storage_region }}" +cloud_artifact_storage_project: "{{ cloud_public_storage_project }}" + +## Enable below vars to upload database backups in seperate buckets +# cloud_storage_cassandrabackup_bucketname: "" +# cloud_storage_dpcassandrabackup_bucketname: "" +# cloud_storage_dppostgresbackup_bucketname: "" +# cloud_storage_dpredisbackup_bucketname: "" +# cloud_storage_esbackup_bucketname: "" +# cloud_storage_influxdbbackup_bucketname: "" +# cloud_storage_jenkinsbackup_bucketname: "" +# cloud_storage_mongobackup_bucketname: "" +# cloud_storage_neo4jbackup_bucketname: "" +# cloud_storage_redisbackup_bucketname: "" + +# Building block vars +cloud_storage_base_url: "{{ cloud_storage_url }}" +cloudstorage_base_path: "{{ cloud_storage_url }}" +valid_cloudstorage_base_urls: '["{{ cloud_storage_url }}"]' +cloudstorage_relative_path_prefix: "CONTENT_STORAGE_BASE_PATH" + + + # Provide the admin-api consumer access to all API's - The public repo restricts this for security reasons # If you dont want to key to have access to all API's, please remove the variables kong_all_consumer_groups and kong_consumers or edit the groups to have a smaller subset kong_all_consumer_groups: diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml index e8e48bf801..9b8f0f43a5 100644 --- a/private_repo/ansible/inventory/dev/Core/secrets.yml +++ b/private_repo/ansible/inventory/dev/Core/secrets.yml @@ -8,42 +8,38 @@ core_vault_docker_registry_url: "change.docker.url" # for docker hub "https core_vault_docker_registry_user: "change.docker.username" core_vault_docker_registry_password: "change.docker.password" -# Run the below command in shell -# date +'%Y-%m-%dT%H:%m:%SZ' -d '+1 year' -# sas_token=?`az storage account generate-sas --account-name "{{ azure_plugin_storage_account_name }}" --account-key "{{ azure_plugin_storage_account_key }}" --expiry $sas_expire_time --https-only --permissions acdlpruw --resource-types sco --services bfqt | xargs` -# generate a sas for the blob for entire storage accout with write and read access -sunbird_artifact_storage_account_sas: "change.azure.storage.account.sas" # SAS token value generated from above command -sunbird_public_storage_account_sas: "change.azure.storage.account.sas" # SAS token value generated from above command -sunbird_management_storage_account_sas: "change.azure.storage.account.sas" # SAS token value generated from above command - -sunbird_public_storage_account_key: "change.azure.storage.account.key" -sunbird_private_storage_account_key: "change.azure.storage.account.key" -sunbird_management_storage_account_key: "change.azure.storage.account.key" -sunbird_artifact_storage_account_key: "{{ sunbird_management_storage_account_key }}" - -# Define the below if you are using Azure Cloud -azure_public_storage_account_key: "{{ sunbird_public_storage_account_key }}" -azure_private_storage_account_key: "{{ sunbird_private_storage_account_key }}" -azure_management_storage_account_key: "{{ sunbird_management_storage_account_key }}" -azure_artifact_storage_account_key: "{{ sunbird_artifact_storage_account_key }}" -azure_public_storage_account_sas: "{{ sunbird_public_storage_account_sas }}" -azure_management_storage_account_sas: "{{ sunbird_management_storage_account_sas }}" - -# Define the below if you are using AWS Cloud -aws_management_bucket_access_key: "" -aws_artifact_bucket_access_key: "" -aws_public_bucket_access_key: "" -aws_private_bucket_access_key: "" - -aws_management_bucket_secret_access_key: "" -aws_artifact_bucket_secret_access_key: "" -aws_public_bucket_secret_access_key: "" -aws_private_bucket_secret_access_key: "" - -# Define the below if you are using Google Cloud -gcp_storage_service_account_name: "" -gcp_storage_key_file: "" # gcloud service account key - refer: https://cloud.google.com/iam/docs/creating-managing-service-account-keys - +# Cloud Service Provider Secret Variables +# If cloud_service_provider is aws then update secret access key +# Example: cloud_management_storage_secret: "xkxjfjsdsfjdfjdhgjfhgjdhfgjdgjdfgdjgjdgdjhgjhd" + +# If cloud_service_provider is gcp then update with service account json file content +# Example: cloud_management_storage_secret: | +# { +# "type": "service_account", +# "project_id": "your-project-id", +# "private_key_id": "...", +# "private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n", +# "client_email": "service-account-for-your-repository@your-project-id.iam.gserviceaccount.com", +# "client_id": "...", +# "auth_uri": "https://accounts.google.com/o/oauth2/auth", +# "token_uri": "https://accounts.google.com/o/oauth2/token", +# "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", +# "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/your-bucket@your-project-id.iam.gserviceaccount.com" +# } + +# If cloud_service_provider is azure then update with storage account key +# Example: cloud_management_storage_secret: "BfoOQwA6UFI7URwkFjkjdjsdhjhjhjsdhjfM//lsTbXDmHOFR5GqEwAwzyrKXOUDywojCpOC/g==" +cloud_management_storage_secret: "" + +# If cloud_service_provider is aws then update secret access key +# Example: cloud_public_storage_secret: "xkxjfjsdsfjdfjdhgjfhgjdhfgjdgjdfgdjgjdgdjhgjhd" + +# If cloud_service_provider is gcp then update with private-key which is in service account json file +# Example: cloud_public_storage_secret: "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n" + +# If cloud_service_provider is azure then update with storage account key +# Example: cloud_public_storage_secret: "BfoOQwA6UFI7URwkFjkjdjsdhjhjhjsdhjfM//lsTbXDmHOFR5GqEwAwzyrKXOUDywojCpOC/g==" +cloud_public_storage_secret: "" # The proxy key and crt values should be padded to the right by a couple of spaces # Example: @@ -184,3 +180,7 @@ ml_analytics_druid_observation_status_injestion_spec: DruidObeservationStatusIng ml_analytics_api_access_token: ApiAccessToken # ML authorization key ml_analytics_api_authorization_key: ApiAuthorizationKey + +# update if seperate object storage is used +cloud_private_storage_secret: "{{ cloud_public_storage_secret }}" +cloud_artifact_storage_secret: "{{ cloud_public_storage_secret }}" \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/DataPipeline/common.yml b/private_repo/ansible/inventory/dev/DataPipeline/common.yml index ef8432539b..715e9cc13a 100644 --- a/private_repo/ansible/inventory/dev/DataPipeline/common.yml +++ b/private_repo/ansible/inventory/dev/DataPipeline/common.yml @@ -5,15 +5,98 @@ domain_name: "" # your domain name like example.com # docker hub details dockerhub: "change.docker.url" # docker hub username or url incase of private registry private_ingressgateway_ip: "" # your private kubernetes load balancer ip -# Note - You can use the same azure account for the below variables or have separate azure accounts -sunbird_private_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing private data (like reports, telemetry data) -sunbird_public_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing public data (like contents) -sunbird_druid_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing druid data (like query results) -sunbird_artifact_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing artifacts data (like jenkins build zip files) -sunbird_management_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing backup data (like cassandra backups) +# Cloud Service Provider Variables +# If cloud_service_provider is AWS then update with access key as value +# Example: cloud_public_storage_accountname: "AKSHKSJHFJDHJDSHFKSD" +# If cloud_service_provider is gloud(GCP) then update with service account name +# Example: cloud_public_storage_accountname: "cloudstorage-gcp-test.iam.gserviceaccount.com" +# If cloud_service_provider is AZURE then update with stoage account name +# Example: cloud_public_storage_accountname: "azurestotageaccount" +cloud_public_storage_accountname: "" +# If cloud_service_provider is AWS then update with region +# Example: cloud_public_storage_region: us-east-1 +cloud_public_storage_region: "" +# If cloud_service_provider is gcp then update this variable with project id +# Example: cloud_public_storage_project: "sunbird-gcp-test" +cloud_public_storage_project: "" +# Create object storage for each below mentioned variables and update accordingly +# If cloud_service_provider is AWS update with bucket name +# If cloud_service_provider is gcloud(GCP) update with bucket name +# If cloud_service_provider is AZURE update with container name +# Example: cloud_storage_certqr_bucketname: "certqr-storage" +cloud_storage_certqr_bucketname: "" +# This storage contains chatbot related data +# Example: cloud_storage_chatbot_bucketname: "chatbot-storage" +cloud_storage_chatbot_bucketname: "" +# This storage contains dial related data +# Example: cloud_storage_dial_bucketname: "dial-storage" +cloud_storage_dial_bucketname: "" +# This storage contains flink checkpoint data +# Example: cloud_storage_flink_bucketname: "flink-storage" +cloud_storage_flink_bucketname: "" +# This storage contains portal cdn file +# Example: cloud_storage_playercdn_bucketname: "playercdn-storage" +cloud_storage_playercdn_bucketname: "" +# This storage contains public data +# Example: cloud_storage_public_bucketname: "public-storage" +cloud_storage_public_bucketname: "" +# This storage contains public reports data +# Example: cloud_storage_publicreports_bucketname: "publicreports-storage" +cloud_storage_publicreports_bucketname: "" +# This storage contains private reports data +# Example: cloud_storage_privatereports_bucketname: "privatereports-storage" +cloud_storage_privatereports_bucketname: "" +# This storage contains samiksha data +# Example: cloud_storage_samiksha_bucketname: "samiksha-storage" +cloud_storage_samiksha_bucketname: "" +# This storage contains schema data +# Example: cloud_storage_schema_bucketname: "schema-storage" +cloud_storage_schema_bucketname: "" +# This storage contains sourcing related data +# Example: cloud_storage_sourcing_bucketname: "sourcing-storage" +cloud_storage_sourcing_bucketname: "" +# This storage contains desktop app data +# Example: cloud_storage_offlineinstaller_bucketname: "offlineinstaller-storage" +cloud_storage_offlineinstaller_bucketname: "" +# This storage contains public schemas, contents +# Example: cloud_storage_content_bucketname: "content-storage" +cloud_storage_content_bucketname: "" +# This storage contains telemetry data +# Example: cloud_storage_telemetry_bucketname: "telemetry-storage" +cloud_storage_telemetry_bucketname: "" +# This storage contains T & C data +# Example: cloud_storage_termsandcondtions_bucketname: "termsandconditions-storage" +cloud_storage_termsandcondtions_bucketname: "" +# Example: cloud_storage_user_bucketname: "user-storage" +cloud_storage_user_bucketname: "" +# This storage contains crashlogs +# Example: cloud_storage_desktopappcrashlogs_bucketname: "desktopappcrashlogs-storage" +cloud_storage_desktopappcrashlogs_bucketname: "" +# This storage contains labels data +# Example: cloud_storage_label_bucketname: "label-storage" +cloud_storage_label_bucketname: "" +# Example: cloud_storage_certservice_bucketname: "certservice-storage" +cloud_storage_certservice_bucketname: "" +# This storage contains UCI services data +# Example: cloud_storage_uci_bucketname: "uci-storage" +cloud_storage_uci_bucketname: "" +# This storage contains artifacts data +# Example: cloud_storage_artifacts_bucketname: "artifact-storage" +cloud_storage_artifacts_bucketname: "" +# This storage contains backups data +# Example: cloud_storage_management_bucketname: "management-storage" +cloud_storage_management_bucketname: "" + +# Uncomment the variable based on your cloud provider (as a default we have kept Azure variable uncommented) +# GCP +# cloud_storage_url: https://storage.googleapis.com +# AWS +# cloud_storage_url: "https://s3.{{ cloud_public_storage_region }}.amazonaws.com" +# Azure +cloud_storage_url: "https://{{ cloud_public_storage_accountname }}.blob.core.windows.net" # ------------------------------------------------------------------------------------------------------------ # # Optional variables - Can be left blank if you dont plan to use the intended features @@ -48,12 +131,47 @@ postgres: db_admin_password: "{{dp_vault_pgdb_admin_password}}" druid_postgres_user: druid # Do not change this -sunbird_private_azure_report_container_name: 'reports' -sunbird_public_azure_report_container_name: 'public-reports' imagepullsecrets: "{{env}}registrysecret" # kubernetes imagePullSecrets kubeconfig_path: /var/lib/jenkins/secrets/k8s.yaml # kubeconfig file path on jenkins core_kubeconfig_path: "{{ kubeconfig_path }}" # kubeconfig file path on jenkins for core kube cluster, change this if you use separate kube cluster for core and KP + DP +# Below endpoint is not required in current release +cloud_public_storage_endpoint: "" + +# Update below vars if seperate object storage is required +cloud_private_storage_accountname: "{{ cloud_public_storage_accountname }}" +cloud_private_storage_endpoint: "{{ cloud_public_storage_endpoint }}" +cloud_private_storage_region: "{{ cloud_public_storage_region }}" +cloud_private_storage_project: "{{ cloud_public_storage_project }}" + +cloud_management_storage_accountname: "{{ cloud_public_storage_accountname }}" +cloud_management_storage_endpoint: "{{ cloud_public_storage_endpoint }}" +cloud_management_storage_region: "{{ cloud_public_storage_region }}" +cloud_management_storage_project: "{{ cloud_public_storage_project }}" + +cloud_artifact_storage_accountname: "{{ cloud_public_storage_accountname }}" +cloud_artifact_storage_endpoint: "{{ cloud_public_storage_endpoint }}" +cloud_artifact_storage_region: "{{ cloud_public_storage_region }}" +cloud_artifact_storage_project: "{{ cloud_public_storage_project }}" + +## Enable below vars to upload database backups in seperate buckets +# cloud_storage_cassandrabackup_bucketname: "" +# cloud_storage_dpcassandrabackup_bucketname: "" +# cloud_storage_dppostgresbackup_bucketname: "" +# cloud_storage_dpredisbackup_bucketname: "" +# cloud_storage_esbackup_bucketname: "" +# cloud_storage_influxdbbackup_bucketname: "" +# cloud_storage_jenkinsbackup_bucketname: "" +# cloud_storage_mongobackup_bucketname: "" +# cloud_storage_neo4jbackup_bucketname: "" +# cloud_storage_redisbackup_bucketname: "" + +# Building block vars +cloud_storage_base_url: "{{ cloud_storage_url }}" +cloudstorage_base_path: "{{ cloud_storage_url }}" +valid_cloudstorage_base_urls: '["{{ cloud_storage_url }}"]' +cloudstorage_relative_path_prefix: "CONTENT_STORAGE_BASE_PATH" + # The below sets the kafka topics retention time to 1 day, if you use the defaults from the public repo, it will be 7 days # If you want to retain the topics for 7 days, remove the below sections completely # Ensure you have atleast 1 TB of disk to retain data for 7 days @@ -170,10 +288,3 @@ processing_kafka_overriden_topics: retention_time: 86400000 replication_factor: 1 -# Define the below if you are using Google Cloud -gcloud_private_bucket_name: "" -gcloud_public_bucket_name: "" -gcloud_artifact_bucket_name: "" -gcloud_management_bucket_name: "" - -gcloud_private_bucket_projectId: "" diff --git a/private_repo/ansible/inventory/dev/DataPipeline/secrets.yml b/private_repo/ansible/inventory/dev/DataPipeline/secrets.yml index c37b74d8fe..2b711a27a2 100644 --- a/private_repo/ansible/inventory/dev/DataPipeline/secrets.yml +++ b/private_repo/ansible/inventory/dev/DataPipeline/secrets.yml @@ -4,13 +4,38 @@ dp_vault_pgdb_password: "change.postgres.password" # postgres p dp_vault_pgdb_admin_password: "change.postgres.password" # postgres password for admin dp_vault_druid_postgress_pass: "change.postgres.password" # postgres password for druid db -# Azure storage account credentials - Note if you are using a single account, you can set the same key for the belows -sunbird_management_storage_account_key: "change.azure.storage.account.key" -sunbird_artifact_storage_account_key: "change.azure.storage.account.key" -sunbird_private_storage_account_key: "change.azure.storage.account.key" -sunbird_public_storage_account_key: "change.azure.storage.account.key" -sunbird_druid_storage_account_key: "change.azure.storage.account.key" -sunbird_artifact_storage_account_sas: "change.azure.storage.account.sas" # this must be the sas token from Core directory that your generated +# Cloud Service Provider Secret Variables +# If cloud_service_provider is aws then update secret access key +# Example: cloud_management_storage_secret: "xkxjfjsdsfjdfjdhgjfhgjdhfgjdgjdfgdjgjdgdjhgjhd" + +# If cloud_service_provider is gcp then update with service account json file content +# Example: cloud_management_storage_secret: | +# { +# "type": "service_account", +# "project_id": "your-project-id", +# "private_key_id": "...", +# "private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n", +# "client_email": "service-account-for-your-repository@your-project-id.iam.gserviceaccount.com", +# "client_id": "...", +# "auth_uri": "https://accounts.google.com/o/oauth2/auth", +# "token_uri": "https://accounts.google.com/o/oauth2/token", +# "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", +# "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/your-bucket@your-project-id.iam.gserviceaccount.com" +# } + +# If cloud_service_provider is azure then update with storage account key +# Example: cloud_management_storage_secret: "BfoOQwA6UFI7URwkFjkjdjsdhjhjhjsdhjfM//lsTbXDmHOFR5GqEwAwzyrKXOUDywojCpOC/g==" +cloud_management_storage_secret: "" + +# If cloud_service_provider is aws then update secret access key +# Example: cloud_public_storage_secret: "xkxjfjsdsfjdfjdhgjfhgjdhfgjdgjdfgdjgjdgdjhgjhd" + +# If cloud_service_provider is gcp then update with private-key which is in service account json file +# Example: cloud_public_storage_secret: "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n" + +# If cloud_service_provider is azure then update with storage account key +# Example: cloud_public_storage_secret: "BfoOQwA6UFI7URwkFjkjdjsdhjhjhjsdhjfM//lsTbXDmHOFR5GqEwAwzyrKXOUDywojCpOC/g==" +cloud_public_storage_secret: "" core_vault_docker_registry_url: "change.docker.url" # for docker hub use https://index.docker.io/v1 core_vault_docker_registry_user: "change.docker.user" @@ -25,8 +50,7 @@ dp_vault_data_exhaust_token: # slack api token # ------------------------------------------------------------------------------------------------------------ # # Sensible defaults which you need not change - But if you would like to change, you are free to do so -dp_vault_artifacts_container: artifacts -# Define the below if you are using Google Cloud -gcp_storage_service_account_name: "" -gcp_storage_key_file: "" +# update if seperate object storage is used +cloud_private_storage_secret: "{{ cloud_public_storage_secret }}" +cloud_artifact_storage_secret: "{{ cloud_public_storage_secret }}" \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml index b905d7b359..bede16cb5b 100644 --- a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml +++ b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml @@ -5,19 +5,107 @@ cloud_service_provider: "" # Your cloud service provider name. Supported v dockerhub: "change.docker.url" # docker hub username or url incase of private registry private_ingressgateway_ip: "" # your private kubernetes load balancer ip domain_name: "" # your domain name like example.com -# Note - You can use the same azure account for the below variables or have separate azure accounts -sunbird_public_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing public data (like contents) -sunbird_private_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing private data (like reports, telemetry data) -sunbird_artifact_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing artifacts data (like jenkins build zip files) -sunbird_management_storage_account_name: "change.azure.storage.account.name" # Azure account name for storing backup data (like cassandra backups) + +# Cloud Service Provider Variables +# If cloud_service_provider is AWS then update with access key as value +# Example: cloud_public_storage_accountname: "AKSHKSJHFJDHJDSHFKSD" +# If cloud_service_provider is gloud(GCP) then update with service account name +# Example: cloud_public_storage_accountname: "cloudstorage-gcp-test.iam.gserviceaccount.com" +# If cloud_service_provider is AZURE then update with stoage account name +# Example: cloud_public_storage_accountname: "azurestotageaccount" +cloud_public_storage_accountname: "" +# If cloud_service_provider is AWS then update with region +# Example: cloud_public_storage_region: us-east-1 +cloud_public_storage_region: "" +# If cloud_service_provider is gcp then update this variable with project id +# Example: cloud_public_storage_project: "sunbird-gcp-test" +cloud_public_storage_project: "" +# If cloud_service_provider is oci update this variable with namespace +# Example: cloud_public_storage_namespace: "apsjfhudfjs" +cloud_public_storage_namespace: "" + + +# Create object storage for each below mentioned variables and update accordingly +# If cloud_service_provider is AWS update with bucket name +# If cloud_service_provider is gcloud(GCP) update with bucket name +# If cloud_service_provider is AZURE update with container name +# Example: cloud_storage_certqr_bucketname: "certqr-storage" +cloud_storage_certqr_bucketname: "" +# This storage contains chatbot related data +# Example: cloud_storage_chatbot_bucketname: "chatbot-storage" +cloud_storage_chatbot_bucketname: "" +# This storage contains dial related data +# Example: cloud_storage_dial_bucketname: "dial-storage" +cloud_storage_dial_bucketname: "" +# This storage contains flink checkpoint data +# Example: cloud_storage_flink_bucketname: "flink-storage" +cloud_storage_flink_bucketname: "" +# This storage contains portal cdn file +# Example: cloud_storage_playercdn_bucketname: "playercdn-storage" +cloud_storage_playercdn_bucketname: "" +# This storage contains public data +# Example: cloud_storage_public_bucketname: "public-storage" +cloud_storage_public_bucketname: "" +# This storage contains public reports data +# Example: cloud_storage_publicreports_bucketname: "publicreports-storage" +cloud_storage_publicreports_bucketname: "" +# This storage contains private reports data +# Example: cloud_storage_privatereports_bucketname: "privatereports-storage" +cloud_storage_privatereports_bucketname: "" +# This storage contains samiksha data +# Example: cloud_storage_samiksha_bucketname: "samiksha-storage" +cloud_storage_samiksha_bucketname: "" +# This storage contains schema data +# Example: cloud_storage_schema_bucketname: "schema-storage" +cloud_storage_schema_bucketname: "" +# This storage contains sourcing related data +# Example: cloud_storage_sourcing_bucketname: "sourcing-storage" +cloud_storage_sourcing_bucketname: "" +# This storage contains desktop app data +# Example: cloud_storage_offlineinstaller_bucketname: "offlineinstaller-storage" +cloud_storage_offlineinstaller_bucketname: "" +# This storage contains public schemas, contents +# Example: cloud_storage_content_bucketname: "content-storage" +cloud_storage_content_bucketname: "" +# This storage contains telemetry data +# Example: cloud_storage_telemetry_bucketname: "telemetry-storage" +cloud_storage_telemetry_bucketname: "" +# This storage contains T & C data +# Example: cloud_storage_termsandcondtions_bucketname: "termsandconditions-storage" +cloud_storage_termsandcondtions_bucketname: "" +# Example: cloud_storage_user_bucketname: "user-storage" +cloud_storage_user_bucketname: "" +# This storage contains crashlogs +# Example: cloud_storage_desktopappcrashlogs_bucketname: "desktopappcrashlogs-storage" +cloud_storage_desktopappcrashlogs_bucketname: "" +# This storage contains labels data +# Example: cloud_storage_label_bucketname: "label-storage" +cloud_storage_label_bucketname: "" +# Example: cloud_storage_certservice_bucketname: "certservice-storage" +cloud_storage_certservice_bucketname: "" +# This storage contains UCI services data +# Example: cloud_storage_uci_bucketname: "uci-storage" +cloud_storage_uci_bucketname: "" +# This storage contains artifacts data +# Example: cloud_storage_artifacts_bucketname: "artifact-storage" +cloud_storage_artifacts_bucketname: "" +# This storage contains backups data +# Example: cloud_storage_management_bucketname: "management-storage" +cloud_storage_management_bucketname: "" + +# Uncomment the variable based on your cloud provider (as a default we have kept Azure variable uncommented) +# GCP +# cloud_storage_url: https://storage.googleapis.com +# AWS +# cloud_storage_url: "https://s3.{{ cloud_public_storage_region }}.amazonaws.com" +# Azure +cloud_storage_url: "https://{{ cloud_public_storage_accountname }}.blob.core.windows.net" # Optional env: dev # some name like dev, preprod etc proto: https # http or https, preferably https -azure_public_container: contents # Azure container name for storing public data (like contents) - environment_id: "10000003" # A 8 digit number for example like 1000000, # Important: same as the one in core/common.yaml neo4j_zip: neo4j-community-3.3.9-unix.tar.gz # Neo4j file name present in the azure blob artifacts folder (only neo4j 3.4 and below is supported) @@ -28,27 +116,50 @@ neo4j_enterprise: false # Set this to true if you use # ------------------------------------------------------------------------------------------------------------ # # Sensible defaults which you need not change - But if you would like to change, you are free to do so ekstep_domain_name: "{{ proto }}://{{ domain_name }}" -artifacts_container: artifacts - -# Uncomment the variable based on your cloud provider (as a default we have kept Azure variable uncommented) -# GCP -# cloud_storage_url: https://storage.cloud.google.com/{{ gcloud_public_bucket_name }} -# AWS -# cloud_storage_url: # Geetha to fill this url based on AWS role vars -# Azure -cloud_storage_url: "https://{{ sunbird_public_storage_account_name }}.blob.core.windows.net" # SB-31155 - This should be deprecated in future in favour of plugin_storage -plugin_container_name: "{{ azure_public_container }}" +plugin_container_name: "{{ cloud_storage_content_bucketname }}" -kp_schema_base_path: "{{ cloud_storage_url }}/{{ plugin_storage }}/schemas/local" +kp_schema_base_path: "{{ cloud_storage_url }}/{{ cloud_storage_content_bucketname }}/schemas/local" imagepullsecrets: "{{env}}registrysecret" # kubernetes imagePullSecrets kubeconfig_path: /var/lib/jenkins/secrets/k8s.yaml # kubeconfig file path on jenkins -# Define the below if you are using Google Cloud -gcloud_private_bucket_name: "" -gcloud_public_bucket_name: "" -gcloud_artifact_bucket_name: "" -gcloud_management_bucket_name: "" +# Below endpoint is not required in current release +cloud_public_storage_endpoint: "" + +# Update below vars if seperate object storage is required +cloud_private_storage_accountname: "{{ cloud_public_storage_accountname }}" +cloud_private_storage_endpoint: "{{ cloud_public_storage_endpoint }}" +cloud_private_storage_region: "{{ cloud_public_storage_region }}" +cloud_private_storage_project: "{{ cloud_public_storage_project }}" +cloud_private_storage_namespace: "{{ cloud_public_storage_namespace }}" + +cloud_management_storage_accountname: "{{ cloud_public_storage_accountname }}" +cloud_management_storage_endpoint: "{{ cloud_public_storage_endpoint }}" +cloud_management_storage_region: "{{ cloud_public_storage_region }}" +cloud_management_storage_project: "{{ cloud_public_storage_project }}" +cloud_management_storage_namespace: "{{ cloud_public_storage_namespace }}" + +cloud_artifact_storage_accountname: "{{ cloud_public_storage_accountname }}" +cloud_artifact_storage_endpoint: "{{ cloud_public_storage_endpoint }}" +cloud_artifact_storage_region: "{{ cloud_public_storage_region }}" +cloud_artifact_storage_project: "{{ cloud_public_storage_project }}" +cloud_artifact_storage_namespace: "{{ cloud_public_storage_namespace }}" + +## Enable below vars to upload database backups in seperate buckets +# cloud_storage_cassandrabackup_bucketname: "" +# cloud_storage_dpcassandrabackup_bucketname: "" +# cloud_storage_dppostgresbackup_bucketname: "" +# cloud_storage_dpredisbackup_bucketname: "" +# cloud_storage_esbackup_bucketname: "" +# cloud_storage_influxdbbackup_bucketname: "" +# cloud_storage_jenkinsbackup_bucketname: "" +# cloud_storage_mongobackup_bucketname: "" +# cloud_storage_neo4jbackup_bucketname: "" +# cloud_storage_redisbackup_bucketname: "" -gcloud_private_bucket_projectId: "" +# Building block vars +cloud_storage_base_url: "{{ cloud_storage_url }}" +cloudstorage_base_path: "{{ cloud_storage_url }}" +valid_cloudstorage_base_urls: '["{{ cloud_storage_url }}"]' +cloudstorage_relative_path_prefix: "CONTENT_STORAGE_BASE_PATH" \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/KnowledgePlatform/secrets.yml b/private_repo/ansible/inventory/dev/KnowledgePlatform/secrets.yml index ef5db134da..1b62ad0a1f 100644 --- a/private_repo/ansible/inventory/dev/KnowledgePlatform/secrets.yml +++ b/private_repo/ansible/inventory/dev/KnowledgePlatform/secrets.yml @@ -1,11 +1,38 @@ # ------------------------------------------------------------------------------------------------------------ # # Mandatorty variables - DO NOT LEAVE ANYTHING BLANK # -# Azure storage account credentials - Note if you are using a single account, you can set the same key for the belows -sunbird_private_storage_account_key: "change.azure.storage.account.key" -sunbird_public_storage_account_key: "change.azure.storage.account.key" -sunbird_management_storage_account_key: "change.azure.storage.account.key" -sunbird_artifact_storage_account_key: "change.azure.storage.account.key" -sunbird_artifact_storage_account_sas: "change.azure.storage.account.sas" + +# Cloud Service Provider Secret Variables +# If cloud_service_provider is aws then update secret access key +# Example: cloud_management_storage_secret: "xkxjfjsdsfjdfjdhgjfhgjdhfgjdgjdfgdjgjdgdjhgjhd" + +# If cloud_service_provider is gcp then update with service account json file content +# Example: cloud_management_storage_secret: | +# { +# "type": "service_account", +# "project_id": "your-project-id", +# "private_key_id": "...", +# "private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n", +# "client_email": "service-account-for-your-repository@your-project-id.iam.gserviceaccount.com", +# "client_id": "...", +# "auth_uri": "https://accounts.google.com/o/oauth2/auth", +# "token_uri": "https://accounts.google.com/o/oauth2/token", +# "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", +# "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/your-bucket@your-project-id.iam.gserviceaccount.com" +# } + +# If cloud_service_provider is azure then update with storage account key +# Example: cloud_management_storage_secret: "BfoOQwA6UFI7URwkFjkjdjsdhjhjhjsdhjfM//lsTbXDmHOFR5GqEwAwzyrKXOUDywojCpOC/g==" +cloud_management_storage_secret: "" + +# If cloud_service_provider is aws then update secret access key +# Example: cloud_public_storage_secret: "xkxjfjsdsfjdfjdhgjfhgjdhfgjdgjdfgdjgjdgdjhgjhd" + +# If cloud_service_provider is gcp then update with private-key which is in service account json file +# Example: cloud_public_storage_secret: "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n" + +# If cloud_service_provider is azure then update with storage account key +# Example: cloud_public_storage_secret: "BfoOQwA6UFI7URwkFjkjdjsdhjhjhjsdhjfM//lsTbXDmHOFR5GqEwAwzyrKXOUDywojCpOC/g==" +cloud_public_storage_secret: "" core_vault_docker_registry_url: "change.docker.url" # for docker hub use https://index.docker.io/v1 core_vault_docker_registry_user: "change.docker.user" @@ -19,6 +46,6 @@ lp_vault_youtube_api_key: # youtube api token if you want # Sensible defaults which you need not change - But if you would like to change, you are free to do so lp_vault_graph_passport_key: "long-secret-to-calm-entropy-gods" -# Define the below if you are using Google Cloud -gcp_storage_service_account_name: "" -gcp_storage_key_file: "" +# update if seperate object storage is used +cloud_private_storage_secret: "{{ cloud_public_storage_secret }}" +cloud_artifact_storage_secret: "{{ cloud_public_storage_secret }}" \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/UCI/common.yml b/private_repo/ansible/inventory/dev/UCI/common.yml new file mode 120000 index 0000000000..1465b46671 --- /dev/null +++ b/private_repo/ansible/inventory/dev/UCI/common.yml @@ -0,0 +1 @@ +../Core/common.yml \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/UCI/hosts b/private_repo/ansible/inventory/dev/UCI/hosts new file mode 120000 index 0000000000..fb74d690d4 --- /dev/null +++ b/private_repo/ansible/inventory/dev/UCI/hosts @@ -0,0 +1 @@ +../Core/hosts \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/UCI/secrets.yml b/private_repo/ansible/inventory/dev/UCI/secrets.yml new file mode 120000 index 0000000000..6bbc077aab --- /dev/null +++ b/private_repo/ansible/inventory/dev/UCI/secrets.yml @@ -0,0 +1 @@ +../Core/secrets.yml \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/managed-learn/common.yml b/private_repo/ansible/inventory/dev/managed-learn/common.yml new file mode 120000 index 0000000000..1465b46671 --- /dev/null +++ b/private_repo/ansible/inventory/dev/managed-learn/common.yml @@ -0,0 +1 @@ +../Core/common.yml \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/managed-learn/hosts b/private_repo/ansible/inventory/dev/managed-learn/hosts new file mode 120000 index 0000000000..fb74d690d4 --- /dev/null +++ b/private_repo/ansible/inventory/dev/managed-learn/hosts @@ -0,0 +1 @@ +../Core/hosts \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/managed-learn/secrets.yml b/private_repo/ansible/inventory/dev/managed-learn/secrets.yml new file mode 120000 index 0000000000..6bbc077aab --- /dev/null +++ b/private_repo/ansible/inventory/dev/managed-learn/secrets.yml @@ -0,0 +1 @@ +../Core/secrets.yml \ No newline at end of file From 664f931df9f36d273ce854cf85deff9e0dbdbcc4 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Tue, 10 Jan 2023 21:12:22 +0530 Subject: [PATCH 240/434] fix: adding graylog related changes --- .../ansible/inventory/dev/Core/common.yml | 15 +++++++++++++++ private_repo/ansible/inventory/dev/Core/hosts | 7 +++++++ .../ansible/inventory/dev/DataPipeline/hosts | 6 ++++++ .../ansible/inventory/dev/KnowledgePlatform/hosts | 6 ++++++ 4 files changed, 34 insertions(+) diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index bee6dc7028..a85b01c898 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -128,6 +128,8 @@ nginx_private_ingress_annotations: # ------------------------------------------------------------------------------------------------------------ # +graylog_trusted_proxies: "1.2.3.4/21" # This should be the kubernetes nodes subnet CIDR range + ## Optional learningservice_ip: "10.0.1.5" # Load balancer IP or server ip @@ -394,3 +396,16 @@ grafana_login_whitelisted_emails: |- # Add below var to monitor report-cassandra server report_cassandra_server_count: "{{ groups['report-cassandra'] | length }}" + +# graylog +graylog_open_to_public: true +send_logs_to_graylog: true +graylog_root_timezone: "Asia/Kolkata" +graylog_elasticsearch_discovery_enabled: "true" +graylog_allow_leading_wildcard_searches: "true" +graylog_allow_highlighting: "true" +graylog_transport_email_enabled: "true" +graylog_transport_email_hostname: "{{ mail_server_host }}" +graylog_transport_email_auth_username: "apikey" +graylog_transport_email_from_email: "{{ sunbird_mail_server_from_email }}" +graylog_transport_email_use_ssl: "false" \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/Core/hosts b/private_repo/ansible/inventory/dev/Core/hosts index 58fb6eeb95..6bcd606290 100644 --- a/private_repo/ansible/inventory/dev/Core/hosts +++ b/private_repo/ansible/inventory/dev/Core/hosts @@ -9,6 +9,12 @@ ansible_ssh_private_key_file=/var/lib/jenkins/secrets/deployer_ssh_key [keycloak:children] keycloak-1 +[graylog-1] +10.0.1.9 mongodb_master=True graylog_is_master=True + +[graylog:children] +graylog-1 + [log-es-1] 10.0.1.9 es_instance_name=log-es-1 node_name=log-es-1 es_etc_node_master=true es_etc_node_data=true @@ -137,6 +143,7 @@ node-exporter [core:children] es +graylog log-es cassandra postgresql-master diff --git a/private_repo/ansible/inventory/dev/DataPipeline/hosts b/private_repo/ansible/inventory/dev/DataPipeline/hosts index 2ecf51e3bc..199392ce08 100644 --- a/private_repo/ansible/inventory/dev/DataPipeline/hosts +++ b/private_repo/ansible/inventory/dev/DataPipeline/hosts @@ -19,6 +19,12 @@ core-es-1 [log-es:children] log-es-1 +[graylog-1] +10.0.1.9 + +[graylog:children] +graylog-1 + ################# KP ########################## [learning] 10.0.1.5 diff --git a/private_repo/ansible/inventory/dev/KnowledgePlatform/hosts b/private_repo/ansible/inventory/dev/KnowledgePlatform/hosts index c144bc6fa2..e66c3c6ab0 100644 --- a/private_repo/ansible/inventory/dev/KnowledgePlatform/hosts +++ b/private_repo/ansible/inventory/dev/KnowledgePlatform/hosts @@ -62,6 +62,12 @@ core-es-1 [log-es:children] log-es-1 +[graylog-1] +10.0.1.9 + +[graylog:children] +graylog-1 + [composite-search-cluster] 10.1.4.5 From a23919d698b1c5181fd1458651c664ba52b92a75 Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Tue, 10 Jan 2023 21:26:55 +0530 Subject: [PATCH 241/434] Release 5.1.0 (#3697) * Add Lern inventory template * Install openjdk-11.0.2 in jenkins * Add Lern BB vars to template * Remove duplicate flink jobs * Update template vars * Update lern specific vars --- deploy/jenkins/jenkins-server-setup.sh | 7 +++ .../jobs/FlinkPipelineJobs/config.xml | 3 +- .../jobs/FlinkJobs/config.xml | 2 - .../dev/KnowledgePlatform/common.yml | 47 ++++++++++++++++++- .../inventory/dev/KnowledgePlatform/hosts | 30 ++++++++++++ .../dev/KnowledgePlatform/secrets.yml | 27 ++++++++++- .../ansible/inventory/dev/Lern/common.yml | 1 + private_repo/ansible/inventory/dev/Lern/hosts | 1 + .../ansible/inventory/dev/Lern/secrets.yml | 1 + 9 files changed, 113 insertions(+), 6 deletions(-) create mode 120000 private_repo/ansible/inventory/dev/Lern/common.yml create mode 120000 private_repo/ansible/inventory/dev/Lern/hosts create mode 120000 private_repo/ansible/inventory/dev/Lern/secrets.yml diff --git a/deploy/jenkins/jenkins-server-setup.sh b/deploy/jenkins/jenkins-server-setup.sh index f2ef322969..670395335b 100755 --- a/deploy/jenkins/jenkins-server-setup.sh +++ b/deploy/jenkins/jenkins-server-setup.sh @@ -145,6 +145,13 @@ mv jdk-11 java-11-openjdk-amd64 cp -r java-11-openjdk-amd64 /usr/lib/jvm/ rm -rf java-11-openjdk-amd64 openjdk-11+28_linux-x64_bin.tar.gz +#Install openjdk-11.0.2 # needed for DP jobs +echo -e "\n\e[0;32m${bold}Installating openjdk 11.0.2${normal}" +wget https://download.java.net/java/GA/jdk11/9/GPL/openjdk-11.0.2_linux-x64_bin.tar.gz +tar -xf openjdk-11.0.2_linux-x64_bin.tar.gz +mv jdk-11.0.2 /usr/lib/jvm/ +rm openjdk-11.0.2_linux-x64_bin.tar.gz + #Install maven 3.6.3 echo -e "\n\e[0;32m${bold}Installating maven 3.6.3${normal}" wget https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/DataPipeline/jobs/FlinkPipelineJobs/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/DataPipeline/jobs/FlinkPipelineJobs/config.xml index 8daf73245a..96881ee988 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/DataPipeline/jobs/FlinkPipelineJobs/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/DataPipeline/jobs/FlinkPipelineJobs/config.xml @@ -102,7 +102,6 @@ return """<b>This parameter is not used</b>""" 'de-normalization-primary', 'de-normalization-secondary', 'druid-validator', -'assessment-aggregator', 'content-cache-updater', 'user-cache-updater-v2', 'summary-denormalization', @@ -170,4 +169,4 @@ return """<b>This parameter is not used</b>""" false - \ No newline at end of file + diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/KnowledgePlatform/jobs/FlinkJobs/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/KnowledgePlatform/jobs/FlinkJobs/config.xml index cb98de88c1..9a0134703e 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/KnowledgePlatform/jobs/FlinkJobs/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/KnowledgePlatform/jobs/FlinkJobs/config.xml @@ -104,8 +104,6 @@ return """<b>This parameter is not used</b>""" 'asset-enrichment', 'audit-event-generator', 'audit-history-indexer', -'collection-cert-pre-processor', -'collection-certificate-generator', 'auto-creator-v2', 'metrics-data-transformer', 'content-publish', diff --git a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml index bede16cb5b..1702cc633b 100644 --- a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml +++ b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml @@ -162,4 +162,49 @@ cloud_artifact_storage_namespace: "{{ cloud_public_storage_namespace }}" cloud_storage_base_url: "{{ cloud_storage_url }}" cloudstorage_base_path: "{{ cloud_storage_url }}" valid_cloudstorage_base_urls: '["{{ cloud_storage_url }}"]' -cloudstorage_relative_path_prefix: "CONTENT_STORAGE_BASE_PATH" \ No newline at end of file +cloudstorage_relative_path_prefix: "CONTENT_STORAGE_BASE_PATH" +cloud_storage_pathstyle_access: false + +### Lern BB - Adding Lern specific vars here. In future if we want to move it to seperate folder this can be used as the starting point + +# Mandatorty variables - DO NOT LEAVE ANYTHING BLANK # +is_multidc_enabled: false # Change this to true if you plan to use cassandra multi data center setup +#Assessment Aggregator Content Read API +content_read_api_host: "" # Your domain host ex: http://test.com +content_read_api_endpoint: "" # ex: api/content/v1/read/ + +# For sendgrid, if you want to change, update the following +sunbird_mail_server_host: "smtp.sendgrid.net" # Email host, can be any email provider +sunbird_mail_server_username: "apikey" # Email provider username; for sendgrid you can use "apikey" +sunbird_mail_server_port: ## Email server SMTP port ex: 587 +# This mail id should be verified by your provider. This is the mail id which will be used for `From Address`. For example, +# From: support@sunbird.org +# Subject: Forgot password +# Hi..... +sunbird_mail_server_from_email: "support@myorg.com" # Email ID that should be as from address in mails + +# Optional variables - Can be left blank if you dont plan to use the intended features +# data exhaust alerts +data_exhaust_webhook_url: "slack.com" # Slack webhook url +data_exhaust_Channel: "slack.com" # Slack channel for data products alerts + +# This sms sender id should be verified by your provider. This is the sender id which will be used for `From Address`. For example, +# From: SBSMS +# Hi..... +# This is optional. +# If not set, you won't get sms OTPs. You'll get it in mail though. +sunbird_notification_msg_default_sender: # SMS from Address; exact 6 char like SBSUNB + + +# Sensible defaults which you need not change - But if you would like to change, you are free to do so +data_exhaust_name: "lern-datapipeline-monitoring" # Slack notification name +postgres: + db_url: "{{ groups['postgres'][0] }}" + db_username: analytics + db_name: analytics + db_table_name: "{{env}}_consumer_channel_mapping" + db_port: 5432 + db_admin_user: postgres + db_admin_password: "{{dp_vault_pgdb_admin_password}}" + +### Lern BB diff --git a/private_repo/ansible/inventory/dev/KnowledgePlatform/hosts b/private_repo/ansible/inventory/dev/KnowledgePlatform/hosts index c144bc6fa2..828e96c01e 100644 --- a/private_repo/ansible/inventory/dev/KnowledgePlatform/hosts +++ b/private_repo/ansible/inventory/dev/KnowledgePlatform/hosts @@ -106,3 +106,33 @@ lp [mlworkbench] 0.0.0.0 + +### Lern BB - Adding Lern specific vars here. In future if we want to move it to seperate folder this can be used as the starting point +[spark] +10.0.2.4 + +[learning] +10.0.2.7 + +[raw-coordinator] +10.0.2.7 + +[raw-overlord] +10.0.2.7 + +[raw-broker] +10.0.2.7 + +[postgres] +10.0.2.5 + +[report-cassandra:children] +core-cassandra + +[lp-cassandra] +10.0.2.5 + +[redis] +10.0.2.2 + +### Lern BB diff --git a/private_repo/ansible/inventory/dev/KnowledgePlatform/secrets.yml b/private_repo/ansible/inventory/dev/KnowledgePlatform/secrets.yml index 1b62ad0a1f..0a03bfdb43 100644 --- a/private_repo/ansible/inventory/dev/KnowledgePlatform/secrets.yml +++ b/private_repo/ansible/inventory/dev/KnowledgePlatform/secrets.yml @@ -47,5 +47,30 @@ lp_vault_youtube_api_key: # youtube api token if you want lp_vault_graph_passport_key: "long-secret-to-calm-entropy-gods" # update if seperate object storage is used +# If cloud_service_provider is aws then update secret access key +# Example: cloud_public_storage_secret: "xkxjfjsdsfjdfjdhgjfhgjdhfgjdgjdfgdjgjdgdjhgjhd" + +# If cloud_service_provider is gcp then update with private-key which is in service account json file +# Example: cloud_public_storage_secret: "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n" + +# If cloud_service_provider is azure then update with storage account key +# Example: cloud_public_storage_secret: "BfoOQwA6UFI7URwkFjkjdjsdhjhjhjsdhjfM//lsTbXDmHOFR5GqEwAwzyrKXOUDywojCpOC/g==" cloud_private_storage_secret: "{{ cloud_public_storage_secret }}" -cloud_artifact_storage_secret: "{{ cloud_public_storage_secret }}" \ No newline at end of file +cloud_artifact_storage_secret: "{{ cloud_public_storage_secret }}" + +### Lern BB - Adding Lern specific vars here. In future if we want to move it to seperate folder this can be used as the starting point + +# Mandatorty variables - DO NOT LEAVE ANYTHING BLANK # +core_vault_sunbird_api_auth_token: # copy value form variable core_vault_sunbird_api_auth_token from core/secrets.yml +dp_vault_pgdb_password: "change.postgres.password" # postgres password for analytics db +dp_vault_druid_postgress_pass: "change.postgres.password" # postgres password for druid db +dp_vault_pgdb_admin_password: "change.postgres.password" # postgres password for admin +core_vault_sunbird_encryption_key: "" # copy value from variable core_vault_sunbird_encryption_key from core secrets.yml + +# Optional variables - Can be left blank if you dont plan to use the intended features +core_vault_sunbird_fcm_account_key: "" # Firebase Cloud Messaging API Key +sunbird_msg_91_auth: "" # API key for sending OTP SMS +sunbird_mail_server_password: "" # Email server password +dp_vault_data_exhaust_token: "" # slack api token + +### Lern BB diff --git a/private_repo/ansible/inventory/dev/Lern/common.yml b/private_repo/ansible/inventory/dev/Lern/common.yml new file mode 120000 index 0000000000..1168242b3a --- /dev/null +++ b/private_repo/ansible/inventory/dev/Lern/common.yml @@ -0,0 +1 @@ +../KnowledgePlatform/common.yml \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/Lern/hosts b/private_repo/ansible/inventory/dev/Lern/hosts new file mode 120000 index 0000000000..d54fc1e61a --- /dev/null +++ b/private_repo/ansible/inventory/dev/Lern/hosts @@ -0,0 +1 @@ +../KnowledgePlatform/hosts \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/Lern/secrets.yml b/private_repo/ansible/inventory/dev/Lern/secrets.yml new file mode 120000 index 0000000000..1a0f3f3224 --- /dev/null +++ b/private_repo/ansible/inventory/dev/Lern/secrets.yml @@ -0,0 +1 @@ +../KnowledgePlatform/secrets.yml \ No newline at end of file From f94a83f3b240220414aab3c67c7b5e63e088ab08 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Tue, 10 Jan 2023 23:52:59 +0530 Subject: [PATCH 242/434] feat: ED-699 adding data to enable opa Signed-off-by: Keshav Prasad --- .../ansible/inventory/dev/Core/common.yml | 57 +++++++++++++++---- .../ansible/inventory/dev/Kubernetes/keys | 1 + .../inventory/dev/Sunbird-RC/common.yml | 1 + .../ansible/inventory/dev/Sunbird-RC/hosts | 1 + .../ansible/inventory/dev/Sunbird-RC/keys | 1 + .../inventory/dev/Sunbird-RC/secrets.yml | 1 + private_repo/ansible/inventory/dev/UCI/keys | 1 + .../ansible/inventory/dev/key-generate.sh | 21 +++++++ .../ansible/inventory/dev/managed-learn/keys | 1 + 9 files changed, 73 insertions(+), 12 deletions(-) create mode 120000 private_repo/ansible/inventory/dev/Kubernetes/keys create mode 120000 private_repo/ansible/inventory/dev/Sunbird-RC/common.yml create mode 120000 private_repo/ansible/inventory/dev/Sunbird-RC/hosts create mode 120000 private_repo/ansible/inventory/dev/Sunbird-RC/keys create mode 120000 private_repo/ansible/inventory/dev/Sunbird-RC/secrets.yml create mode 120000 private_repo/ansible/inventory/dev/UCI/keys create mode 100755 private_repo/ansible/inventory/dev/key-generate.sh create mode 120000 private_repo/ansible/inventory/dev/managed-learn/keys diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index a85b01c898..f2d6925eaf 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -397,15 +397,48 @@ grafana_login_whitelisted_emails: |- # Add below var to monitor report-cassandra server report_cassandra_server_count: "{{ groups['report-cassandra'] | length }}" -# graylog -graylog_open_to_public: true -send_logs_to_graylog: true -graylog_root_timezone: "Asia/Kolkata" -graylog_elasticsearch_discovery_enabled: "true" -graylog_allow_leading_wildcard_searches: "true" -graylog_allow_highlighting: "true" -graylog_transport_email_enabled: "true" -graylog_transport_email_hostname: "{{ mail_server_host }}" -graylog_transport_email_auth_username: "apikey" -graylog_transport_email_from_email: "{{ sunbird_mail_server_from_email }}" -graylog_transport_email_use_ssl: "false" \ No newline at end of file +# graylog variables +graylog_open_to_public: true # allows you to access via domain/graylog +send_logs_to_graylog: true # agents starts sending logs to graylog instead of ES +graylog_root_timezone: "Asia/Kolkata" # timezone +graylog_elasticsearch_discovery_enabled: "true" # auto discover ES nodes and version +graylog_allow_leading_wildcard_searches: "true" # allows wild card searching +graylog_allow_highlighting: "true" # shows yellow highlights on matches +graylog_transport_email_enabled: "true" # enables emails to be sent via graylog +graylog_transport_email_hostname: "{{ mail_server_host }}" # email server host name +graylog_transport_email_auth_username: "apikey" # sendgrid / email service api key +graylog_transport_email_from_email: "{{ sunbird_mail_server_from_email }}" # from email address +graylog_transport_email_use_ssl: "false" # cannot use both tls and ssl, so disabling ssl as tls is enabled by default + +# Opa and Adminutils +# Prefixes will match the starting part of the files under keys dirctory in inventory +adminutil__device_keyprefix: "mobile_devicev2_key" # private key prefix for mobile apps +adminutil__device_keystart: 1 # starting number of the key file +adminutil__device_keycount: 10 # ending number of the key file +adminutil__access_keyprefix: "accessv1_key" # private key prefix for user access tokens +adminutil__access_keystart: 1 # starting number of the key file +adminutil__access_keycount: 10 # ending number of the key file +adminutil__desktop_keyprefix: "desktop_devicev2_key" # private key prefix for desktop apps +adminutil__desktop_keystart: 1 # starting number of the key file +adminutil__desktop_keycount: 10 # ending number of the key file +adminutil__portal_anonymous_keyprefix: "portal_anonymous_key" # private key prefix for portal anonymous sessions +adminutil__portal_anonymous_keystart: 1 # starting number of the key file +adminutil__portal_anonymous_keycount: 10 # ending number of the key file +adminutil__portal_loggedin_keyprefix: "portal_loggedin_key" # private key prefix for portal loggedin sessions +adminutil__portal_loggedin_keystart: 1 # starting number of the key file +adminutil__portal_loggedin_keycount: 10 # ending number of the key file +adminutil_embed_role: 'true' # embeds user roles in access tokens + +# Kong and Adminutils +# Consumer names will match the starting part of the files under keys dirctory in inventory +kong_mobile_v2_consumer: "mobile_devicev2" # kong consumer name for mobile apps +kong_desktop_v2_consumer: "desktop_devicev2" # kong consumer name for desktop apps +kong_portal_anonymous_consumer: "portal_anonymous" # kong consumer name for portal anonymous sessions +kong_portal_loggedin_consumer: "portal_loggedin" # kong consumer name for portal loggedin sessions +kong_desktop_device_consumer_names_for_opa: '["desktop_devicev2", "desktop_device"]' # ops checks will be skipped for desktop consumers + +# Portal sessions +sunbird_kong_device_register: 'true' # enables refersh token api call after login +sunbird_kong_device_register_anonymous: 'true' # enabled anonymous sessions +sunbird_session_store_type: redis # uses redis for session data instead of cassandra +portal_redis_connection_string: "redis://:@{{ sunbird_redis_host }}:6379/3" # Uses KP redis and DB number 3 \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/Kubernetes/keys b/private_repo/ansible/inventory/dev/Kubernetes/keys new file mode 120000 index 0000000000..442dd3e557 --- /dev/null +++ b/private_repo/ansible/inventory/dev/Kubernetes/keys @@ -0,0 +1 @@ +../Core/keys/ \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/Sunbird-RC/common.yml b/private_repo/ansible/inventory/dev/Sunbird-RC/common.yml new file mode 120000 index 0000000000..1465b46671 --- /dev/null +++ b/private_repo/ansible/inventory/dev/Sunbird-RC/common.yml @@ -0,0 +1 @@ +../Core/common.yml \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/Sunbird-RC/hosts b/private_repo/ansible/inventory/dev/Sunbird-RC/hosts new file mode 120000 index 0000000000..fb74d690d4 --- /dev/null +++ b/private_repo/ansible/inventory/dev/Sunbird-RC/hosts @@ -0,0 +1 @@ +../Core/hosts \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/Sunbird-RC/keys b/private_repo/ansible/inventory/dev/Sunbird-RC/keys new file mode 120000 index 0000000000..442dd3e557 --- /dev/null +++ b/private_repo/ansible/inventory/dev/Sunbird-RC/keys @@ -0,0 +1 @@ +../Core/keys/ \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/Sunbird-RC/secrets.yml b/private_repo/ansible/inventory/dev/Sunbird-RC/secrets.yml new file mode 120000 index 0000000000..6bbc077aab --- /dev/null +++ b/private_repo/ansible/inventory/dev/Sunbird-RC/secrets.yml @@ -0,0 +1 @@ +../Core/secrets.yml \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/UCI/keys b/private_repo/ansible/inventory/dev/UCI/keys new file mode 120000 index 0000000000..442dd3e557 --- /dev/null +++ b/private_repo/ansible/inventory/dev/UCI/keys @@ -0,0 +1 @@ +../Core/keys/ \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/key-generate.sh b/private_repo/ansible/inventory/dev/key-generate.sh new file mode 100755 index 0000000000..2bf82230b0 --- /dev/null +++ b/private_repo/ansible/inventory/dev/key-generate.sh @@ -0,0 +1,21 @@ +#!/bin/bash +set -euo pipefail +read -s -p 'Enter the ansible vault password (redacted): ' vault_pass +echo +read -s -p 'Re-enter the ansible vault password (redacted): ' confirm_vault_pass +echo +if [[ $vault_pass == $confirm_vault_pass ]] +then + echo "$vault_pass" > temp_vault_pass + cd Core/keys + for i in {1..10}; do openssl genrsa -out mobile_devicev2_c$i 2048 && openssl pkcs8 -topk8 -inform PEM -in mobile_devicev2_c$i -out mobile_devicev2_key$i -nocrypt && rm -rf mobile_devicev2_c$i ; done + for i in {1..10}; do openssl genrsa -out accessv1_c$i 2048 && openssl pkcs8 -topk8 -inform PEM -in accessv1_c$i -out accessv1_key$i -nocrypt && rm -rf accessv1_c$i ; done + for i in {1..10}; do openssl genrsa -out desktop_devicev2_c$i 2048 && openssl pkcs8 -topk8 -inform PEM -in desktop_devicev2_c$i -out desktop_devicev2_key$i -nocrypt && rm -rf desktop_devicev2_c$i ; done + for i in {1..10}; do openssl genrsa -out portal_anonymous_c$i 2048 && openssl pkcs8 -topk8 -inform PEM -in portal_anonymous_c$i -out portal_anonymous_key$i -nocrypt && rm -rf portal_anonymous_c$i ; done + for i in {1..10}; do openssl genrsa -out portal_loggedin_c$i 2048 && openssl pkcs8 -topk8 -inform PEM -in portal_loggedin_c$i -out portal_loggedin_key$i -nocrypt && rm -rf portal_loggedin_c$i ; done + while read -r line; do ansible-vault encrypt $line --vault-password-file ../../temp_vault_pass; done <<< $(ls) + cd ../.. && rm temp_vault_pass + echo "OK" +else + echo "Vault passwords dont match" +fi \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/managed-learn/keys b/private_repo/ansible/inventory/dev/managed-learn/keys new file mode 120000 index 0000000000..442dd3e557 --- /dev/null +++ b/private_repo/ansible/inventory/dev/managed-learn/keys @@ -0,0 +1 @@ +../Core/keys/ \ No newline at end of file From c9297de22071f6ae568bae8cb69e6ee8b15539b4 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Wed, 11 Jan 2023 00:14:51 +0530 Subject: [PATCH 243/434] fear: adding required consumers for sessions Signed-off-by: Keshav Prasad --- .../ansible/inventory/dev/Core/common.yml | 41 ++++++++++++++++--- 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index f2d6925eaf..3397552d63 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -241,11 +241,9 @@ cloudstorage_base_path: "{{ cloud_storage_url }}" valid_cloudstorage_base_urls: '["{{ cloud_storage_url }}"]' cloudstorage_relative_path_prefix: "CONTENT_STORAGE_BASE_PATH" - - # Provide the admin-api consumer access to all API's - The public repo restricts this for security reasons -# If you dont want to key to have access to all API's, please remove the variables kong_all_consumer_groups and kong_consumers or edit the groups to have a smaller subset -kong_all_consumer_groups: +# If you dont want the admin api key to have access to all API's, please remove the variables "all_apis_access_group" and "kong_consumers" or edit the groups to have a smaller subset +all_apis_access_group: - announcementAccess - anonymousAppAccess - anonymousCertificateAccess @@ -367,6 +365,37 @@ kong_all_consumer_groups: kong_consumers: - username: api-admin + groups: "{{ all_apis_access_group }}" + state: present + - username: mobile_admin + groups: "{{ mobile_admin_groups }}" + print_credentials: true + state: present + - username: mobile_app + groups: "{{ mobile_app_groups }}" + state: present + - username: mobile_device + groups: "{{ mobile_device_groups }}" + state: present + - username: mobile_devicev2 + groups: "{{ mobile_device_groups }}" + state: present + - username: portal_anonymous_register + groups: "{{ portal_anonymous_register }}" + state: present + - username: portal_loggedin_register + groups: "{{ portal_loggedin_register }}" + state: present + - username: portal_anonymous + groups: "{{ anonymous_user_groups }}" + state: present + - username: portal_loggedin + groups: "{{ kong_all_consumer_groups }}" + state: present + - username: portal_anonymous_fallback_token + groups: "{{ anonymous_user_groups }}" + state: present + - username: portal_loggedin_fallback_token groups: "{{ kong_all_consumer_groups }}" state: present @@ -439,6 +468,6 @@ kong_desktop_device_consumer_names_for_opa: '["desktop_devicev2", "desktop_devic # Portal sessions sunbird_kong_device_register: 'true' # enables refersh token api call after login -sunbird_kong_device_register_anonymous: 'true' # enabled anonymous sessions +sunbird_kong_device_register_anonymous: 'true' # enables anonymous sessions sunbird_session_store_type: redis # uses redis for session data instead of cassandra -portal_redis_connection_string: "redis://:@{{ sunbird_redis_host }}:6379/3" # Uses KP redis and DB number 3 \ No newline at end of file +portal_redis_connection_string: "redis://:@{{ sunbird_redis_host }}:6379/3" # Uses KP redis and DB number 3 to store session data \ No newline at end of file From c4ac3713c5e12a58dee937c8d6c7a86ab1dc1c30 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Wed, 11 Jan 2023 00:29:16 +0530 Subject: [PATCH 244/434] fix: adding additional set of vars for sessions and graylog Signed-off-by: Keshav Prasad --- .../ansible/inventory/dev/Core/common.yml | 2 +- .../ansible/inventory/dev/Core/secrets.yml | 18 ++++++++++++++++-- .../inventory/dev/DataPipeline/common.yml | 2 ++ .../inventory/dev/KnowledgePlatform/common.yml | 3 ++- 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index 3397552d63..d174f6ea24 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -428,7 +428,7 @@ report_cassandra_server_count: "{{ groups['report-cassandra'] | length }}" # graylog variables graylog_open_to_public: true # allows you to access via domain/graylog -send_logs_to_graylog: true # agents starts sending logs to graylog instead of ES +send_logs_to_graylog: true # filebeat agents will send logs to graylog instead of ES graylog_root_timezone: "Asia/Kolkata" # timezone graylog_elasticsearch_discovery_enabled: "true" # auto discover ES nodes and version graylog_allow_leading_wildcard_searches: "true" # allows wild card searching diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml index 9b8f0f43a5..68261f8ec5 100644 --- a/private_repo/ansible/inventory/dev/Core/secrets.yml +++ b/private_repo/ansible/inventory/dev/Core/secrets.yml @@ -117,7 +117,7 @@ mongodb_keyfile_content: | # 4. Again vist Admin Panel post restart -> Click on Plugins => Write API # 5. Under MASTER TOKENS section, click on create token button, It will generate a token. discussionsmw_nodebb_authorization_token: # Read the comment above to generate this key -core_vault_mail_server_password: "" # Email server password +core_vault_mail_server_password: "" # Email server password / api token # Oauth keys core_vault_sunbird_google_oauth_clientId_portal: # Google oauth client id @@ -126,6 +126,17 @@ core_vault_sunbird_google_captcha_site_key_portal: # Google recaptch site google_captcha_private_key: # Google recaptch private key learning_content_drive_apiKey: # Google drive api key +### Graylog ### +graylog_password_secret: "" # Random secret. Generate using the command: pwgen -s 96 1 +graylog_root_password_sha2: "" # Random secret. Generate using the command: echo -n "Enter Password: " && head -1 Date: Wed, 11 Jan 2023 10:28:05 +0530 Subject: [PATCH 245/434] LR-278 added lern specific variables --- .../roles/stack-sunbird/templates/sunbird_lms-service.env | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 946bf3af10..f1c421a603 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -146,4 +146,7 @@ sunbird_cloud_service_provider={{cloud_service_provider}} isMultiDCEnabled={{cassandra_multi_dc_enabled}} # Release-5.0.1 -cloud_storage_base_url={{cloud_storage_base_url}} \ No newline at end of file +cloud_storage_base_url={{cloud_storage_base_url}} +cloud_storage_cname_url={{ cloud_storage_cname_url | default('') }} +cloud_storage_dial_bucketname={{ cloud_storage_dial_bucketname | default('dial') }} +cloud_storage_path_prefix_dial={{ cloudstorage_relative_path_prefix_dial | default('DIAL_STORAGE_BASE_PATH') }} \ No newline at end of file From 08d628c20729a091ef8da5da6b33d1a2dc19bba9 Mon Sep 17 00:00:00 2001 From: PrasadMoka Date: Wed, 11 Jan 2023 15:22:24 +0530 Subject: [PATCH 246/434] LR-278 added placeholder as configurable value --- ansible/roles/stack-sunbird/defaults/main.yml | 5 ++++- .../roles/stack-sunbird/templates/sunbird_lms-service.env | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index 036fda51bd..bcb4581212 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -1062,4 +1062,7 @@ inquiry_assessment_publish_kafka_topic_name: "{{ env_name }}.assessment.publish. inquiry_cassandra_connection: "{{ lp_cassandra_connection }}" inquiry_cassandra_keyspace_prefix: "{{ lp_cassandra_keyspace_prefix }}" inquiry_redis_host: "{{ sunbird_lp_redis_host }}" -inquiry_search_service_base_url: "{{ sunbird_search_service_api_base_url }}/v3/search" \ No newline at end of file +inquiry_search_service_base_url: "{{ sunbird_search_service_api_base_url }}/v3/search" + +### LERN Release-5.0.1 +cloud_store_base_path_placeholder: "CLOUD_BASE_PATH" \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index f1c421a603..0d5131b418 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -149,4 +149,5 @@ isMultiDCEnabled={{cassandra_multi_dc_enabled}} cloud_storage_base_url={{cloud_storage_base_url}} cloud_storage_cname_url={{ cloud_storage_cname_url | default('') }} cloud_storage_dial_bucketname={{ cloud_storage_dial_bucketname | default('dial') }} -cloud_storage_path_prefix_dial={{ cloudstorage_relative_path_prefix_dial | default('DIAL_STORAGE_BASE_PATH') }} \ No newline at end of file +cloud_storage_path_prefix_dial={{ cloudstorage_relative_path_prefix_dial | default('DIAL_STORAGE_BASE_PATH') }} +cloud_store_base_path_placeholder={{ cloud_store_base_path_placeholder | default('CLOUD_BASE_PATH') }} \ No newline at end of file From 3937d5abe8465c6f14428463211771a1c243e591 Mon Sep 17 00:00:00 2001 From: kumarks1122 Date: Thu, 12 Jan 2023 19:44:17 +0530 Subject: [PATCH 247/434] #000 | LERN and ED Dataproducts jenkins changes added --- .../jobs/AnalyticsReplayJobs/config.xml | 14 +------------- .../Lern/jobs/LernAnalyticsReplayJobs/config.xml | 15 --------------- .../jobs/Lern/jobs/LernDataProducts/config.xml | 2 +- 3 files changed, 2 insertions(+), 29 deletions(-) diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/DataPipeline/jobs/AnalyticsReplayJobs/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/DataPipeline/jobs/AnalyticsReplayJobs/config.xml index 95b1f8c7e4..b65594e17b 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/DataPipeline/jobs/AnalyticsReplayJobs/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/DataPipeline/jobs/AnalyticsReplayJobs/config.xml @@ -48,12 +48,8 @@ <font color=dimgray size=2><b>Specify the job id.</b></font> - collection-summary-report-v2 - collection-summary-report program-collection-summary-report audit-metrics-report - admin-user-reports - admin-geo-reports district-weekly district-monthly desktop-consumption-report @@ -61,18 +57,10 @@ content-rating-updater druid-query-processor monitor-job-summ - course-enrollment-report textbook-progress-report etb-metrics daily-metrics - progress-exhaust - userinfo-exhaust - response-exhaust - progress-exhaust-v2 - response-exhaust-v2 - course-batch-status-updater - cassandra-migration - druid-dataset + druid-dataset uci-response-exhaust uci-private-exhaust diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernAnalyticsReplayJobs/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernAnalyticsReplayJobs/config.xml index cd2ac8b2d1..6567620e9c 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernAnalyticsReplayJobs/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernAnalyticsReplayJobs/config.xml @@ -50,32 +50,17 @@ collection-summary-report-v2 collection-summary-report - program-collection-summary-report - audit-metrics-report admin-user-reports admin-geo-reports - district-weekly - district-monthly - desktop-consumption-report - wfs - content-rating-updater - druid-query-processor - monitor-job-summ cassandra-migration course-enrollment-report - textbook-progress-report - etb-metrics - daily-metrics progress-exhaust userinfo-exhaust response-exhaust progress-exhaust-v2 response-exhaust-v2 course-batch-status-updater - druid-dataset score-metric-migration-job - uci-response-exhaust - uci-private-exhaust diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernDataProducts/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernDataProducts/config.xml index 6f8fd449c2..dba542fd06 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernDataProducts/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernDataProducts/config.xml @@ -230,7 +230,7 @@ return """<b>This parameter is not used</b>""" - pipelines/deploy/ed-dataproducts/Jenkinsfile + pipelines/deploy/lern-dataproducts/Jenkinsfile false From 1ed421fa280edb0921ec14335c9e200bd932a805 Mon Sep 17 00:00:00 2001 From: kumarks1122 Date: Thu, 12 Jan 2023 19:46:28 +0530 Subject: [PATCH 248/434] #000 | LERN and ED Dataproducts jenkins changes added --- .../Deploy/jobs/dev/jobs/Lern/jobs/LernDataProducts/config.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernDataProducts/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernDataProducts/config.xml index dba542fd06..4fa8dea65d 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernDataProducts/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernDataProducts/config.xml @@ -169,7 +169,7 @@ return """<b>This parameter is not used</b>""" module <font color=dimgray size=2><b>It will deploy only lpa_core_dp_artifacts(batch-models & job-manager) jar.</b></font> - ed-dataproducts + lern-dataproducts false From f6227f351191811e98b1e311ba8734108fb63898 Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Fri, 13 Jan 2023 13:38:48 +0530 Subject: [PATCH 249/434] fix: adding adminutil_learner_api_key consumer --- private_repo/ansible/inventory/dev/Core/common.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index d174f6ea24..6010476336 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -398,6 +398,10 @@ kong_consumers: - username: portal_loggedin_fallback_token groups: "{{ kong_all_consumer_groups }}" state: present + - username: adminutil_learner_api_key + groups: "{{ userAccess }}" + state: present + ## Grafana oauth From eb77fcfac79429dc50f392aa1d978f18514ef7bd Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Fri, 13 Jan 2023 13:44:27 +0530 Subject: [PATCH 250/434] fix: adding adminutls to learner api token Signed-off-by: Keshav Prasad --- private_repo/ansible/inventory/dev/Core/secrets.yml | 3 +++ private_repo/ansible/inventory/dev/key-generate.sh | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml index 68261f8ec5..c57a8bd37c 100644 --- a/private_repo/ansible/inventory/dev/Core/secrets.yml +++ b/private_repo/ansible/inventory/dev/Core/secrets.yml @@ -137,6 +137,9 @@ sunbird_loggedin_register_token: # Use portal_loggedin_register consumer tok sunbird_anonymous_default_token: # Use portal_anonymous_fallback_token consumer token sunbird_logged_default_token: # Use portal_loggedin_fallback_token consumer token +# adminutils to learner api token +adminutil_learner_api_auth_key: # Use adminutil_learner_api_key consumer token + # ------------------------------------------------------------------------------------------------------------ # # Optional variables - Can be left blank if you dont plan to use the intended features core_vault_monitor_alerts_slack_url: "" # Slack webhook for alerts from alertmanager diff --git a/private_repo/ansible/inventory/dev/key-generate.sh b/private_repo/ansible/inventory/dev/key-generate.sh index 2bf82230b0..e0514c6dd6 100755 --- a/private_repo/ansible/inventory/dev/key-generate.sh +++ b/private_repo/ansible/inventory/dev/key-generate.sh @@ -7,7 +7,7 @@ echo if [[ $vault_pass == $confirm_vault_pass ]] then echo "$vault_pass" > temp_vault_pass - cd Core/keys + mkdir -p Core/keys && cd Core/keys for i in {1..10}; do openssl genrsa -out mobile_devicev2_c$i 2048 && openssl pkcs8 -topk8 -inform PEM -in mobile_devicev2_c$i -out mobile_devicev2_key$i -nocrypt && rm -rf mobile_devicev2_c$i ; done for i in {1..10}; do openssl genrsa -out accessv1_c$i 2048 && openssl pkcs8 -topk8 -inform PEM -in accessv1_c$i -out accessv1_key$i -nocrypt && rm -rf accessv1_c$i ; done for i in {1..10}; do openssl genrsa -out desktop_devicev2_c$i 2048 && openssl pkcs8 -topk8 -inform PEM -in desktop_devicev2_c$i -out desktop_devicev2_key$i -nocrypt && rm -rf desktop_devicev2_c$i ; done From 6ab68620854580256361bb9fb7b8e703656e35b4 Mon Sep 17 00:00:00 2001 From: G33tha Date: Tue, 17 Jan 2023 16:25:48 +0530 Subject: [PATCH 251/434] Update youtube api key for content service (#3714) --- ansible/roles/stack-sunbird/defaults/main.yml | 6 +++++- .../templates/content-service_application.conf | 6 ++++++ private_repo/ansible/inventory/dev/Core/secrets.yml | 6 +++++- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index 620ec5f4ad..7fbeb17d70 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -1065,4 +1065,8 @@ inquiry_redis_host: "{{ sunbird_lp_redis_host }}" inquiry_search_service_base_url: "{{ sunbird_search_service_api_base_url }}/v3/search" ### LERN Release-5.0.1 -cloud_store_base_path_placeholder: "CLOUD_BASE_PATH" \ No newline at end of file +cloud_store_base_path_placeholder: "CLOUD_BASE_PATH" + +#Youtube Standard Licence Validation +youtube_app_name: fetch-youtube-license +youtube_api_key: "{{ lp_vault_youtube_api_key }}" diff --git a/ansible/roles/stack-sunbird/templates/content-service_application.conf b/ansible/roles/stack-sunbird/templates/content-service_application.conf index bb44a71828..837298ac30 100644 --- a/ansible/roles/stack-sunbird/templates/content-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/content-service_application.conf @@ -490,6 +490,12 @@ cloud_storage_container: "{{ cloud_storage_content_bucketname }}" # Google Drive APIKEY learning_content_drive_apiKey = "{{ learning_content_drive_apiKey }}" +#Youtube Standard Licence Validation +learning.content.youtube.application.name="{{ youtube_app_name }}" +learning_content_youtube_apikey="{{ youtube_api_key }}" +youtube.license.regex.pattern=["\\?vi?=([^&]*)", "watch\\?.*v=([^&]*)", "(?:embed|vi?)/([^/?]*)","^([A-Za-z0-9\\-\\_]*)"] +learning.valid_license=["creativeCommon"] + kafka { urls : "{{ kafka_urls }}" topic.send.enable : true diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml index c57a8bd37c..8bf07e91cd 100644 --- a/private_repo/ansible/inventory/dev/Core/secrets.yml +++ b/private_repo/ansible/inventory/dev/Core/secrets.yml @@ -200,4 +200,8 @@ cloud_private_storage_secret: "{{ cloud_public_storage_secret }}" cloud_artifact_storage_secret: "{{ cloud_public_storage_secret }}" # Graylog -graylog_transport_email_auth_password: "{{ core_vault_mail_server_password }}" # email server password / api token \ No newline at end of file +graylog_transport_email_auth_password: "{{ core_vault_mail_server_password }}" # email server password / api token + +# ------------------------------------------------------------------------------------------------------------ # +# Optional variables - Can be left blank if you dont plan to use the intended features +lp_vault_youtube_api_key: # youtube api token if you want to upload youtube video urls on your site From 07dad19c7ef8585afe9bdefa23827558cf21f21f Mon Sep 17 00:00:00 2001 From: Keshav Prasad Date: Mon, 30 Jan 2023 11:10:13 +0530 Subject: [PATCH 252/434] fix: ED-1164 adding missing UCI job Signed-off-by: Keshav Prasad --- .../UCI/jobs/uci-transport-socket/config.xml | 108 ++++++++++++ .../UCI/jobs/uci-transport-socket/config.xml | 77 +++++++++ .../UCI/jobs/uci-transport-socket/config.xml | 159 ++++++++++++++++++ 3 files changed, 344 insertions(+) create mode 100644 deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/UCI/jobs/uci-transport-socket/config.xml create mode 100644 deploy/jenkins/jobs/Build/jobs/UCI/jobs/uci-transport-socket/config.xml create mode 100644 deploy/jenkins/jobs/Deploy/jobs/dev/jobs/UCI/jobs/uci-transport-socket/config.xml diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/UCI/jobs/uci-transport-socket/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/UCI/jobs/uci-transport-socket/config.xml new file mode 100644 index 0000000000..afba1c3fa0 --- /dev/null +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/UCI/jobs/uci-transport-socket/config.xml @@ -0,0 +1,108 @@ + + + + + hudson.model.ParametersDefinitionProperty + com.sonyericsson.rebuild.RebuildSettings + + + + + false + + + + -1 + 10 + -1 + 1 + + + + + false + false + + + + + absolute_job_path + <font color=dimgray size=2><b>Do not change this value! The metadata.json will be copied from this job.</b></font> + Build/UCI/uci-transport-socket + false + + + image_tag + <font color=darkgreen size=2><b>OPTIONAL: Specify the tag to upload a specific image version to the container registry.</b></font> + + false + + + artifact_source + <font color=dimgray size=2><b> +ArtifactRepo - Push the docker image to container registry. +</b></font> + + + ArtifactRepo + + + + + + + 0 + 0 + + false + project + false + + + + + + + + Build/UCI/uci-transport-socket + + SUCCESS + 0 + BLUE + true + + + + + + + + 2 + + + https://github.com/project-sunbird/sunbird-devops.git + + + + + ${public_repo_branch} + + + false + + + + true + false + + 0 + false + + + + pipelines/upload/docker/Jenkinsfile + false + + + false + diff --git a/deploy/jenkins/jobs/Build/jobs/UCI/jobs/uci-transport-socket/config.xml b/deploy/jenkins/jobs/Build/jobs/UCI/jobs/uci-transport-socket/config.xml new file mode 100644 index 0000000000..c63ac79a73 --- /dev/null +++ b/deploy/jenkins/jobs/Build/jobs/UCI/jobs/uci-transport-socket/config.xml @@ -0,0 +1,77 @@ + + + + + hudson.model.ParametersDefinitionProperty + com.sonyericsson.rebuild.RebuildSettings + + + + + false + + + + -1 + 10 + -1 + 1 + + + + + false + false + + + + + github_release_tag + <font style="color:dimgray;font-size:14px;"><b> +<li>To build from a tag, use refs/tags/github_tag</li> +<li>To build from a branch, use refs/heads/github_branch</li> +<li>The default value of ${public_repo_branch} will be the release / tag version set in global configuration</li> +<li>To build from a differnt branch, replace the ${public_repo_branch} with your branch</li> +</b></font> + refs/heads/${public_repo_branch} + true + + + + + 0 + 0 + + false + project + false + + + + + + + + + + 2 + + + https://github.com/samagra-comms/transport-socket.git + + + + + master + + + false + + + + build/Jenkinsfile + false + + + false + diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/UCI/jobs/uci-transport-socket/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/UCI/jobs/uci-transport-socket/config.xml new file mode 100644 index 0000000000..b418c503df --- /dev/null +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/UCI/jobs/uci-transport-socket/config.xml @@ -0,0 +1,159 @@ + + + + + hudson.model.ParametersDefinitionProperty + com.sonyericsson.rebuild.RebuildSettings + + + + + false + + + + -1 + 10 + -1 + 2 + + + + + false + false + + + + + absolute_job_path + <font color=dimgray size=2><b>Do not change this value! The metadata.json will be copied from this job.</b></font> + ArtifactUpload/dev/UCI/uci-transport-socket + false + + + image_tag + <font color=red size=2><b>CAUTION: If the value is blank, image tag will be taken from the latest metadata.json.</b></font> + + false + + + private_branch + + choice-parameter-2544395024638227 + 1 + + true + + + + true + + + uci-transport-socket + Deploy/dev/UCI/uci-transport-socket + + + ET_FORMATTED_HTML + true + + + branch_or_tag + + choice-parameter-2620434998790477 + 1 + + true + + + + true + + + uci-transport-socket + Deploy/dev/UCI/uci-transport-socket + + + ET_FORMATTED_HTML + true + + + role_name + + + + sunbird-deploy + + + + + + + 0 + 0 + + false + project + false + + + + + + + + ArtifactUpload/dev/UCI/uci-transport-socket + + SUCCESS + 0 + BLUE + true + + + + + + + + 2 + + + https://github.com/project-sunbird/sunbird-devops.git + + + + + uci-transport-socket + + + false + + + + true + false + + 0 + false + + + + kubernetes/pipelines/deploy_core/Jenkinsfile + false + + + false + From 0fd5d9a4da250ce4ac5eafad8a2aecc823c28a0d Mon Sep 17 00:00:00 2001 From: Kenneth Heung Date: Mon, 30 Jan 2023 16:05:06 +0800 Subject: [PATCH 253/434] adding oci-cli in bootstrap and Jenkins job template (#3715) --- ansible/bootstrap.yml | 13 ++++++++-- ansible/roles/oci-cli/defaults/main.yml | 1 + ansible/roles/oci-cli/tasks/main.yml | 24 +++++++++++++++++++ .../dev/jobs/Core/jobs/Bootstrap/config.xml | 5 ++-- 4 files changed, 39 insertions(+), 4 deletions(-) create mode 100644 ansible/roles/oci-cli/defaults/main.yml create mode 100644 ansible/roles/oci-cli/tasks/main.yml diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml index b23479e833..e77a1cb038 100644 --- a/ansible/bootstrap.yml +++ b/ansible/bootstrap.yml @@ -48,7 +48,17 @@ roles: - role: aws-cli tags: - - aws_cli + - aws_cli + +- hosts: "{{ hosts }}" + become: yes + ignore_unreachable: yes + vars_files: + - "{{inventory_dir}}/secrets.yml" + roles: + - role: oci-cli + tags: + - oci_cli - hosts: "{{ hosts| default('all') }}" become: yes @@ -60,4 +70,3 @@ - vm-agents-nodeexporter tags: - node_exporter - diff --git a/ansible/roles/oci-cli/defaults/main.yml b/ansible/roles/oci-cli/defaults/main.yml new file mode 100644 index 0000000000..00a8940a29 --- /dev/null +++ b/ansible/roles/oci-cli/defaults/main.yml @@ -0,0 +1 @@ +oci_cli_url: https://github.com/oracle/oci-cli/releases/download/v3.22.0/oci-cli-3.22.0-Ubuntu-18.04-Offline.zip diff --git a/ansible/roles/oci-cli/tasks/main.yml b/ansible/roles/oci-cli/tasks/main.yml new file mode 100644 index 0000000000..8f21263672 --- /dev/null +++ b/ansible/roles/oci-cli/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Download the installation file + get_url: + url: "{{ oci_cli_url }}" + dest: /tmp/ocicli.zip + +- name: Installing unzip + apt: + name: "{{item}}" + state: latest + with_items: + - zip + - unzip + +- name: Unzip the installer + unarchive: + src: /tmp/ocicli.zip + dest: /tmp/ + remote_src: yes + +- name: install oci cli + shell: ./oci-cli-installation/install.sh --install-dir {{ ansible_env.HOME }} --exec-dir {{ ansible_env.HOME }} --script-dir {{ ansible_env.HOME }} --accept-all-defaults + args: + chdir: /tmp/ diff --git a/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/Bootstrap/config.xml b/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/Bootstrap/config.xml index b95bca2645..e11b5b5843 100644 --- a/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/Bootstrap/config.xml +++ b/deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/Bootstrap/config.xml @@ -96,6 +96,7 @@ return """<b>This parameter is not used</b>""" 'azure_cli', 'aws_cli', 'gcloud_cli', +'oci_cli' 'all'] true @@ -123,7 +124,7 @@ return """<b>This parameter is not used</b>""" false - + @@ -155,4 +156,4 @@ return """<b>This parameter is not used</b>""" false - \ No newline at end of file + From 612fbfa8fc4f5e8c6080e236215b136fa71d2035 Mon Sep 17 00:00:00 2001 From: Akhil <30873558+saiakhil46@users.noreply.github.com> Date: Fri, 3 Feb 2023 20:19:20 +0530 Subject: [PATCH 254/434] ED-1173 OfflineInstaller deploy job fix (#3721) * updated electronuserland/builder tag form wine to 16-wine * added npm update command for electronuserland/builder:16-wine --- ansible/roles/desktop-deploy/templates/build.sh.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible/roles/desktop-deploy/templates/build.sh.j2 b/ansible/roles/desktop-deploy/templates/build.sh.j2 index 2f431915e8..1fd121f219 100644 --- a/ansible/roles/desktop-deploy/templates/build.sh.j2 +++ b/ansible/roles/desktop-deploy/templates/build.sh.j2 @@ -4,8 +4,9 @@ set -eo pipefail cd {{offline_repo_location}}/ # Run the docker image and run the OS Specific build along with environment specific build -docker run -d --env-file envfile --env ELECTRON_CACHE="/root/.cache/electron" --env ELECTRON_BUILDER_CACHE="/root/.cache/electron-builder" --name offline_deploy -w /project electronuserland/builder:wine sleep infinity +docker run -d --env-file envfile --env ELECTRON_CACHE="/root/.cache/electron" --env ELECTRON_BUILDER_CACHE="/root/.cache/electron-builder" --name offline_deploy -w /project electronuserland/builder:16-wine sleep infinity docker cp . offline_deploy:/project/ +docker exec offline_deploy npm install -g npm@9.4.1 docker exec offline_deploy bash -x /project/setupOfflineInstaller.sh # Copy the built artifacts From 06c54e9d288e17750399b08562e14c60f356caee Mon Sep 17 00:00:00 2001 From: anilgupta Date: Mon, 6 Feb 2023 16:33:28 +0530 Subject: [PATCH 255/434] Issue #LR-338 chore: Onboarding the knowlg APIs to lern kong-api --- ansible/roles/kong-api/defaults/main.yml | 2521 +++++++++++++++++++++- 1 file changed, 2418 insertions(+), 103 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index b01cf86c01..ee7b207768 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -4065,6 +4065,272 @@ kong_apis: config.required: true config.enabled: true +- name: getCourseHierarchy + uris: "{{ course_service_prefix }}/v1/hierarchy" + upstream_url: "{{ knowledge_mw_service_url }}/v1/course/hierarchy" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +#################################### +- name: LicenseAPI + uris: "{{ license_api_prefix }}/v3" + upstream_url: "{{ content_service_url }}/license/v3" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - appAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: createChannel + uris: "{{ channel_service_prefix }}/v1/create" + upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - channelCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: updateChannel + uris: "{{ channel_service_prefix }}/v1/update" + upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - channelUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readChannel + uris: "{{ channel_service_prefix }}/v1/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/read" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ x_large_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: listChannel + uris: "{{ channel_service_prefix }}/v1/list" + upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/list" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - channelAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: searchChannel + uris: "{{ channel_service_prefix }}/v1/search" + upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - channelAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: createFramework + uris: "{{ framework_service_prefix }}/v1/create" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ x_medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: createFrameworkCategory + uris: "{{ framework_service_prefix }}/v1/category/create" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/category/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: createFrameworkTerm + uris: "{{ framework_service_prefix }}/v1/term/create" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/term/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: updateFramework + uris: "{{ framework_service_prefix }}/v1/update" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: updateFrameworkCategory + uris: "{{ framework_service_prefix }}/v1/category/update" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/category/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: updateFrameworkTerm + uris: "{{ framework_service_prefix }}/v1/term/update" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/term/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + - name: readFramework uris: "{{ framework_service_prefix }}/v1/read" upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/read" @@ -4074,17 +4340,1930 @@ kong_apis: - "{{ statsd_pulgin }}" - name: rate-limiting config.policy: local - config.hour: "{{ premium_consumer_large_rate_limit_per_hour }}" - config.limit_by: ip + config.hour: "{{ premium_consumer_large_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readFrameworkCategory + uris: "{{ framework_service_prefix }}/v1/category/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/category/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readFrameworkTerm + uris: "{{ framework_service_prefix }}/v1/term/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/term/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ x_large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: publishFramework + uris: "{{ framework_service_prefix }}/v1/publish" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/publish" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: listFramework + uris: "{{ framework_service_prefix }}/v1/list" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/list" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ x_medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: copyFramework + uris: "{{ framework_service_prefix }}/v1/copy" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/copy" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: searchFrameworkCategory + uris: "{{ framework_service_prefix }}/v1/category/search" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/category/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: searchFrameworkTerm + uris: "{{ framework_service_prefix }}/v1/term/search" + upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/term/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: createObjectCategory + uris: "{{ object_category_prefix }}/v1/create" + upstream_url: "{{ taxonomy_service_url }}/object/category/v4/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ small_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readObjectCategory + uris: "{{ object_category_prefix }}/v1/read" + upstream_url: "{{ taxonomy_service_url }}/object/category/v4/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ x_medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: updateObjectCategory + uris: "{{ object_category_prefix }}/v1/update" + upstream_url: "{{ taxonomy_service_url }}/object/category/v4/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ small_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: createObjectCategoryDefinition + uris: "{{ object_category_definition_prefix }}/v1/create" + upstream_url: "{{ taxonomy_service_url }}/object/category/definition/v4/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ small_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readObjectCategoryDefinition + uris: "{{ object_category_definition_prefix }}/v1/read" + upstream_url: "{{ taxonomy_service_url }}/object/category/definition/v4/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ x_medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: updateObjectCategoryDefinition + uris: "{{ object_category_definition_prefix }}/v1/update" + upstream_url: "{{ taxonomy_service_url }}/object/category/definition/v4/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - frameworkUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ small_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: createAsset + uris: "{{ asset_prefix }}/v1/create" + upstream_url: "{{ content_service_url }}/asset/v4/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: updateAsset + uris: "{{ asset_prefix }}/v1/update" + upstream_url: "{{ content_service_url }}/asset/v4/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readAsset + uris: "{{ asset_prefix }}/v1/read" + upstream_url: "{{ content_service_url }}/asset/v4/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - anonymousContentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: uploadAsset + uris: "{{ asset_prefix }}/v1/upload" + upstream_url: "{{ content_service_url }}/asset/v4/upload" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: uploadUrlAsset + uris: "{{ asset_prefix }}/v1/upload/url" + upstream_url: "{{ content_service_url }}/asset/v4/upload/url" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: copyAsset + uris: "{{ asset_prefix }}/v1/copy" + upstream_url: "{{ content_service_url }}/asset/v4/copy" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: createContent + uris: "{{ content_prefix }}/v1/create" + upstream_url: "{{ knowledge_mw_service_url }}/action/content/v3/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: getContentUploadUrl + uris: "{{ content_prefix }}/v1/upload/url/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/upload/url" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: publishContent + uris: "{{ content_prefix }}/v1/publish" + upstream_url: "{{ content_service_url }}/content/v3/publish" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: unlistedPublishContent + uris: "{{ content_prefix }}/v1/unlisted/publish" + upstream_url: "{{ content_service_url }}/content/v3/unlisted/publish" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readContent + uris: "{{ content_prefix }}/v1/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/read" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: contentPrivateRead + uris: "{{ content_prefix }}/v1/private/read" + upstream_url: "{{ content_service_url }}/content/v4/private/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: rejectContent + uris: "{{ content_prefix }}/v1/reject" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/reject" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: rejectContentFlag + uris: "{{ content_prefix }}/v1/flag/reject" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/flag/reject" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: acceptContentFlag + uris: "{{ content_prefix }}/v1/flag/accept" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/flag/accept" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: retireContent + uris: "{{ content_prefix }}/v1/retire" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/retire" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: searchContent + uris: "{{ content_prefix }}/v1/search" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/search" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: submitContentForReview + uris: "{{ content_prefix }}/v1/review" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/review" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: updateContent + uris: "{{ content_prefix }}/v1/update" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: uploadContent + uris: "{{ content_prefix }}/v1/upload" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/upload" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ large_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: copyContent + uris: "{{ content_prefix }}/v1/copy" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/copy" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: contentImportAPI + uris: "{{ content_prefix }}/v1/import" + upstream_url: "{{ content_service_url }}/content/v3/import" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: createContentV2 + uris: "{{ content_prefix }}/v2/create" + upstream_url: "{{ content_service_url }}/content/v4/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: updateContentV2 + uris: "{{ content_prefix }}/v2/update" + upstream_url: "{{ content_service_url }}/content/v4/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readContentV2 + uris: "{{ content_prefix }}/v2/read" + upstream_url: "{{ content_service_url }}/content/v4/read" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: uploadUrlContentV2 + uris: "{{ content_prefix }}/v2/upload/url" + upstream_url: "{{ content_service_url }}/content/v4/upload/url" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: uploadContentV2 + uris: "{{ content_prefix }}/v2/upload" + upstream_url: "{{ content_service_url }}/content/v4/upload" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: copyContentV2 + uris: "{{ content_prefix }}/v2/copy" + upstream_url: "{{ content_service_url }}/content/v4/copy" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: importContentV2 + uris: "{{ content_prefix }}/v2/import" + upstream_url: "{{ content_service_url }}/content/v4/import" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: flagContentV2 + uris: "{{ content_prefix }}/v2/flag" + upstream_url: "{{ content_service_url }}/content/v4/flag" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: acceptFlagContentV2 + uris: "{{ content_prefix }}/v2/flag/accept" + upstream_url: "{{ content_service_url }}/content/v4/flag/accept" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: discardContentV2 + uris: "{{ content_prefix }}/v2/discard" + upstream_url: "{{ content_service_url }}/content/v4/discard" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: retireContentV2 + uris: "{{ content_prefix }}/v2/retire" + upstream_url: "{{ content_service_url }}/content/v4/retire" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: reviewContentV2 + uris: "{{ content_prefix }}/v2/review" + upstream_url: "{{ content_service_url }}/content/v4/review" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: rejectContentV2 + uris: "{{ content_prefix }}/v2/reject" + upstream_url: "{{ content_service_url }}/content/v4/reject" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: PrivateContentCreateAPIs + uris: "{{ private_content_prefix }}/v3/create" + upstream_url: "{{ content_service_url }}/content/v3/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentSuperAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: PrivateContentReadAPIs + uris: "{{ private_content_prefix }}/v3/read" + upstream_url: "{{ content_service_url }}/content/v3/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentSuperAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: PrivateContentUpdateAPIs + uris: "{{ private_content_prefix }}/v3/update" + upstream_url: "{{ content_service_url }}/content/v3/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentSuperAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: PrivateContentRetireAPI + uris: "{{ private_content_prefix }}/v3/retire" + upstream_url: "{{ vm_learning_service_url }}/content/v3/retire" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentSuperAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: PrivateContentUploadAPI + uris: "{{ private_content_prefix }}/v3/upload" + upstream_url: "{{ content_service_url }}/content/v3/upload" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentSuperAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: PrivateContentReviewAPI + uris: "{{ private_content_prefix }}/v3/review" + upstream_url: "{{ vm_learning_service_url }}/content/v3/review" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentSuperAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: PrivateContentPublishAPI + uris: "{{ private_content_prefix }}/v3/publish" + upstream_url: "{{ vm_learning_service_url }}/content/v3/publish" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentSuperAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: PrivateContentRejectAPI + uris: "{{ private_content_prefix }}/v3/reject" + upstream_url: "{{ vm_learning_service_url }}/content/v3/reject" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentSuperAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: PrivateContentHierarchyAPI + uris: "{{ private_content_prefix }}/v3/hierarchy" + upstream_url: "{{ content_service_url }}/content/v3/hierarchy" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentSuperAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionCreate + uris: "{{ collection_prefix }}/v1/create" + upstream_url: "{{ content_service_url }}/collection/v4/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionRead + uris: "{{ collection_prefix }}/v1/read" + upstream_url: "{{ content_service_url }}/collection/v4/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - anonymousContentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionPrivateRead + uris: "{{ collection_prefix }}/v1/private/read" + upstream_url: "{{ content_service_url }}/collection/v4/private/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionReview + uris: "{{ collection_prefix }}/v1/review" + upstream_url: "{{ content_service_url }}/collection/v4/review" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionReject + uris: "{{ collection_prefix }}/v1/reject" + upstream_url: "{{ content_service_url }}/collection/v4/reject" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: acceptCollectionFlag + uris: "{{ collection_prefix }}/v1/flag/accept" + upstream_url: "{{ content_service_url }}/collection/v4/flag/accept" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionUpdate + uris: "{{ collection_prefix }}/v1/update" + upstream_url: "{{ content_service_url }}/collection/v4/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionFlag + uris: "{{ collection_prefix }}/v1/flag" + upstream_url: "{{ content_service_url }}/collection/v4/flag" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionDiscard + uris: "{{ collection_prefix }}/v1/discard" + upstream_url: "{{ content_service_url }}/collection/v4/discard" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionRetire + uris: "{{ collection_prefix }}/v1/retire" + upstream_url: "{{ content_service_url }}/collection/v4/retire" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionHierarchyAdd + uris: "{{ collection_prefix }}/v1/hierarchy/add" + upstream_url: "{{ content_service_url }}/collection/v4/hierarchy/add" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionHierarchyRemove + uris: "{{ collection_prefix }}/v1/hierarchy/remove" + upstream_url: "{{ content_service_url }}/collection/v4/hierarchy/remove" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionHierarchyUpdate + uris: "{{ collection_prefix }}/v1/hierarchy/update" + upstream_url: "{{ content_service_url }}/collection/v4/hierarchy/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionHierarchyRead + uris: "{{ collection_prefix }}/v1/hierarchy" + upstream_url: "{{ content_service_url }}/collection/v4/hierarchy" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - anonymousContentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionCopy + uris: "{{ collection_prefix }}/v1/copy" + upstream_url: "{{ content_service_url }}/collection/v4/copy" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionImport + uris: "{{ collection_prefix }}/v1/import" + upstream_url: "{{ content_service_url }}/collection/v4/import" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: collectionExport + uris: "{{ collection_prefix }}/v1/export" + upstream_url: "{{ content_service_url }}/collection/v4/export" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: compositeSearch + uris: "{{ composite_service_prefix }}/v1/search" + upstream_url: "{{ knowledge_mw_service_url }}/v1/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - contentTempAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: compositePrivateSearch + uris: "{{ composite_service_prefix }}/v1/private/search" + upstream_url: "{{ knowledge_mw_service_url }}/v3/private/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: integrationAppRead + uris: "{{ integration_app_prefix }}/v1/read" + upstream_url: "{{ content_service_url }}/app/v4/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ small_request_size_limit }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: getFileUploadUrls + uris: "{{ cloud_service_prefix }}/mlcore/v1/files/preSignedUrls" + upstream_url: "{{ ml_core_service_url }}/v1/cloud-services/files/preSignedUrls" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - cloudUrlsCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: createPublisher + uris: "{{ dialcode_service_prefix }}/v1/publisher/create" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/publisher/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - dialcodeCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: generateDialcodes + uris: "{{ dialcode_service_prefix }}/v1/generate" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/generate" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - dialcodeCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: linkDialcodeContent + uris: "{{ dialcode_service_prefix }}/v1/content/link" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/content/link" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - dialcodeCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: listDialcodes + uris: "{{ dialcode_service_prefix }}/v1/list" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/list" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - dialcodeAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: publishDialcode + uris: "{{ dialcode_service_prefix }}/v1/publish" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/publish" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - dialcodeAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: qrCodeBatchProcessRetry + uris: "{{ dialcode_service_prefix }}/v1/process/retry" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/process/retry" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - dialcodeUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: qrCodeBatchProcessStatus + uris: "{{ dialcode_service_prefix }}/v1/process/status" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/process/status" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - dialcodeAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readDialcode + uris: "{{ dialcode_service_prefix }}/v1/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - dialcodeAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readDialcodeV2 + uris: "{{ dialcode_service_prefix }}/v2/read" + upstream_url: "{{ knowledge_mw_service_url }}/v2/dialcode/read" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readDIALCodesBatchInfo + uris: "{{ dialcode_service_prefix }}/v2/read/batch" + upstream_url: "{{ dial_service_url }}/dialcode/v4/batch/read" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: readPublisher + uris: "{{ dialcode_service_prefix }}/v1/publisher/read" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/publisher/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - dialcodeCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: releaseDialcode + uris: "{{ dialcode_service_prefix }}/v1/release" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/release" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - dialcodeAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: reserveDialcode + uris: "{{ dialcode_service_prefix }}/v1/reserve" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/reserve" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - dialcodeAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: searchDialcodes + uris: "{{ dialcode_service_prefix }}/v1/search" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - dialcodeAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: readFrameworkCategory - uris: "{{ framework_service_prefix }}/v1/category/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/category/read" +- name: updateDialcode + uris: "{{ dialcode_service_prefix }}/v1/update" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/update" strip_uri: true plugins: - name: jwt @@ -4092,10 +6271,10 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkAccess + - dialcodeUpdate - name: rate-limiting config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" @@ -4103,9 +6282,9 @@ kong_apis: config.required: false config.enabled: false -- name: readFrameworkTerm - uris: "{{ framework_service_prefix }}/v1/term/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/term/read" +- name: updateDialcodeV2 + uris: "{{ dialcode_service_prefix }}/v2/update" + upstream_url: "{{ knowledge_mw_service_url }}/v2/dialcode/update" strip_uri: true plugins: - name: jwt @@ -4113,10 +6292,10 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkAccess + - dialcodeUpdate - name: rate-limiting config.policy: local - config.hour: "{{ x_large_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" @@ -4124,9 +6303,9 @@ kong_apis: config.required: false config.enabled: false -- name: listFramework - uris: "{{ framework_service_prefix }}/v1/list" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/list" +- name: updatePublisher + uris: "{{ dialcode_service_prefix }}/v1/publisher/update" + upstream_url: "{{ knowledge_mw_service_url }}/v1/dialcode/publisher/update" strip_uri: true plugins: - name: jwt @@ -4134,10 +6313,10 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkAccess + - dialcodeUpdate - name: rate-limiting config.policy: local - config.hour: "{{ x_medium_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" @@ -4145,9 +6324,9 @@ kong_apis: config.required: false config.enabled: false -- name: searchFrameworkCategory - uris: "{{ framework_service_prefix }}/v1/category/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/category/search" +- name: pluginSearch + uris: "{{ plugin_service_prefix }}/v1/search" + upstream_url: "{{ knowledge_mw_service_url }}/v1/plugins/search" strip_uri: true plugins: - name: jwt @@ -4155,10 +6334,10 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkAccess + - pluginAccess - name: rate-limiting config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" @@ -4166,9 +6345,9 @@ kong_apis: config.required: false config.enabled: false -- name: searchFrameworkTerm - uris: "{{ framework_service_prefix }}/v1/term/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/framework/term/search" +- name: assessmentItemCreate + uris: "{{ assessment_prefix }}/v1/items/create" + upstream_url: "{{ vm_learning_service_url }}/assessment/v3/items/create" strip_uri: true plugins: - name: jwt @@ -4176,37 +6355,104 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkAccess + - assessmentAccess - name: rate-limiting config.policy: local - config.hour: "{{ large_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: readContent - uris: "{{ content_prefix }}/v1/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/read" +- name: assessmentItemUpdate + uris: "{{ assessment_prefix }}/v1/items/update" + upstream_url: "{{ vm_learning_service_url }}/assessment/v3/items/update" strip_uri: true plugins: + - name: jwt - name: cors - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - assessmentAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: assessmentItemRetire + uris: "{{ assessment_prefix }}/v1/items/retire" + upstream_url: "{{ vm_learning_service_url }}/assessment/v3/items/retire" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - assessmentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: assessmentItemRead + uris: "{{ assessment_prefix }}/v1/items/read" + upstream_url: "{{ vm_learning_service_url }}/assessment/v3/items/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - assessmentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: contentBundle + uris: "{{ content_prefix }}/v1/bundle" + upstream_url: "{{ vm_learning_service_url }}/content/v3/bundle" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: contentPrivateRead - uris: "{{ content_prefix }}/v1/private/read" - upstream_url: "{{ content_service_url }}/content/v4/private/read" +- name: ItemSetAPIs + uris: "{{ itemset_prefix }}/v1" + upstream_url: "{{ knowledge_mw_service_url }}/itemset/v1" strip_uri: true plugins: - name: jwt @@ -4214,7 +6460,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAccess + - itemSetAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4225,9 +6471,9 @@ kong_apis: config.required: false config.enabled: false -- name: searchContent - uris: "{{ content_prefix }}/v1/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/content/search" +- name: readForm + uris: "{{ data_service_prefix }}/v1/form/read" + upstream_url: "{{ player_service_url }}/plugin/v1/form/read" strip_uri: true plugins: - name: cors @@ -4237,18 +6483,56 @@ kong_apis: config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: ip - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: readContentV2 - uris: "{{ content_prefix }}/v2/read" - upstream_url: "{{ content_service_url }}/content/v4/read" +- name: createForm + uris: "{{ data_service_prefix }}/v1/form/create" + upstream_url: "{{ player_service_url }}/plugin/v1/form/create" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: updateForm + uris: "{{ data_service_prefix }}/v1/form/update" + upstream_url: "{{ player_service_url }}/plugin/v1/form/update" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: updateCollaborators + uris: "{{ content_prefix }}/v1/collaborator/update" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/collaborator/update" strip_uri: true plugins: + - name: jwt - name: cors - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4259,9 +6543,9 @@ kong_apis: config.required: false config.enabled: false -- name: PrivateContentReadAPIs - uris: "{{ private_content_prefix }}/v3/read" - upstream_url: "{{ content_service_url }}/content/v3/read" +- name: linkDialcodeContentV1 + uris: "{{ content_prefix }}/v1/dialcode/link" + upstream_url: "{{ content_service_url }}/content/v3/dialcode/link" strip_uri: true plugins: - name: jwt @@ -4269,7 +6553,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentSuperAdmin + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4280,9 +6564,9 @@ kong_apis: config.required: false config.enabled: false -- name: collectionRead - uris: "{{ collection_prefix }}/v1/read" - upstream_url: "{{ content_service_url }}/collection/v4/read" +- name: reserveDialcodeContent + uris: "{{ content_prefix }}/v1/dialcode/reserve" + upstream_url: "{{ content_service_url }}/content/v3/dialcode/reserve" strip_uri: true plugins: - name: jwt @@ -4290,20 +6574,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - anonymousContentAccess + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: collectionPrivateRead - uris: "{{ collection_prefix }}/v1/private/read" - upstream_url: "{{ content_service_url }}/collection/v4/private/read" +- name: linkDialcodeCollection + uris: "{{ collection_prefix }}/v1/dialcode/link" + upstream_url: "{{ content_service_url }}/collection/v4/dialcode/link" strip_uri: true plugins: - name: jwt @@ -4311,20 +6595,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAccess + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: collectionHierarchyRead - uris: "{{ collection_prefix }}/v1/hierarchy" - upstream_url: "{{ content_service_url }}/collection/v4/hierarchy" +- name: linkDialcodeContentV2 + uris: "{{ content_prefix }}/v2/dialcode/link" + upstream_url: "{{ content_service_url }}/content/v4/dialcode/link" strip_uri: true plugins: - name: jwt @@ -4332,20 +6616,20 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - anonymousContentAccess + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: compositeSearch - uris: "{{ composite_service_prefix }}/v1/search" - upstream_url: "{{ knowledge_mw_service_url }}/v1/search" +- name: reserveDialcodeContentV2 + uris: "{{ content_prefix }}/v2/dialcode/reserve" + upstream_url: "{{ content_service_url }}/content/v4/dialcode/reserve" strip_uri: true plugins: - name: jwt @@ -4353,8 +6637,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin - - contentTempAccess + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4365,9 +6648,9 @@ kong_apis: config.required: false config.enabled: false -- name: compositePrivateSearch - uris: "{{ composite_service_prefix }}/v1/private/search" - upstream_url: "{{ knowledge_mw_service_url }}/v3/private/search" +- name: releaseDialcodeContentV2 + uris: "{{ content_prefix }}/v2/dialcode/release" + upstream_url: "{{ content_service_url }}/content/v4/dialcode/release" strip_uri: true plugins: - name: jwt @@ -4375,7 +6658,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4386,9 +6669,9 @@ kong_apis: config.required: false config.enabled: false -- name: getFileUploadUrls - uris: "{{ cloud_service_prefix }}/mlcore/v1/files/preSignedUrls" - upstream_url: "{{ ml_core_service_url }}/v1/cloud-services/files/preSignedUrls" +- name: reserveDialcodeCollection + uris: "{{ collection_prefix }}/v1/dialcode/reserve" + upstream_url: "{{ content_service_url }}/collection/v4/dialcode/reserve" strip_uri: true plugins: - name: jwt @@ -4396,7 +6679,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - cloudUrlsCreate + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4407,61 +6690,72 @@ kong_apis: config.required: false config.enabled: false -- name: readForm - uris: "{{ data_service_prefix }}/v1/form/read" - upstream_url: "{{ player_service_url }}/plugin/v1/form/read" +- name: releaseDialcodeCollection + uris: "{{ collection_prefix }}/v1/dialcode/release" + upstream_url: "{{ content_service_url }}/collection/v4/dialcode/release" strip_uri: true plugins: + - name: jwt - name: cors - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip + config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ medium_request_size_limit }}" + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false - - -- name: readChannel - uris: "{{ channel_service_prefix }}/v1/read" - upstream_url: "{{ knowledge_mw_service_url }}/v1/channel/read" + +- name: publishContentV2 + uris: "{{ content_prefix }}/v2/publish" + upstream_url: "{{ content_service_url }}/content/v4/publish" strip_uri: true plugins: + - name: jwt - name: cors - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin - name: rate-limiting config.policy: local - config.hour: "{{ x_large_rate_limit_per_hour }}" - config.limit_by: ip + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false - config.enabled: false + config.enabled: false -- name: getCourseHierarchy - uris: "{{ course_service_prefix }}/v1/hierarchy" - upstream_url: "{{ knowledge_mw_service_url }}/v1/course/hierarchy" +- name: unlistedPublishContentV2 + uris: "{{ content_prefix }}/v2/unlisted/publish" + upstream_url: "{{ content_service_url }}/content/v4/unlisted/publish" strip_uri: true plugins: + - name: jwt - name: cors - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" - config.limit_by: ip + config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false -- name: readObjectCategoryDefinition - uris: "{{ object_category_definition_prefix }}/v1/read" - upstream_url: "{{ taxonomy_service_url }}/object/category/definition/v4/read" +- name: publishCollection + uris: "{{ collection_prefix }}/v1/publish" + upstream_url: "{{ content_service_url }}/collection/v4/publish" strip_uri: true plugins: - name: jwt @@ -4469,10 +6763,10 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkAccess + - contentAdmin - name: rate-limiting config.policy: local - config.hour: "{{ x_medium_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" @@ -4480,9 +6774,9 @@ kong_apis: config.required: false config.enabled: false -- name: readObjectCategory - uris: "{{ object_category_prefix }}/v1/read" - upstream_url: "{{ taxonomy_service_url }}/object/category/v4/read" +- name: unlistedPublishCollection + uris: "{{ collection_prefix }}/v1/unlisted/publish" + upstream_url: "{{ content_service_url }}/collection/v4/unlisted/publish" strip_uri: true plugins: - name: jwt @@ -4490,13 +6784,34 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkAccess + - contentAdmin - name: rate-limiting config.policy: local - config.hour: "{{ x_medium_rate_limit_per_hour }}" + config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false - config.enabled: false \ No newline at end of file + config.enabled: false + +- name: createLock + uris: "{{ lock_service_prefix }}/v1/create" + upstream_url: "{{ knowledge_mw_service_url }}/v1/lock/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: true + config.enabled: true \ No newline at end of file From d039a94312417ad0d2d35e54a0b1e1bc56cd4af4 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 7 Feb 2023 10:31:35 +0530 Subject: [PATCH 256/434] Issue #LR-338 chore: Fix the formatting. --- ansible/roles/kong-api/defaults/main.yml | 244 +++++++++++------------ 1 file changed, 122 insertions(+), 122 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index ee7b207768..813e557c7c 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -4093,7 +4093,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - appAdmin + - appAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4114,7 +4114,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - channelCreate + - channelCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4135,7 +4135,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - channelUpdate + - channelUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4173,7 +4173,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - channelAccess + - channelAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4194,7 +4194,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - channelAdmin + - channelAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4215,7 +4215,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkCreate + - frameworkCreate - name: rate-limiting config.policy: local config.hour: "{{ x_medium_rate_limit_per_hour }}" @@ -4236,7 +4236,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkCreate + - frameworkCreate - name: rate-limiting config.policy: local config.hour: "{{ large_rate_limit_per_hour }}" @@ -4257,7 +4257,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkCreate + - frameworkCreate - name: rate-limiting config.policy: local config.hour: "{{ large_rate_limit_per_hour }}" @@ -4278,7 +4278,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkUpdate + - frameworkUpdate - name: rate-limiting config.policy: local config.hour: "{{ large_rate_limit_per_hour }}" @@ -4299,7 +4299,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkUpdate + - frameworkUpdate - name: rate-limiting config.policy: local config.hour: "{{ large_rate_limit_per_hour }}" @@ -4320,7 +4320,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkUpdate + - frameworkUpdate - name: rate-limiting config.policy: local config.hour: "{{ large_rate_limit_per_hour }}" @@ -4358,7 +4358,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkAccess + - frameworkAccess - name: rate-limiting config.policy: local config.hour: "{{ large_rate_limit_per_hour }}" @@ -4379,7 +4379,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkAccess + - frameworkAccess - name: rate-limiting config.policy: local config.hour: "{{ x_large_rate_limit_per_hour }}" @@ -4400,7 +4400,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkAdmin + - frameworkAdmin - name: rate-limiting config.policy: local config.hour: "{{ large_rate_limit_per_hour }}" @@ -4421,7 +4421,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkAccess + - frameworkAccess - name: rate-limiting config.policy: local config.hour: "{{ x_medium_rate_limit_per_hour }}" @@ -4442,7 +4442,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkCreate + - frameworkCreate - name: rate-limiting config.policy: local config.hour: "{{ large_rate_limit_per_hour }}" @@ -4463,7 +4463,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkAccess + - frameworkAccess - name: rate-limiting config.policy: local config.hour: "{{ large_rate_limit_per_hour }}" @@ -4484,7 +4484,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkAccess + - frameworkAccess - name: rate-limiting config.policy: local config.hour: "{{ large_rate_limit_per_hour }}" @@ -4505,7 +4505,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkCreate + - frameworkCreate - name: rate-limiting config.policy: local config.hour: "{{ small_rate_limit_per_hour }}" @@ -4526,7 +4526,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkAccess + - frameworkAccess - name: rate-limiting config.policy: local config.hour: "{{ x_medium_rate_limit_per_hour }}" @@ -4547,7 +4547,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkUpdate + - frameworkUpdate - name: rate-limiting config.policy: local config.hour: "{{ small_rate_limit_per_hour }}" @@ -4568,7 +4568,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkCreate + - frameworkCreate - name: rate-limiting config.policy: local config.hour: "{{ small_rate_limit_per_hour }}" @@ -4589,7 +4589,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkAccess + - frameworkAccess - name: rate-limiting config.policy: local config.hour: "{{ x_medium_rate_limit_per_hour }}" @@ -4610,7 +4610,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - frameworkUpdate + - frameworkUpdate - name: rate-limiting config.policy: local config.hour: "{{ small_rate_limit_per_hour }}" @@ -4631,7 +4631,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - contentCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4652,7 +4652,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4673,7 +4673,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - anonymousContentAccess + - anonymousContentAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4694,7 +4694,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - contentCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4715,7 +4715,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - contentCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4736,7 +4736,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - contentCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4757,7 +4757,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - contentCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4778,7 +4778,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4799,7 +4799,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4820,7 +4820,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4858,7 +4858,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAccess + - contentAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4879,7 +4879,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4900,7 +4900,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4921,7 +4921,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4942,7 +4942,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -4980,7 +4980,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5001,7 +5001,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5022,7 +5022,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - contentCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5043,7 +5043,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - contentCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5064,7 +5064,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - contentCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5085,7 +5085,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - contentCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5106,7 +5106,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5144,7 +5144,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - contentCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5165,7 +5165,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - contentCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5186,7 +5186,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - contentCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5207,7 +5207,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - contentCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5228,7 +5228,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5249,7 +5249,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5270,7 +5270,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5291,7 +5291,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5312,7 +5312,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5333,7 +5333,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5354,7 +5354,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentSuperAdmin + - contentSuperAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5375,7 +5375,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentSuperAdmin + - contentSuperAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5396,7 +5396,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentSuperAdmin + - contentSuperAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5417,7 +5417,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentSuperAdmin + - contentSuperAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5438,7 +5438,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentSuperAdmin + - contentSuperAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5459,7 +5459,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentSuperAdmin + - contentSuperAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5480,7 +5480,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentSuperAdmin + - contentSuperAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5501,7 +5501,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentSuperAdmin + - contentSuperAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5522,7 +5522,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentSuperAdmin + - contentSuperAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5543,7 +5543,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - contentCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5564,7 +5564,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - anonymousContentAccess + - anonymousContentAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5585,7 +5585,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAccess + - contentAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5606,7 +5606,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5627,7 +5627,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5648,7 +5648,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5669,7 +5669,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5690,7 +5690,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5711,7 +5711,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5732,7 +5732,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5753,7 +5753,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5774,7 +5774,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5795,7 +5795,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5816,7 +5816,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - anonymousContentAccess + - anonymousContentAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5837,7 +5837,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - contentCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5858,7 +5858,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - contentCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5879,7 +5879,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAccess + - contentAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5900,7 +5900,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - contentTempAccess - name: rate-limiting config.policy: local @@ -5922,7 +5922,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5943,7 +5943,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAccess + - contentAccess - name: rate-limiting config.policy: local config.hour: "{{ small_request_size_limit }}" @@ -5964,7 +5964,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - cloudUrlsCreate + - cloudUrlsCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5985,7 +5985,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - dialcodeCreate + - dialcodeCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6006,7 +6006,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - dialcodeCreate + - dialcodeCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6027,7 +6027,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - dialcodeCreate + - dialcodeCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6048,7 +6048,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - dialcodeAccess + - dialcodeAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6069,7 +6069,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - dialcodeAdmin + - dialcodeAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6090,7 +6090,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - dialcodeUpdate + - dialcodeUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6111,7 +6111,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - dialcodeAccess + - dialcodeAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6132,7 +6132,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - dialcodeAccess + - dialcodeAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6187,7 +6187,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - dialcodeCreate + - dialcodeCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6208,7 +6208,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - dialcodeAdmin + - dialcodeAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6229,7 +6229,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - dialcodeAdmin + - dialcodeAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6250,7 +6250,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - dialcodeAccess + - dialcodeAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6271,7 +6271,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - dialcodeUpdate + - dialcodeUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6292,7 +6292,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - dialcodeUpdate + - dialcodeUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6313,7 +6313,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - dialcodeUpdate + - dialcodeUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6334,7 +6334,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - pluginAccess + - pluginAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6355,7 +6355,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - assessmentAccess + - assessmentAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6376,7 +6376,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - assessmentAccess + - assessmentAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6397,7 +6397,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - assessmentAccess + - assessmentAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6418,7 +6418,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - assessmentAccess + - assessmentAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6439,7 +6439,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6460,7 +6460,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - itemSetAdmin + - itemSetAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6532,7 +6532,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6553,7 +6553,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6574,7 +6574,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6595,7 +6595,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6616,7 +6616,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6637,7 +6637,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6658,7 +6658,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6679,7 +6679,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6700,7 +6700,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentUpdate + - contentUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6721,7 +6721,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6742,7 +6742,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6763,7 +6763,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6784,7 +6784,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentAdmin + - contentAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -6805,7 +6805,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - contentCreate + - contentCreate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" From c641075c51ebfd73579938fd20b58e9204998c71 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 7 Feb 2023 10:50:34 +0530 Subject: [PATCH 257/434] Issue #LR-338 chore: Added the dial_service_url config --- ansible/roles/kong-api/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 813e557c7c..1b4d6f63f8 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -91,6 +91,7 @@ content_service_url: "http://content-service:9000" taxonomy_service_url: "http://taxonomy-service:9000" assessment_service_url: "http://assessment-service:9000" ml_core_service_url: "http://ml-core-service:3000" +dial_service_url: "http://dial-service:9000" premium_consumer_rate_limits: - api: createContent From bef49da693058119696970271639ea09d09f7a76 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Tue, 7 Feb 2023 15:37:47 +0530 Subject: [PATCH 258/434] Update config.j2 --- ansible/roles/ml-analytics-service/templates/config.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index 27da8be26b..70fe0ff018 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -150,7 +150,7 @@ survey_streaming_success = {{ ml_analytics_survey_log_folder_path }}/success.log survey_streaming_error = {{ ml_analytics_survey_log_folder_path }}/error.log -{% if ML_Cloud_Service_Provider is eq 'ORACLE' %} +{% if ML_Cloud_Service_Provider is equalto 'ORACLE' %} [ORACLE] @@ -164,7 +164,7 @@ region_name = {{ cloud_public_storage_region }} bucket_name = {{ cloud_storage_telemetry_bucketname }} -{% elif ML_Cloud_Service_Provider is eq 'gcloud' %} +{% elif ML_Cloud_Service_Provider is equalto 'gcloud' %} [GCP] @@ -172,7 +172,7 @@ secret_data = {{ ml_Cloud_secret_json_file }} bucket_name = {{ cloud_storage_telemetry_bucketname }} -{% elif ML_Cloud_Service_Provider is eq 'aws' %} +{% elif ML_Cloud_Service_Provider is equalto 'aws' %} [AWS] From c603f1e24692b5727d1c847d7f9f74f8c199ebbc Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Wed, 8 Feb 2023 11:01:57 +0530 Subject: [PATCH 259/434] ED-700: Update Monitoring Stack Helm Chart (#3723) * Update CRDs Api version and definitions Remove depricated webhook crd-install * Let helm takecare of creating CRDs * Update admission webhook and rbac API version * Update admissionwebhook patch repo * Update apiVersions --- .../charts/grafana/templates/role.yaml | 2 +- .../charts/grafana/templates/rolebinding.yaml | 2 +- .../templates/clusterrole.yaml | 2 +- .../templates/clusterrolebinding.yaml | 2 +- .../crds/crd-alertmanager.yaml | 8522 ++++++------ .../crds/crd-podmonitor.yaml | 449 +- .../crds/crd-prometheus.yaml | 10950 ++++++++-------- .../crds/crd-prometheusrules.yaml | 143 +- .../crds/crd-servicemonitor.yaml | 831 +- .../crds/crd-thanosrulers.yaml | 8903 +++++++------ .../mutatingWebhookConfiguration.yaml | 6 +- .../validatingWebhookConfiguration.yaml | 6 +- .../templates/prometheus-operator/crds.yaml | 6 - .../prometheus-operator/values.yaml | 6 +- .../templates/role.yaml | 2 +- .../templates/rolebinding.yaml | 2 +- 16 files changed, 14914 insertions(+), 14920 deletions(-) delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/crds.yaml diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/role.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/role.yaml index c95c1d0424..6a673b7b7d 100755 --- a/kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/role.yaml +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/role.yaml @@ -1,5 +1,5 @@ {{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "grafana.fullname" . }} diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/rolebinding.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/rolebinding.yaml index c42229bf92..74ec303061 100755 --- a/kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/rolebinding.yaml +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/rolebinding.yaml @@ -1,5 +1,5 @@ {{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "grafana.fullname" . }} diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/clusterrole.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/clusterrole.yaml index 319aec16c2..a9198b823d 100755 --- a/kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/clusterrole.yaml +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/clusterrole.yaml @@ -1,5 +1,5 @@ {{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/clusterrolebinding.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/clusterrolebinding.yaml index 4635985aa0..160db8bd18 100755 --- a/kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/clusterrolebinding.yaml +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/clusterrolebinding.yaml @@ -1,5 +1,5 @@ {{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-alertmanager.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-alertmanager.yaml index cbf9fc27f9..2609b2f09b 100755 --- a/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-alertmanager.yaml +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-alertmanager.yaml @@ -1,25 +1,12 @@ # https://raw.githubusercontent.com/coreos/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.4 - helm.sh/hook: crd-install creationTimestamp: null name: alertmanagers.monitoring.coreos.com spec: - additionalPrinterColumns: - - JSONPath: .spec.version - description: The version of Alertmanager - name: Version - type: string - - JSONPath: .spec.replicas - description: The desired replicas number of Alertmanagers - name: Replicas - type: integer - - JSONPath: .metadata.creationTimestamp - name: Age - type: date group: monitoring.coreos.com names: kind: Alertmanager @@ -28,4474 +15,4485 @@ spec: singular: alertmanager preserveUnknownFields: false scope: Namespaced - subresources: {} - validation: - openAPIV3Schema: - description: Alertmanager describes an Alertmanager cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Specification of the desired behavior of the Alertmanager - cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - properties: - additionalPeers: - description: AdditionalPeers allows injecting a set of additional Alertmanagers - to peer with to form a highly available cluster. - items: - type: string - type: array - affinity: - description: If specified, the pod's scheduling constraints. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Alertmanager + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalPeers: + description: AdditionalPeers allows injecting a set of additional Alertmanagers + to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array required: - - preference - - weight + - nodeSelectorTerms type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: - type: string + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object type: array - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: - type: string + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object type: array - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + baseImage: + description: Base image that is used to deploy pods, without tag. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Alertmanager object, which shall be mounted into the Alertmanager + Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + items: + type: string + type: array + configSecret: + description: ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains configuration + for this Alertmanager instance. Defaults to 'alertmanager-' + The secret is mounted into /etc/alertmanager/config. + type: string + containers: + description: Containers allows injecting additional containers. This + is meant to allow adding an authentication proxy to an Alertmanager + pod. + items: + description: A single application container that you want to run within + a pod. properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) + description: EnvVar represents an environment variable present + in a Container. properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. + configMapKeyRef: + description: Selects a key of a ConfigMap. properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query over a set of resources, in - this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some other - pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer required: - - podAffinityTerm - - weight + - name type: object type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running + description: EnvFromSource represents the source of a set of + ConfigMaps properties: - labelSelector: - description: A label query over a set of resources, in - this case pods. + configMapRef: + description: The ConfigMap to select from properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. type: string - required: - - topologyKey + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object type: object type: array - type: object - type: object - baseImage: - description: Base image that is used to deploy pods, without tag. - type: string - configMaps: - description: ConfigMaps is a list of ConfigMaps in the same namespace - as the Alertmanager object, which shall be mounted into the Alertmanager - Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. - items: - type: string - type: array - configSecret: - description: ConfigSecret is the name of a Kubernetes Secret in the - same namespace as the Alertmanager object, which contains configuration - for this Alertmanager instance. Defaults to 'alertmanager-' - The secret is mounted into /etc/alertmanager/config. - type: string - containers: - description: Containers allows injecting additional containers. This - is meant to allow adding an authentication proxy to an Alertmanager - pod. - items: - description: A single application container that you want to run within - a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be - updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The - docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. properties: - key: - description: The key to select. + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean required: - - key + - port type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true required: - - fieldPath + - port type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string - divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. type: string - resource: - description: 'Required: resource to select' + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - - resource + - port type: object - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true required: - - key + - port type: object type: object - required: - - name type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of - ConfigMaps + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: - configMapRef: - description: The ConfigMap to select from + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean + required: + - port type: object - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string - optional: - description: Specify whether the Secret must be defined - type: boolean + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer type: object - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take in - response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The reason for termination is passed to - the handler. The Pod''s termination grace period countdown - begins before the PreStop hooked is executed. Regardless - of the outcome of the handler, the container will eventually - terminate within the Pod''s termination grace period. Other - management of the container blocks until the hook completes - or until the termination grace period is reached. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported TODO: implement a realistic - TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. Each - container in a pod must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about the - network connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Cannot be updated. - items: - description: ContainerPort represents a network port in a single - container. + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. format: int32 type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod must - have a unique name. Name for the port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - description: 'Periodic probe of container service readiness. Container - will be removed from service endpoints if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - - port + - devicePath + - name type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported TODO: implement a realistic - TCP lifecycle hook' + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by this container. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - securityContext: - description: 'Security options the pod should run with. More info: - https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the - container runtime. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use - for the containers. The default is DefaultProcMount which - uses the container runtime defaults for readonly paths and - masked paths. This requires the ProcMountType feature flag - to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - properties: - level: - description: Level is SELinux level label that applies - to the container. + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. type: string - role: - description: Role is a SELinux role label that applies - to the container. + name: + description: This must match the Name of a Volume. type: string - type: - description: Type is a SELinux type label that applies - to the container. + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). type: string - user: - description: User is a SELinux user label that applies - to the container. + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. type: string + required: + - mountPath + - name type: object - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + externalUrl: + description: The external URL the Alertmanager instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Alertmanager is not served from root of a DNS name. + type: string + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Alertmanager is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Alertmanager configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. This field is alpha-level - and is only honored by servers that enable the WindowsGMSA - feature flag. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. This field is alpha-level - and is only honored by servers that enable the WindowsGMSA - feature flag. + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. This field is beta-level and may be - disabled with the WindowsRunAsUserName feature flag. + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod will - be restarted, just as if the livenessProbe failed. This can - be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. This - cannot be updated. This is an alpha feature enabled by the StartupProbe - feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported TODO: implement a realistic - TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer for - stdin in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default is - false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin - channel after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container - start, is empty until the first client attaches to stdin, and - then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container - is restarted. If this flag is false, a container processes that - reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s - termination message will be written is mounted into the container''s - filesystem. Message written is intended to be brief final status, - such as an assertion failure message. Will be truncated by the - node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. - File will use the contents of terminationMessagePath to populate - the container status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. This is a beta feature. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationNone is used. This - field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might be - configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - externalUrl: - description: The external URL the Alertmanager instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Alertmanager is not served from root of a DNS name. - type: string - image: - description: Image if specified has precedence over baseImage, tag and - sha combinations. Specifying the version is still necessary to ensure - the Prometheus Operator knows what version of Alertmanager is being - configured. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same namespace - to use for pulling prometheus and alertmanager images from registries - see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to let - you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - type: array - initContainers: - description: 'InitContainers allows adding initContainers to the pod - definition. Those can be used to e.g. fetch secrets for injection - into the Alertmanager configuration from external sources. Any errors - during the execution of an initContainer will lead to a restart of - the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - Using initContainers for any use case other then secret fetching is - entirely outside the scope of what the maintainers will support and - by doing so, you accept that this behaviour may break at any time - without notice.' - items: - description: A single application container that you want to run within - a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be - updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The - docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. properties: - key: - description: The key to select. + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean required: - - key + - port type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true required: - - fieldPath + - port type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string - divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. type: string - resource: - description: 'Required: resource to select' + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - - resource + - port type: object - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true required: - - key + - port type: object type: object - required: - - name type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of - ConfigMaps + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: - configMapRef: - description: The ConfigMap to select from + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean + required: + - port type: object - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string - optional: - description: Specify whether the Secret must be defined - type: boolean + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer type: object - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take in - response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The reason for termination is passed to - the handler. The Pod''s termination grace period countdown - begins before the PreStop hooked is executed. Regardless - of the outcome of the handler, the container will eventually - terminate within the Pod''s termination grace period. Other - management of the container blocks until the hook completes - or until the termination grace period is reached. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported TODO: implement a realistic - TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true required: - - port + - containerPort type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. Each - container in a pod must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about the - network connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Cannot be updated. - items: - description: ContainerPort represents a network port in a single - container. + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. format: int32 type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod must - have a unique name. Name for the port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - description: 'Periodic probe of container service readiness. Container - will be removed from service endpoints if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported TODO: implement a realistic - TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by this container. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - securityContext: - description: 'Security options the pod should run with. More info: - https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the - container runtime. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type + role: + description: Role is a SELinux role label that applies + to the container. type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use - for the containers. The default is DefaultProcMount which - uses the container runtime defaults for readonly paths and - masked paths. This requires the ProcMountType feature flag - to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. type: string - user: - description: User is a SELinux user label that applies - to the container. + name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string + required: + - devicePath + - name type: object - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. This field is alpha-level - and is only honored by servers that enable the WindowsGMSA - feature flag. + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. This field is alpha-level - and is only honored by servers that enable the WindowsGMSA - feature flag. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. This field is beta-level and may be - disabled with the WindowsRunAsUserName feature flag. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod will - be restarted, just as if the livenessProbe failed. This can - be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. This - cannot be updated. This is an alpha feature enabled by the StartupProbe - feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. + name: + description: This must match the Name of a Volume. type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported TODO: implement a realistic - TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true required: - - port + - mountPath + - name type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, + so that it does not bind against the Pod IP. Note this is only for + the Alertmanager UI, not the gossip communication. + type: boolean + logFormat: + description: Log format for Alertmanager to be configured with. + type: string + logLevel: + description: Log level for Alertmanager to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + paused: + description: If set to true all actions on the underlaying managed objects + are not goint to be performed, except for delete actions. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the alertmanager pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object - stdin: - description: Whether this container should allocate a buffer for - stdin in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default is - false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin - channel after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container - start, is empty until the first client attaches to stdin, and - then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container - is restarted. If this flag is false, a container processes that - reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s - termination message will be written is mounted into the container''s - filesystem. Message written is intended to be brief final status, - such as an assertion failure message. Will be truncated by the - node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. - File will use the contents of terminationMessagePath to populate - the container status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + replicas: + description: Size is the expected size of the alertmanager cluster. + The controller will eventually make the size of the running cluster + equal to the expected size. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Alertmanager shall retain data for. Default + is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` + (milliseconds seconds minutes hours). + type: string + routePrefix: + description: The route prefix Alertmanager registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Alertmanager object, which shall be mounted into the Alertmanager + Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. This is a beta feature. + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object + format: int64 + type: integer type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. items: - description: VolumeMount describes a mounting of a Volume within - a container. + description: Sysctl defines a kernel parameter to be set properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationNone is used. This - field is beta in 1.10. - type: string name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). + description: Name of a property to set type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. + value: + description: Value of a property to set type: string required: - - mountPath - name + - value type: object type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might be - configured in the container image. Cannot be updated. - type: string - required: - - name + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object type: object - type: array - listenLocal: - description: ListenLocal makes the Alertmanager server listen on loopback, - so that it does not bind against the Pod IP. Note this is only for - the Alertmanager UI, not the gossip communication. - type: boolean - logFormat: - description: Log format for Alertmanager to be configured with. - type: string - logLevel: - description: Log level for Alertmanager to be configured with. - type: string - nodeSelector: - additionalProperties: + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. type: string - description: Define which Nodes the Pods are scheduled on. - type: object - paused: - description: If set to true all actions on the underlaying managed objects - are not goint to be performed, except for delete actions. - type: boolean - podMetadata: - description: PodMetadata configures Labels and Annotations which are - propagated to the alertmanager pods. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - type: object - portName: - description: Port name used for the pods and governing service. This - defaults to web - type: string - priorityClassName: - description: Priority class assigned to the Pods - type: string - replicas: - description: Size is the expected size of the alertmanager cluster. - The controller will eventually make the size of the running cluster - equal to the expected size. - format: int32 - type: integer - resources: - description: Define resources requests and limits for single Pods. - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - type: string - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - retention: - description: Time duration Alertmanager shall retain data for. Default - is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` - (milliseconds seconds minutes hours). - type: string - routePrefix: - description: The route prefix Alertmanager registers HTTP handlers for. - This is useful, if using ExternalURL and a proxy is rewriting HTTP - routes of a request, and the actual ExternalURL is still true, but - the server serves requests under a different route prefix. For example - for use with `kubectl proxy`. - type: string - secrets: - description: Secrets is a list of Secrets in the same namespace as the - Alertmanager object, which shall be mounted into the Alertmanager - Pods. The Secrets are mounted into /etc/alertmanager/secrets/. - items: + sha: + description: SHA of Alertmanager container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. type: string - type: array - securityContext: - description: SecurityContext holds pod-level security attributes and - common container settings. This defaults to the default PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all containers - in a pod. Some volume types allow the Kubelet to change the ownership - of that volume to be owned by the pod: \n 1. The owning GID will - be the FSGroup 2. The setgid bit is set (new files created in - the volume will be owned by FSGroup) 3. The permission bits are - OR'd with rw-rw---- \n If unset, the Kubelet will not modify the - ownership and permissions of any volume." - format: int64 - type: integer - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux - context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run in - each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set + storage: + description: Storage is the definition of how storage will be used by + the Alertmanager instances. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: - name: - description: Name of a property to set + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string - value: - description: Value of a property to set + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' type: string - required: - - name - - value type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. This field is alpha-level - and is only honored by servers that enable the WindowsGMSA - feature flag. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. This field is alpha-level and is only - honored by servers that enable the WindowsGMSA feature flag. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of - the container process. Defaults to the user specified in image - metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. This - field is beta-level and may be disabled with the WindowsRunAsUserName - feature flag. - type: string - type: object - type: object - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to - use to run the Prometheus Pods. - type: string - sha: - description: SHA of Alertmanager container image to be deployed. Defaults - to the value of `version`. Similar to a tag, but the SHA explicitly - deploys an immutable container image. Version and Tag are ignored - if SHA is set. - type: string - storage: - description: Storage is the definition of how storage will be used by - the Alertmanager instances. - properties: - emptyDir: - description: 'EmptyDirVolumeSource to be used by the Prometheus - StatefulSets. If specified, used in place of any volumeClaimTemplate. - More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' - properties: - medium: - description: 'What type of storage medium should back this directory. - The default is "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required for this - EmptyDir volume. The size limit is also applicable for memory - medium. The maximum usage on memory medium EmptyDir would - be the minimum value between the SizeLimit specified here - and the sum of memory limits of all containers in a pod. The - default is nil which means that the limit is undefined. More - info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string - type: object - volumeClaimTemplate: - description: A PVC spec to be used by the Prometheus StatefulSets. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - spec: - description: 'Spec defines the desired characteristics of a - volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'AccessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: This field requires the VolumeSnapshotDataSource - alpha feature gate to be enabled and currently VolumeSnapshot - is the only supported data source. If the provisioner - can support VolumeSnapshot data source, it will create - a new volume and data will be restored to the volume at - the same time. If the provisioner does not support VolumeSnapshot - data source, volume will not be created and the failure - will be reported as an event. In the future, we plan to - support more data source types and the behavior of the - provisioner may change. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, the - specified Kind must be in the core API group. For - any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: type: string - required: - - kind - - name - type: object - resources: - description: 'Resources represents the minimum resources - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. type: string - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: + kind: + description: Kind is the type of resource being referenced type: string - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - selector: - description: A label query over volumes to consider for - binding. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: + name: + description: Name is the name of resource being referenced type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - storageClassName: - description: 'Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. This is a beta feature. - type: string - volumeName: - description: VolumeName is the binding reference to the - PersistentVolume backing this claim. + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Alertmanager container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version the cluster should be on. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the alertmanager container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName type: object - status: - description: 'Status represents the current information/status - of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime properties: - accessModes: - description: 'AccessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array - capacity: - additionalProperties: - type: string - description: Represents the actual resources of the underlying - volume. + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string type: object - conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. items: - description: PersistentVolumeClaimCondition contails details - about state of pvc + description: Maps a string key to a path within a volume. properties: - lastProbeTime: - description: Last time we probed the condition. - format: date-time - type: string - lastTransitionTime: - description: Last time the condition transitioned - from one status to another. - format: date-time - type: string - message: - description: Human-readable message indicating details - about last transition. - type: string - reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is being - resized. - type: string - status: + key: + description: The key to project. type: string - type: - description: PersistentVolumeClaimConditionType is - a valid value of PersistentVolumeClaimCondition.Type + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. type: string required: - - status - - type + - key + - path type: object type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean type: object - type: object - type: object - tag: - description: Tag of Alertmanager container image to be deployed. Defaults - to the value of `version`. Version is ignored if Tag is set. - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: object - type: array - version: - description: Version the cluster should be on. - type: string - volumeMounts: - description: VolumeMounts allows configuration of additional VolumeMounts - on the output StatefulSet definition. VolumeMounts specified will - be appended to other VolumeMounts in the alertmanager container, that - are generated as a result of StorageSpec objects. - items: - description: VolumeMount describes a mounting of a Volume within a - container. - properties: - mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When not - set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false - or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's - volume should be mounted. Behaves similarly to SubPath but environment - variable references $(VAR_NAME) are expanded using the container's - environment. Defaults to "" (volume's root). SubPathExpr and - SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: Volumes allows configuration of additional volumes on the - output StatefulSet definition. Volumes specified will be appended - to other volumes that are generated as a result of StorageSpec objects. - items: - description: Volume represents a named volume in a pod that may be - accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising - the machine' - type: string - partition: - description: 'The partition in the volume that you want to - mount. If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for /dev/sda is - "0" (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the default - is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource in - AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: AzureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob disks - per storage account Dedicated: single blob disk per storage - account Managed: azure managed data disk (only in managed - availability set). defaults to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: AzureFile represents an Azure File Service mount - on the host and bind mount to the pod. - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure Storage - Account Name and Key - type: string - shareName: - description: Share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: CephFS represents a Ceph FS mount on the host that - shares a pod's lifetime - properties: - monitors: - description: 'Required: Monitors is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. type: string - type: array - path: - description: 'Optional: Used as the mounted root, rather than - the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the authentication - secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - user: - description: 'Optional: User is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'Cinder represents a cinder volume attached and mounted - on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. More - info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - volumeID: - description: 'volume id used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: ConfigMap represents a configMap that should populate - this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the Data - field of the referenced ConfigMap will be projected into - the volume as a file whose name is the key and content is - the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the - ConfigMap, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might be - in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode - bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the - key to. May not be an absolute path. May not contain - the path element '..'. May not start with the string - '..'. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string - required: - - key - - path type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys must - be defined - type: boolean - type: object - csi: - description: CSI (Container Storage Interface) represents storage - that is handled by an external CSI driver (Alpha feature). - properties: - driver: - description: Driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed to the - associated CSI driver which will determine the default filesystem - to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the secret - object containing sensitive information to pass to the CSI - driver to complete the CSI NodePublishVolume and NodeUnpublishVolume - calls. This field is optional, and may be empty if no secret - is required. If the secret object contains more than one - secret, all secret references are passed. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: type: string - type: object - readOnly: - description: Specifies a read-only configuration for the volume. - Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: VolumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: DownwardAPI represents downward API about the pod - that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might be - in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode - bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative path name - of the file to be created. Must not be absolute or - contain the ''..'' path. Must be utf-8 encoded. The - first item of the relative path must not start with - ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - required: - - path + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. type: object - type: array - type: object - emptyDir: - description: 'EmptyDir represents a temporary directory that shares - a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'What type of storage medium should back this - directory. The default is "" which means to use the node''s - default medium. Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required for this - EmptyDir volume. The size limit is also applicable for memory - medium. The maximum usage on memory medium EmptyDir would - be the minimum value between the SizeLimit specified here - and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string - type: object - fc: - description: FC represents a Fibre Channel resource that is attached - to a kubelet's host machine and then exposed to the pod. - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising - the machine' - type: string - lun: - description: 'Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string - type: array - wwids: - description: 'Optional: FC volume world wide identifiers (wwids) - Either wwids or combination of targetWWNs and lun must be - set, but not both simultaneously.' - items: + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' type: string - type: array - type: object - flexVolume: - description: FlexVolume represents a generic volume resource that - is provisioned/attached using an exec based plugin. - properties: - driver: - description: Driver is the name of the driver to use for this - volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. - type: string - options: - additionalProperties: + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' type: string - description: 'Optional: Extra command options if any.' - type: object - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the secret - object containing sensitive information to pass to the plugin - scripts. This may be empty if no secret object is specified. - If the secret object contains more than one secret, all - secrets are passed to the plugin scripts.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: type: string - type: object - required: - - driver - type: object - flocker: - description: Flocker represents a Flocker volume attached to a - kubelet's host machine. This depends on the Flocker control - service being running - properties: - datasetName: - description: Name of the dataset stored as metadata -> name - on the dataset for Flocker should be considered as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising - the machine' - type: string - partition: - description: 'The partition in the volume that you want to - mount. If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for /dev/sda is - "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'Unique name of the PD resource in GCE. Used - to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'GitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision a - container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' - properties: - directory: - description: Target directory name. Must not contain or start - with '..'. If '.' is supplied, the volume directory will - be the git repository. Otherwise, if specified, the volume - will contain the git repository in the subdirectory with - the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the host - that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'EndpointsName is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to false. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'HostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' - properties: - path: - description: 'Path of the directory on the host. If the path - is a symlink, it will follow the link to the real path. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to the - pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising - the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new iSCSI - interface : will be created - for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: iSCSI Target Portal List. The portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - items: + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. type: string - type: array - readOnly: - description: ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator authentication - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: type: string - type: object - targetPortal: - description: iSCSI Target Portal. The Portal is either an - IP or ip_addr:port if the port is other than default (typically - TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique within - the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'Path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export to be - mounted with read-only permissions. Defaults to false. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a reference - to a PersistentVolumeClaim in the same namespace. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent - disk - type: string - required: - - pdID - type: object - portworxVolume: - description: PortworxVolume represents a portworx volume attached - and mounted on kubelets host machine - properties: - fsType: - description: FSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: Items for all in one resources secrets, configmaps, - and downward API - properties: - defaultMode: - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within the - path are not affected by this setting. This might be in - conflict with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: list of volume projections - items: - description: Projection that may be projected along with - other supported volume types + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' properties: - configMap: - description: information about the configMap data to - project - properties: - items: - description: If unspecified, each key-value pair - in the Data field of the referenced ConfigMap - will be projected into the volume as a file whose - name is the key and content is the value. If specified, - the listed keys will be projected into the specified - paths, and unlisted keys will not be present. - If a key is specified which is not present in - the ConfigMap, the volume setup will error unless - it is marked optional. Paths must be relative - and may not contain the '..' path or start with - '..'. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on - this file, must be a value between 0 and - 0777. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - keys must be defined - type: boolean - type: object - downwardAPI: - description: information about the downwardAPI data - to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: items: - description: DownwardAPIVolumeFile represents - information to create the file containing the - pod field - properties: - fieldRef: - description: 'Required: Selects a field of - the pod: only annotations, labels, name - and namespace are supported.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits to use on - this file, must be a value between 0 and - 0777. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' path. - Must be utf-8 encoded. The first item of - the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format - of the exposed resources, defaults to - "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - description: information about the secret data to project - properties: - items: - description: If unspecified, each key-value pair - in the Data field of the referenced Secret will - be projected into the volume as a file whose name - is the key and content is the value. If specified, - the listed keys will be projected into the specified - paths, and unlisted keys will not be present. - If a key is specified which is not present in - the Secret, the volume setup will error unless - it is marked optional. Paths must be relative - and may not contain the '..' path or start with - '..'. + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on - this file, must be a value between 0 and - 0777. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - type: object - serviceAccountToken: - description: information about the serviceAccountToken - data to project - properties: - audience: - description: Audience is the intended audience of - the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested - duration of validity of the service account token. - As the token approaches expiration, the kubelet - volume plugin will proactively rotate the service - account token. The kubelet will start trying to - rotate the token if the token is older than 80 - percent of its time to live or if the token is - older than 24 hours.Defaults to 1 hour and must - be at least 10 minutes. - format: int64 - type: integer - path: - description: Path is the path relative to the mount - point of the file to project the token into. - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - description: Quobyte represents a Quobyte mount on the host that - shares a pod's lifetime - properties: - group: - description: Group to map volume access to Default is no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume to - be mounted with read-only permissions. Defaults to false. - type: boolean - registry: - description: Registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to serivceaccount - user - type: string - volume: - description: Volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'RBD represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising - the machine' - type: string - image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group type: string - type: array - pool: - description: 'The rados pool name. Default is rbd. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is nil. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - user: - description: 'The rados user name. Default is admin. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain for - the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: type: string - type: object - sslEnabled: - description: Flag to enable/disable SSL communication with - Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume should - be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with the - protection domain. - type: string - system: - description: The name of the storage system as configured - in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in the ScaleIO - system that is associated with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the Data - field of the referenced Secret will be projected into the - volume as a file whose name is the key and content is the - value. If specified, the listed keys will be projected into - the specified paths, and unlisted keys will not be present. - If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. - Paths must be relative and may not contain the '..' path - or start with '..'. - items: - description: Maps a string key to a path within a volume. + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: - key: - description: The key to project. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string - mode: - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might be - in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode - bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the - key to. May not be an absolute path. May not contain - the path element '..'. May not start with the string - '..'. + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string - required: - - key - - path type: object - type: array - optional: - description: Specify whether the Secret or its keys must be - defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace to - use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: StorageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - volumeName: - description: VolumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within a - namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of the volume - within StorageOS. If no namespace is specified then the - Pod's namespace will be used. This allows the Kubernetes - name scoping to be mirrored within StorageOS for tighter - integration. Set VolumeName to any name to override the - default behaviour. Set to "default" if you are not using - namespaces within StorageOS. Namespaces that do not pre-exist - within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) profile - name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - status: - description: 'Most recent observed status of the Alertmanager cluster. Read-only. - Not included when requesting from the apiserver, only from the Prometheus - Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this Alertmanager cluster. - format: int32 - type: integer - paused: - description: Represents whether any actions on the underlaying managed - objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this Alertmanager - cluster (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this Alertmanager - cluster. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this Alertmanager - cluster that have the desired version spec. - format: int32 - type: integer - required: - - availableReplicas - - paused - - replicas - - unavailableReplicas - - updatedReplicas - type: object - required: - - spec - type: object - version: v1 - versions: - - name: v1 + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the Alertmanager cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Alertmanager cluster. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager + cluster. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + additionalPrinterColumns: + - jsonPath: .spec.version + description: The version of Alertmanager + name: Version + type: string + - jsonPath: .spec.replicas + description: The desired replicas number of Alertmanagers + name: Replicas + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date served: true storage: true + subresources: {} diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-podmonitor.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-podmonitor.yaml index ab2af4e7cb..71cb4b2130 100755 --- a/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-podmonitor.yaml +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-podmonitor.yaml @@ -1,10 +1,9 @@ # https://raw.githubusercontent.com/coreos/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.4 - helm.sh/hook: crd-install creationTimestamp: null name: podmonitors.monitoring.coreos.com spec: @@ -16,246 +15,246 @@ spec: singular: podmonitor preserveUnknownFields: false scope: Namespaced - validation: - openAPIV3Schema: - description: PodMonitor defines monitoring for a set of pods. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of desired Pod selection for target discovery - by Prometheus. - properties: - jobLabel: - description: The label to use to retrieve the job name from. - type: string - namespaceSelector: - description: Selector to select which namespaces the Endpoints objects - are discovered from. - properties: - any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names. - items: - type: string - type: array - type: object - podMetricsEndpoints: - description: A list of endpoints allowed as part of this PodMonitor. - items: - description: PodMetricsEndpoint defines a scrapeable endpoint of a - Kubernetes Pod serving Prometheus metrics. + versions: + - name: v1 + schema: + openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Pod selection for target discovery + by Prometheus. + properties: + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. properties: - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - interval: - description: Interval at which metrics should be scraped - type: string - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. + matchNames: + description: List of namespace names. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It defines - ``-section of Prometheus configuration. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - description: Action to perform based on regex matching. - Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular expression - for the replace, keep, and drop actions. - items: + type: string + type: array + type: object + podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. + items: + description: PodMetricsEndpoint defines a scrapeable endpoint of a + Kubernetes Pod serving Prometheus metrics. + properties: + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: type: string + type: array + description: Optional HTTP URL parameters type: object - type: array - params: - additionalProperties: + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the pod port this endpoint refers to. Mutually + exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before ingestion. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - type: string + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object type: array - description: Optional HTTP URL parameters - type: object - path: - description: HTTP path to scrape for metrics. - type: string - port: - description: Name of the pod port this endpoint refers to. Mutually - exclusive with targetPort. - type: string - proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. - type: string - relabelings: - description: 'RelabelConfigs to apply to samples before ingestion. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Deprecated: Use ''port'' instead.' + x-kubernetes-int-or-string: true + type: object + type: array + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Pod objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It defines - ``-section of Prometheus configuration. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. properties: - action: - description: Action to perform based on regex matching. - Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' + key: + description: key is the label key that the selector applies + to. type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular expression - for the replace, keep, and drop actions. + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. items: type: string type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string + required: + - key + - operator type: object type: array - scheme: - description: HTTP scheme to use for scraping. - type: string - scrapeTimeout: - description: Timeout after which the scrape is ended - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Deprecated: Use ''port'' instead.' - x-kubernetes-int-or-string: true - type: object - type: array - podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod - onto the target. - items: - type: string - type: array - sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. - format: int64 - type: integer - selector: - description: Selector to select Pod objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - required: - - podMetricsEndpoints - - selector - type: object - required: - - spec - type: object - version: v1 - versions: - - name: v1 + type: object + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object served: true storage: true + diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-prometheus.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-prometheus.yaml index 3699396f1c..669325a996 100755 --- a/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-prometheus.yaml +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-prometheus.yaml @@ -1,25 +1,12 @@ # https://raw.githubusercontent.com/coreos/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.4 - helm.sh/hook: crd-install creationTimestamp: null name: prometheuses.monitoring.coreos.com spec: - additionalPrinterColumns: - - JSONPath: .spec.version - description: The version of Prometheus - name: Version - type: string - - JSONPath: .spec.replicas - description: The desired replicas number of Prometheuses - name: Replicas - type: integer - - JSONPath: .metadata.creationTimestamp - name: Age - type: date group: monitoring.coreos.com names: kind: Prometheus @@ -28,2278 +15,3469 @@ spec: singular: prometheus preserveUnknownFields: false scope: Namespaced - subresources: {} - validation: - openAPIV3Schema: - description: Prometheus defines a Prometheus deployment. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Specification of the desired behavior of the Prometheus cluster. - More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - properties: - additionalAlertManagerConfigs: - description: 'AdditionalAlertManagerConfigs allows specifying a key - of a Secret containing additional Prometheus AlertManager configurations. - AlertManager configurations specified are appended to the configurations - generated by the Prometheus Operator. Job configurations specified - must have the form as specified in the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. - As AlertManager configs are appended, the user is responsible to make - sure it is valid. Note that using this feature may expose the possibility - to break upgrades of Prometheus. It is advised to review Prometheus - release notes to ensure that no incompatible AlertManager configs - are going to break Prometheus after the upgrade.' - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - additionalAlertRelabelConfigs: - description: 'AdditionalAlertRelabelConfigs allows specifying a key - of a Secret containing additional Prometheus alert relabel configurations. - Alert relabel configurations specified are appended to the configurations - generated by the Prometheus Operator. Alert relabel configurations - specified must have the form as specified in the official Prometheus - documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. - As alert relabel configs are appended, the user is responsible to - make sure it is valid. Note that using this feature may expose the - possibility to break upgrades of Prometheus. It is advised to review - Prometheus release notes to ensure that no incompatible alert relabel - configs are going to break Prometheus after the upgrade.' - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - additionalScrapeConfigs: - description: 'AdditionalScrapeConfigs allows specifying a key of a Secret - containing additional Prometheus scrape configurations. Scrape configurations - specified are appended to the configurations generated by the Prometheus - Operator. Job configurations specified must have the form as specified - in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. - As scrape configs are appended, the user is responsible to make sure - it is valid. Note that using this feature may expose the possibility - to break upgrades of Prometheus. It is advised to review Prometheus - release notes to ensure that no incompatible scrape configs are going - to break Prometheus after the upgrade.' - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - affinity: - description: If specified, the pod's scheduling constraints. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Prometheus defines a Prometheus deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Prometheus cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalAlertManagerConfigs: + description: 'AdditionalAlertManagerConfigs allows specifying a key + of a Secret containing additional Prometheus AlertManager configurations. + AlertManager configurations specified are appended to the configurations + generated by the Prometheus Operator. Job configurations specified + must have the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. + As AlertManager configs are appended, the user is responsible to make + sure it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible AlertManager configs + are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalAlertRelabelConfigs: + description: 'AdditionalAlertRelabelConfigs allows specifying a key + of a Secret containing additional Prometheus alert relabel configurations. + Alert relabel configurations specified are appended to the configurations + generated by the Prometheus Operator. Alert relabel configurations + specified must have the form as specified in the official Prometheus + documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. + As alert relabel configs are appended, the user is responsible to + make sure it is valid. Note that using this feature may expose the + possibility to break upgrades of Prometheus. It is advised to review + Prometheus release notes to ensure that no incompatible alert relabel + configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a Secret + containing additional Prometheus scrape configurations. Scrape configurations + specified are appended to the configurations generated by the Prometheus + Operator. Job configurations specified must have the form as specified + in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make sure + it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible scrape configs are going + to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object type: array - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alerting: + description: Define details regarding alerting. + properties: + alertmanagers: + description: AlertmanagerEndpoints Prometheus should fire alerts + against. + items: + description: AlertmanagerEndpoints defines a selection of a single + Endpoints object containing alertmanager IPs to fire alerts + against. + properties: + apiVersion: + description: Version of the Alertmanager API that Prometheus + uses to send alerts. It can be "v1" or "v2". + type: string + bearerTokenFile: + description: BearerTokenFile to read from filesystem to use + when authenticating to Alertmanager. + type: string + name: + description: Name of Endpoints object in Namespace. + type: string + namespace: + description: Namespace of Endpoints object. + type: string + pathPrefix: + description: Prefix for the HTTP path alerts are pushed to. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port the Alertmanager API is exposed on. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use when firing alerts. + type: string + tlsConfig: + description: TLS Config to use for alertmanager connection. + properties: + ca: + description: Stuct containing the CA cert to use for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. properties: key: - description: The label key that the selector - applies to. + description: The key to select. type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean required: - key - - operator type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + secret: + description: Secret containing data to use for the + targets. properties: key: - description: The label key that the selector - applies to. + description: The key of the secret to select from. Must + be a valid secret key. type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean required: - key - - operator type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for + the targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. properties: key: - description: The label key that the selector - applies to. + description: The key to select. type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean required: - key - - operator type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query over a set of resources, in - this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + secret: + description: Secret containing data to use for the + targets. properties: key: - description: key is the label key that the selector - applies to. + description: The key of the secret to select from. Must + be a valid secret key. type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean required: - key - - operator type: object - type: array - matchLabels: - additionalProperties: + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. + type: object + required: + - name + - namespace + - port + type: object + type: array + required: + - alertmanagers + type: object + apiserverConfig: + description: APIServerConfig allows specifying a host and auth methods + to access apiserver. If left empty, Prometheus is assumed to run inside + of the cluster and will discover API servers automatically and use + the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + properties: + basicAuth: + description: BasicAuth allow an endpoint to authenticate over basic + authentication + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean required: - - topologyKey + - key type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some other - pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: Bearer token for accessing apiserver. + type: string + bearerTokenFile: + description: File to read bearer token for accessing apiserver. + type: string + host: + description: Host of apiserver. A valid string consisting of a hostname + or IP followed by an optional port number + type: string + tlsConfig: + description: TLS Config to use for accessing apiserver. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. + configMap: + description: ConfigMap containing data to use for the targets. properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean required: - - topologyKey + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. properties: - labelSelector: - description: A label query over a set of resources, in - this case pods. + configMap: + description: ConfigMap containing data to use for the targets. properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey type: object - type: array - type: object - type: object - alerting: - description: Define details regarding alerting. - properties: - alertmanagers: - description: AlertmanagerEndpoints Prometheus should fire alerts - against. - items: - description: AlertmanagerEndpoints defines a selection of a single - Endpoints object containing alertmanager IPs to fire alerts - against. - properties: - apiVersion: - description: Version of the Alertmanager API that Prometheus - uses to send alerts. It can be "v1" or "v2". - type: string - bearerTokenFile: - description: BearerTokenFile to read from filesystem to use - when authenticating to Alertmanager. + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. type: string - name: - description: Name of Endpoints object in Namespace. + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. type: string - namespace: - description: Namespace of Endpoints object. + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. type: string - pathPrefix: - description: Prefix for the HTTP path alerts are pushed to. + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: ArbitraryFSAccessThroughSMs configures whether configuration + based on a service monitor can access arbitrary files on the file + system of the Prometheus container e.g. bearer token files. + properties: + deny: + type: boolean + type: object + baseImage: + description: Base image to use for a Prometheus deployment. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Prometheus object, which shall be mounted into the Prometheus + Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a Prometheus pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `prometheus`, `prometheus-config-reloader`, `rules-configmap-reloader`, + and `thanos-sidecar`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you accept + that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: type: string - port: - anyOf: - - type: integer - - type: string - description: Port the Alertmanager API is exposed on. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use when firing alerts. + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: type: string - tlsConfig: - description: TLS Config to use for alertmanager connection. + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. properties: - ca: - description: Stuct containing the CA cert to use for the - targets. + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: - configMap: - description: ConfigMap containing data to use for - the targets. + configMapKeyRef: + description: Selects a key of a ConfigMap. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key type: object - secret: - description: Secret containing data to use for the - targets. + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + fieldPath: + description: Path of the field to select in the + specified API version. type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean required: - - key + - fieldPath type: object - type: object - caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. - type: string - cert: - description: Struct containing the client cert file for - the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' properties: - key: - description: The key to select. + containerName: + description: 'Container name: required for volumes, + optional for env vars' type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean required: - - key + - resource type: object - secret: - description: Secret containing data to use for the - targets. + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object type: object - certFile: - description: Path to the client cert file in the Prometheus - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus - container for the targets. - type: string - keySecret: - description: Secret containing the client key file for - the targets. + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the ConfigMap must be defined type: boolean - required: - - key type: object - serverName: - description: Used to verify the hostname for the targets. + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object type: object - required: - - name - - namespace - - port - type: object - type: array - required: - - alertmanagers - type: object - apiserverConfig: - description: APIServerConfig allows specifying a host and auth methods - to access apiserver. If left empty, Prometheus is assumed to run inside - of the cluster and will discover API servers automatically and use - the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. - properties: - basicAuth: - description: BasicAuth allow an endpoint to authenticate over basic - authentication - properties: - password: - description: The secret in the service monitor namespace that - contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - username: - description: The secret in the service monitor namespace that - contains the username for authentication. + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object type: object - type: object - bearerToken: - description: Bearer token for accessing apiserver. - type: string - bearerTokenFile: - description: File to read bearer token for accessing apiserver. - type: string - host: - description: Host of apiserver. A valid string consisting of a hostname - or IP followed by an optional port number - type: string - tlsConfig: - description: TLS Config to use for accessing apiserver. - properties: - ca: - description: Stuct containing the CA cert to use for the targets. + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: - configMap: - description: ConfigMap containing data to use for the targets. + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. properties: - key: - description: The key to select. + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean required: - - key + - port type: object - secret: - description: Secret containing data to use for the targets. + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true required: - - key + - port type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer type: object - caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. type: string - cert: - description: Struct containing the client cert file for the - targets. + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: - configMap: - description: ConfigMap containing data to use for the targets. + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. properties: - key: - description: The key to select. + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean required: - - key + - port type: object - secret: - description: Secret containing data to use for the targets. + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true required: - - key + - port type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer type: object - certFile: - description: Path to the client cert file in the Prometheus - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus container - for the targets. - type: string - keySecret: - description: Secret containing the client key file for the targets. + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - required: - - host - type: object - arbitraryFSAccessThroughSMs: - description: ArbitraryFSAccessThroughSMs configures whether configuration - based on a service monitor can access arbitrary files on the file - system of the Prometheus container e.g. bearer token files. - properties: - deny: - type: boolean - type: object - baseImage: - description: Base image to use for a Prometheus deployment. - type: string - configMaps: - description: ConfigMaps is a list of ConfigMaps in the same namespace - as the Prometheus object, which shall be mounted into the Prometheus - Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. - items: - type: string - type: array - containers: - description: 'Containers allows injecting additional containers or modifying - operator generated containers. This can be used to allow adding an - authentication proxy to a Prometheus pod or to change the behavior - of an operator generated container. Containers described here modify - an operator generated container if they share the same name and modifications - are done via a strategic merge patch. The current container names - are: `prometheus`, `prometheus-config-reloader`, `rules-configmap-reloader`, - and `thanos-sidecar`. Overriding containers is entirely outside the - scope of what the maintainers will support and by doing so, you accept - that this behaviour may break at any time without notice.' - items: - description: A single application container that you want to run within - a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be - updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The - docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string type: object - required: - - name type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of - ConfigMaps + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: - configMapRef: - description: The ConfigMap to select from + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port type: object - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string - optional: - description: Specify whether the Secret must be defined - type: boolean + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer type: object - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take in - response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The reason for termination is passed to - the handler. The Pod''s termination grace period countdown - begins before the PreStop hooked is executed. Regardless - of the outcome of the handler, the container will eventually - terminate within the Pod''s termination grace period. Other - management of the container blocks until the hook completes - or until the termination grace period is reached. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + disableCompaction: + description: Disable prometheus compaction. + type: boolean + enableAdminAPI: + description: 'Enable access to prometheus web admin API. Defaults to + the value of `false`. WARNING: Enabling the admin APIs enables mutating + endpoints, to delete data, shutdown Prometheus, and more. Enabling + this should be done with care and the user is advised to add additional + authentication authorization via a proxy to ensure only clients authorized + to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + type: boolean + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalLabels: + additionalProperties: + type: string + description: The labels to add to any time series or alerts when communicating + with external systems (federation, remote storage, Alertmanager). + type: object + externalUrl: + description: The external URL the Prometheus instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Prometheus is not served from root of a DNS name. + type: string + ignoreNamespaceSelectors: + description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector + settings from the podmonitor and servicemonitor configs, and they + will only discover endpoints within their current namespace. Defaults + to false. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Prometheus is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Prometheus configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object type: object - httpGet: - description: HTTPGet specifies the http request to perform. + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string - required: - - port + optional: + description: Specify whether the ConfigMap must be defined + type: boolean type: object - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port + optional: + description: Specify whether the Secret must be defined + type: boolean type: object type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. properties: - name: - description: The header field name + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. type: string - value: - description: The header field value + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - - name - - value + - port type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported TODO: implement a realistic - TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. Each - container in a pod must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about the - network connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Cannot be updated. - items: - description: ContainerPort represents a network port in a single - container. + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. format: int32 type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod must - have a unique name. Name for the port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - description: 'Periodic probe of container service readiness. Container - will be removed from service endpoints if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported TODO: implement a realistic - TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by this container. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + - containerPort type: object - requests: - additionalProperties: - type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - securityContext: - description: 'Security options the pod should run with. More info: - https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the - container runtime. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use - for the containers. The default is DefaultProcMount which - uses the container runtime defaults for readonly paths and - masked paths. This requires the ProcMountType feature flag - to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: type: string - user: - description: User is a SELinux user label that applies - to the container. + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: type: string - type: object - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. This field is alpha-level - and is only honored by servers that enable the WindowsGMSA - feature flag. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. This field is alpha-level - and is only honored by servers that enable the WindowsGMSA - feature flag. + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. This field is beta-level and may be - disabled with the WindowsRunAsUserName feature flag. + name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string + required: + - devicePath + - name type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod will - be restarted, just as if the livenessProbe failed. This can - be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. This - cannot be updated. This is an alpha feature enabled by the StartupProbe - feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + name: + description: This must match the Name of a Volume. type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported TODO: implement a realistic - TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true required: - - port + - mountPath + - name type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Prometheus server listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for Prometheus to be configured with. + type: string + logLevel: + description: Log level for Prometheus to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + overrideHonorLabels: + description: OverrideHonorLabels if set to true overrides all user configured + honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor + to true, this overrides honor_labels to false. + type: boolean + overrideHonorTimestamps: + description: OverrideHonorTimestamps allows to globally enforce honoring + timestamps in all scrape configs. + type: boolean + paused: + description: When a Prometheus deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the prometheus pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object - stdin: - description: Whether this container should allocate a buffer for - stdin in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default is - false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin - channel after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container - start, is empty until the first client attaches to stdin, and - then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container - is restarted. If this flag is false, a container processes that - reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s - termination message will be written is mounted into the container''s - filesystem. Message written is intended to be brief final status, - such as an assertion failure message. Will be truncated by the - node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. - File will use the contents of terminationMessagePath to populate - the container status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. This is a beta feature. + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + podMonitorNamespaceSelector: + description: Namespaces to be selected for PodMonitor discovery. If + nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: volumeDevice describes a mapping of a raw block - device within a container. + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. + key: + description: key is the label key that the selector applies + to. type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array required: - - devicePath - - name + - key + - operator type: object type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + podMonitorSelector: + description: '*Experimental* PodMonitors to be selected for target discovery.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: VolumeMount describes a mounting of a Volume within - a container. + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationNone is used. This - field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). + key: + description: key is the label key that the selector applies + to. type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array required: - - mountPath - - name + - key + - operator type: object type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might be - configured in the container image. Cannot be updated. - type: string - required: - - name + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object type: object - type: array - disableCompaction: - description: Disable prometheus compaction. - type: boolean - enableAdminAPI: - description: 'Enable access to prometheus web admin API. Defaults to - the value of `false`. WARNING: Enabling the admin APIs enables mutating - endpoints, to delete data, shutdown Prometheus, and more. Enabling - this should be done with care and the user is advised to add additional - authentication authorization via a proxy to ensure only clients authorized - to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' - type: boolean - enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace label - of origin for each alert and metric that is user created. The label - value will always be the namespace of the object that is being created. - type: string - evaluationInterval: - description: Interval between consecutive evaluations. - type: string - externalLabels: - additionalProperties: + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods type: string - description: The labels to add to any time series or alerts when communicating - with external systems (federation, remote storage, Alertmanager). - type: object - externalUrl: - description: The external URL the Prometheus instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Prometheus is not served from root of a DNS name. - type: string - ignoreNamespaceSelectors: - description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector - settings from the podmonitor and servicemonitor configs, and they - will only discover endpoints within their current namespace. Defaults - to false. - type: boolean - image: - description: Image if specified has precedence over baseImage, tag and - sha combinations. Specifying the version is still necessary to ensure - the Prometheus Operator knows what version of Prometheus is being - configured. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same namespace - to use for pulling prometheus and alertmanager images from registries - see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to let - you locate the referenced object inside the same namespace. + prometheusExternalLabelName: + description: Name of Prometheus external label used to denote Prometheus + instance name. Defaults to the value of `prometheus`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + query: + description: QuerySpec defines the query command line flags when starting + Prometheus. properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + lookbackDelta: + description: The delta difference allowed for retrieving metrics + during expression evaluations. + type: string + maxConcurrency: + description: Number of concurrent queries that can be run at once. + format: int32 + type: integer + maxSamples: + description: Maximum number of samples a single query can load into + memory. Note that queries will fail if they would load more samples + than this into memory, so this also limits the number of samples + a query can return. + format: int32 + type: integer + timeout: + description: Maximum time a query may take before being aborted. type: string type: object - type: array - initContainers: - description: 'InitContainers allows adding initContainers to the pod - definition. Those can be used to e.g. fetch secrets for injection - into the Prometheus configuration from external sources. Any errors - during the execution of an initContainer will lead to a restart of - the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - Using initContainers for any use case other then secret fetching is - entirely outside the scope of what the maintainers will support and - by doing so, you accept that this behaviour may break at any time - without notice.' - items: - description: A single application container that you want to run within - a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be - updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The - docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. + remoteRead: + description: If specified, the remote_read spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteReadSpec defines the remote_read configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. + password: + description: The secret in the service monitor namespace that + contains the password for authentication. properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: bearer token for remote read. + type: string + bearerTokenFile: + description: File to read bearer token for remote read. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + readRecent: + description: Whether reads should be made for queries for time + ranges that the local storage should have complete data for. + type: boolean + remoteTimeout: + description: Timeout for requests to the remote read endpoint. + type: string + requiredMatchers: + additionalProperties: + type: string + description: An optional list of equality matchers which have + to be present in a selector to query the remote read endpoint. + type: object + tlsConfig: + description: TLS Config to use for remote read. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key type: object - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace + secret: + description: Secret containing data to use for the targets. properties: key: description: The key of the secret to select from. Must @@ -2318,1172 +3496,1006 @@ spec: - key type: object type: object - required: - - name + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of - ConfigMaps + url: + description: The URL of the endpoint to send samples to. + type: string + required: + - url + type: object + type: array + remoteWrite: + description: If specified, the remote_write spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteWriteSpec defines the remote_write configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. properties: - configMapRef: - description: The ConfigMap to select from + password: + description: The secret in the service monitor namespace that + contains the password for authentication. properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap must be defined + description: Specify whether the Secret or its key must + be defined type: boolean + required: + - key type: object - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from + username: + description: The secret in the service monitor namespace that + contains the username for authentication. properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret must be defined + description: Specify whether the Secret or its key must + be defined type: boolean + required: + - key type: object type: object - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take in - response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The reason for termination is passed to - the handler. The Pod''s termination grace period countdown - begins before the PreStop hooked is executed. Regardless - of the outcome of the handler, the container will eventually - terminate within the Pod''s termination grace period. Other - management of the container blocks until the hook completes - or until the termination grace period is reached. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported TODO: implement a realistic - TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. Each - container in a pod must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about the - network connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Cannot be updated. - items: - description: ContainerPort represents a network port in a single - container. + bearerToken: + description: File to read bearer token for remote write. + type: string + bearerTokenFile: + description: File to read bearer token for remote write. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + queueConfig: + description: QueueConfig allows tuning of the remote write queue + parameters. properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. + batchSendDeadline: + description: BatchSendDeadline is the maximum time a sample + will wait in buffer. type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. - format: int32 + capacity: + description: Capacity is the number of samples to buffer per + shard before we start dropping them. type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod must - have a unique name. Name for the port that can be referred - to by services. + maxBackoff: + description: MaxBackoff is the maximum retry delay. type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". + maxRetries: + description: MaxRetries is the maximum number of times to + retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: MaxSamplesPerSend is the maximum number of samples + per send. + type: integer + maxShards: + description: MaxShards is the maximum number of shards, i.e. + amount of concurrency. + type: integer + minBackoff: + description: MinBackoff is the initial retry delay. Gets doubled + for every retry. type: string - required: - - containerPort + minShards: + description: MinShards is the minimum number of shards, i.e. + amount of concurrency. + type: integer type: object - type: array - readinessProbe: - description: 'Periodic probe of container service readiness. Container - will be removed from service endpoints if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes + remoteTimeout: + description: Timeout for requests to the remote write endpoint. + type: string + tlsConfig: + description: TLS Config to use for remote write. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. properties: + key: + description: The key to select. + type: string name: - description: The header field name + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. type: string - value: - description: The header field value + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean required: - - name - - value + - key type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported TODO: implement a realistic - TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by this container. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - limits: - additionalProperties: + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - securityContext: - description: 'Security options the pod should run with. More info: - https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the - container runtime. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use - for the containers. The default is DefaultProcMount which - uses the container runtime defaults for readonly paths and - masked paths. This requires the ProcMountType feature flag - to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + writeRelabelConfigs: + description: The list of remote write relabel configurations. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. + action: + description: Action to perform based on regex matching. + Default is 'replace' type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. This field is alpha-level - and is only honored by servers that enable the WindowsGMSA - feature flag. + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. This field is alpha-level - and is only honored by servers that enable the WindowsGMSA - feature flag. + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. This field is beta-level and may be - disabled with the WindowsRunAsUserName feature flag. + separator: + description: Separator placed between concatenated source + label values. default is ';'. type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod will - be restarted, just as if the livenessProbe failed. This can - be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. This - cannot be updated. This is an alpha feature enabled by the StartupProbe - feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. items: type: string type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported TODO: implement a realistic - TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer + type: array + required: + - url + type: object + type: array + replicaExternalLabelName: + description: Name of Prometheus external label used to denote replica + name. Defaults to the value of `prometheus_replica`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + replicas: + description: Number of instances to deploy for a Prometheus deployment. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object - stdin: - description: Whether this container should allocate a buffer for - stdin in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default is - false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin - channel after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container - start, is empty until the first client attaches to stdin, and - then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container - is restarted. If this flag is false, a container processes that - reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s - termination message will be written is mounted into the container''s - filesystem. Message written is intended to be brief final status, - such as an assertion failure message. Will be truncated by the - node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. - File will use the contents of terminationMessagePath to populate - the container status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. This is a beta feature. + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Prometheus shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + retentionSize: + description: Maximum amount of disk space used by blocks. + type: string + routePrefix: + description: The route prefix Prometheus registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for PrometheusRules discovery. + If unspecified, only the same namespace as the Prometheus object is + in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: volumeDevice describes a mapping of a raw block - device within a container. + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. + key: + description: key is the label key that the selector applies + to. type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array required: - - devicePath - - name + - key + - operator type: object type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A selector to select which PrometheusRules to mount for + loading alerting rules from. Until (excluding) Prometheus Operator + v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps + to PrometheusRule custom resources selected by RuleSelector. Make + sure it does not match any config maps that you do not want to be + migrated. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: VolumeMount describes a mounting of a Volume within - a container. + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationNone is used. This - field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). + key: + description: key is the label key that the selector applies + to. type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array required: - - mountPath - - name + - key + - operator type: object type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might be - configured in the container image. Cannot be updated. - type: string - required: - - name + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object type: object - type: array - listenLocal: - description: ListenLocal makes the Prometheus server listen on loopback, - so that it does not bind against the Pod IP. - type: boolean - logFormat: - description: Log format for Prometheus to be configured with. - type: string - logLevel: - description: Log level for Prometheus to be configured with. - type: string - nodeSelector: - additionalProperties: - type: string - description: Define which Nodes the Pods are scheduled on. - type: object - overrideHonorLabels: - description: OverrideHonorLabels if set to true overrides all user configured - honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor - to true, this overrides honor_labels to false. - type: boolean - overrideHonorTimestamps: - description: OverrideHonorTimestamps allows to globally enforce honoring - timestamps in all scrape configs. - type: boolean - paused: - description: When a Prometheus deployment is paused, no actions except - for deletion will be performed on the underlying objects. - type: boolean - podMetadata: - description: PodMetadata configures Labels and Annotations which are - propagated to the prometheus pods. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - type: object - podMonitorNamespaceSelector: - description: Namespaces to be selected for PodMonitor discovery. If - nil, only check own namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. + rules: + description: /--rules.*/ command-line arguments. + properties: + alert: + description: /--rules.alert.*/ command-line arguments properties: - key: - description: key is the label key that the selector applies - to. + forGracePeriod: + description: Minimum duration between alert and restored 'for' + state. This is maintained only for alerts with configured + 'for' time greater than grace period. type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. + forOutageTolerance: + description: Max time to tolerate prometheus outage for restoring + 'for' state of alert. + type: string + resendDelay: + description: Minimum amount of time to wait before resending + an alert to Alertmanager. type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - podMonitorSelector: - description: '*Experimental* PodMonitors to be selected for target discovery.' - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. + type: object + scrapeInterval: + description: Interval between consecutive scrapes. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Prometheus object, which shall be mounted into the Prometheus Pods. + The Secrets are mounted into /etc/prometheus/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. properties: - key: - description: key is the label key that the selector applies - to. + level: + description: Level is SELinux level label that applies to the + container. type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. + role: + description: Role is a SELinux role label that applies to the + container. type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set type: string - type: array - required: - - key - - operator + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - portName: - description: Port name used for the pods and governing service. This - defaults to web - type: string - priorityClassName: - description: Priority class assigned to the Pods - type: string - prometheusExternalLabelName: - description: Name of Prometheus external label used to denote Prometheus - instance name. Defaults to the value of `prometheus`. External label - will _not_ be added when value is set to empty string (`""`). - type: string - query: - description: QuerySpec defines the query command line flags when starting - Prometheus. - properties: - lookbackDelta: - description: The delta difference allowed for retrieving metrics - during expression evaluations. - type: string - maxConcurrency: - description: Number of concurrent queries that can be run at once. - format: int32 - type: integer - maxSamples: - description: Maximum number of samples a single query can load into - memory. Note that queries will fail if they would load more samples - than this into memory, so this also limits the number of samples - a query can return. - format: int32 - type: integer - timeout: - description: Maximum time a query may take before being aborted. - type: string - type: object - remoteRead: - description: If specified, the remote_read spec. This is an experimental - feature, it may change in any upcoming release in a breaking way. - items: - description: RemoteReadSpec defines the remote_read configuration - for prometheus. + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + serviceMonitorNamespaceSelector: + description: Namespaces to be selected for ServiceMonitor discovery. + If nil, only check own namespace. properties: - basicAuth: - description: BasicAuth for the URL. + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + serviceMonitorSelector: + description: ServiceMonitors to be selected for target discovery. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + sha: + description: SHA of Prometheus container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: - password: - description: The secret in the service monitor namespace that - contains the password for authentication. + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - username: - description: The secret in the service monitor namespace that - contains the username for authentication. + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object type: object - bearerToken: - description: bearer token for remote read. - type: string - bearerTokenFile: - description: File to read bearer token for remote read. - type: string - proxyUrl: - description: Optional ProxyURL - type: string - readRecent: - description: Whether reads should be made for queries for time - ranges that the local storage should have complete data for. - type: boolean - remoteTimeout: - description: Timeout for requests to the remote read endpoint. + type: object + tag: + description: Tag of Prometheus container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + thanos: + description: "Thanos configuration allows configuring various aspects + of a Prometheus server in a Thanos environment. \n This section is + experimental, it may change significantly without deprecation notice + in any release. \n This is experimental and may change significantly + without backward compatibility in any release." + properties: + baseImage: + description: Thanos base image if other than default. type: string - requiredMatchers: - additionalProperties: - type: string - description: An optional list of equality matchers which have - to be present in a selector to query the remote read endpoint. - type: object - tlsConfig: - description: TLS Config to use for remote read. + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from + which Thanos Querier reads recorded rule data. Note: Currently + only the CAFile, CertFile, and KeyFile fields are supported. Maps + to the ''--grpc-server-tls-*'' CLI args.' properties: ca: description: Stuct containing the CA cert to use for the targets. properties: configMap: - description: ConfigMap containing data to use for the - targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the ConfigMap or its key + must be defined type: boolean required: - key @@ -3497,12 +4509,11 @@ spec: type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -3517,20 +4528,18 @@ spec: targets. properties: configMap: - description: ConfigMap containing data to use for the - targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the ConfigMap or its key + must be defined type: boolean required: - key @@ -3544,12 +4553,11 @@ spec: type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -3563,12 +4571,11 @@ spec: description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. + description: Path to the client key file in the Prometheus container + for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. + description: Secret containing the client key file for the targets. properties: key: description: The key of the secret to select from. Must @@ -3589,2415 +4596,1406 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - url: - description: The URL of the endpoint to send samples to. + image: + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Thanos + is being configured. type: string - required: - - url - type: object - type: array - remoteWrite: - description: If specified, the remote_write spec. This is an experimental - feature, it may change in any upcoming release in a breaking way. - items: - description: RemoteWriteSpec defines the remote_write configuration - for prometheus. - properties: - basicAuth: - description: BasicAuth for the URL. + listenLocal: + description: ListenLocal makes the Thanos sidecar listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. properties: - password: - description: The secret in the service monitor namespace that - contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + resources: + description: Resources defines the resource requirements for the + Thanos sidecar. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object - username: - description: The secret in the service monitor namespace that - contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object - bearerToken: - description: File to read bearer token for remote write. + sha: + description: SHA of Thanos container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. type: string - bearerTokenFile: - description: File to read bearer token for remote write. - type: string - proxyUrl: - description: Optional ProxyURL + tag: + description: Tag of Thanos sidecar container image to be deployed. + Defaults to the value of `version`. Version is ignored if Tag + is set. type: string - queueConfig: - description: QueueConfig allows tuning of the remote write queue - parameters. + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is + an experimental feature, it may change in any upcoming release + in a breaking way. properties: - batchSendDeadline: - description: BatchSendDeadline is the maximum time a sample - will wait in buffer. - type: string - capacity: - description: Capacity is the number of samples to buffer per - shard before we start dropping them. - type: integer - maxBackoff: - description: MaxBackoff is the maximum retry delay. + key: + description: The key of the secret to select from. Must be + a valid secret key. type: string - maxRetries: - description: MaxRetries is the maximum number of times to - retry a batch on recoverable errors. - type: integer - maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number of samples - per send. - type: integer - maxShards: - description: MaxShards is the maximum number of shards, i.e. - amount of concurrency. - type: integer - minBackoff: - description: MinBackoff is the initial retry delay. Gets doubled - for every retry. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string - minShards: - description: MinShards is the minimum number of shards, i.e. - amount of concurrency. - type: integer + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key type: object - remoteTimeout: - description: Timeout for requests to the remote write endpoint. + version: + description: Version describes the version of Thanos to use. type: string - tlsConfig: - description: TLS Config to use for remote write. - properties: - ca: - description: Stuct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. - type: string - cert: - description: Struct containing the client cert file for the - targets. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - certFile: - description: Path to the client cert file in the Prometheus - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus - container for the targets. - type: string - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: The URL of the endpoint to send samples to. - type: string - writeRelabelConfigs: - description: The list of remote write relabel configurations. - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It defines - ``-section of Prometheus configuration. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - description: Action to perform based on regex matching. - Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular expression - for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: object - type: array - required: - - url type: object - type: array - replicaExternalLabelName: - description: Name of Prometheus external label used to denote replica - name. Defaults to the value of `prometheus_replica`. External label - will _not_ be added when value is set to empty string (`""`). - type: string - replicas: - description: Number of instances to deploy for a Prometheus deployment. - format: int32 - type: integer - resources: - description: Define resources requests and limits for single Pods. - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - type: string - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - retention: - description: Time duration Prometheus shall retain data for. Default - is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` - (milliseconds seconds minutes hours days weeks years). - type: string - retentionSize: - description: Maximum amount of disk space used by blocks. - type: string - routePrefix: - description: The route prefix Prometheus registers HTTP handlers for. - This is useful, if using ExternalURL and a proxy is rewriting HTTP - routes of a request, and the actual ExternalURL is still true, but - the server serves requests under a different route prefix. For example - for use with `kubectl proxy`. - type: string - ruleNamespaceSelector: - description: Namespaces to be selected for PrometheusRules discovery. - If unspecified, only the same namespace as the Prometheus object is - in is used. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - ruleSelector: - description: A selector to select which PrometheusRules to mount for - loading alerting rules from. Until (excluding) Prometheus Operator - v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps - to PrometheusRule custom resources selected by RuleSelector. Make - sure it does not match any config maps that you do not want to be - migrated. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - rules: - description: /--rules.*/ command-line arguments. - properties: - alert: - description: /--rules.alert.*/ command-line arguments + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . properties: - forGracePeriod: - description: Minimum duration between alert and restored 'for' - state. This is maintained only for alerts with configured - 'for' time greater than grace period. + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. type: string - forOutageTolerance: - description: Max time to tolerate prometheus outage for restoring - 'for' state of alert. + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. type: string - resendDelay: - description: Minimum amount of time to wait before resending - an alert to Alertmanager. + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. type: string type: object - type: object - scrapeInterval: - description: Interval between consecutive scrapes. - type: string - secrets: - description: Secrets is a list of Secrets in the same namespace as the - Prometheus object, which shall be mounted into the Prometheus Pods. - The Secrets are mounted into /etc/prometheus/secrets/. - items: + type: array + version: + description: Version of Prometheus to be deployed. type: string - type: array - securityContext: - description: SecurityContext holds pod-level security attributes and - common container settings. This defaults to the default PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all containers - in a pod. Some volume types allow the Kubelet to change the ownership - of that volume to be owned by the pod: \n 1. The owning GID will - be the FSGroup 2. The setgid bit is set (new files created in - the volume will be owned by FSGroup) 3. The permission bits are - OR'd with rw-rw---- \n If unset, the Kubelet will not modify the - ownership and permissions of any volume." - format: int64 - type: integer - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux - context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the prometheus container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. type: string - user: - description: User is a SELinux user label that applies to the - container. + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run in - each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. This field is alpha-level - and is only honored by servers that enable the WindowsGMSA - feature flag. + name: + description: This must match the Name of a Volume. type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. This field is alpha-level and is only - honored by servers that enable the WindowsGMSA feature flag. + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of - the container process. Defaults to the user specified in image - metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. This - field is beta-level and may be disabled with the WindowsRunAsUserName - feature flag. + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. type: string + required: + - mountPath + - name type: object - type: object - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to - use to run the Prometheus Pods. - type: string - serviceMonitorNamespaceSelector: - description: Namespaces to be selected for ServiceMonitor discovery. - If nil, only check own namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - serviceMonitorSelector: - description: ServiceMonitors to be selected for target discovery. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - sha: - description: SHA of Prometheus container image to be deployed. Defaults - to the value of `version`. Similar to a tag, but the SHA explicitly - deploys an immutable container image. Version and Tag are ignored - if SHA is set. - type: string - storage: - description: Storage spec to specify how storage shall be used. - properties: - emptyDir: - description: 'EmptyDirVolumeSource to be used by the Prometheus - StatefulSets. If specified, used in place of any volumeClaimTemplate. - More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' - properties: - medium: - description: 'What type of storage medium should back this directory. - The default is "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required for this - EmptyDir volume. The size limit is also applicable for memory - medium. The maximum usage on memory medium EmptyDir would - be the minimum value between the SizeLimit specified here - and the sum of memory limits of all containers in a pod. The - default is nil which means that the limit is undefined. More - info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string - type: object - volumeClaimTemplate: - description: A PVC spec to be used by the Prometheus StatefulSets. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName type: object - spec: - description: 'Spec defines the desired characteristics of a - volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime properties: - accessModes: - description: 'AccessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array - dataSource: - description: This field requires the VolumeSnapshotDataSource - alpha feature gate to be enabled and currently VolumeSnapshot - is the only supported data source. If the provisioner - can support VolumeSnapshot data source, it will create - a new volume and data will be restored to the volume at - the same time. If the provisioner does not support VolumeSnapshot - data source, volume will not be created and the failure - will be reported as an event. In the future, we plan to - support more data source types and the behavior of the - provisioner may change. + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, the - specified Kind must be in the core API group. For - any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string name: - description: Name is the name of resource being referenced + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string - required: - - kind - - name - type: object - resources: - description: 'Resources represents the minimum resources - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - type: string - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - selector: - description: A label query over volumes to consider for - binding. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object type: object - storageClassName: - description: 'Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. This is a beta feature. - type: string - volumeName: - description: VolumeName is the binding reference to the - PersistentVolume backing this claim. + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string + required: + - monitors type: object - status: - description: 'Status represents the current information/status - of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: - accessModes: - description: 'AccessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - capacity: - additionalProperties: - type: string - description: Represents the actual resources of the underlying - volume. + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string type: object - conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. items: - description: PersistentVolumeClaimCondition contails details - about state of pvc + description: Maps a string key to a path within a volume. properties: - lastProbeTime: - description: Last time we probed the condition. - format: date-time - type: string - lastTransitionTime: - description: Last time the condition transitioned - from one status to another. - format: date-time - type: string - message: - description: Human-readable message indicating details - about last transition. - type: string - reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is being - resized. - type: string - status: + key: + description: The key to project. type: string - type: - description: PersistentVolumeClaimConditionType is - a valid value of PersistentVolumeClaimCondition.Type + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. type: string required: - - status - - type + - key + - path type: object type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean type: object - type: object - type: object - tag: - description: Tag of Prometheus container image to be deployed. Defaults - to the value of `version`. Version is ignored if Tag is set. - type: string - thanos: - description: "Thanos configuration allows configuring various aspects - of a Prometheus server in a Thanos environment. \n This section is - experimental, it may change significantly without deprecation notice - in any release. \n This is experimental and may change significantly - without backward compatibility in any release." - properties: - baseImage: - description: Thanos base image if other than default. - type: string - grpcServerTlsConfig: - description: 'GRPCServerTLSConfig configures the gRPC server from - which Thanos Querier reads recorded rule data. Note: Currently - only the CAFile, CertFile, and KeyFile fields are supported. Maps - to the ''--grpc-server-tls-*'' CLI args.' - properties: - ca: - description: Stuct containing the CA cert to use for the targets. + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). properties: - configMap: - description: ConfigMap containing data to use for the targets. + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. properties: - key: - description: The key to select. - type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. type: object + required: + - driver type: object - caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. - type: string - cert: - description: Struct containing the client cert file for the - targets. + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. properties: - configMap: - description: ConfigMap containing data to use for the targets. + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' properties: - key: - description: The key to select. - type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key type: object - secret: - description: Secret containing data to use for the targets. + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal type: object - certFile: - description: Path to the client cert file in the Prometheus - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus container - for the targets. + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - keySecret: - description: Secret containing the client key file for the targets. + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string - optional: - description: Specify whether the Secret or its key must - be defined + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. type: boolean required: - - key + - claimName type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - image: - description: Image if specified has precedence over baseImage, tag - and sha combinations. Specifying the version is still necessary - to ensure the Prometheus Operator knows what version of Thanos - is being configured. - type: string - listenLocal: - description: ListenLocal makes the Thanos sidecar listen on loopback, - so that it does not bind against the Pod IP. - type: boolean - objectStorageConfig: - description: ObjectStorageConfig configures object storage in Thanos. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - resources: - description: Resources defines the resource requirements for the - Thanos sidecar. If not provided, no requests/limits will be set - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID type: object - requests: - additionalProperties: - type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID type: object - type: object - sha: - description: SHA of Thanos container image to be deployed. Defaults - to the value of `version`. Similar to a tag, but the SHA explicitly - deploys an immutable container image. Version and Tag are ignored - if SHA is set. - type: string - tag: - description: Tag of Thanos sidecar container image to be deployed. - Defaults to the value of `version`. Version is ignored if Tag - is set. - type: string - tracingConfig: - description: TracingConfig configures tracing in Thanos. This is - an experimental feature, it may change in any upcoming release - in a breaking way. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - version: - description: Version describes the version of Thanos to use. - type: string - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: object - type: array - version: - description: Version of Prometheus to be deployed. - type: string - volumeMounts: - description: VolumeMounts allows configuration of additional VolumeMounts - on the output StatefulSet definition. VolumeMounts specified will - be appended to other VolumeMounts in the prometheus container, that - are generated as a result of StorageSpec objects. - items: - description: VolumeMount describes a mounting of a Volume within a - container. - properties: - mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When not - set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false - or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's - volume should be mounted. Behaves similarly to SubPath but environment - variable references $(VAR_NAME) are expanded using the container's - environment. Defaults to "" (volume's root). SubPathExpr and - SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: Volumes allows configuration of additional volumes on the - output StatefulSet definition. Volumes specified will be appended - to other volumes that are generated as a result of StorageSpec objects. - items: - description: Volume represents a named volume in a pod that may be - accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising - the machine' - type: string - partition: - description: 'The partition in the volume that you want to - mount. If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for /dev/sda is - "0" (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the default - is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource in - AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: AzureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob disks - per storage account Dedicated: single blob disk per storage - account Managed: azure managed data disk (only in managed - availability set). defaults to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: AzureFile represents an Azure File Service mount - on the host and bind mount to the pod. - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure Storage - Account Name and Key - type: string - shareName: - description: Share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: CephFS represents a Ceph FS mount on the host that - shares a pod's lifetime - properties: - monitors: - description: 'Required: Monitors is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group type: string - type: array - path: - description: 'Optional: Used as the mounted root, rather than - the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the authentication - secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - user: - description: 'Optional: User is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'Cinder represents a cinder volume attached and mounted - on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. More - info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: type: string - type: object - volumeID: - description: 'volume id used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: ConfigMap represents a configMap that should populate - this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the Data - field of the referenced ConfigMap will be projected into - the volume as a file whose name is the key and content is - the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the - ConfigMap, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might be - in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode - bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the - key to. May not be an absolute path. May not contain - the path element '..'. May not start with the string - '..'. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string - required: - - key - - path type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys must - be defined - type: boolean - type: object - csi: - description: CSI (Container Storage Interface) represents storage - that is handled by an external CSI driver (Alpha feature). - properties: - driver: - description: Driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed to the - associated CSI driver which will determine the default filesystem - to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the secret - object containing sensitive information to pass to the CSI - driver to complete the CSI NodePublishVolume and NodeUnpublishVolume - calls. This field is optional, and may be empty if no secret - is required. If the secret object contains more than one - secret, all secret references are passed. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - readOnly: - description: Specifies a read-only configuration for the volume. - Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string - description: VolumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: DownwardAPI represents downward API about the pod - that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. properties: - fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might be - in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode - bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative path name - of the file to be created. Must not be absolute or - contain the ''..'' path. Must be utf-8 encoded. The - first item of the relative path must not start with - ''..''' + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - required: - - path type: object - type: array - type: object - emptyDir: - description: 'EmptyDir represents a temporary directory that shares - a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'What type of storage medium should back this - directory. The default is "" which means to use the node''s - default medium. Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required for this - EmptyDir volume. The size limit is also applicable for memory - medium. The maximum usage on memory medium EmptyDir would - be the minimum value between the SizeLimit specified here - and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string - type: object - fc: - description: FC represents a Fibre Channel resource that is attached - to a kubelet's host machine and then exposed to the pod. - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising - the machine' - type: string - lun: - description: 'Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - items: + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. type: string - type: array - wwids: - description: 'Optional: FC volume world wide identifiers (wwids) - Either wwids or combination of targetWWNs and lun must be - set, but not both simultaneously.' - items: + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. type: string - type: array - type: object - flexVolume: - description: FlexVolume represents a generic volume resource that - is provisioned/attached using an exec based plugin. - properties: - driver: - description: Driver is the name of the driver to use for this - volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. - type: string - options: - additionalProperties: + system: + description: The name of the storage system as configured + in ScaleIO. type: string - description: 'Optional: Extra command options if any.' - type: object - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the secret - object containing sensitive information to pass to the plugin - scripts. This may be empty if no secret object is specified. - If the secret object contains more than one secret, all - secrets are passed to the plugin scripts.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - required: - - driver - type: object - flocker: - description: Flocker represents a Flocker volume attached to a - kubelet's host machine. This depends on the Flocker control - service being running - properties: - datasetName: - description: Name of the dataset stored as metadata -> name - on the dataset for Flocker should be considered as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising - the machine' - type: string - partition: - description: 'The partition in the volume that you want to - mount. If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for /dev/sda is - "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'Unique name of the PD resource in GCE. Used - to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'GitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision a - container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' - properties: - directory: - description: Target directory name. Must not contain or start - with '..'. If '.' is supplied, the volume directory will - be the git repository. Otherwise, if specified, the volume - will contain the git repository in the subdirectory with - the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the host - that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'EndpointsName is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to false. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'HostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' - properties: - path: - description: 'Path of the directory on the host. If the path - is a symlink, it will follow the link to the real path. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to the - pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising - the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new iSCSI - interface : will be created - for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: iSCSI Target Portal List. The portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - items: + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. type: string - type: array - readOnly: - description: ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator authentication - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - targetPortal: - description: iSCSI Target Portal. The Portal is either an - IP or ip_addr:port if the port is other than default (typically - TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique within - the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'Path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export to be - mounted with read-only permissions. Defaults to false. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a reference - to a PersistentVolumeClaim in the same namespace. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent - disk - type: string - required: - - pdID - type: object - portworxVolume: - description: PortworxVolume represents a portworx volume attached - and mounted on kubelets host machine - properties: - fsType: - description: FSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: Items for all in one resources secrets, configmaps, - and downward API - properties: - defaultMode: - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within the - path are not affected by this setting. This might be in - conflict with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: list of volume projections - items: - description: Projection that may be projected along with - other supported volume types - properties: - configMap: - description: information about the configMap data to - project - properties: - items: - description: If unspecified, each key-value pair - in the Data field of the referenced ConfigMap - will be projected into the volume as a file whose - name is the key and content is the value. If specified, - the listed keys will be projected into the specified - paths, and unlisted keys will not be present. - If a key is specified which is not present in - the ConfigMap, the volume setup will error unless - it is marked optional. Paths must be relative - and may not contain the '..' path or start with - '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on - this file, must be a value between 0 and - 0777. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - keys must be defined - type: boolean - type: object - downwardAPI: - description: information about the downwardAPI data - to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing the - pod field - properties: - fieldRef: - description: 'Required: Selects a field of - the pod: only annotations, labels, name - and namespace are supported.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits to use on - this file, must be a value between 0 and - 0777. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' path. - Must be utf-8 encoded. The first item of - the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format - of the exposed resources, defaults to - "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - description: information about the secret data to project - properties: - items: - description: If unspecified, each key-value pair - in the Data field of the referenced Secret will - be projected into the volume as a file whose name - is the key and content is the value. If specified, - the listed keys will be projected into the specified - paths, and unlisted keys will not be present. - If a key is specified which is not present in - the Secret, the volume setup will error unless - it is marked optional. Paths must be relative - and may not contain the '..' path or start with - '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on - this file, must be a value between 0 and - 0777. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - type: object - serviceAccountToken: - description: information about the serviceAccountToken - data to project - properties: - audience: - description: Audience is the intended audience of - the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested - duration of validity of the service account token. - As the token approaches expiration, the kubelet - volume plugin will proactively rotate the service - account token. The kubelet will start trying to - rotate the token if the token is older than 80 - percent of its time to live or if the token is - older than 24 hours.Defaults to 1 hour and must - be at least 10 minutes. - format: int64 - type: integer - path: - description: Path is the path relative to the mount - point of the file to project the token into. - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - description: Quobyte represents a Quobyte mount on the host that - shares a pod's lifetime - properties: - group: - description: Group to map volume access to Default is no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume to - be mounted with read-only permissions. Defaults to false. - type: boolean - registry: - description: Registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to serivceaccount - user - type: string - volume: - description: Volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'RBD represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising - the machine' - type: string - image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string - type: array - pool: - description: 'The rados pool name. Default is rbd. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is nil. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - user: - description: 'The rados user name. Default is admin. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain for - the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - sslEnabled: - description: Flag to enable/disable SSL communication with - Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume should - be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with the - protection domain. - type: string - system: - description: The name of the storage system as configured - in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in the ScaleIO - system that is associated with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the Data - field of the referenced Secret will be projected into the - volume as a file whose name is the key and content is the - value. If specified, the listed keys will be projected into - the specified paths, and unlisted keys will not be present. - If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. - Paths must be relative and may not contain the '..' path - or start with '..'. - items: - description: Maps a string key to a path within a volume. + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might be - in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode - bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the - key to. May not be an absolute path. May not contain - the path element '..'. May not start with the string - '..'. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string - required: - - key - - path type: object - type: array - optional: - description: Specify whether the Secret or its keys must be - defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace to - use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: StorageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - volumeName: - description: VolumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within a - namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of the volume - within StorageOS. If no namespace is specified then the - Pod's namespace will be used. This allows the Kubernetes - name scoping to be mirrored within StorageOS for tighter - integration. Set VolumeName to any name to override the - default behaviour. Set to "default" if you are not using - namespaces within StorageOS. Namespaces that do not pre-exist - within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) profile - name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - walCompression: - description: Enable compression of the write-ahead log using Snappy. - This flag is only available in versions of Prometheus >= 2.11.0. - type: boolean - type: object - status: - description: 'Most recent observed status of the Prometheus cluster. Read-only. - Not included when requesting from the apiserver, only from the Prometheus - Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this Prometheus deployment. - format: int32 - type: integer - paused: - description: Represents whether any actions on the underlaying managed - objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this Prometheus - deployment (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this Prometheus - deployment. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this Prometheus - deployment that have the desired version spec. - format: int32 - type: integer - required: - - availableReplicas - - paused - - replicas - - unavailableReplicas - - updatedReplicas - type: object - required: - - spec - type: object - version: v1 - versions: - - name: v1 + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + walCompression: + description: Enable compression of the write-ahead log using Snappy. + This flag is only available in versions of Prometheus >= 2.11.0. + type: boolean + type: object + status: + description: 'Most recent observed status of the Prometheus cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Prometheus deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Prometheus + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + additionalPrinterColumns: + - jsonPath: .spec.version + description: The version of Prometheus + name: Version + type: string + - jsonPath: .spec.replicas + description: The desired replicas number of Prometheuses + name: Replicas + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date served: true storage: true + subresources: {} diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-prometheusrules.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-prometheusrules.yaml index 3f5cb49239..5a059789a3 100755 --- a/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-prometheusrules.yaml +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-prometheusrules.yaml @@ -1,10 +1,9 @@ # https://raw.githubusercontent.com/coreos/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.4 - helm.sh/hook: crd-install creationTimestamp: null name: prometheusrules.monitoring.coreos.com spec: @@ -16,77 +15,77 @@ spec: singular: prometheusrule preserveUnknownFields: false scope: Namespaced - validation: - openAPIV3Schema: - description: PrometheusRule defines alerting rules for a Prometheus instance - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of desired alerting rule definitions for Prometheus. - properties: - groups: - description: Content of Prometheus rule file - items: - description: 'RuleGroup is a list of sequentially evaluated recording - and alerting rules. Note: PartialResponseStrategy is only used by - ThanosRuler and will be ignored by Prometheus instances. Valid - values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' - properties: - interval: - type: string - name: - type: string - partial_response_strategy: - type: string - rules: - items: - description: Rule describes an alerting or recording rule. - properties: - alert: - type: string - annotations: - additionalProperties: - type: string - type: object - expr: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - for: - type: string - labels: - additionalProperties: - type: string - type: object - record: - type: string - required: - - expr - type: object - type: array - required: - - name - - rules - type: object - type: array - type: object - required: - - spec - type: object - version: v1 versions: - name: v1 + schema: + openAPIV3Schema: + description: PrometheusRule defines alerting rules for a Prometheus instance + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired alerting rule definitions for Prometheus. + properties: + groups: + description: Content of Prometheus rule file + items: + description: 'RuleGroup is a list of sequentially evaluated recording + and alerting rules. Note: PartialResponseStrategy is only used by + ThanosRuler and will be ignored by Prometheus instances. Valid + values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' + properties: + interval: + type: string + name: + type: string + partial_response_strategy: + type: string + rules: + items: + description: Rule describes an alerting or recording rule. + properties: + alert: + type: string + annotations: + additionalProperties: + type: string + type: object + expr: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + for: + type: string + labels: + additionalProperties: + type: string + type: object + record: + type: string + required: + - expr + type: object + type: array + required: + - name + - rules + type: object + type: array + type: object + required: + - spec + type: object served: true storage: true + diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-servicemonitor.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-servicemonitor.yaml index e631c2c090..2177a97072 100755 --- a/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-servicemonitor.yaml +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-servicemonitor.yaml @@ -1,10 +1,9 @@ # https://raw.githubusercontent.com/coreos/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.4 - helm.sh/hook: crd-install creationTimestamp: null name: servicemonitors.monitoring.coreos.com spec: @@ -16,445 +15,445 @@ spec: singular: servicemonitor preserveUnknownFields: false scope: Namespaced - validation: - openAPIV3Schema: - description: ServiceMonitor defines monitoring for a set of services. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of desired Service selection for target discovery - by Prometheus. - properties: - endpoints: - description: A list of endpoints allowed as part of this ServiceMonitor. - items: - description: Endpoint defines a scrapeable endpoint serving Prometheus - metrics. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: The secret in the service monitor namespace that - contains the password for authentication. + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ServiceMonitor defines monitoring for a set of services. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Service selection for target discovery + by Prometheus. + properties: + endpoints: + description: A list of endpoints allowed as part of this ServiceMonitor. + items: + description: Endpoint defines a scrapeable endpoint serving Prometheus + metrics. + properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over + basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenFile: + description: File to read bearer token for scraping targets. + type: string + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping + targets. The secret needs to be in the same namespace as the + service monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - username: - description: The secret in the service monitor namespace that - contains the username for authentication. + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the service port this endpoint refers to. + Mutually exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - type: object - bearerTokenFile: - description: File to read bearer token for scraping targets. - type: string - bearerTokenSecret: - description: Secret to mount to read bearer token for scraping - targets. The secret needs to be in the same namespace as the - service monitor and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - interval: - description: Interval at which metrics should be scraped - type: string - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It defines - ``-section of Prometheus configuration. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: Name or number of the pod port this endpoint refers + to. Mutually exclusive with port. + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint properties: - action: - description: Action to perform based on regex matching. - Default is 'replace' + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular expression - for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string type: array - params: - additionalProperties: - items: - type: string - type: array - description: Optional HTTP URL parameters - type: object - path: - description: HTTP path to scrape for metrics. - type: string - port: - description: Name of the service port this endpoint refers to. - Mutually exclusive with targetPort. - type: string - proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. - type: string - relabelings: - description: 'RelabelConfigs to apply to samples before scraping. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + type: object + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Endpoints objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It defines - ``-section of Prometheus configuration. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. properties: - action: - description: Action to perform based on regex matching. - Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' + key: + description: key is the label key that the selector applies + to. type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular expression - for the replace, keep, and drop actions. + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. items: type: string type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string + required: + - key + - operator type: object type: array - scheme: - description: HTTP scheme to use for scraping. - type: string - scrapeTimeout: - description: Timeout after which the scrape is ended - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: Name or number of the pod port this endpoint refers - to. Mutually exclusive with port. - x-kubernetes-int-or-string: true - tlsConfig: - description: TLS configuration to use when scraping the endpoint - properties: - ca: - description: Stuct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. - type: string - cert: - description: Struct containing the client cert file for the - targets. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - certFile: - description: Path to the client cert file in the Prometheus - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus - container for the targets. - type: string - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object - type: array - jobLabel: - description: The label to use to retrieve the job name from. - type: string - namespaceSelector: - description: Selector to select which namespaces the Endpoints objects - are discovered from. - properties: - any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names. - items: - type: string - type: array - type: object - podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod - onto the target. - items: - type: string - type: array - sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. - format: int64 - type: integer - selector: - description: Selector to select Endpoints objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - targetLabels: - description: TargetLabels transfers labels on the Kubernetes Service - onto the target. - items: - type: string - type: array - required: - - endpoints - - selector - type: object - required: - - spec - type: object - version: v1 - versions: - - name: v1 + targetLabels: + description: TargetLabels transfers labels on the Kubernetes Service + onto the target. + items: + type: string + type: array + required: + - endpoints + - selector + type: object + required: + - spec + type: object served: true storage: true + diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-thanosrulers.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-thanosrulers.yaml index e7b935a998..f43e18004a 100755 --- a/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-thanosrulers.yaml +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-thanosrulers.yaml @@ -1,10 +1,9 @@ # https://raw.githubusercontent.com/coreos/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.4 - helm.sh/hook: crd-install creationTimestamp: null name: thanosrulers.monitoring.coreos.com spec: @@ -16,4711 +15,4711 @@ spec: singular: thanosruler preserveUnknownFields: false scope: Namespaced - validation: - openAPIV3Schema: - description: ThanosRuler defines a ThanosRuler deployment. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Specification of the desired behavior of the ThanosRuler cluster. - More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - properties: - affinity: - description: If specified, the pod's scheduling constraints. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ThanosRuler defines a ThanosRuler deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the ThanosRuler cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array required: - - preference - - weight + - nodeSelectorTerms type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: - type: string + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: + matchLabels: + additionalProperties: type: string - type: array - required: - - key - - operator + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. + type: array + required: + - key + - operator type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query over a set of resources, in - this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: - type: string + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object type: array - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object type: object - type: array - matchLabels: - additionalProperties: + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some other - pod(s)). + required: + - topologyKey + type: object + type: array + type: object + type: object + alertDropLabels: + description: AlertDropLabels configure the label names which should + be dropped in ThanosRuler alerts. If `labels` field is not provided, + `thanos_ruler_replica` will be dropped in alerts by default. + items: + type: string + type: array + alertQueryUrl: + description: The external Query URL the Thanos Ruler will set in the + 'Source' field of all alerts. Maps to the '--alert.query-url' CLI + arg. + type: string + alertmanagersConfig: + description: Define configuration for connecting to alertmanager. Only + available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` + arg. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + alertmanagersUrl: + description: 'Define URLs to send alerts to Alertmanager. For Thanos + v0.10.0 and higher, AlertManagersConfig should be used instead. Note: + this field will be ignored if AlertManagersConfig is specified. Maps + to the `alertmanagers.url` arg.' + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a ThanosRuler pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `thanos-ruler` and `rules-configmap-reloader`. Overriding containers + is entirely outside the scope of what the maintainers will support + and by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) + description: EnvVar represents an environment variable present + in a Container. properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. + configMapKeyRef: + description: Selects a key of a ConfigMap. properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer required: - - podAffinityTerm - - weight + - name type: object type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running + description: EnvFromSource represents the source of a set of + ConfigMaps properties: - labelSelector: - description: A label query over a set of resources, in - this case pods. + configMapRef: + description: The ConfigMap to select from properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. type: string - required: - - topologyKey + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object type: object type: array - type: object - type: object - alertDropLabels: - description: AlertDropLabels configure the label names which should - be dropped in ThanosRuler alerts. If `labels` field is not provided, - `thanos_ruler_replica` will be dropped in alerts by default. - items: - type: string - type: array - alertQueryUrl: - description: The external Query URL the Thanos Ruler will set in the - 'Source' field of all alerts. Maps to the '--alert.query-url' CLI - arg. - type: string - alertmanagersConfig: - description: Define configuration for connecting to alertmanager. Only - available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` - arg. - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - alertmanagersUrl: - description: 'Define URLs to send alerts to Alertmanager. For Thanos - v0.10.0 and higher, AlertManagersConfig should be used instead. Note: - this field will be ignored if AlertManagersConfig is specified. Maps - to the `alertmanagers.url` arg.' - items: - type: string - type: array - containers: - description: 'Containers allows injecting additional containers or modifying - operator generated containers. This can be used to allow adding an - authentication proxy to a ThanosRuler pod or to change the behavior - of an operator generated container. Containers described here modify - an operator generated container if they share the same name and modifications - are done via a strategic merge patch. The current container names - are: `thanos-ruler` and `rules-configmap-reloader`. Overriding containers - is entirely outside the scope of what the maintainers will support - and by doing so, you accept that this behaviour may break at any time - without notice.' - items: - description: A single application container that you want to run within - a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be - updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The - docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. properties: - key: - description: The key to select. + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean required: - - key + - port type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true required: - - fieldPath + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + httpGet: + description: HTTPGet specifies the http request to perform. properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string - divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. type: string - resource: - description: 'Required: resource to select' + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - - resource + - port type: object - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true required: - - key + - port type: object type: object - required: - - name type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of - ConfigMaps + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: - configMapRef: - description: The ConfigMap to select from + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port type: object - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string - optional: - description: Specify whether the Secret must be defined - type: boolean + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer type: object - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take in - response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The reason for termination is passed to - the handler. The Pod''s termination grace period countdown - begins before the PreStop hooked is executed. Regardless - of the outcome of the handler, the container will eventually - terminate within the Pod''s termination grace period. Other - management of the container blocks until the hook completes - or until the termination grace period is reached. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported TODO: implement a realistic - TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true required: - - port + - containerPort type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. Each - container in a pod must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about the - network connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Cannot be updated. - items: - description: ContainerPort represents a network port in a single - container. + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. format: int32 type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod must - have a unique name. Name for the port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. type: string - required: - - containerPort + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object type: object - type: array - readinessProbe: - description: 'Periodic probe of container service readiness. Container - will be removed from service endpoints if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - - port + - devicePath + - name type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported TODO: implement a realistic - TCP lifecycle hook' + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by this container. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + - mountPath + - name type: object - type: object - securityContext: - description: 'Security options the pod should run with. More info: - https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalPrefix: + description: The external URL the Thanos Ruler instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Thanos Ruler is not served from root of a DNS name. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from which + Thanos Querier reads recorded rule data. Note: Currently only the + CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' + CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the - container runtime. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use - for the containers. The default is DefaultProcMount which - uses the container runtime defaults for readonly paths and - masked paths. This requires the ProcMountType feature flag - to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. + configMap: + description: ConfigMap containing data to use for the targets. properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. + key: + description: The key to select. type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key type: object - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. + secret: + description: Secret containing data to use for the targets. properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. This field is alpha-level - and is only honored by servers that enable the WindowsGMSA - feature flag. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. This field is alpha-level - and is only honored by servers that enable the WindowsGMSA - feature flag. + key: + description: The key of the secret to select from. Must + be a valid secret key. type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. This field is beta-level and may be - disabled with the WindowsRunAsUserName feature flag. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key type: object type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod will - be restarted, just as if the livenessProbe failed. This can - be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. This - cannot be updated. This is an alpha feature enabled by the StartupProbe - feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + caFile: + description: Path to the CA cert in the Prometheus container to + use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. + configMap: + description: ConfigMap containing data to use for the targets. properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. + key: + description: The key to select. type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean required: - - port + - key type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported TODO: implement a realistic - TCP lifecycle hook' + secret: + description: Secret containing data to use for the targets. properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + key: + description: The key of the secret to select from. Must + be a valid secret key. type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer for - stdin in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default is - false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin - channel after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container - start, is empty until the first client attaches to stdin, and - then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container - is restarted. If this flag is false, a container processes that - reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s - termination message will be written is mounted into the container''s - filesystem. Message written is intended to be brief final status, - such as an assertion failure message. Will be truncated by the - node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. - File will use the contents of terminationMessagePath to populate - the container status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container + for the targets. type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. + insecureSkipVerify: + description: Disable target certificate validation. type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. This is a beta feature. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationNone is used. This - field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might be - configured in the container image. Cannot be updated. + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. type: string - required: - - name type: object - type: array - enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace label - of origin for each alert and metric that is user created. The label - value will always be the namespace of the object that is being created. - type: string - evaluationInterval: - description: Interval between consecutive evaluations. - type: string - externalPrefix: - description: The external URL the Thanos Ruler instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Thanos Ruler is not served from root of a DNS name. - type: string - grpcServerTlsConfig: - description: 'GRPCServerTLSConfig configures the gRPC server from which - Thanos Querier reads recorded rule data. Note: Currently only the - CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' - CLI args.' - properties: - ca: - description: Stuct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must - be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - type: object - caFile: - description: Path to the CA cert in the Prometheus container to - use for the targets. - type: string - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must - be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - type: object - certFile: - description: Path to the client cert file in the Prometheus container - for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus container - for the targets. - type: string - keySecret: - description: Secret containing the client key file for the targets. + image: + description: Thanos container image URL. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - image: - description: Thanos container image URL. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same namespace - to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to let - you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - type: array - initContainers: - description: 'InitContainers allows adding initContainers to the pod - definition. Those can be used to e.g. fetch secrets for injection - into the ThanosRuler configuration from external sources. Any errors - during the execution of an initContainer will lead to a restart of - the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - Using initContainers for any use case other then secret fetching is - entirely outside the scope of what the maintainers will support and - by doing so, you accept that this behaviour may break at any time - without notice.' - items: - description: A single application container that you want to run within - a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be - updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the ThanosRuler configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The - docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. properties: - key: - description: The key to select. + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean required: - - key + - port type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true required: - - fieldPath + - port type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string - divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. type: string - resource: - description: 'Required: resource to select' + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - - resource + - port type: object - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true required: - - key + - port type: object type: object - required: - - name type: object - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of - ConfigMaps + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: - configMapRef: - description: The ConfigMap to select from + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean + required: + - port type: object - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string - optional: - description: Specify whether the Secret must be defined - type: boolean + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer type: object - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take in - response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The reason for termination is passed to - the handler. The Pod''s termination grace period countdown - begins before the PreStop hooked is executed. Regardless - of the outcome of the handler, the container will eventually - terminate within the Pod''s termination grace period. Other - management of the container blocks until the hook completes - or until the termination grace period is reached. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported TODO: implement a realistic - TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true required: - - port + - containerPort type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. Each - container in a pod must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about the - network connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Cannot be updated. - items: - description: ContainerPort represents a network port in a single - container. + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. format: int32 type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod must - have a unique name. Name for the port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - description: 'Periodic probe of container service readiness. Container - will be removed from service endpoints if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported TODO: implement a realistic - TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by this container. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - securityContext: - description: 'Security options the pod should run with. More info: - https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the - container runtime. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type + role: + description: Role is a SELinux role label that applies + to the container. type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use - for the containers. The default is DefaultProcMount which - uses the container runtime defaults for readonly paths and - masked paths. This requires the ProcMountType feature flag - to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. type: string - user: - description: User is a SELinux user label that applies - to the container. + name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string + required: + - devicePath + - name type: object - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. This field is alpha-level - and is only honored by servers that enable the WindowsGMSA - feature flag. + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. This field is alpha-level - and is only honored by servers that enable the WindowsGMSA - feature flag. + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. This field is beta-level and may be - disabled with the WindowsRunAsUserName feature flag. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod will - be restarted, just as if the livenessProbe failed. This can - be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. This - cannot be updated. This is an alpha feature enabled by the StartupProbe - feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. - Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + name: + description: This must match the Name of a Volume. type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. type: string required: - - port + - mountPath + - name type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness and startup. Minimum value is - 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP - port. TCP hooks not yet supported TODO: implement a realistic - TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer for - stdin in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default is - false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin - channel after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container - start, is empty until the first client attaches to stdin, and - then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container - is restarted. If this flag is false, a container processes that - reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s - termination message will be written is mounted into the container''s - filesystem. Message written is intended to be brief final status, - such as an assertion failure message. Will be truncated by the - node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels configure the external label pairs to ThanosRuler. + If not provided, default replica label `thanos_ruler_replica` will + be added as a label and be dropped in alerts. + type: object + listenLocal: + description: ListenLocal makes the Thanos ruler listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for ThanosRuler to be configured with. + type: string + logLevel: + description: Log level for ThanosRuler to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. - File will use the contents of terminationMessagePath to populate - the container status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. + optional: + description: Specify whether the Secret or its key must be defined type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. This is a beta feature. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationNone is used. This - field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might be - configured in the container image. Cannot be updated. - type: string required: - - name + - key + type: object + paused: + description: When a ThanosRuler deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata contains Labels and Annotations gets propagated + to the thanos ruler pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object type: object - type: array - labels: - additionalProperties: + portName: + description: Port name used for the pods and governing service. This + defaults to web type: string - description: Labels configure the external label pairs to ThanosRuler. - If not provided, default replica label `thanos_ruler_replica` will - be added as a label and be dropped in alerts. - type: object - listenLocal: - description: ListenLocal makes the Thanos ruler listen on loopback, - so that it does not bind against the Pod IP. - type: boolean - logFormat: - description: Log format for ThanosRuler to be configured with. - type: string - logLevel: - description: Log level for ThanosRuler to be configured with. - type: string - nodeSelector: - additionalProperties: + priorityClassName: + description: Priority class assigned to the Pods type: string - description: Define which Nodes the Pods are scheduled on. - type: object - objectStorageConfig: - description: ObjectStorageConfig configures object storage in Thanos. - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - paused: - description: When a ThanosRuler deployment is paused, no actions except - for deletion will be performed on the underlying objects. - type: boolean - podMetadata: - description: PodMetadata contains Labels and Annotations gets propagated - to the thanos ruler pods. - properties: - annotations: - additionalProperties: + queryConfig: + description: Define configuration for connecting to thanos query instances. + If this is defined, the QueryEndpoints field will be ignored. Maps + to the `query.config` CLI argument. Only available with thanos v0.11.0 + and higher. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. type: string - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - labels: - additionalProperties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - type: object - portName: - description: Port name used for the pods and governing service. This - defaults to web - type: string - priorityClassName: - description: Priority class assigned to the Pods - type: string - queryConfig: - description: Define configuration for connecting to thanos query instances. - If this is defined, the QueryEndpoints field will be ignored. Maps - to the `query.config` CLI argument. Only available with thanos v0.11.0 - and higher. - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + queryEndpoints: + description: QueryEndpoints defines Thanos querier endpoints from which + to query metrics. Maps to the --query flag of thanos ruler. + items: type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - queryEndpoints: - description: QueryEndpoints defines Thanos querier endpoints from which - to query metrics. Maps to the --query flag of thanos ruler. - items: - type: string - type: array - replicas: - description: Number of thanos ruler instances to deploy. - format: int32 - type: integer - resources: - description: Resources defines the resource requirements for single - Pods. If not provided, no requests/limits will be set - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - type: string - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - retention: - description: Time duration ThanosRuler shall retain data for. Default - is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` - (milliseconds seconds minutes hours days weeks years). - type: string - routePrefix: - description: The route prefix ThanosRuler registers HTTP handlers for. - This allows thanos UI to be served on a sub-path. - type: string - ruleNamespaceSelector: - description: Namespaces to be selected for Rules discovery. If unspecified, - only the same namespace as the ThanosRuler object is in is used. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - ruleSelector: - description: A label selector to select which PrometheusRules to mount - for alerting and recording. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - securityContext: - description: SecurityContext holds pod-level security attributes and - common container settings. This defaults to the default PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all containers - in a pod. Some volume types allow the Kubelet to change the ownership - of that volume to be owned by the pod: \n 1. The owning GID will - be the FSGroup 2. The setgid bit is set (new files created in - the volume will be owned by FSGroup) 3. The permission bits are - OR'd with rw-rw---- \n If unset, the Kubelet will not modify the - ownership and permissions of any volume." - format: int64 - type: integer - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux - context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. + type: array + replicas: + description: Number of thanos ruler instances to deploy. + format: int32 + type: integer + resources: + description: Resources defines the resource requirements for single + Pods. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run in - each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. This field is alpha-level - and is only honored by servers that enable the WindowsGMSA - feature flag. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. This field is alpha-level and is only - honored by servers that enable the WindowsGMSA feature flag. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of - the container process. Defaults to the user specified in image - metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. This - field is beta-level and may be disabled with the WindowsRunAsUserName - feature flag. - type: string - type: object - type: object - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to - use to run the Thanos Ruler Pods. - type: string - storage: - description: Storage spec to specify how storage shall be used. - properties: - emptyDir: - description: 'EmptyDirVolumeSource to be used by the Prometheus - StatefulSets. If specified, used in place of any volumeClaimTemplate. - More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' - properties: - medium: - description: 'What type of storage medium should back this directory. - The default is "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required for this - EmptyDir volume. The size limit is also applicable for memory - medium. The maximum usage on memory medium EmptyDir would - be the minimum value between the SizeLimit specified here - and the sum of memory limits of all containers in a pod. The - default is nil which means that the limit is undefined. More - info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + requests: + additionalProperties: type: string - type: object - volumeClaimTemplate: - description: A PVC spec to be used by the Prometheus StatefulSets. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - spec: - description: 'Spec defines the desired characteristics of a - volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration ThanosRuler shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + routePrefix: + description: The route prefix ThanosRuler registers HTTP handlers for. + This allows thanos UI to be served on a sub-path. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for Rules discovery. If unspecified, + only the same namespace as the ThanosRuler object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. properties: - accessModes: - description: 'AccessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. items: type: string type: array - dataSource: - description: This field requires the VolumeSnapshotDataSource - alpha feature gate to be enabled and currently VolumeSnapshot - is the only supported data source. If the provisioner - can support VolumeSnapshot data source, it will create - a new volume and data will be restored to the volume at - the same time. If the provisioner does not support VolumeSnapshot - data source, volume will not be created and the failure - will be reported as an event. In the future, we plan to - support more data source types and the behavior of the - provisioner may change. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, the - specified Kind must be in the core API group. For - any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - resources: - description: 'Resources represents the minimum resources - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - type: string - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - selector: - description: A label query over volumes to consider for - binding. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - storageClassName: - description: 'Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. This is a beta feature. - type: string - volumeName: - description: VolumeName is the binding reference to the - PersistentVolume backing this claim. - type: string + required: + - key + - operator type: object - status: - description: 'Status represents the current information/status - of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A label selector to select which PrometheusRules to mount + for alerting and recording. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. properties: - accessModes: - description: 'AccessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. items: type: string type: array - capacity: - additionalProperties: - type: string - description: Represents the actual resources of the underlying - volume. - type: object - conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails details - about state of pvc - properties: - lastProbeTime: - description: Last time we probed the condition. - format: date-time - type: string - lastTransitionTime: - description: Last time the condition transitioned - from one status to another. - format: date-time - type: string - message: - description: Human-readable message indicating details - about last transition. - type: string - reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is being - resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType is - a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string + required: + - key + - operator type: object - type: object - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." format: int64 type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: object - type: array - tracingConfig: - description: TracingConfig configures tracing in Thanos. This is an - experimental feature, it may change in any upcoming release in a breaking - way. - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - volumes: - description: Volumes allows configuration of additional volumes on the - output StatefulSet definition. Volumes specified will be appended - to other volumes that are generated as a result of StorageSpec objects. - items: - description: Volume represents a named volume in a pod that may be - accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising - the machine' + level: + description: Level is SELinux level label that applies to the + container. type: string - partition: - description: 'The partition in the volume that you want to - mount. If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for /dev/sda is - "0" (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the default - is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource in - AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + role: + description: Role is a SELinux role label that applies to the + container. type: string - required: - - volumeID - type: object - azureDisk: - description: AzureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read Write.' + type: + description: Type is a SELinux type label that applies to the + container. type: string - diskName: - description: The Name of the data disk in the blob storage + user: + description: User is a SELinux user label that applies to the + container. type: string - diskURI: - description: The URI the data disk in the blob storage + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. type: string - kind: - description: 'Expected values Shared: multiple blob disks - per storage account Dedicated: single blob disk per storage - account Managed: azure managed data disk (only in managed - availability set). defaults to shared' + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI type: object - azureFile: - description: AzureFile represents an Azure File Service mount - on the host and bind mount to the pod. + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Thanos Ruler Pods. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: - readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure Storage - Account Name and Key + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string - shareName: - description: Share Name + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' type: string - required: - - secretName - - shareName type: object - cephfs: - description: CephFS represents a Ceph FS mount on the host that - shares a pod's lifetime + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. properties: - monitors: - description: 'Required: Monitors is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'Optional: Used as the mounted root, rather than - the full Ceph tree, default is /' + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - secretRef: - description: 'Optional: SecretRef is reference to the authentication - secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' type: object - user: - description: 'Optional: User is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'Cinder represents a cinder volume attached and mounted - on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. More - info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. type: string type: object - volumeID: - description: 'volume id used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: ConfigMap represents a configMap that should populate - this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the Data - field of the referenced ConfigMap will be projected into - the volume as a file whose name is the key and content is - the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the - ConfigMap, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: type: string - mode: - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might be - in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode - bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the - key to. May not be an absolute path. May not contain - the path element '..'. May not start with the string - '..'. + type: array + capacity: + additionalProperties: type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys must - be defined - type: boolean - type: object - csi: - description: CSI (Container Storage Interface) represents storage - that is handled by an external CSI driver (Alpha feature). - properties: - driver: - description: Driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed to the - associated CSI driver which will determine the default filesystem - to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the secret - object containing sensitive information to pass to the CSI - driver to complete the CSI NodePublishVolume and NodeUnpublishVolume - calls. This field is optional, and may be empty if no secret - is required. If the secret object contains more than one - secret, all secret references are passed. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - readOnly: - description: Specifies a read-only configuration for the volume. - Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: VolumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: DownwardAPI represents downward API about the pod - that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are supported.' + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". + lastProbeTime: + description: Last time we probed the condition. + format: date-time type: string - fieldPath: - description: Path of the field to select in the - specified API version. + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might be - in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode - bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative path name - of the file to be created. Must not be absolute or - contain the ''..'' path. Must be utf-8 encoded. The - first item of the relative path must not start with - ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' + message: + description: Human-readable message indicating details + about last transition. type: string - divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. type: string - resource: - description: 'Required: resource to select' + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type type: string required: - - resource + - status + - type type: object - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'EmptyDir represents a temporary directory that shares - a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'What type of storage medium should back this - directory. The default is "" which means to use the node''s - default medium. Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required for this - EmptyDir volume. The size limit is also applicable for memory - medium. The maximum usage on memory medium EmptyDir would - be the minimum value between the SizeLimit specified here - and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object type: object - fc: - description: FC represents a Fibre Channel resource that is attached - to a kubelet's host machine and then exposed to the pod. - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising - the machine' - type: string - lun: - description: 'Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - items: + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is an + experimental feature, it may change in any upcoming release in a breaking + way. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' type: string - type: array - wwids: - description: 'Optional: FC volume world wide identifiers (wwids) - Either wwids or combination of targetWWNs and lun must be - set, but not both simultaneously.' - items: + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string - type: array - type: object - flexVolume: - description: FlexVolume represents a generic volume resource that - is provisioned/attached using an exec based plugin. - properties: - driver: - description: Driver is the name of the driver to use for this - volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. - type: string - options: - additionalProperties: + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' type: string - description: 'Optional: Extra command options if any.' - type: object - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the secret - object containing sensitive information to pass to the plugin - scripts. This may be empty if no secret object is specified. - If the secret object contains more than one secret, all - secrets are passed to the plugin scripts.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - required: - - driver - type: object - flocker: - description: Flocker represents a Flocker volume attached to a - kubelet's host machine. This depends on the Flocker control - service being running - properties: - datasetName: - description: Name of the dataset stored as metadata -> name - on the dataset for Flocker should be considered as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising - the machine' - type: string - partition: - description: 'The partition in the volume that you want to - mount. If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition for /dev/sda is - "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'Unique name of the PD resource in GCE. Used - to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'GitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision a - container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' - properties: - directory: - description: Target directory name. Must not contain or start - with '..'. If '.' is supplied, the volume directory will - be the git repository. Otherwise, if specified, the volume - will contain the git repository in the subdirectory with - the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the host - that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'EndpointsName is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to false. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'HostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' - properties: - path: - description: 'Path of the directory on the host. If the path - is a symlink, it will follow the link to the real path. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to the - pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising - the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new iSCSI - interface : will be created - for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: iSCSI Target Portal List. The portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - items: + diskName: + description: The Name of the data disk in the blob storage type: string - type: array - readOnly: - description: ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator authentication - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: type: string - type: object - targetPortal: - description: iSCSI Target Portal. The Portal is either an - IP or ip_addr:port if the port is other than default (typically - TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique within - the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'Path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export to be - mounted with read-only permissions. Defaults to false. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a reference - to a PersistentVolumeClaim in the same namespace. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent - disk - type: string - required: - - pdID - type: object - portworxVolume: - description: PortworxVolume represents a portworx volume attached - and mounted on kubelets host machine - properties: - fsType: - description: FSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: Items for all in one resources secrets, configmaps, - and downward API - properties: - defaultMode: - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within the - path are not affected by this setting. This might be in - conflict with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: list of volume projections + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer items: - description: Projection that may be projected along with - other supported volume types + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. properties: - configMap: - description: information about the configMap data to - project - properties: - items: - description: If unspecified, each key-value pair - in the Data field of the referenced ConfigMap - will be projected into the volume as a file whose - name is the key and content is the value. If specified, - the listed keys will be projected into the specified - paths, and unlisted keys will not be present. - If a key is specified which is not present in - the ConfigMap, the volume setup will error unless - it is marked optional. Paths must be relative - and may not contain the '..' path or start with - '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on - this file, must be a value between 0 and - 0777. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - keys must be defined - type: boolean - type: object - downwardAPI: - description: information about the downwardAPI data - to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing the - pod field - properties: - fieldRef: - description: 'Required: Selects a field of - the pod: only annotations, labels, name - and namespace are supported.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits to use on - this file, must be a value between 0 and - 0777. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' path. - Must be utf-8 encoded. The first item of - the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format - of the exposed resources, defaults to - "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - description: information about the secret data to project - properties: - items: - description: If unspecified, each key-value pair - in the Data field of the referenced Secret will - be projected into the volume as a file whose name - is the key and content is the value. If specified, - the listed keys will be projected into the specified - paths, and unlisted keys will not be present. - If a key is specified which is not present in - the Secret, the volume setup will error unless - it is marked optional. Paths must be relative - and may not contain the '..' path or start with - '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on - this file, must be a value between 0 and - 0777. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - type: object - serviceAccountToken: - description: information about the serviceAccountToken - data to project - properties: - audience: - description: Audience is the intended audience of - the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested - duration of validity of the service account token. - As the token approaches expiration, the kubelet - volume plugin will proactively rotate the service - account token. The kubelet will start trying to - rotate the token if the token is older than 80 - percent of its time to live or if the token is - older than 24 hours.Defaults to 1 hour and must - be at least 10 minutes. - format: int64 - type: integer - path: - description: Path is the path relative to the mount - point of the file to project the token into. - type: string - required: - - path - type: object + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string type: object - type: array - required: - - sources - type: object - quobyte: - description: Quobyte represents a Quobyte mount on the host that - shares a pod's lifetime - properties: - group: - description: Group to map volume access to Default is no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume to - be mounted with read-only permissions. Defaults to false. - type: boolean - registry: - description: Registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to serivceaccount - user - type: string - volume: - description: Volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'RBD represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising - the machine' - type: string - image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string - type: array - pool: - description: 'The rados pool name. Default is rbd. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is nil. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: type: string - type: object - user: - description: 'The rados user name. Default is admin. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain for - the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: type: string - type: object - sslEnabled: - description: Flag to enable/disable SSL communication with - Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume should - be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with the - protection domain. - type: string - system: - description: The name of the storage system as configured - in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in the ScaleIO - system that is associated with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the Data - field of the referenced Secret will be projected into the - volume as a file whose name is the key and content is the - value. If specified, the listed keys will be projected into - the specified paths, and unlisted keys will not be present. - If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. - Paths must be relative and may not contain the '..' path - or start with '..'. - items: - description: Maps a string key to a path within a volume. + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' properties: - key: - description: The key to project. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string - mode: - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might be - in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode - bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the - key to. May not be an absolute path. May not contain - the path element '..'. May not start with the string - '..'. + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string - required: - - key - - path type: object - type: array - optional: - description: Specify whether the Secret or its keys must be - defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace to - use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: StorageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: type: string - type: object - volumeName: - description: VolumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within a - namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of the volume - within StorageOS. If no namespace is specified then the - Pod's namespace will be used. This allows the Kubernetes - name scoping to be mirrored within StorageOS for tighter - integration. Set VolumeName to any name to override the - default behaviour. Set to "default" if you are not using - namespaces within StorageOS. Namespaces that do not pre-exist - within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) profile - name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - status: - description: 'Most recent observed status of the ThanosRuler cluster. Read-only. - Not included when requesting from the apiserver, only from the ThanosRuler - Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this ThanosRuler deployment. - format: int32 - type: integer - paused: - description: Represents whether any actions on the underlying managed - objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this ThanosRuler - deployment (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this ThanosRuler - deployment. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this ThanosRuler - deployment that have the desired version spec. - format: int32 - type: integer - required: - - availableReplicas - - paused - - replicas - - unavailableReplicas - - updatedReplicas - type: object - required: - - spec - type: object - version: v1 - versions: - - name: v1 + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the ThanosRuler cluster. Read-only. + Not included when requesting from the apiserver, only from the ThanosRuler + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this ThanosRuler deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this ThanosRuler + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object served: true storage: true + diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml index 97214ca3ea..39ba1f1144 100755 --- a/kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml @@ -1,5 +1,5 @@ {{- if and .Values.prometheusOperator.admissionWebhooks.enabled }} -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: {{ template "prometheus-operator.fullname" . }}-admission @@ -28,4 +28,8 @@ webhooks: namespace: {{ $.Release.Namespace }} name: {{ template "prometheus-operator.operator.fullname" $ }} path: /admission-prometheusrules/mutate + timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }} + admissionReviewVersions: ["v1beta1", "v1"] + sideEffects: None + {{- end }} diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml index 6616f212d7..9370049724 100755 --- a/kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml @@ -1,5 +1,5 @@ {{- if and .Values.prometheusOperator.admissionWebhooks.enabled }} -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: {{ template "prometheus-operator.fullname" . }}-admission @@ -28,4 +28,8 @@ webhooks: namespace: {{ $.Release.Namespace }} name: {{ template "prometheus-operator.operator.fullname" $ }} path: /admission-prometheusrules/validate + timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }} + admissionReviewVersions: ["v1beta1", "v1"] + sideEffects: None + {{- end }} diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/crds.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/crds.yaml deleted file mode 100755 index d6bca7ed58..0000000000 --- a/kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/crds.yaml +++ /dev/null @@ -1,6 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.createCustomResource -}} -{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} -{{ $.Files.Get $path }} ---- -{{- end }} -{{- end }} diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/values.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/values.yaml index 70b4126e5a..7617ad5517 100755 --- a/kubernetes/helm_charts/monitoring/prometheus-operator/values.yaml +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/values.yaml @@ -1068,7 +1068,7 @@ prometheusOperator: enabled: true # If true prometheus operator will create and update its CRDs on startup - manageCrds: true + manageCrds: false tlsProxy: enabled: true @@ -1090,8 +1090,8 @@ prometheusOperator: patch: enabled: true image: - repository: jettech/kube-webhook-certgen - tag: v1.2.0 + repository: registry.k8s.io/ingress-nginx/kube-webhook-certgen + tag: v1.3.0 pullPolicy: IfNotPresent resources: {} ## Provide a priority class name to the webhook patching job diff --git a/kubernetes/helm_charts/monitoring/prometheus-redis-exporter/templates/role.yaml b/kubernetes/helm_charts/monitoring/prometheus-redis-exporter/templates/role.yaml index c1ef9fde18..f891cea457 100755 --- a/kubernetes/helm_charts/monitoring/prometheus-redis-exporter/templates/role.yaml +++ b/kubernetes/helm_charts/monitoring/prometheus-redis-exporter/templates/role.yaml @@ -1,5 +1,5 @@ {{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "prometheus-redis-exporter.fullname" . }} diff --git a/kubernetes/helm_charts/monitoring/prometheus-redis-exporter/templates/rolebinding.yaml b/kubernetes/helm_charts/monitoring/prometheus-redis-exporter/templates/rolebinding.yaml index 6b960a603b..99e4afe4fb 100755 --- a/kubernetes/helm_charts/monitoring/prometheus-redis-exporter/templates/rolebinding.yaml +++ b/kubernetes/helm_charts/monitoring/prometheus-redis-exporter/templates/rolebinding.yaml @@ -1,5 +1,5 @@ {{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "prometheus-redis-exporter.fullname" . }} From 97d152f377adeefedf3c26259a9efbd779079865 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Thu, 9 Feb 2023 10:02:20 +0530 Subject: [PATCH 260/434] Issue #LR-339 chore: Updated the latest config for content-service, dial-service and taxonomy-service from knowlg 5.2.0 --- ansible/roles/stack-sunbird/defaults/main.yml | 10 +++++ .../content-service_application.conf | 37 ++++++++++++++++--- .../templates/dial-service_application.conf | 16 +++++++- .../taxonomy-service_application.conf | 17 +++++++-- .../ansible/inventory/dev/Core/secrets.yml | 5 +++ 5 files changed, 73 insertions(+), 12 deletions(-) diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index 12d98086b3..b0b775a5c9 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -1052,3 +1052,13 @@ kong_desktop_device_consumer_names_for_opa: '["desktop"]' # Audience claim check is disabled as of now # List of keycloak clients as these can come in audience field of a JWT token # keycloak_allowed_aud: '"{{ keycloak_auth_server_url }}/realms/{{ keycloak_realm }}", "account", "realm-management"' + +##### knowlg vars start ###### +cloudstorage_relative_path_prefix_content: "CONTENT_STORAGE_BASE_PATH" +cloudstorage_relative_path_prefix_dial: "DIAL_STORAGE_BASE_PATH" +cloudstorage_metadata_list: '["appIcon", "artifactUrl", "posterImage", "previewUrl", "thumbnail", "assetsMap", "certTemplate", "itemSetPreviewUrl", "grayScaleAppIcon", "sourceURL", "variants", "downloadUrl", "streamingUrl", "toc_url", "data", "question", "solutions", "editorState", "media", "pdfUrl", "transcripts"]' + +#Youtube Standard Licence Validation +youtube_app_name: fetch-youtube-license +youtube_api_key: "{{ lp_vault_youtube_api_key }}" +##### knowlg vars end ###### \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/content-service_application.conf b/ansible/roles/stack-sunbird/templates/content-service_application.conf index 9703fb47a7..989a62ddd4 100644 --- a/ansible/roles/stack-sunbird/templates/content-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/content-service_application.conf @@ -481,18 +481,27 @@ composite { url : "{{ sunbird_search_service_api_base_url }}/v3/search" } } -cloud_storage_type: "azure" -azure_storage_key: "{{ sunbird_public_storage_account_name }}" -azure_storage_secret: "{{ sunbird_public_storage_account_key }}" -azure_storage_container: "{{ sunbird_content_azure_storage_container }}" + +cloud_storage_type: "{{ cloud_service_provider }}" +cloud_storage_key: "{{ cloud_public_storage_accountname }}" +cloud_storage_secret: "{{ cloud_public_storage_secret }}" +cloud_storage_endpoint: "{{ cloud_public_storage_endpoint }}" +cloud_storage_container: "{{ cloud_storage_content_bucketname }}" # Google Drive APIKEY learning_content_drive_apiKey = "{{ learning_content_drive_apiKey }}" +#Youtube Standard Licence Validation +learning.content.youtube.application.name="{{ youtube_app_name }}" +learning_content_youtube_apikey="{{ youtube_api_key }}" +youtube.license.regex.pattern=["\\?vi?=([^&]*)", "watch\\?.*v=([^&]*)", "(?:embed|vi?)/([^/?]*)","^([A-Za-z0-9\\-\\_]*)"] +learning.valid_license=["creativeCommon"] + kafka { urls : "{{ kafka_urls }}" topic.send.enable : true topics.instruction : "{{ env_name }}.learning.job.request" + publish.request.topic : "{{ env_name }}.publish.job.request" } # DIAL Link Config @@ -500,8 +509,16 @@ dial_service { api { base_url : "http://dial-service.{{namespace}}.svc.cluster.local:9000" auth_key : "{{ sunbird_dial_repo_api_key }}" + search : "/dialcode/v3/search" + generate : "/dialcode/v3/generate" } } + +reserve_dialcode { + mimeType : ["application/vnd.ekstep.content-collection"] + max_count : 250 +} + content.link_dialcode.validation=true content.link_dialcode.max_limit=10 @@ -591,10 +608,10 @@ channel { } master.category.validation.enabled="{{ master_category_validation_enabled }}" -#Collection CSV +#Collection CSV sunbird_dialcode_search_api="http://dial-service.{{namespace}}.svc.cluster.local:9000/dialcode/v3/list" framework_read_api_url="{{ sunbird_content_repo_api_base_url }}/framework/v3/read" -sunbird_link_dial_code_api="{{ sunbird_content_repo_api_base_url }}/collection/v3/dialcode/link" +sunbird_link_dial_code_api="{{ sunbird_content_service_api_base_url }}/collection/v4/dialcode/link" collection { @@ -628,3 +645,11 @@ collection { } plugin.media.base.url="{{ plugin_media_base_url }}" + +cloudstorage { + metadata.replace_absolute_path={{ cloudstorage_replace_absolute_path | default('false') }} + relative_path_prefix={{ cloudstorage_relative_path_prefix_content }} + metadata.list={{ cloudstorage_metadata_list }} + read_base_path="{{ cloudstorage_base_path }}" + write_base_path={{ valid_cloudstorage_base_urls }} +} \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/dial-service_application.conf b/ansible/roles/stack-sunbird/templates/dial-service_application.conf index 1be178f6ff..164f89de76 100644 --- a/ansible/roles/stack-sunbird/templates/dial-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/dial-service_application.conf @@ -150,9 +150,13 @@ system.config.table="system_config" publisher.keyspace.name="{{ env_name }}_dialcode_store" publisher.keyspace.table="publisher" +#QRCodes Configuration +qrcodes.keyspace.name="dialcodes" +qrcodes.keyspace.table="dialcode_batch" + #DIAL Code Generator Configuration dialcode.strip.chars="0" -dialcode.length=6.0 +dialcode.length=6.0 dialcode.large.prime_number=1679979167 dialcode.es_conn_info="{{ search_index_host }}" @@ -183,9 +187,17 @@ kafka { dial_id = "https://{{domain_name}}/dial/{dialcode}" dial_type = "https://{{domain_name}}/ns/" -schema { +jsonld { basePath = "{{dial_service_schema_base_path}}" + type = "sbed" localPath = "/tmp" ttl = 300 + sb_schema = ["http://store.knowlg.sunbird.org/dial/specs/sb/schema.jsonld"] } +cloudstorage { + metadata.replace_absolute_path="{{ cloudstorage_replace_absolute_path | default('false') }}" + relative_path_prefix="{{ cloudstorage_relative_path_prefix_dial | default('DIAL_STORAGE_BASE_PATH') }}" + read_base_path="{{ cloudstorage_base_path }}" +} +cloud_storage_container="{{ cloud_storage_dial_bucketname | default('dial') }}" \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/taxonomy-service_application.conf b/ansible/roles/stack-sunbird/templates/taxonomy-service_application.conf index 1c3714fbe8..2380b3d553 100644 --- a/ansible/roles/stack-sunbird/templates/taxonomy-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/taxonomy-service_application.conf @@ -366,10 +366,11 @@ platform { } # Cloud Storage Config -cloud_storage_type: "azure" -azure_storage_key: "{{ sunbird_public_storage_account_name }}" -azure_storage_secret: "{{ sunbird_public_storage_account_key }}" -azure_storage_container: "{{ sunbird_content_azure_storage_container }}" +cloud_storage_type: "{{ cloud_service_provider }}" +cloud_storage_key: "{{ cloud_public_storage_accountname }}" +cloud_storage_secret: "{{ cloud_public_storage_secret }}" +cloud_storage_endpoint: "{{ cloud_public_storage_endpoint }}" +cloud_storage_container: "{{ cloud_storage_content_bucketname }}" installation.id: ekstep @@ -397,3 +398,11 @@ objectcategorydefinition.keyspace="{{ lp_cassandra_keyspace_prefix }}_category_s # Framework master category validation Supported values are Yes/No master.category.validation.enabled="{{ master_category_validation_enabled | default('Yes') }}" + +cloudstorage { + metadata.replace_absolute_path={{ cloudstorage_replace_absolute_path | default('false') }} + relative_path_prefix={{ cloudstorage_relative_path_prefix_content }} + metadata.list={{ cloudstorage_metadata_list }} + read_base_path="{{ cloudstorage_base_path }}" + write_base_path={{ valid_cloudstorage_base_urls }} +} \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml index 3e35beb556..753cb6a11b 100644 --- a/private_repo/ansible/inventory/dev/Core/secrets.yml +++ b/private_repo/ansible/inventory/dev/Core/secrets.yml @@ -157,3 +157,8 @@ ml_analytics_druid_observation_status_injestion_spec: DruidObeservationStatusIng ml_analytics_api_access_token: ApiAccessToken # ML authorization key ml_analytics_api_authorization_key: ApiAuthorizationKey + +##### knowlg vars ###### +# ------------------------------------------------------------------------------------------------------------ # +# Optional variables - Can be left blank if you dont plan to use the intended features +lp_vault_youtube_api_key: # youtube api token if you want to upload youtube video urls on your site \ No newline at end of file From 65e333d94058afe4f38294ec4056329ec5ba519f Mon Sep 17 00:00:00 2001 From: saiakhil Date: Thu, 9 Feb 2023 12:08:34 +0530 Subject: [PATCH 261/434] added UCI vars in private_repo template --- .../ansible/inventory/dev/Core/secrets.yml | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml index 8bf07e91cd..97745c7d4a 100644 --- a/private_repo/ansible/inventory/dev/Core/secrets.yml +++ b/private_repo/ansible/inventory/dev/Core/secrets.yml @@ -205,3 +205,29 @@ graylog_transport_email_auth_password: "{{ core_vault_mail_server_password }}" # ------------------------------------------------------------------------------------------------------------ # # Optional variables - Can be left blank if you dont plan to use the intended features lp_vault_youtube_api_key: # youtube api token if you want to upload youtube video urls on your site + +# use password generator tool like https://passwordsgenerator.net/ and generate password with length 33 +# example: hDF5fh9QEaW4vFjx6E4CVPPtQm8FtqJZ9 +uci_api_admin_token: "hDF5fh9QEaW4vFjx6E4CVPPtQm8FtqJZ9" + +# use password generator tool like https://passwordsgenerator.net/ and generate password with length 43 +# example: ZpfFgp75ncgs7w9rp96rMYzSFvr5T3H5QxkvsvQzmPM +hasura_graphql_admin_secret: "ZpfFgp75ncgs7w9rp96rMYzSFvr5T3H5QxkvsvQzmPM" + +# use password generator tool like https://passwordsgenerator.net/ and generate password with length 57 +# example: dZfGV6x2MLAsJTvbw87tZyhfqNgnawHz9LYrespT6WMJkmtLYLbmKVCRA +fusionauth_service_admin_key: "dZfGV6x2MLAsJTvbw87tZyhfqNgnawHz9LYrespT6WMJkmtLYLbmKVCRA" + +# use password generator tool like https://passwordsgenerator.net/ (include symbols) and generate password with length 17 +# example: ^26C~\3$T~A2xs6d# +uci_encryption_key_string: "^26C~\3$T~A2xs6d#" + +# Take the value of uci_encryption_key_string variable and use below command to get base64 encrypted string +# command: echo -n "^26C~\3$T~A2xs6d#" | base64 +uci_encryption_key_base64: "XjI2Q35cMyRUfkEyeHM2ZCM=" + +# Give some prefered username +uci_odk_user: "admin" + +# Give some prefered password +uci_odk_password: "admin" From 98ebbae2507c70344b53c904d2936d092af55db2 Mon Sep 17 00:00:00 2001 From: saiakhil Date: Thu, 9 Feb 2023 13:52:14 +0530 Subject: [PATCH 262/434] added UCI vars in private_repo template --- private_repo/ansible/inventory/dev/Core/secrets.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml index 97745c7d4a..1107874126 100644 --- a/private_repo/ansible/inventory/dev/Core/secrets.yml +++ b/private_repo/ansible/inventory/dev/Core/secrets.yml @@ -202,10 +202,6 @@ cloud_artifact_storage_secret: "{{ cloud_public_storage_secret }}" # Graylog graylog_transport_email_auth_password: "{{ core_vault_mail_server_password }}" # email server password / api token -# ------------------------------------------------------------------------------------------------------------ # -# Optional variables - Can be left blank if you dont plan to use the intended features -lp_vault_youtube_api_key: # youtube api token if you want to upload youtube video urls on your site - # use password generator tool like https://passwordsgenerator.net/ and generate password with length 33 # example: hDF5fh9QEaW4vFjx6E4CVPPtQm8FtqJZ9 uci_api_admin_token: "hDF5fh9QEaW4vFjx6E4CVPPtQm8FtqJZ9" @@ -231,3 +227,7 @@ uci_odk_user: "admin" # Give some prefered password uci_odk_password: "admin" + +# ------------------------------------------------------------------------------------------------------------ # +# Optional variables - Can be left blank if you dont plan to use the intended features +lp_vault_youtube_api_key: # youtube api token if you want to upload youtube video urls on your site From a8b6a33fa4461c5db502cbc8f2444a6e2b12eeab Mon Sep 17 00:00:00 2001 From: anilgupta Date: Thu, 9 Feb 2023 17:22:56 +0530 Subject: [PATCH 263/434] Issue #LR-339 chore: Fixed formatting --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 1b4d6f63f8..27b45c7986 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -5902,7 +5902,7 @@ kong_apis: - name: acl config.whitelist: - contentAdmin - - contentTempAccess + - contentTempAccess - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" From 94fd7bafd5348b8296ac1a6c7e546c1cb2eef099 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Fri, 10 Feb 2023 14:57:25 +0530 Subject: [PATCH 264/434] Correcting the Spelling Mistake (#3730) --- ansible/roles/ml-analytics-service/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/ml-analytics-service/tasks/main.yml b/ansible/roles/ml-analytics-service/tasks/main.yml index 30b61a06cd..e031d27cbb 100755 --- a/ansible/roles/ml-analytics-service/tasks/main.yml +++ b/ansible/roles/ml-analytics-service/tasks/main.yml @@ -42,7 +42,7 @@ - "{{ WORKDIR }}/faust_as_service" - name: Delete the virtualenv DIR - shell: "rm -rf {{ WORKDIR }}/spark_env" + shell: "rm -rf {{ WORKDIR }}/spark_venv" become: true - name: Install python virtual environment @@ -52,7 +52,7 @@ - name: Change the ownership of virtual env become: yes file: - path: "{{ WORKDIR }}/spark_env" + path: "{{ WORKDIR }}/spark_venv" state: directory owner: "{{ USER }}" group: "{{ USER }}" From ad32ded11c06ff7c1ec0914fe794b52d8e185b9d Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Fri, 10 Feb 2023 15:35:31 +0530 Subject: [PATCH 265/434] Updated the spark_venv permissions --- ansible/roles/ml-analytics-service/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/ml-analytics-service/tasks/main.yml b/ansible/roles/ml-analytics-service/tasks/main.yml index e031d27cbb..4e5e8251ed 100755 --- a/ansible/roles/ml-analytics-service/tasks/main.yml +++ b/ansible/roles/ml-analytics-service/tasks/main.yml @@ -54,6 +54,7 @@ file: path: "{{ WORKDIR }}/spark_venv" state: directory + recurse: yes owner: "{{ USER }}" group: "{{ USER }}" mode: "0755" From eb484415e99c6447a1212bcfd4151920b02d0518 Mon Sep 17 00:00:00 2001 From: Raghupathi Date: Fri, 10 Feb 2023 16:53:15 +0530 Subject: [PATCH 266/434] Changing the steps (#3732) --- .../roles/ml-analytics-service/tasks/main.yml | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/ansible/roles/ml-analytics-service/tasks/main.yml b/ansible/roles/ml-analytics-service/tasks/main.yml index 4e5e8251ed..6f37d6b3ea 100755 --- a/ansible/roles/ml-analytics-service/tasks/main.yml +++ b/ansible/roles/ml-analytics-service/tasks/main.yml @@ -48,16 +48,6 @@ - name: Install python virtual environment shell: "cd {{ WORKDIR }} && virtualenv --python=python3.8 spark_venv" become: true - -- name: Change the ownership of virtual env - become: yes - file: - path: "{{ WORKDIR }}/spark_venv" - state: directory - recurse: yes - owner: "{{ USER }}" - group: "{{ USER }}" - mode: "0755" - name: Create necessary logs folders for pipeline become: yes @@ -81,6 +71,16 @@ requirements: "{{ WORKDIR }}/ml-analytics-service/requirements.txt" extra_args: --upgrade +- name: Change the ownership of virtual env + become: yes + file: + path: "{{ WORKDIR }}/spark_venv" + state: directory + recurse: yes + owner: "{{ USER }}" + group: "{{ USER }}" + mode: "0755" + - name: Creating a faust service shell file in executable mode copy: src: files/faust.sh From b825539af442948746a6d110f6ca069434961361 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Mon, 13 Feb 2023 16:54:09 +0530 Subject: [PATCH 267/434] Issue #KN-828 chore: Added gcp related config --- .../stack-sunbird/templates/content-service_application.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible/roles/stack-sunbird/templates/content-service_application.conf b/ansible/roles/stack-sunbird/templates/content-service_application.conf index 837298ac30..02a4022f86 100644 --- a/ansible/roles/stack-sunbird/templates/content-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/content-service_application.conf @@ -486,6 +486,9 @@ cloud_storage_key: "{{ cloud_public_storage_accountname }}" cloud_storage_secret: "{{ cloud_public_storage_secret }}" cloud_storage_endpoint: "{{ cloud_public_storage_endpoint }}" cloud_storage_container: "{{ cloud_storage_content_bucketname }}" +cloud_storage_client_id: "{{ cloud_public_storage_client_id }}" +cloud_storage_private_key_id: "{{ cloud_public_storage_private_key_id }}" +cloud_storage_project_id: "{{ cloud_public_storage_project }}" # Google Drive APIKEY learning_content_drive_apiKey = "{{ learning_content_drive_apiKey }}" From 302880a9780c5fc2629a5ba88a7d51b595b51d43 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Mon, 13 Feb 2023 16:57:23 +0530 Subject: [PATCH 268/434] Issue #KN-828 chore: Added gcp related config --- .../templates/content-service_application.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/content-service_application.conf b/ansible/roles/stack-sunbird/templates/content-service_application.conf index 02a4022f86..dc90131a1b 100644 --- a/ansible/roles/stack-sunbird/templates/content-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/content-service_application.conf @@ -486,9 +486,9 @@ cloud_storage_key: "{{ cloud_public_storage_accountname }}" cloud_storage_secret: "{{ cloud_public_storage_secret }}" cloud_storage_endpoint: "{{ cloud_public_storage_endpoint }}" cloud_storage_container: "{{ cloud_storage_content_bucketname }}" -cloud_storage_client_id: "{{ cloud_public_storage_client_id }}" -cloud_storage_private_key_id: "{{ cloud_public_storage_private_key_id }}" -cloud_storage_project_id: "{{ cloud_public_storage_project }}" +cloud_storage_client_id: "{{ cloud_public_storage_client_id | default('') }}" +cloud_storage_private_key_id: "{{ cloud_public_storage_private_key_id | default('') }}" +cloud_storage_project_id: "{{ cloud_public_storage_project | default('') }}" # Google Drive APIKEY learning_content_drive_apiKey = "{{ learning_content_drive_apiKey }}" From f4fac28f61ded3938c417afeebae781863ad2766 Mon Sep 17 00:00:00 2001 From: Akhil <30873558+saiakhil46@users.noreply.github.com> Date: Wed, 15 Feb 2023 11:12:37 +0530 Subject: [PATCH 269/434] added jenkins-mobile-slave-setup.sh (#3734) --- deploy/jenkins/jenkins-mobile-slave-setup.sh | 47 ++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 deploy/jenkins/jenkins-mobile-slave-setup.sh diff --git a/deploy/jenkins/jenkins-mobile-slave-setup.sh b/deploy/jenkins/jenkins-mobile-slave-setup.sh new file mode 100644 index 0000000000..38e8369bba --- /dev/null +++ b/deploy/jenkins/jenkins-mobile-slave-setup.sh @@ -0,0 +1,47 @@ +#!/bin/bash +bold=$(tput bold) +normal=$(tput sgr0) + +echo -e "\n\e[0;32m${bold}Updating the apt repo${normal}\n" +apt update + +echo -e "\n\e[0;32m${bold}Installating JDK11${normal}\n" +apt install -y openjdk-11-jdk + +echo -e "\n\e[0;32m${bold}Installating Git ${normal}" +apt install -y git + +echo -e "\n\e[0;32m${bold}Installating zip unzip${normal}" +apt install -y unzip zip + +echo -e "\n\e[0;32m${bold}Installating JQ${normal}" +apt install -y jq + +echo -e "\n\e[0;32m${bold}Installating Gradle-6.5.1${normal}" +wget -O gradle-6.5.1.zip https://services.gradle.org/distributions/gradle-6.5.1-all.zip +unzip -q gradle-6.5.1.zip +mkdir -p /usr/lib/gradle +mv gradle-6.5.1 6.5.1 +sudo mv 6.5.1 /usr/lib/gradle/ + +echo -e "\n\e[0;32m${bold}Installating Gradle-7.4.1${normal}" +wget -O gradle-7.4.1.zip 'https://services.gradle.org/distributions/gradle-7.4.1-all.zip' +unzip -q gradle-7.4.1.zip +mkdir -p /opt/gradle +mv gradle-7.4.1 /opt/gradle/ + +echo -e "\n\e[0;32m${bold}Installating node" +wget https://nodejs.org/download/release/v12.20.0/node-v12.20.0-linux-x64.tar.gz +tar -xvf node-v12.20.0-linux-x64.tar.gz +mv node-v12.20.0-linux-x64 /usr/local/lib/ +ln -s /usr/local/lib/node-v12.20.0-linux-x64/bin/node /usr/bin/node +ln -s /usr/local/lib/node-v12.20.0-linux-x64/bin/npm /usr/bin/npm + +echo -e "\n\e[0;32m${bold}Installating node modules" +npm install -g ionic +npm install -g cordova@10.0.0 +npm install -g cordova-res +ln -s /usr/local/lib/node-v12.20.0-linux-x64/bin/ionic /usr/bin/ionic +ln -s /usr/local/lib/node-v12.20.0-linux-x64/bin/cordova /usr/bin/cordova + +echo -e "\n\e[0;32m${bold}Jenkins slave installation complete..${normal}" \ No newline at end of file From 1e3c811e136375e3c6963a49039c62820b12536a Mon Sep 17 00:00:00 2001 From: anilgupta Date: Fri, 17 Feb 2023 13:07:36 +0530 Subject: [PATCH 270/434] Issue #LR-122 chore: Rename Learner to user-org --- ansible/inventory/env/group_vars/all.yml | 14 +++++------ ansible/logstash-provision.yml | 10 ++++---- ansible/roles/kong-api/defaults/main.yml | 2 +- .../lms-logstash-deploy/defaults/main.yml | 2 +- ansible/roles/logstash/defaults/main.yml | 2 +- .../roles/post-install/tasks/user_org.yaml | 6 ++--- ansible/roles/reset-docker/tasks/main.yml | 4 ++-- ansible/roles/stack-keycloak/tasks/common.yml | 2 +- .../stack-monitor-stateful/defaults/main.yml | 2 +- ansible/roles/stack-monitor/defaults/main.yml | 2 +- .../templates/proxy-default.conf | 6 ++--- .../stack-proxy/templates/proxy-default.conf | 2 +- ansible/roles/stack-sunbird/defaults/main.yml | 23 ++++++++----------- .../stack-sunbird/tasks/learner_service.yml | 9 -------- ansible/roles/stack-sunbird/tasks/main.yml | 4 ++-- .../stack-sunbird/tasks/user-org-service.yml | 9 ++++++++ .../stack-sunbird/tasks/user_org_service.yml | 2 +- .../templates/ml-core-service.env | 2 +- .../templates/ml-projects-service.env | 2 +- .../templates/ml-survey-service.env | 2 +- ...service.yml => stack_user_org_service.yml} | 4 ++-- .../templates/sunbird_groups-service.env | 2 +- .../sunbird_notification-service.env | 2 +- ...arner-service.env => user-org-service.env} | 6 ++--- ...gback.xml => user-org-service_logback.xml} | 0 ansible/static-files/health.sh | 6 ++--- deploy/config.yml | 2 +- deploy/deploy-core.sh | 6 ++--- deploy/gitOPS/github.csv | 2 +- .../General/service-memory-usage-ds1.json | 4 ++-- .../Core/jobs/{Learner => UserOrg}/config.xml | 4 ++-- .../Core/jobs/{Learner => UserOrg}/config.xml | 0 .../jobs/{Learner => UserOrg}/config.xml | 12 +++++----- .../Summary/jobs/DeployedVersions/config.xml | 2 +- deploy/postInstallation.sh | 4 ++-- deploy/version.env | 2 +- .../sunbird-monitoring/defaults/main.yml | 4 ++-- kubernetes/ansible/static-files/health.sh | 6 ++--- .../templates/configmap.yaml | 6 ++--- .../core/nginx-public-ingress/values.j2 | 4 ++-- .../core/{learner => user-org}/.helmignore | 0 .../core/{learner => user-org}/Chart.yaml | 2 +- .../templates/_helpers.tpl | 0 .../templates/configmap.yaml | 0 .../templates/deployment.yaml | 4 ++-- .../templates/envoy-config.yaml | 0 .../{learner => user-org}/templates/hpa.yaml | 0 .../templates/serviceMonitor.yaml | 0 .../core/{learner => user-org}/values.j2 | 4 ++-- .../dashboards/dashboards/service-memory.json | 4 ++-- .../networkconfig/templates/private-vs.yaml | 6 ++--- .../opa/{learner => user-org}/common.rego | 0 .../opa/{learner => user-org}/main.rego | 0 .../opa/{learner => user-org}/policies.rego | 0 .../{learner => user-org}/policies_test.rego | 0 .../deploy/{learner => user-org}/Jenkinsfile | 2 +- 56 files changed, 102 insertions(+), 105 deletions(-) delete mode 100644 ansible/roles/stack-sunbird/tasks/learner_service.yml create mode 100644 ansible/roles/stack-sunbird/tasks/user-org-service.yml rename ansible/roles/stack-sunbird/templates/{stack_learner_service.yml => stack_user_org_service.yml} (89%) rename ansible/roles/stack-sunbird/templates/{sunbird_learner-service.env => user-org-service.env} (98%) rename ansible/roles/stack-sunbird/templates/{learner-service_logback.xml => user-org-service_logback.xml} (100%) rename deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/Core/jobs/{Learner => UserOrg}/config.xml (97%) rename deploy/jenkins/jobs/Build/jobs/Core/jobs/{Learner => UserOrg}/config.xml (100%) rename deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/{Learner => UserOrg}/config.xml (95%) rename kubernetes/helm_charts/core/{learner => user-org}/.helmignore (100%) rename kubernetes/helm_charts/core/{learner => user-org}/Chart.yaml (85%) rename kubernetes/helm_charts/core/{learner => user-org}/templates/_helpers.tpl (100%) rename kubernetes/helm_charts/core/{learner => user-org}/templates/configmap.yaml (100%) rename kubernetes/helm_charts/core/{learner => user-org}/templates/deployment.yaml (97%) rename kubernetes/helm_charts/core/{learner => user-org}/templates/envoy-config.yaml (100%) rename kubernetes/helm_charts/core/{learner => user-org}/templates/hpa.yaml (100%) rename kubernetes/helm_charts/core/{learner => user-org}/templates/serviceMonitor.yaml (100%) rename kubernetes/helm_charts/core/{learner => user-org}/values.j2 (95%) rename kubernetes/opa/{learner => user-org}/common.rego (100%) rename kubernetes/opa/{learner => user-org}/main.rego (100%) rename kubernetes/opa/{learner => user-org}/policies.rego (100%) rename kubernetes/opa/{learner => user-org}/policies_test.rego (100%) rename pipelines/deploy/{learner => user-org}/Jenkinsfile (90%) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index e4572b2b1d..bc6c21e85a 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -10,7 +10,7 @@ api_proxy_name: "api.{{proxy_server_name}}" # Domain name on which device reg swarm_load_balancer: "{{proxy_server_name}}" proxy_site_key: "{{ core_vault_proxy_site_key }}" #SSL certificate's site.key file contents. More details in this wiki: {{proto}}://github.com/project-sunbird/sunbird-commons/wiki/Updating-SSL-certificates-in-Sunbird-Proxy-service proxy_site_crt: "{{ core_vault_proxy_site_crt }}" #SSL certificate's site.crt file contents. More details in this wiki: {{proto}}://github.com/project-sunbird/sunbird-commons/wiki/Updating-SSL-certificates-in-Sunbird-Proxy-service -sunbird_environment: "{{env}}" # +content-service learner +sunbird_environment: "{{env}}" # +content-service user-org sunbird_installation: "{{env}}" # +keycloak sunbird_instance: "{{env}}" env_short_name: "{{env}}" @@ -28,7 +28,7 @@ keycloak_management_user: "admin" keycloak_management_password: "{{core_vault_keycloak_password}}" tenant_name: sunbird -## Learner service +## UserOrg service sunbird_url_shortner_access_token: "{{vault_core_url_shortner_access_token}}" sunbird_url_shortner_enable: 'false' @@ -38,7 +38,7 @@ sunbird_es_port: 9300 mail_server_port: 587 upstream_url: "{{cloud_public_storage_accountname}}.blob.core.windows.net/{{cloud_storage_content_bucketname}}" -# Learner +# UserOrg sunbird_user_profile_field_default_visibility: private # Player @@ -176,7 +176,7 @@ sunbird_plugin_repo_api_base_url: "{{ sunbird_search_service_api_base_url }}" sunbird_data_service_api_base_url: "{{sunbird_ekstep_api_base_url}}" sunbird_data_service_api_key: "{{ core_vault_sunbird_api_auth_token }}" sunbird_content_service_api_base_url: "http://content-service.{{namespace}}.svc.cluster.local:9000" -sunbird_user_service_api_base_url: "http://learner-service.{{namespace}}.svc.cluster.local:9000" +sunbird_user_service_api_base_url: "http://user-org-service.{{namespace}}.svc.cluster.local:9000" sunbird_group_service_api_base_url: "http://groups-service:9000" plugin_media_base_url: "{{proto}}://{{domain_name}}" @@ -237,7 +237,7 @@ enable_scraping_docker_metrics: false postgres_exporter_postgres_port: 5432 postgres_exporter_user: postgres_exporter sunbird_cs_base_url: "http://{{sunbird_swarm_manager_lb_ip}}:5000" -sunbird_user_service_base_url: "http://{{private_ingressgateway_ip}}/learner" +sunbird_user_service_base_url: "http://{{private_ingressgateway_ip}}/user-org" kong_admin_api_url: http://localhost:8001 @@ -410,7 +410,7 @@ sunbird_health_check_enable: 'true' ## Release 1.15 ## sunbird_keycloak_user_federation_provider_id: "{{core_vault_sunbird_keycloak_user_federation_provider_id}}" -# Learner-service +# UserOrg-service sunbird_course_metrics_base_url: https://{{cloud_private_storage_accountname}}.blob.core.windows.net/ sunbird_gzip_size_threshold: 262144 prometheus_mount_point: "/root/dockerdata/prometheus/data/" @@ -425,7 +425,7 @@ sunbird_sso_kafka_topic: "{{env_name}}.lms.sso.events" __yarn_host__: "{{ groups['yarn-master'][0] }}" zookeepers: "{{groups['zookeeper']|join(':2181,')}}:2181" kafka_brokers: "{{groups['processing-cluster-kafka']|join(':9092,')}}:9092" -__lms_host__: "http://{{private_ingressgateway_ip}}/learner" +__lms_host__: "http://{{private_ingressgateway_ip}}/user-org" sunbird_redis_host: "{{ groups['lp-redis'][0] }}" ### Release 2.1.0 ### diff --git a/ansible/logstash-provision.yml b/ansible/logstash-provision.yml index c765252c9c..228c345d20 100644 --- a/ansible/logstash-provision.yml +++ b/ansible/logstash-provision.yml @@ -1,22 +1,22 @@ - hosts: cassandra vars: - learner_group: learner - learner_name: learner + learner_group: user-org + learner_name: user-org vars_files: - "{{inventory_dir}}/secrets.yml" pre_tasks: - - name: Create learner group + - name: Create user-org group become: yes group: state: present name: "{{ learner_group }}" system: yes - - name: Create learner user + - name: Create user-org user become: yes user: state: present name: "{{ learner_user }}" - comment: learner user + comment: user-org user system: yes createhome: yes group: "{{ learner_group }}" diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 27b45c7986..842b3f6be6 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -72,7 +72,7 @@ cloud_service_prefix: /cloud-services assessment_prefix: /assessment # Service URLs -learning_service_url: "http://learner-service:9000" +learning_service_url: "http://user-org-service:9000" am_util_url: "http://adminutil:4000" lms_service_url: "http://lms-service:9000" cert_service_url: "http://cert-service:9000" diff --git a/ansible/roles/lms-logstash-deploy/defaults/main.yml b/ansible/roles/lms-logstash-deploy/defaults/main.yml index 470b6b496d..6c0ee25fa6 100644 --- a/ansible/roles/lms-logstash-deploy/defaults/main.yml +++ b/ansible/roles/lms-logstash-deploy/defaults/main.yml @@ -1,4 +1,4 @@ -learner_user: learner +learner_user: user-org learner_user_home: /home/{{learner_user}} logstash_version: 6.3.1 logstash_home: "{{learner_user_home}}/logstash-{{logstash_version}}" diff --git a/ansible/roles/logstash/defaults/main.yml b/ansible/roles/logstash/defaults/main.yml index ed37b53a6f..3be76255ba 100644 --- a/ansible/roles/logstash/defaults/main.yml +++ b/ansible/roles/logstash/defaults/main.yml @@ -1,6 +1,6 @@ --- # vars file for logstash -learner_user: learner +learner_user: user-org learner_user_home: /home/{{learner_user}} logstash_home: "{{learner_user_home}}/logstash-{{logstash_version}}" ip: localhost diff --git a/ansible/roles/post-install/tasks/user_org.yaml b/ansible/roles/post-install/tasks/user_org.yaml index caee5ebaa7..2a7d5348a4 100644 --- a/ansible/roles/post-install/tasks/user_org.yaml +++ b/ansible/roles/post-install/tasks/user_org.yaml @@ -13,10 +13,10 @@ } with_items: "{{ custodian_org_data }}" -- name: Restarting leaner service +- name: Restarting user-org service shell: | - kubectl rollout restart deployment -n {{ namespace }} learner - kubectl rollout status deployment -n {{ namespace }} learner + kubectl rollout restart deployment -n {{ namespace }} user-org + kubectl rollout status deployment -n {{ namespace }} user-org - name: Crating Users uri: diff --git a/ansible/roles/reset-docker/tasks/main.yml b/ansible/roles/reset-docker/tasks/main.yml index bdc4ebc59f..c34436dea8 100644 --- a/ansible/roles/reset-docker/tasks/main.yml +++ b/ansible/roles/reset-docker/tasks/main.yml @@ -2,8 +2,8 @@ shell: "docker service rm actor-service" ignore_errors: yes -- name: Remove learner service - shell: "docker service rm learner-service" +- name: Remove user-org service + shell: "docker service rm user-org-service" ignore_errors: yes - name: Remove player service diff --git a/ansible/roles/stack-keycloak/tasks/common.yml b/ansible/roles/stack-keycloak/tasks/common.yml index 14291ed1f3..0e4d6d7757 100644 --- a/ansible/roles/stack-keycloak/tasks/common.yml +++ b/ansible/roles/stack-keycloak/tasks/common.yml @@ -19,7 +19,7 @@ # - name: Save content configurations into an env file # template: src=sunbird_content.env dest=/home/deployer/env/sunbird_content.env mode=0644 -# - name: Save learner configurations into an env file +# - name: Save user-org configurations into an env file # template: src=sunbird_learner.env dest=/home/deployer/env/sunbird_learner.env mode=0644 # - name: Save player configurations into an env file diff --git a/ansible/roles/stack-monitor-stateful/defaults/main.yml b/ansible/roles/stack-monitor-stateful/defaults/main.yml index 09f83cce2b..a3f930568d 100644 --- a/ansible/roles/stack-monitor-stateful/defaults/main.yml +++ b/ansible/roles/stack-monitor-stateful/defaults/main.yml @@ -106,7 +106,7 @@ service_teams: alerts_mailing_list: "{{ app_alerts_mailing_list | default(devops_alerts_mailing_list) }}" services: - actor-service - - learner-service + - user-org-service - lms-service - content-service - player_player diff --git a/ansible/roles/stack-monitor/defaults/main.yml b/ansible/roles/stack-monitor/defaults/main.yml index 457e201b76..84a027969b 100644 --- a/ansible/roles/stack-monitor/defaults/main.yml +++ b/ansible/roles/stack-monitor/defaults/main.yml @@ -95,7 +95,7 @@ service_teams: alerts_mailing_list: "{{ app_alerts_mailing_list | default(devops_alerts_mailing_list) }}" services: - actor-service - - learner-service + - user-org-service - lms-service - content-service - player_player diff --git a/ansible/roles/stack-proxy-private/templates/proxy-default.conf b/ansible/roles/stack-proxy-private/templates/proxy-default.conf index 60433f936f..05f7868432 100644 --- a/ansible/roles/stack-proxy-private/templates/proxy-default.conf +++ b/ansible/roles/stack-proxy-private/templates/proxy-default.conf @@ -4,9 +4,9 @@ server { resolver 127.0.0.11 valid=5s; - location /learner/ { - rewrite ^/learner/(.*) /$1 break; - proxy_pass http://learner-service:9000; + location /user-org/ { + rewrite ^/user-org/(.*) /$1 break; + proxy_pass http://user-org-service:9000; } location /api/ { rewrite ^/api/(.*) /$1 break; diff --git a/ansible/roles/stack-proxy/templates/proxy-default.conf b/ansible/roles/stack-proxy/templates/proxy-default.conf index f98ba2aae9..09328c5909 100644 --- a/ansible/roles/stack-proxy/templates/proxy-default.conf +++ b/ansible/roles/stack-proxy/templates/proxy-default.conf @@ -506,7 +506,7 @@ location ~* ^/desktop/(.*) { proxy_read_timeout 70; } - location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info { + location ~ /resourcebundles/v1/read|/user-org/data/v1/(role/read|system/settings/get)|/v1/tenant/info { proxy_cache_key $proxy_host$request_uri; proxy_cache proxy_cache; add_header X-Proxy-Cache $upstream_cache_status; diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index b0b775a5c9..3c7ada87bd 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -51,8 +51,8 @@ player_limit_memory: 750M player_reserve_cpu: 0.1 player_limit_cpu: 1 -# This variable is not to access learner service but to call the api -# learner-service:9000/org/v1/search +# This variable is not to access user-org service but to call the api +# user-org-service:9000/org/v1/search sunbird_learner_service_base_url: http://kong:8000/ telemetry_replicas: 1 @@ -127,7 +127,7 @@ telemetry_kafka_broker_list: telemetry_kafka_topic: # Encryption service -# Learner +# UserOrg sunbird_keycloak_required_action_link_expiration_seconds: 2592000 sunbird_time_zone: "Asia/Kolkata" # Content-service @@ -138,9 +138,6 @@ sunbird_response_cache_ttl: 180 adminutil_base_url: http://adminutil:4000/ adminutil_sign_endpoint: v1/sign/payload -#learner -sunbird_time_zone: "Asia/Kolkata" - # Telemetry-logstash-datapipline max_kafka_message_size: "5242880" sunbird_gzip_enable: true @@ -225,9 +222,9 @@ sunbird_cert_qr_container_name: "certqr" service_env: groups: ../../../../ansible/roles/stack-sunbird/templates/sunbird_groups-service.env - learner: - - ../../../../ansible/roles/stack-sunbird/templates/sunbird_learner-service.env - - ../../../../ansible/roles/stack-sunbird/templates/learner-service_logback.xml + user-org: + - ../../../../ansible/roles/stack-sunbird/templates/user-org-service.env + - ../../../../ansible/roles/stack-sunbird/templates/user-org-service_logback.xml lms: - ../../../../ansible/roles/stack-sunbird/templates/sunbird_lms-service.env - ../../../../ansible/roles/stack-sunbird/templates/lms-service_logback.xml @@ -248,7 +245,7 @@ service_env: enc: ../../../../ansible/roles/stack-sunbird/templates/sunbird_enc-service.env notification: ../../../../ansible/roles/stack-sunbird/templates/sunbird_notification-service.env telemetry: ../../../../ansible/roles/stack-sunbird/templates/sunbird_telemetry-service.env - userorg: ../../../../ansible/roles/stack-sunbird/templates/sunbird_user-org-service.env + userorg: ../../../../ansible/roles/stack-sunbird/templates/user-org-service.env player: ../../../../ansible/roles/stack-sunbird/templates/sunbird_player.env print: ../../../../ansible/roles/stack-sunbird/templates/sunbird_print-service.env search: @@ -1004,8 +1001,8 @@ dataset_metadata: "{{ env_name }}_dataset_metadata" #### Exhuats API consumer exhaust_api_consumer_ids: ["273f3b18-5dda-4a27-984a-060c7cd398d3"] # being used in analytics api to access the analytics exhaust api -user_profile_read_url: "http://learner-service:9000/v1/user/read/" # being used in analytics api to get user details -org_search_url: "http://learner-service:9000/v1/org/search" # being used in analytics api to get mhrd tenant id +user_profile_read_url: "http://user-org-service:9000/v1/user/read/" # being used in analytics api to get user details +org_search_url: "http://user-org-service:9000/v1/org/search" # being used in analytics api to get mhrd tenant id dataexhaust_super_admin_channel: "sunbird" # being used in analytics api for authorizing user with super admin channel #### public exhausts @@ -1015,7 +1012,7 @@ public_exhaust_datasets: ["public-data-exhaust"] data_exhaust_batch_limit: 20 mount_keycloak_key_apps: - - learner + - user-org - lms - groups - knowledgemw diff --git a/ansible/roles/stack-sunbird/tasks/learner_service.yml b/ansible/roles/stack-sunbird/tasks/learner_service.yml deleted file mode 100644 index 3320ee97dd..0000000000 --- a/ansible/roles/stack-sunbird/tasks/learner_service.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Remove learner service - shell: "docker service rm learner-service" - ignore_errors: yes - -- name: Deploy learner service - shell: "docker service create --with-registry-auth --replicas {{ learner_replicas }} -p 9000:9000 --name learner-service --hostname learner-service --reserve-memory {{ learner_reservation_memory }} --limit-memory {{ learner_limit_memory }} --limit-cpu {{ learner_limit_cpu }} --reserve-cpu {{ learner_reservation_cpu }} --health-cmd 'wget -qO- learner-service:9000/service/health || exit 1' --health-timeout 10s --health-retries 5 --network application_default --env JAVA_OPTIONS={{ learner_java_mem_limit }} --env-file /home/deployer/env/sunbird_learner-service.env {{hub_org}}/{{image_name}}:{{image_tag}}" - args: - chdir: /home/deployer/stack diff --git a/ansible/roles/stack-sunbird/tasks/main.yml b/ansible/roles/stack-sunbird/tasks/main.yml index 6e5c025544..ecf1dcbc40 100644 --- a/ansible/roles/stack-sunbird/tasks/main.yml +++ b/ansible/roles/stack-sunbird/tasks/main.yml @@ -4,8 +4,8 @@ - include: service_stack.yml when: deploy_stack is defined - - include: learner_service.yml - when: deploy_learner is defined + - include: user-org-service.yml + when: deploy_user_org is defined - include: lms_service.yml when: deploy_lms is defined diff --git a/ansible/roles/stack-sunbird/tasks/user-org-service.yml b/ansible/roles/stack-sunbird/tasks/user-org-service.yml new file mode 100644 index 0000000000..8812e97bb3 --- /dev/null +++ b/ansible/roles/stack-sunbird/tasks/user-org-service.yml @@ -0,0 +1,9 @@ +--- +- name: Remove user-org service + shell: "docker service rm user-org-service" + ignore_errors: yes + +- name: Deploy user-org service + shell: "docker service create --with-registry-auth --replicas {{ learner_replicas }} -p 9000:9000 --name user-org-service --hostname user-org-service --reserve-memory {{ learner_reservation_memory }} --limit-memory {{ learner_limit_memory }} --limit-cpu {{ learner_limit_cpu }} --reserve-cpu {{ learner_reservation_cpu }} --health-cmd 'wget -qO- user-org-service:9000/service/health || exit 1' --health-timeout 10s --health-retries 5 --network application_default --env JAVA_OPTIONS={{ learner_java_mem_limit }} --env-file /home/deployer/env/user-org-service.env {{hub_org}}/{{image_name}}:{{image_tag}}" + args: + chdir: /home/deployer/stack diff --git a/ansible/roles/stack-sunbird/tasks/user_org_service.yml b/ansible/roles/stack-sunbird/tasks/user_org_service.yml index 52accff451..9090d1dfdb 100644 --- a/ansible/roles/stack-sunbird/tasks/user_org_service.yml +++ b/ansible/roles/stack-sunbird/tasks/user_org_service.yml @@ -4,4 +4,4 @@ ignore_errors: yes - name: Deploy user org service - shell: "docker service create --with-registry-auth --replicas {{ user_org_replicas }} -p 9009:9000 --name user-org-service --hostname user-org-service --limit-memory {{ user_org_limit_memory }} --limit-cpu {{ user_org_limit_cpu }} --health-cmd 'wget -qO- user-org-service:9000/service/health || exit 1' --health-timeout 10s --health-retries 5 --network application_default --env-file /home/deployer/env/sunbird_user-org-service.env {{hub_org}}/{{image_name}}:{{image_tag}}" + shell: "docker service create --with-registry-auth --replicas {{ user_org_replicas }} -p 9009:9000 --name user-org-service --hostname user-org-service --limit-memory {{ user_org_limit_memory }} --limit-cpu {{ user_org_limit_cpu }} --health-cmd 'wget -qO- user-org-service:9000/service/health || exit 1' --health-timeout 10s --health-retries 5 --network application_default --env-file /home/deployer/env/user-org-service.env {{hub_org}}/{{image_name}}:{{image_tag}}" diff --git a/ansible/roles/stack-sunbird/templates/ml-core-service.env b/ansible/roles/stack-sunbird/templates/ml-core-service.env index 6bf2405d86..6020ca5de2 100755 --- a/ansible/roles/stack-sunbird/templates/ml-core-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-core-service.env @@ -78,7 +78,7 @@ ELASTICSEARCH_HOST_URL={{ml_core_elasticsearch_host_url | default("")}} ELASTICSEARCH_ENTITIES_INDEX={{ml_core_elasticsearch_user_extension_index_type | default ("")}} # Base url of the sunbird enviornment -USER_SERVICE_URL={{ml_core_user_service_URL | default("http://learner-service:9000")}} +USER_SERVICE_URL={{ml_core_user_service_URL | default("http://user-org-service:9000")}} ## portal url of env APP_PORTAL_BASE_URL={{ proto }}://{{ domain_name }} diff --git a/ansible/roles/stack-sunbird/templates/ml-projects-service.env b/ansible/roles/stack-sunbird/templates/ml-projects-service.env index eeca6c4d70..0a72bf95e1 100644 --- a/ansible/roles/stack-sunbird/templates/ml-projects-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-projects-service.env @@ -38,4 +38,4 @@ KAFKA_GROUP_ID={{ml_project_kafka_group_id | default("ml-project-service")}} PROJECT_SUBMISSION_TOPIC={{ml_project_submission_topic | default (env_name+".ml.projects.submissions")}} # Base url of the sunbird enviornment -USER_SERVICE_URL={{ml_project_user_service_URL | default("http://learner-service:9000")}} +USER_SERVICE_URL={{ml_project_user_service_URL | default("http://user-org-service:9000")}} diff --git a/ansible/roles/stack-sunbird/templates/ml-survey-service.env b/ansible/roles/stack-sunbird/templates/ml-survey-service.env index ccda45606e..363b6976b7 100644 --- a/ansible/roles/stack-sunbird/templates/ml-survey-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-survey-service.env @@ -9,7 +9,7 @@ APPLICATION_ENV={{ env }} MONGODB_URL=mongodb://{{ml_mongodb_host | default(groups['mongo_master'][0]+':27017')}}/{{ ml_mongodb | default("ml-survey") }} # Base url of the sunbird enviornment -USER_SERVICE_URL={{ml_survey_user_service_URL | default("http://learner-service:9000")}} +USER_SERVICE_URL={{ml_survey_user_service_URL | default("http://user-org-service:9000")}} # Secure token access Admin related API's # The value of internal access token can be generated by command - "openssl rand -hex 10" diff --git a/ansible/roles/stack-sunbird/templates/stack_learner_service.yml b/ansible/roles/stack-sunbird/templates/stack_user_org_service.yml similarity index 89% rename from ansible/roles/stack-sunbird/templates/stack_learner_service.yml rename to ansible/roles/stack-sunbird/templates/stack_user_org_service.yml index 47e3dae181..7d4b1c26c3 100644 --- a/ansible/roles/stack-sunbird/templates/stack_learner_service.yml +++ b/ansible/roles/stack-sunbird/templates/stack_user_org_service.yml @@ -1,9 +1,9 @@ version: '3.1' services: - learner_service: + user_org_service: image: "{{hub_org}}/{{image_name}}:{{image_tag}}" env_file: - /home/deployer/env/sunbird_learner_service.env + /home/deployer/env/user_org_service.env deploy: replicas: {{ learner_replicas | default(1) }} resources: diff --git a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env index c83cc61a7d..d561b97049 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env @@ -8,7 +8,7 @@ sunbird_cassandra_port=9042 sunbird_cassandra_password={{sunbird_cassandra_password|d('password')}} sunbird_cassandra_username={{sunbird_cassandra_username|d('cassandra')}} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} -LEARNER_SERVICE_PORT=http://learner-service:9000 +LEARNER_SERVICE_PORT=http://user-org-service:9000 sunbird_redis_host={{sunbird_redis_host}} sunbird_redis_port={{sunbird_redis_port|default(6379)}} CONTENT_SERVICE_PORT=http://search-service:9000 diff --git a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env index 9af09d38d6..0d96e229f8 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env @@ -31,7 +31,7 @@ sunbird_keycloak_user_federation_provider_id={{core_vault_sunbird_keycloak_user_ sunbird_keycloak_required_action_link_expiration_seconds={{sunbird_keycloak_required_action_link_expiration_seconds}} accesstoken.publickey.basepath={{notification_access_basepath | default('/keys/')}} ENV_NAME={{env_name}} -LEARNER_SERVICE_PORT=http://learner-service:9000 +LEARNER_SERVICE_PORT=http://user-org-service:9000 sunbird_us_system_setting_url=/api/data/v1/system/settings/list sunbird_us_org_read_url=/v1/org/read notification_category_type_config=certificateUpdate diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/user-org-service.env similarity index 98% rename from ansible/roles/stack-sunbird/templates/sunbird_learner-service.env rename to ansible/roles/stack-sunbird/templates/user-org-service.env index a1d0d6ea81..bc6608d900 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/user-org-service.env @@ -44,7 +44,7 @@ sunbird_cassandra_host={{sunbird_cassandra_host}} sunbird_cassandra_port=9042 {% endif %} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} -sunbird_mw_system_host=learner-service +sunbird_mw_system_host=user-org-service sunbird_mw_system_port=8088 background_actor_provider=local api_actor_provider=local @@ -54,7 +54,7 @@ sunbird_remote_bg_req_router_path=akka.tcp://SunbirdMWSystem@actor-service:8088/ sunbird_api_base_url=http://knowledge-mw-service:5000 sunbird_authorization={{sunbird_api_auth_token}} telemetry_pdata_id={{sunbird_telemetry_pdata_id}} -telemetry_pdata_pid=learner-service +telemetry_pdata_pid=user-org-service sunbird_telemetry_base_url=http://telemetry-service:9001 telemetry_queue_threshold_value=100 sunbird_default_channel={{sunbird_default_channel}} @@ -102,7 +102,7 @@ sunbird_user_cert_kafka_topic={{kafka_topic_lms_user_account}} sunbird_reset_pass_msg={{sunbird_reset_pass_msg | d('You have requested to reset password. Click on the link to set a password: {0}')}} sunbird_fuzzy_search_threshold={{sunbird_fuzzy_search_threshold | d('0.5')}} sunbird_subdomain_keycloak_base_url={{sunbird_subdomain_keycloak_base_url | d('')}}/ -#Required by Learner-service to call cert service +#Required by user-org-service to call cert service sunbird_cert_service_base_url=http://cert-service:9000 quartz_shadow_user_migration_timer={{sunbird_quartz_shadow_user_migration_timer}} sunbird_otp_allowed_attempt={{sunbird_otp_allowed_attempt|default(2)}} diff --git a/ansible/roles/stack-sunbird/templates/learner-service_logback.xml b/ansible/roles/stack-sunbird/templates/user-org-service_logback.xml similarity index 100% rename from ansible/roles/stack-sunbird/templates/learner-service_logback.xml rename to ansible/roles/stack-sunbird/templates/user-org-service_logback.xml diff --git a/ansible/static-files/health.sh b/ansible/static-files/health.sh index 575fd669e2..9f7fad6f07 100755 --- a/ansible/static-files/health.sh +++ b/ansible/static-files/health.sh @@ -6,7 +6,7 @@ #apk add jq outpt1=$(curl -s content-service:5000/health | jq '.result.healthy') outpt2=$(curl -s player_player:3000/health| jq '.result.healthy') -outpt3=$(curl -s learner-service:9000/health | jq '.result.response.checks[0].healthy') +outpt3=$(curl -s user-org-service:9000/health | jq '.result.response.checks[0].healthy') outpt4=$(curl -s lms-service:9005/health | jq '.result.response.checks[0].healthy') echo "" echo "" @@ -29,9 +29,9 @@ echo "" echo "" if [ "$outpt3" == "true" ];then - echo "Learner Service is Healthy" + echo "UserOrg Service is Healthy" else - echo "Learner Service is unhealthy" + echo "UserOrg Service is unhealthy" fi echo "" diff --git a/deploy/config.yml b/deploy/config.yml index 2a273eb222..2904731e2e 100755 --- a/deploy/config.yml +++ b/deploy/config.yml @@ -68,7 +68,7 @@ sunbird_root_user_email: # email address of the Sunb sunbird_root_user_phone: # mobile number of the Sunbird admin user # After Running ./sunbird_install.sh get the sso_publickey from keycloak and update in config,then follow the below Steps: -# 1> run `./sunbird_install.sh -s core` this script will install all the core services(Player, Content, Learner, Badger) +# 1> run `./sunbird_install.sh -s core` this script will install all the core services(Player, Content, UserOrg, Badger) # 2> run `./sunbird_install.sh -s systeminit` this script will configure the default channel and create user to login to sunbird # 3> run `./sunbird_install.sh -s posttest` this script will validate the sunbird installation and check whether all services are running diff --git a/deploy/deploy-core.sh b/deploy/deploy-core.sh index f5c9fc1a7f..a7d92f3e8d 100755 --- a/deploy/deploy-core.sh +++ b/deploy/deploy-core.sh @@ -32,9 +32,9 @@ badger_token=$(cat ~/badger_token.txt | cut -d '"' -f 4) echo "@@@@@@@@@ Redeploy player service" ansible-playbook -i $INVENTORY_PATH ../ansible/deploy.yml --tags "stack-sunbird" --extra-vars "hub_org=${ORG} image_name=player image_tag=${PLAYER_VERSION} service_name=player deploy_stack=True sunbird_api_auth_token=${sunbird_api_auth_token} vault_badging_authorization_key=${badger_token}" --extra-vars @config.yml -# Re-deploy Learner service -echo "Redeploy learner service" -ansible-playbook -i $INVENTORY_PATH ../ansible/deploy.yml --tags "stack-sunbird" --extra-vars "hub_org=${ORG} image_name=learner_service image_tag=${LEARNER_SERVICE_VERSION} service_name=learner-service deploy_learner=True sunbird_api_auth_token=${sunbird_api_auth_token} vault_badging_authorization_key=${badger_token}" --extra-vars @config.yml -v +# Re-deploy UserOrg service +echo "Redeploy UserOrg service" +ansible-playbook -i $INVENTORY_PATH ../ansible/deploy.yml --tags "stack-sunbird" --extra-vars "hub_org=${ORG} image_name=user-org-service image_tag=${USER_ORG_SERVICE_VERSION} service_name=user-org-service deploy_user_org=True sunbird_api_auth_token=${sunbird_api_auth_token} vault_badging_authorization_key=${badger_token}" --extra-vars @config.yml -v # Re-deploy Content service echo "Redeploy content service" diff --git a/deploy/gitOPS/github.csv b/deploy/gitOPS/github.csv index 64bf495ac6..ebcd56fcd3 100644 --- a/deploy/gitOPS/github.csv +++ b/deploy/gitOPS/github.csv @@ -1,5 +1,5 @@ #REPO_NAME,BRANCH_NAME,MERGE_ACCESS_USERS(;),CHECKS -sunbird-lms-service,jenkins-test,harshavardhanc;abcb,3 +user-org-service,jenkins-test,harshavardhanc;abcb,3 diff --git a/deploy/grafana/dashboards/General/service-memory-usage-ds1.json b/deploy/grafana/dashboards/General/service-memory-usage-ds1.json index 62618d9a42..4b476382e5 100644 --- a/deploy/grafana/dashboards/General/service-memory-usage-ds1.json +++ b/deploy/grafana/dashboards/General/service-memory-usage-ds1.json @@ -224,7 +224,7 @@ "steppedLine": false, "targets": [ { - "expr": "max(container_memory_usage_bytes{container_label_com_docker_swarm_service_name=~\"learner-service\"})", + "expr": "max(container_memory_usage_bytes{container_label_com_docker_swarm_service_name=~\"user-org-service\"})", "format": "time_series", "intervalFactor": 2, "refId": "A", @@ -235,7 +235,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "learner-service", + "title": "user-org-service", "tooltip": { "shared": true, "sort": 0, diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/Core/jobs/Learner/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/Core/jobs/UserOrg/config.xml similarity index 97% rename from deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/Core/jobs/Learner/config.xml rename to deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/Core/jobs/UserOrg/config.xml index a0f41171e9..103b8d979e 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/Core/jobs/Learner/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/Core/jobs/UserOrg/config.xml @@ -28,7 +28,7 @@ absolute_job_path <font color=dimgray size=2><b>Do not change this value! The metadata.json will be copied from this job.</b></font> - Build/Core/Learner + Build/Core/UserOrg false @@ -64,7 +64,7 @@ ArtifactRepo - Push the docker image to container registry. - /Build/Core/Learner + /Build/Core/UserOrg SUCCESS 0 diff --git a/deploy/jenkins/jobs/Build/jobs/Core/jobs/Learner/config.xml b/deploy/jenkins/jobs/Build/jobs/Core/jobs/UserOrg/config.xml similarity index 100% rename from deploy/jenkins/jobs/Build/jobs/Core/jobs/Learner/config.xml rename to deploy/jenkins/jobs/Build/jobs/Core/jobs/UserOrg/config.xml diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Learner/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UserOrg/config.xml similarity index 95% rename from deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Learner/config.xml rename to deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UserOrg/config.xml index c9f4410fc9..202befc446 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Learner/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/UserOrg/config.xml @@ -28,7 +28,7 @@ absolute_job_path <font color=dimgray size=2><b>Do not change this value! The metadata.json will be copied from this job.</b></font> - ArtifactUpload/dev/Core/Learner + ArtifactUpload/dev/Core/UserOrg false @@ -56,8 +56,8 @@ return """<b>This parameter is not used</b>""" true - Learner - Deploy/dev/Kubernetes/Learner + UserOrg + Deploy/dev/Kubernetes/UserOrg ET_FORMATTED_HTML @@ -83,8 +83,8 @@ return """<b>This parameter is not used</b>""" true - Learner - Deploy/dev/Kubernetes/Learner + UserOrg + Deploy/dev/Kubernetes/UserOrg ET_FORMATTED_HTML @@ -115,7 +115,7 @@ return """<b>This parameter is not used</b>""" - ArtifactUpload/dev/Core/Learner + ArtifactUpload/dev/Core/UserOrg SUCCESS 0 diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Summary/jobs/DeployedVersions/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Summary/jobs/DeployedVersions/config.xml index 85388922e1..04b4f8cdf5 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Summary/jobs/DeployedVersions/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Summary/jobs/DeployedVersions/config.xml @@ -30,7 +30,7 @@ - Deploy/dev/Core/Content,Deploy/dev/Core/Player,Deploy/dev/Core/Learner,Deploy/dev/Core/Telemetry,Deploy/dev/Core/Proxy,Deploy/dev/KnowledgePlatform/Search,Deploy/dev/KnowledgePlatform/Learning,Deploy/dev/KnowledgePlatform/Yarn,Deploy/dev/DataPipeline/Secor,Deploy/dev/DataPipeline/Yarn,Deploy/dev/DataPipeline/AnalyticsAPI,Deploy/dev/DataPipeline/DataProducts + Deploy/dev/Core/Content,Deploy/dev/Core/Player,Deploy/dev/Core/UserOrg,Deploy/dev/Core/Telemetry,Deploy/dev/Core/Proxy,Deploy/dev/KnowledgePlatform/Search,Deploy/dev/KnowledgePlatform/Learning,Deploy/dev/KnowledgePlatform/Yarn,Deploy/dev/DataPipeline/Secor,Deploy/dev/DataPipeline/Yarn,Deploy/dev/DataPipeline/AnalyticsAPI,Deploy/dev/DataPipeline/DataProducts SUCCESS 0 diff --git a/deploy/postInstallation.sh b/deploy/postInstallation.sh index 009bb75c1f..bf13b5c0eb 100755 --- a/deploy/postInstallation.sh +++ b/deploy/postInstallation.sh @@ -134,7 +134,7 @@ check_cassandra_keyspaces() { } check_version() { - list=(actor-service player_player learner-service content-service proxy_proxy api-manager_kong) + list=(actor-service player_player user-org-service content-service proxy_proxy api-manager_kong) versionReq=$(git branch | grep \* | cut -d '-' -f2) echo -e "The Sunbird Version being used is $versionReq \n" if [ $(git branch | grep \* | cut -d '-' -f2 | grep -Ewo '.' | wc -l) -ne 3 ]; then @@ -155,7 +155,7 @@ get_logs() { mkdir -p $ServiceLogsFolder echo "Storing logs of core services in $ServiceLogsFolder" echo "-----------------------------------------" - serviceNames=(player_player learner-service content-service proxy_proxy api-manager_kong) + serviceNames=(player_player user-org-service content-service proxy_proxy api-manager_kong) for service in ${serviceNames[@]}; do echo -e "\nexporting $service logs to $ServiceLogsFolder" sudo docker service logs $service --tail 10000 > $ServiceLogsFolder/$service diff --git a/deploy/version.env b/deploy/version.env index 4e6ac911e3..feca8b68da 100755 --- a/deploy/version.env +++ b/deploy/version.env @@ -1,6 +1,6 @@ PLAYER_VERSION=1.11.0-gold CONTENT_SERVICE_VERSION=1.11.0-gold -LEARNER_SERVICE_VERSION=1.11.0-gold +USER_ORG_SERVICE_VERSION=1.11.0-gold PROXY_VERSION=1.8.0-gold BADGER_SERVICE_VERSION=1.8.0-gold KONG_VERSION=1.8.0-gold diff --git a/kubernetes/ansible/roles/sunbird-monitoring/defaults/main.yml b/kubernetes/ansible/roles/sunbird-monitoring/defaults/main.yml index b8aaa5bd92..10db0b3617 100644 --- a/kubernetes/ansible/roles/sunbird-monitoring/defaults/main.yml +++ b/kubernetes/ansible/roles/sunbird-monitoring/defaults/main.yml @@ -266,8 +266,8 @@ service_health_checks: targets: "http://content-service.{{ namespace }}.svc.cluster.local:9000/health" - service_name: 'lms' targets: "http://lms-service.{{ namespace }}.svc.cluster.local:9000/health" - - service_name: 'learner' - targets: "http://learner-service.{{ namespace }}.svc.cluster.local:9000/health" + - service_name: 'user-org' + targets: "http://user-org-service.{{ namespace }}.svc.cluster.local:9000/health" api_response_upward_trend_threshold: 0.3 diff --git a/kubernetes/ansible/static-files/health.sh b/kubernetes/ansible/static-files/health.sh index 575fd669e2..9f7fad6f07 100755 --- a/kubernetes/ansible/static-files/health.sh +++ b/kubernetes/ansible/static-files/health.sh @@ -6,7 +6,7 @@ #apk add jq outpt1=$(curl -s content-service:5000/health | jq '.result.healthy') outpt2=$(curl -s player_player:3000/health| jq '.result.healthy') -outpt3=$(curl -s learner-service:9000/health | jq '.result.response.checks[0].healthy') +outpt3=$(curl -s user-org-service:9000/health | jq '.result.response.checks[0].healthy') outpt4=$(curl -s lms-service:9005/health | jq '.result.response.checks[0].healthy') echo "" echo "" @@ -29,9 +29,9 @@ echo "" echo "" if [ "$outpt3" == "true" ];then - echo "Learner Service is Healthy" + echo "UserOrg Service is Healthy" else - echo "Learner Service is unhealthy" + echo "UserOrg Service is unhealthy" fi echo "" diff --git a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml index f4422e608b..5985a17652 100644 --- a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml +++ b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml @@ -43,9 +43,9 @@ data: resolver {{ .Values.kube_dns_ip }}; - location /learner/ { - set $target http://learner-service.{{ .Values.namespace }}.svc.cluster.local:9000; - rewrite ^/learner/(.*) /$1 break; + location /user-org/ { + set $target http://user-org-service.{{ .Values.namespace }}.svc.cluster.local:9000; + rewrite ^/user-org/(.*) /$1 break; proxy_http_version 1.1; proxy_pass $target; } diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 41f954be54..b0a340cfea 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -246,7 +246,7 @@ proxyconfig: |- proxy_pass http://keycloak; } # This is Caching mechanism for POST requests location search - location ~ /learner/data/v1/location/search { + location ~ /user-org/data/v1/location/search { # Enabling compression include /etc/nginx/defaults.d/compression.conf; # Enabling caching @@ -289,7 +289,7 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } - location /learner/certreg/v2/certs/download { + location /user-org/certreg/v2/certs/download { # Compression gzip on; gzip_comp_level 5; diff --git a/kubernetes/helm_charts/core/learner/.helmignore b/kubernetes/helm_charts/core/user-org/.helmignore similarity index 100% rename from kubernetes/helm_charts/core/learner/.helmignore rename to kubernetes/helm_charts/core/user-org/.helmignore diff --git a/kubernetes/helm_charts/core/learner/Chart.yaml b/kubernetes/helm_charts/core/user-org/Chart.yaml similarity index 85% rename from kubernetes/helm_charts/core/learner/Chart.yaml rename to kubernetes/helm_charts/core/user-org/Chart.yaml index d2c54a936b..b6eea73a17 100644 --- a/kubernetes/helm_charts/core/learner/Chart.yaml +++ b/kubernetes/helm_charts/core/user-org/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes -name: learner +name: user-org version: 0.1.0 diff --git a/kubernetes/helm_charts/core/learner/templates/_helpers.tpl b/kubernetes/helm_charts/core/user-org/templates/_helpers.tpl similarity index 100% rename from kubernetes/helm_charts/core/learner/templates/_helpers.tpl rename to kubernetes/helm_charts/core/user-org/templates/_helpers.tpl diff --git a/kubernetes/helm_charts/core/learner/templates/configmap.yaml b/kubernetes/helm_charts/core/user-org/templates/configmap.yaml similarity index 100% rename from kubernetes/helm_charts/core/learner/templates/configmap.yaml rename to kubernetes/helm_charts/core/user-org/templates/configmap.yaml diff --git a/kubernetes/helm_charts/core/learner/templates/deployment.yaml b/kubernetes/helm_charts/core/user-org/templates/deployment.yaml similarity index 97% rename from kubernetes/helm_charts/core/learner/templates/deployment.yaml rename to kubernetes/helm_charts/core/user-org/templates/deployment.yaml index a9068341e4..9ae78bfebf 100644 --- a/kubernetes/helm_charts/core/learner/templates/deployment.yaml +++ b/kubernetes/helm_charts/core/user-org/templates/deployment.yaml @@ -48,8 +48,8 @@ spec: {{- end }} volumeMounts: - name: {{ .Chart.Name }}-xml-config - mountPath: /home/sunbird/learner/learning-service-1.0-SNAPSHOT/config/logback.xml - subPath: learner-service_logback.xml + mountPath: /home/sunbird/user-org-service-1.0-SNAPSHOT/config/logback.xml + subPath: user-org-service_logback.xml {{- $keys := .Files.Glob "keys/*" }} {{- if $keys }} - mountPath: {{ .Values.learner_access_basepath }} diff --git a/kubernetes/helm_charts/core/learner/templates/envoy-config.yaml b/kubernetes/helm_charts/core/user-org/templates/envoy-config.yaml similarity index 100% rename from kubernetes/helm_charts/core/learner/templates/envoy-config.yaml rename to kubernetes/helm_charts/core/user-org/templates/envoy-config.yaml diff --git a/kubernetes/helm_charts/core/learner/templates/hpa.yaml b/kubernetes/helm_charts/core/user-org/templates/hpa.yaml similarity index 100% rename from kubernetes/helm_charts/core/learner/templates/hpa.yaml rename to kubernetes/helm_charts/core/user-org/templates/hpa.yaml diff --git a/kubernetes/helm_charts/core/learner/templates/serviceMonitor.yaml b/kubernetes/helm_charts/core/user-org/templates/serviceMonitor.yaml similarity index 100% rename from kubernetes/helm_charts/core/learner/templates/serviceMonitor.yaml rename to kubernetes/helm_charts/core/user-org/templates/serviceMonitor.yaml diff --git a/kubernetes/helm_charts/core/learner/values.j2 b/kubernetes/helm_charts/core/user-org/values.j2 similarity index 95% rename from kubernetes/helm_charts/core/learner/values.j2 rename to kubernetes/helm_charts/core/user-org/values.j2 index 752feb8f69..e07e2a512e 100644 --- a/kubernetes/helm_charts/core/learner/values.j2 +++ b/kubernetes/helm_charts/core/user-org/values.j2 @@ -1,5 +1,5 @@ -### Default variable file for learner-service ### +### Default variable file for user-org-service ### namespace: {{ namespace }} imagepullsecrets: {{ imagepullsecrets }} @@ -9,7 +9,7 @@ env: javaoptions: {{learner_java_mem_limit|default('-Xmx600m')}} replicaCount: {{learner_replicacount|default(1)}} -repository: {{learner_repository|default('learner_service')}} +repository: {{learner_repository|default('user-org-service')}} image_tag: {{ image_tag }} resources: requests: diff --git a/kubernetes/helm_charts/monitoring/dashboards/dashboards/service-memory.json b/kubernetes/helm_charts/monitoring/dashboards/dashboards/service-memory.json index 2b046edb2c..07f9878773 100644 --- a/kubernetes/helm_charts/monitoring/dashboards/dashboards/service-memory.json +++ b/kubernetes/helm_charts/monitoring/dashboards/dashboards/service-memory.json @@ -225,7 +225,7 @@ "steppedLine": false, "targets": [ { - "expr": "max(container_memory_usage_bytes{container_label_com_docker_swarm_service_name=~\"learner-service\"})", + "expr": "max(container_memory_usage_bytes{container_label_com_docker_swarm_service_name=~\"user-org-service\"})", "format": "time_series", "intervalFactor": 2, "refId": "A", @@ -236,7 +236,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "learner-service", + "title": "user-org-service", "tooltip": { "shared": true, "sort": 0, diff --git a/kubernetes/helm_charts/networkconfig/templates/private-vs.yaml b/kubernetes/helm_charts/networkconfig/templates/private-vs.yaml index 71a002e5a3..16e0946759 100644 --- a/kubernetes/helm_charts/networkconfig/templates/private-vs.yaml +++ b/kubernetes/helm_charts/networkconfig/templates/private-vs.yaml @@ -31,14 +31,14 @@ spec: host: kiali.istio-system.svc.cluster.local - match: - uri: - prefix: /learner/ + prefix: /user-org/ - uri: - prefix: /learner + prefix: /user-org rewrite: uri: / route: - destination: - host: learner-service + host: user-org-service - match: - uri: prefix: /api/ diff --git a/kubernetes/opa/learner/common.rego b/kubernetes/opa/user-org/common.rego similarity index 100% rename from kubernetes/opa/learner/common.rego rename to kubernetes/opa/user-org/common.rego diff --git a/kubernetes/opa/learner/main.rego b/kubernetes/opa/user-org/main.rego similarity index 100% rename from kubernetes/opa/learner/main.rego rename to kubernetes/opa/user-org/main.rego diff --git a/kubernetes/opa/learner/policies.rego b/kubernetes/opa/user-org/policies.rego similarity index 100% rename from kubernetes/opa/learner/policies.rego rename to kubernetes/opa/user-org/policies.rego diff --git a/kubernetes/opa/learner/policies_test.rego b/kubernetes/opa/user-org/policies_test.rego similarity index 100% rename from kubernetes/opa/learner/policies_test.rego rename to kubernetes/opa/user-org/policies_test.rego diff --git a/pipelines/deploy/learner/Jenkinsfile b/pipelines/deploy/user-org/Jenkinsfile similarity index 90% rename from pipelines/deploy/learner/Jenkinsfile rename to pipelines/deploy/user-org/Jenkinsfile index c012522516..9a002ae5dd 100644 --- a/pipelines/deploy/learner/Jenkinsfile +++ b/pipelines/deploy/user-org/Jenkinsfile @@ -15,7 +15,7 @@ node() { values = docker_params() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "$currentWs/ansible/deploy.yml" - ansibleExtraArgs = "--tags \"stack-sunbird\" --extra-vars \"hub_org=$hub_org image_name=$values.image_name image_tag=$values.image_tag service_name=learner-service deploy_learner=True\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansibleExtraArgs = "--tags \"stack-sunbird\" --extra-vars \"hub_org=$hub_org image_name=$values.image_name image_tag=$values.image_tag service_name=user-org-service deploy_learner=True\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('currentWs', currentWs) values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) From c771d585720cc3f92f224e3078be58b229e40746 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Fri, 17 Feb 2023 15:36:42 +0530 Subject: [PATCH 271/434] Issue #LR-122 chore: Rename learner to user-org --- .../helm_charts/core/user-org/templates/_helpers.tpl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/kubernetes/helm_charts/core/user-org/templates/_helpers.tpl b/kubernetes/helm_charts/core/user-org/templates/_helpers.tpl index 420ba79439..a6acb1aa2c 100644 --- a/kubernetes/helm_charts/core/user-org/templates/_helpers.tpl +++ b/kubernetes/helm_charts/core/user-org/templates/_helpers.tpl @@ -2,7 +2,7 @@ {{/* Expand the name of the chart. */}} -{{- define "learner.name" -}} +{{- define "user-org.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -11,7 +11,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "learner.fullname" -}} +{{- define "user-org.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -27,16 +27,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "learner.chart" -}} +{{- define "user-org.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Common labels */}} -{{- define "learner.labels" -}} -app.kubernetes.io/name: {{ include "learner.name" . }} -helm.sh/chart: {{ include "learner.chart" . }} +{{- define "user-org.labels" -}} +app.kubernetes.io/name: {{ include "user-org.name" . }} +helm.sh/chart: {{ include "user-org.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} From 43fd21ee6c95124c3a7731b696d18daf7d245242 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Fri, 17 Feb 2023 15:43:05 +0530 Subject: [PATCH 272/434] Issue #LR-122 chore: Rename learning_service_url to user_org_service_url --- ansible/roles/kong-api/defaults/main.yml | 160 +++++++++++------------ 1 file changed, 80 insertions(+), 80 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 842b3f6be6..f0ab7782de 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -72,7 +72,7 @@ cloud_service_prefix: /cloud-services assessment_prefix: /assessment # Service URLs -learning_service_url: "http://user-org-service:9000" +user_org_service_url: "http://user-org-service:9000" am_util_url: "http://adminutil:4000" lms_service_url: "http://lms-service:9000" cert_service_url: "http://cert-service:9000" @@ -110,7 +110,7 @@ premium_consumer_rate_limits: kong_apis: - name: acceptTermsAndCondition uris: "{{ user_service_prefix }}/v1/tnc/accept" - upstream_url: "{{ learning_service_url }}/v1/user/tnc/accept" + upstream_url: "{{ user_org_service_url }}/v1/user/tnc/accept" strip_uri: true plugins: - name: jwt @@ -131,7 +131,7 @@ kong_apis: - name: addSystemSettings uris: "{{ data_service_prefix }}/v1/system/settings/set" - upstream_url: "{{ learning_service_url }}/v1/system/settings/set" + upstream_url: "{{ user_org_service_url }}/v1/system/settings/set" strip_uri: true plugins: - name: jwt @@ -169,7 +169,7 @@ kong_apis: - name: assignRole uris: "{{ user_service_prefix }}/v1/role/assign" - upstream_url: "{{ learning_service_url }}/v1/user/assign/role" + upstream_url: "{{ user_org_service_url }}/v1/user/assign/role" strip_uri: true plugins: - name: jwt @@ -190,7 +190,7 @@ kong_apis: - name: assignRoleV2 uris: "{{ user_service_prefix }}/v2/role/assign" - upstream_url: "{{ learning_service_url }}/v2/user/assign/role" + upstream_url: "{{ user_org_service_url }}/v2/user/assign/role" strip_uri: true plugins: - name: jwt @@ -253,7 +253,7 @@ kong_apis: - name: blockUser uris: "{{ user_service_prefix }}/v1/block" - upstream_url: "{{ learning_service_url }}/v1/user/block" + upstream_url: "{{ user_org_service_url }}/v1/user/block" strip_uri: true plugins: - name: jwt @@ -274,7 +274,7 @@ kong_apis: - name: checkUploadJobStatus uris: "{{ data_service_prefix }}/v1/upload/status" - upstream_url: "{{ learning_service_url }}/v1/upload/status" + upstream_url: "{{ user_org_service_url }}/v1/upload/status" strip_uri: true plugins: - name: jwt @@ -464,7 +464,7 @@ kong_apis: - name: createNote uris: "{{ notes_service_prefix }}/v1/create" - upstream_url: "{{ learning_service_url }}/v1/note/create" + upstream_url: "{{ user_org_service_url }}/v1/note/create" strip_uri: true plugins: - name: jwt @@ -485,7 +485,7 @@ kong_apis: - name: createOrg uris: "{{ org_service_prefix }}/v1/create" - upstream_url: "{{ learning_service_url }}/v1/org/create" + upstream_url: "{{ user_org_service_url }}/v1/org/create" strip_uri: true plugins: - name: jwt @@ -548,7 +548,7 @@ kong_apis: - name: createUser uris: "{{ user_service_prefix }}/v1/create" - upstream_url: "{{ learning_service_url }}/v1/user/create" + upstream_url: "{{ user_org_service_url }}/v1/user/create" strip_uri: true plugins: - name: jwt @@ -569,7 +569,7 @@ kong_apis: - name: createUserLearnerV3 uris: "{{ user_service_prefix }}/v1/signup" - upstream_url: "{{ learning_service_url }}/v1/user/signup" + upstream_url: "{{ user_org_service_url }}/v1/user/signup" strip_uri: true plugins: - name: jwt @@ -590,7 +590,7 @@ kong_apis: - name: createUserVersion2 uris: "{{ user_service_prefix }}/v2/create" - upstream_url: "{{ learning_service_url }}/v2/user/create" + upstream_url: "{{ user_org_service_url }}/v2/user/create" strip_uri: true plugins: - name: jwt @@ -611,7 +611,7 @@ kong_apis: - name: createUserVersion3 uris: "{{ user_service_prefix }}/v3/create" - upstream_url: "{{ learning_service_url }}/v3/user/create" + upstream_url: "{{ user_org_service_url }}/v3/user/create" strip_uri: true plugins: - name: jwt @@ -632,7 +632,7 @@ kong_apis: - name: createUserVersion4 uris: "{{ user_service_prefix }}/v4/create" - upstream_url: "{{ learning_service_url }}/v4/user/create" + upstream_url: "{{ user_org_service_url }}/v4/user/create" strip_uri: true plugins: - name: jwt @@ -653,7 +653,7 @@ kong_apis: - name: deleteNote uris: "{{ notes_service_prefix }}/v1/delete" - upstream_url: "{{ learning_service_url }}/v1/note/delete" + upstream_url: "{{ user_org_service_url }}/v1/note/delete" strip_uri: true plugins: - name: jwt @@ -754,7 +754,7 @@ kong_apis: - name: generateOtp uris: "{{ otp_service_prefix }}/v1/generate" - upstream_url: "{{ learning_service_url }}/v1/otp/generate" + upstream_url: "{{ user_org_service_url }}/v1/otp/generate" strip_uri: true plugins: - name: jwt @@ -775,7 +775,7 @@ kong_apis: - name: generateOtpV2 uris: "{{ otp_service_prefix }}/v2/generate" - upstream_url: "{{ learning_service_url }}/v2/otp/generate" + upstream_url: "{{ user_org_service_url }}/v2/otp/generate" strip_uri: true plugins: - name: jwt @@ -880,7 +880,7 @@ kong_apis: - name: getSystemSettings uris: "{{ data_service_prefix }}/v1/system/settings/get" - upstream_url: "{{ learning_service_url }}/v1/system/settings/get" + upstream_url: "{{ user_org_service_url }}/v1/system/settings/get" strip_uri: true plugins: - name: jwt @@ -901,7 +901,7 @@ kong_apis: - name: getUserByKey uris: "{{ user_service_prefix }}/v1/get" - upstream_url: "{{ learning_service_url }}/v1/user/get" + upstream_url: "{{ user_org_service_url }}/v1/user/get" strip_uri: true plugins: - name: jwt @@ -922,7 +922,7 @@ kong_apis: - name: getUserByKeyV2 uris: "{{ user_service_prefix }}/v2/get" - upstream_url: "{{ learning_service_url }}/v2/user/get" + upstream_url: "{{ user_org_service_url }}/v2/user/get" strip_uri: true plugins: - name: jwt @@ -943,7 +943,7 @@ kong_apis: - name: getUserProfile uris: "{{ user_service_prefix }}/v1/read" - upstream_url: "{{ learning_service_url }}/v1/user/read" + upstream_url: "{{ user_org_service_url }}/v1/user/read" strip_uri: true plugins: - name: jwt @@ -964,7 +964,7 @@ kong_apis: - name: getUserProfileV2 uris: "{{ user_service_prefix }}/v2/read" - upstream_url: "{{ learning_service_url }}/v2/user/read" + upstream_url: "{{ user_org_service_url }}/v2/user/read" strip_uri: true plugins: - name: jwt @@ -985,7 +985,7 @@ kong_apis: - name: indexSync uris: "{{ data_service_prefix }}/v1/index/sync" - upstream_url: "{{ learning_service_url }}/v1/data/sync" + upstream_url: "{{ user_org_service_url }}/v1/data/sync" strip_uri: true plugins: - name: jwt @@ -1154,7 +1154,7 @@ kong_apis: - name: listSystemSettings uris: "{{ data_service_prefix }}/v1/system/settings/list" - upstream_url: "{{ learning_service_url }}/v1/system/settings/list" + upstream_url: "{{ user_org_service_url }}/v1/system/settings/list" strip_uri: true plugins: - name: jwt @@ -1175,7 +1175,7 @@ kong_apis: - name: masterLocationCreate uris: "{{ data_service_prefix }}/v1/location/create" - upstream_url: "{{ learning_service_url }}/v1/location/create" + upstream_url: "{{ user_org_service_url }}/v1/location/create" strip_uri: true plugins: - name: jwt @@ -1196,7 +1196,7 @@ kong_apis: - name: masterLocationDelete uris: "{{ data_service_prefix }}/v1/location/delete" - upstream_url: "{{ learning_service_url }}/v1/location/delete" + upstream_url: "{{ user_org_service_url }}/v1/location/delete" strip_uri: true plugins: - name: jwt @@ -1217,7 +1217,7 @@ kong_apis: - name: masterLocationSearch uris: "{{ data_service_prefix }}/v1/location/search" - upstream_url: "{{ learning_service_url }}/v1/location/search" + upstream_url: "{{ user_org_service_url }}/v1/location/search" strip_uri: true plugins: - name: jwt @@ -1238,7 +1238,7 @@ kong_apis: - name: masterLocationUpdate uris: "{{ data_service_prefix }}/v1/location/update" - upstream_url: "{{ learning_service_url }}/v1/location/update" + upstream_url: "{{ user_org_service_url }}/v1/location/update" strip_uri: true plugins: - name: jwt @@ -1259,7 +1259,7 @@ kong_apis: - name: masterLocationUpload uris: "{{ data_service_prefix }}/v1/bulk/location/upload" - upstream_url: "{{ learning_service_url }}/v1/bulk/location/upload" + upstream_url: "{{ user_org_service_url }}/v1/bulk/location/upload" strip_uri: true plugins: - name: jwt @@ -1280,7 +1280,7 @@ kong_apis: - name: mergeUserAccounts uris: "{{ user_service_prefix }}/v1/account/merge" - upstream_url: "{{ learning_service_url }}/private/user/v1/account/merge" + upstream_url: "{{ user_org_service_url }}/private/user/v1/account/merge" strip_uri: true plugins: - name: jwt @@ -1301,7 +1301,7 @@ kong_apis: - name: orgAssignKeys uris: "{{ org_service_prefix }}/v1/assign/key" - upstream_url: "{{ learning_service_url }}/v1/org/assign/key" + upstream_url: "{{ user_org_service_url }}/v1/org/assign/key" strip_uri: true plugins: - name: jwt @@ -1322,7 +1322,7 @@ kong_apis: - name: orgBulkUpload uris: "{{ org_service_prefix }}/v1/upload" - upstream_url: "{{ learning_service_url }}/v1/org/upload" + upstream_url: "{{ user_org_service_url }}/v1/org/upload" strip_uri: true plugins: - name: jwt @@ -1343,7 +1343,7 @@ kong_apis: - name: privateUserAssignRole uris: "{{ user_service_prefix }}/private/v1/assign/role" - upstream_url: "{{ learning_service_url }}/private/user/v1/assign/role" + upstream_url: "{{ user_org_service_url }}/private/user/v1/assign/role" strip_uri: true plugins: - name: jwt @@ -1364,7 +1364,7 @@ kong_apis: - name: privateUserRead uris: "{{ user_service_prefix }}/private/v1/read" - upstream_url: "{{ learning_service_url }}/private/user/v1/read" + upstream_url: "{{ user_org_service_url }}/private/user/v1/read" strip_uri: true plugins: - name: jwt @@ -1490,7 +1490,7 @@ kong_apis: - name: readNote uris: "{{ notes_service_prefix }}/v1/read" - upstream_url: "{{ learning_service_url }}/v1/note/read" + upstream_url: "{{ user_org_service_url }}/v1/note/read" strip_uri: true plugins: - name: jwt @@ -1511,7 +1511,7 @@ kong_apis: - name: readOrg uris: "{{ org_service_prefix }}/v1/read" - upstream_url: "{{ learning_service_url }}/v1/org/read" + upstream_url: "{{ user_org_service_url }}/v1/org/read" strip_uri: true plugins: - name: jwt @@ -1553,7 +1553,7 @@ kong_apis: - name: readRoleMapping uris: "{{ data_service_prefix }}/v1/role/read" - upstream_url: "{{ learning_service_url }}/v1/role/read" + upstream_url: "{{ user_org_service_url }}/v1/role/read" strip_uri: true plugins: - name: jwt @@ -1574,7 +1574,7 @@ kong_apis: - name: readUserSpecificRole uris: "{{ user_service_prefix }}/v1/role/read" - upstream_url: "{{ learning_service_url }}/v1/user/role/read" + upstream_url: "{{ user_org_service_url }}/v1/user/role/read" strip_uri: true plugins: - name: jwt @@ -1595,7 +1595,7 @@ kong_apis: - name: readUserProfile uris: "{{ user_service_prefix }}/v1/profile/read" - upstream_url: "{{ learning_service_url }}/v1/user/getuser" + upstream_url: "{{ user_org_service_url }}/v1/user/getuser" strip_uri: true plugins: - name: jwt @@ -1889,7 +1889,7 @@ kong_apis: - name: searchNotes uris: "{{ notes_service_prefix }}/v1/search" - upstream_url: "{{ learning_service_url }}/v1/note/search" + upstream_url: "{{ user_org_service_url }}/v1/note/search" strip_uri: true plugins: - name: jwt @@ -1910,7 +1910,7 @@ kong_apis: - name: searchOrgExtended uris: "{{ org_service_prefix }}/v1/ext/search" - upstream_url: "{{ learning_service_url }}/v1/org/search" + upstream_url: "{{ user_org_service_url }}/v1/org/search" strip_uri: true plugins: - name: cors @@ -1927,7 +1927,7 @@ kong_apis: - name: searchOrg uris: "{{ org_service_prefix }}/v1/search" - upstream_url: "{{ learning_service_url }}/v1/org/search" + upstream_url: "{{ user_org_service_url }}/v1/org/search" strip_uri: true plugins: - name: cors @@ -1944,7 +1944,7 @@ kong_apis: - name: searchUser uris: "{{ user_service_prefix }}/v1/search" - upstream_url: "{{ learning_service_url }}/v1/user/search" + upstream_url: "{{ user_org_service_url }}/v1/user/search" strip_uri: true plugins: - name: jwt @@ -1965,7 +1965,7 @@ kong_apis: - name: sendEmailNotification uris: "{{ user_service_prefix }}/v1/notification/email" - upstream_url: "{{ learning_service_url }}/v1/notification/email" + upstream_url: "{{ user_org_service_url }}/v1/notification/email" strip_uri: true plugins: - name: jwt @@ -1986,7 +1986,7 @@ kong_apis: - name: unblockUser uris: "{{ user_service_prefix }}/v1/unblock" - upstream_url: "{{ learning_service_url }}/v1/user/unblock" + upstream_url: "{{ user_org_service_url }}/v1/user/unblock" strip_uri: true plugins: - name: jwt @@ -2070,7 +2070,7 @@ kong_apis: - name: updateNote uris: "{{ notes_service_prefix }}/v1/update" - upstream_url: "{{ learning_service_url }}/v1/note/update" + upstream_url: "{{ user_org_service_url }}/v1/note/update" strip_uri: true plugins: - name: jwt @@ -2091,7 +2091,7 @@ kong_apis: - name: updateOrg uris: "{{ org_service_prefix }}/v1/update" - upstream_url: "{{ learning_service_url }}/v1/org/update" + upstream_url: "{{ user_org_service_url }}/v1/org/update" strip_uri: true plugins: - name: jwt @@ -2112,7 +2112,7 @@ kong_apis: - name: updateOrgStatus uris: "{{ org_service_prefix }}/v1/status/update" - upstream_url: "{{ learning_service_url }}/v1/org/status/update" + upstream_url: "{{ user_org_service_url }}/v1/org/status/update" strip_uri: true plugins: - name: jwt @@ -2175,7 +2175,7 @@ kong_apis: - name: updateUser uris: "{{ user_service_prefix }}/v1/update" - upstream_url: "{{ learning_service_url }}/v1/user/update" + upstream_url: "{{ user_org_service_url }}/v1/user/update" strip_uri: true plugins: - name: jwt @@ -2217,7 +2217,7 @@ kong_apis: - name: userBulkUpload uris: "{{ user_service_prefix }}/v1/upload" - upstream_url: "{{ learning_service_url }}/v1/user/upload" + upstream_url: "{{ user_org_service_url }}/v1/user/upload" strip_uri: true plugins: - name: jwt @@ -2238,7 +2238,7 @@ kong_apis: - name: userExistenceApi uris: "{{ user_service_prefix }}/v1/exists" - upstream_url: "{{ learning_service_url }}/v1/user/exists" + upstream_url: "{{ user_org_service_url }}/v1/user/exists" strip_uri: true plugins: - name: jwt @@ -2259,7 +2259,7 @@ kong_apis: - name: userExistenceApiV2 uris: "{{ user_service_prefix }}/v2/exists" - upstream_url: "{{ learning_service_url }}/v2/user/exists" + upstream_url: "{{ user_org_service_url }}/v2/user/exists" strip_uri: true plugins: - name: jwt @@ -2280,7 +2280,7 @@ kong_apis: - name: userFeed uris: "{{ user_service_prefix }}/v1/feed" - upstream_url: "{{ learning_service_url }}/v1/user/feed" + upstream_url: "{{ user_org_service_url }}/v1/user/feed" strip_uri: true plugins: - name: jwt @@ -2301,7 +2301,7 @@ kong_apis: - name: userFeedCreate uris: "{{ user_service_prefix }}/feed/v1/create" - upstream_url: "{{ learning_service_url }}/v1/user/feed/create" + upstream_url: "{{ user_org_service_url }}/v1/user/feed/create" strip_uri: true plugins: - name: jwt @@ -2322,7 +2322,7 @@ kong_apis: - name: userFeedDelete uris: "{{ user_service_prefix }}/feed/v1/delete" - upstream_url: "{{ learning_service_url }}/v1/user/feed/delete" + upstream_url: "{{ user_org_service_url }}/v1/user/feed/delete" strip_uri: true plugins: - name: jwt @@ -2343,7 +2343,7 @@ kong_apis: - name: userFeedUpdate uris: "{{ user_service_prefix }}/feed/v1/update" - upstream_url: "{{ learning_service_url }}/v1/user/feed/update" + upstream_url: "{{ user_org_service_url }}/v1/user/feed/update" strip_uri: true plugins: - name: jwt @@ -2364,7 +2364,7 @@ kong_apis: - name: userMigrate uris: "{{ user_service_prefix }}/v1/migrate" - upstream_url: "{{ learning_service_url }}/v1/user/migrate" + upstream_url: "{{ user_org_service_url }}/v1/user/migrate" strip_uri: true plugins: - name: jwt @@ -2406,7 +2406,7 @@ kong_apis: - name: verifyOtp uris: "{{ otp_service_prefix }}/v1/verify" - upstream_url: "{{ learning_service_url }}/v1/otp/verify" + upstream_url: "{{ user_org_service_url }}/v1/otp/verify" strip_uri: true plugins: - name: jwt @@ -2427,7 +2427,7 @@ kong_apis: - name: verifyOtpV2 uris: "{{ otp_service_prefix }}/v2/verify" - upstream_url: "{{ learning_service_url }}/v2/otp/verify" + upstream_url: "{{ user_org_service_url }}/v2/otp/verify" strip_uri: true plugins: - name: jwt @@ -2574,7 +2574,7 @@ kong_apis: - name: forgotPassword uris: "{{ learner_private_route_prefix }}/user/v1/password/reset" - upstream_url: "{{ learning_service_url }}/private/user/v1/password/reset" + upstream_url: "{{ user_org_service_url }}/private/user/v1/password/reset" strip_uri: true plugins: - name: jwt @@ -2595,7 +2595,7 @@ kong_apis: - name: searchManagedUser uris: "{{ user_service_prefix }}/v1/managed" - upstream_url: "{{ learning_service_url }}/v1/user/managed" + upstream_url: "{{ user_org_service_url }}/v1/user/managed" strip_uri: true plugins: - name: jwt @@ -2763,7 +2763,7 @@ kong_apis: - name: getUserProfileV3 uris: "{{ user_service_prefix }}/v3/read" - upstream_url: "{{ learning_service_url }}/v3/user/read" + upstream_url: "{{ user_org_service_url }}/v3/user/read" strip_uri: true plugins: - name: jwt @@ -2784,7 +2784,7 @@ kong_apis: - name: updateUserDeclarations uris: "{{ user_service_prefix }}/v1/declarations" - upstream_url: "{{ learning_service_url }}/v1/user/declarations" + upstream_url: "{{ user_org_service_url }}/v1/user/declarations" strip_uri: true plugins: - name: jwt @@ -2805,7 +2805,7 @@ kong_apis: - name: updateUserConsent uris: "{{ user_service_prefix }}/v1/consent/update" - upstream_url: "{{ learning_service_url }}/v1/user/consent/update" + upstream_url: "{{ user_org_service_url }}/v1/user/consent/update" strip_uri: true plugins: - name: jwt @@ -2826,7 +2826,7 @@ kong_apis: - name: readUserConsent uris: "{{ user_service_prefix }}/v1/consent/read" - upstream_url: "{{ learning_service_url }}/v1/user/consent/read" + upstream_url: "{{ user_org_service_url }}/v1/user/consent/read" strip_uri: true plugins: - name: jwt @@ -2847,7 +2847,7 @@ kong_apis: - name: readUserConsentV2 uris: "{{ user_service_prefix }}/v2/consent/read" - upstream_url: "{{ learning_service_url }}/v2/user/consent/read" + upstream_url: "{{ user_org_service_url }}/v2/user/consent/read" strip_uri: true plugins: - name: jwt @@ -2868,7 +2868,7 @@ kong_apis: - name: createTenantPreferences uris: "{{ org_service_prefix }}/v2/preferences/create" - upstream_url: "{{ learning_service_url }}/v2/org/preferences/create" + upstream_url: "{{ user_org_service_url }}/v2/org/preferences/create" strip_uri: true plugins: - name: jwt @@ -2889,7 +2889,7 @@ kong_apis: - name: updateTenantPreferences uris: "{{ org_service_prefix }}/v2/preferences/update" - upstream_url: "{{ learning_service_url }}/v2/org/preferences/update" + upstream_url: "{{ user_org_service_url }}/v2/org/preferences/update" strip_uri: true plugins: - name: jwt @@ -2910,7 +2910,7 @@ kong_apis: - name: readTenantPreferencess uris: "{{ org_service_prefix }}/v2/preferences/read" - upstream_url: "{{ learning_service_url }}/v2/org/preferences/read" + upstream_url: "{{ user_org_service_url }}/v2/org/preferences/read" strip_uri: true plugins: - name: jwt @@ -3540,7 +3540,7 @@ kong_apis: - name: updateUserV2 uris: "{{ user_service_prefix }}/v2/update" - upstream_url: "{{ learning_service_url }}/v2/user/update" + upstream_url: "{{ user_org_service_url }}/v2/user/update" strip_uri: true plugins: - name: jwt @@ -3561,7 +3561,7 @@ kong_apis: - name: managedUserV1Create uris: "{{ user_service_prefix }}/v1/managed/create" - upstream_url: "{{ learning_service_url }}/v1/manageduser/create" + upstream_url: "{{ user_org_service_url }}/v1/manageduser/create" strip_uri: true plugins: - name: jwt @@ -3582,7 +3582,7 @@ kong_apis: - name: managedUserV2Create uris: "{{ user_service_prefix }}/v2/managed/create" - upstream_url: "{{ learning_service_url }}/v2/manageduser/create" + upstream_url: "{{ user_org_service_url }}/v2/manageduser/create" strip_uri: true plugins: - name: jwt @@ -3603,7 +3603,7 @@ kong_apis: - name: ssoUserV1Create uris: "{{ user_service_prefix }}/v1/sso/create" - upstream_url: "{{ learning_service_url }}/v1/ssouser/create" + upstream_url: "{{ user_org_service_url }}/v1/ssouser/create" strip_uri: true plugins: - name: jwt @@ -3624,7 +3624,7 @@ kong_apis: - name: ssoUserV2Create uris: "{{ user_service_prefix }}/v2/signup" - upstream_url: "{{ learning_service_url }}/v2/user/signup" + upstream_url: "{{ user_org_service_url }}/v2/user/signup" strip_uri: true plugins: - name: jwt @@ -3645,7 +3645,7 @@ kong_apis: - name: getUserProfileV4 uris: "{{ user_service_prefix }}/v4/read" - upstream_url: "{{ learning_service_url }}/v4/user/read" + upstream_url: "{{ user_org_service_url }}/v4/user/read" strip_uri: true plugins: - name: jwt @@ -3666,7 +3666,7 @@ kong_apis: - name: getUserProfileV5 uris: "{{ user_service_prefix }}/v5/read" - upstream_url: "{{ learning_service_url }}/v5/user/read" + upstream_url: "{{ user_org_service_url }}/v5/user/read" strip_uri: true plugins: - name: jwt @@ -3687,7 +3687,7 @@ kong_apis: - name: searchUserV2 uris: "{{ user_service_prefix }}/v2/search" - upstream_url: "{{ learning_service_url }}/v2/user/search" + upstream_url: "{{ user_org_service_url }}/v2/user/search" strip_uri: true plugins: - name: jwt @@ -3708,7 +3708,7 @@ kong_apis: - name: searchUserV3 uris: "{{ user_service_prefix }}/v3/search" - upstream_url: "{{ learning_service_url }}/v3/user/search" + upstream_url: "{{ user_org_service_url }}/v3/user/search" strip_uri: true plugins: - name: jwt @@ -3729,7 +3729,7 @@ kong_apis: - name: searchOrgV2 uris: "{{ org_service_prefix }}/v2/search" - upstream_url: "{{ learning_service_url }}/v2/org/search" + upstream_url: "{{ user_org_service_url }}/v2/org/search" strip_uri: true plugins: - name: cors @@ -3829,7 +3829,7 @@ kong_apis: - name: updateUserV3 uris: "{{ user_service_prefix }}/v3/update" - upstream_url: "{{ learning_service_url }}/v3/user/update" + upstream_url: "{{ user_org_service_url }}/v3/user/update" strip_uri: true plugins: - name: jwt From 594720947e66e055a8389efc8ed496b8df48b1de Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 21 Feb 2023 18:07:30 +0530 Subject: [PATCH 273/434] Issue #LR-307 chore: Onboarded the Device APIs from Obsrv --- ansible/roles/kong-api/defaults/main.yml | 52 +++++++++++++++++++++++- 1 file changed, 50 insertions(+), 2 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 27b45c7986..17eaa32c9b 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -71,6 +71,9 @@ integration_app_prefix: /app cloud_service_prefix: /cloud-services assessment_prefix: /assessment +# Obsrv service prefixes +device_prefix: /v3/device + # Service URLs learning_service_url: "http://learner-service:9000" am_util_url: "http://adminutil:4000" @@ -4083,7 +4086,7 @@ kong_apis: config.required: false config.enabled: false -#################################### +### Knowls APIs START ### - name: LicenseAPI uris: "{{ license_api_prefix }}/v3" upstream_url: "{{ content_service_url }}/license/v3" @@ -6815,4 +6818,49 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: true - config.enabled: true \ No newline at end of file + config.enabled: true +### Knowls APIs END ### + +### Obsrv APIs START ### +- name: deviceProfile + uris: "{{ device_prefix }}/profile" + upstream_url: "{{ analytics_api_service_url }}/v1/device/profile" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - deviceCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: deviceRegister + uris: "{{ device_prefix }}/register" + upstream_url: "{{ analytics_api_service_url }}/v1/device/register" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - deviceCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false +### Obsrv APIs END ### \ No newline at end of file From 5e637c96a8757a2381d3e1304fee8f6e1625ec1e Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 21 Feb 2023 18:29:35 +0530 Subject: [PATCH 274/434] Issue #LR-307 chore: Onboarded the Device APIs from Obsrv --- ansible/roles/kong-api/defaults/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 17eaa32c9b..31048ef643 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -6819,7 +6819,6 @@ kong_apis: - name: opa-checks config.required: true config.enabled: true -### Knowls APIs END ### ### Obsrv APIs START ### - name: deviceProfile @@ -6862,5 +6861,4 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false - config.enabled: false -### Obsrv APIs END ### \ No newline at end of file + config.enabled: false \ No newline at end of file From 48d21ae1bd72ff64d9b5b2043669fbdc834f07ed Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 21 Feb 2023 18:41:08 +0530 Subject: [PATCH 275/434] Issue #LR-307 chore: Onboarded the telemetry API from Obsrv --- ansible/roles/kong-api/defaults/main.yml | 36 +++++++++++++++++++++--- 1 file changed, 32 insertions(+), 4 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 31048ef643..02eef51373 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -85,17 +85,24 @@ discussions_mw_service_url: "http://discussionsmw-service:3002/discussion" notification_service_url: "http://notification-service:9000" registry_service_url: "http://registry-service:8081" -#knowlg URLs +# knowlg URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" vm_learning_service_url: "http://{{learningservice_ip}}:8080/learning-service" -telemetry_service_url: "http://telemetry-service:9001" -player_service_url: "http://player:3000" content_service_url: "http://content-service:9000" taxonomy_service_url: "http://taxonomy-service:9000" -assessment_service_url: "http://assessment-service:9000" ml_core_service_url: "http://ml-core-service:3000" dial_service_url: "http://dial-service:9000" +# Obsrv URLs +analytics_api_service_url: "http://analytics-service:9000" +telemetry_service_url: "http://telemetry-service:9001" + +# Inquiry URLs +assessment_service_url: "http://assessment-service:9000" + +# Ed URLs +player_service_url: "http://player:3000" + premium_consumer_rate_limits: - api: createContent config.hour: "{{ premium_consumer_small_rate_limit_per_hour }}" @@ -6859,6 +6866,27 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: telemetry + uris: "{{ data_service_prefix }}/v1/telemetry" + upstream_url: "{{ telemetry_service_url }}/v1/telemetry" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - telemetryCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ premium_consumer_large_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false config.enabled: false \ No newline at end of file From 21afdb891cf195c4c2c0c52534a6c72b896425a5 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Thu, 23 Feb 2023 16:45:58 +0530 Subject: [PATCH 276/434] Issue #LR-307 chore: Fixed the content create API issue --- ansible/roles/kong-api/defaults/main.yml | 90 ++++++++++++------------ 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 02eef51373..ea2d6a6d38 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -4650,8 +4650,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: updateAsset uris: "{{ asset_prefix }}/v1/update" @@ -4671,8 +4671,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: readAsset uris: "{{ asset_prefix }}/v1/read" @@ -4713,8 +4713,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: uploadUrlAsset uris: "{{ asset_prefix }}/v1/upload/url" @@ -4734,8 +4734,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: copyAsset uris: "{{ asset_prefix }}/v1/copy" @@ -4755,12 +4755,12 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: createContent uris: "{{ content_prefix }}/v1/create" - upstream_url: "{{ knowledge_mw_service_url }}/action/content/v3/create" + upstream_url: "{{ knowledge_mw_service_url }}/v1/content/create" strip_uri: true plugins: - name: jwt @@ -4776,8 +4776,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: getContentUploadUrl uris: "{{ content_prefix }}/v1/upload/url/read" @@ -4818,8 +4818,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: unlistedPublishContent uris: "{{ content_prefix }}/v1/unlisted/publish" @@ -4839,8 +4839,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: readContent uris: "{{ content_prefix }}/v1/read" @@ -4898,8 +4898,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: rejectContentFlag uris: "{{ content_prefix }}/v1/flag/reject" @@ -4999,8 +4999,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: updateContent uris: "{{ content_prefix }}/v1/update" @@ -5020,8 +5020,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: uploadContent uris: "{{ content_prefix }}/v1/upload" @@ -5041,8 +5041,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ large_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: copyContent uris: "{{ content_prefix }}/v1/copy" @@ -5352,8 +5352,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: PrivateContentCreateAPIs uris: "{{ private_content_prefix }}/v3/create" @@ -5877,8 +5877,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: collectionExport uris: "{{ collection_prefix }}/v1/export" @@ -5898,8 +5898,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: compositeSearch uris: "{{ composite_service_prefix }}/v1/search" @@ -6185,8 +6185,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: readPublisher uris: "{{ dialcode_service_prefix }}/v1/publisher/read" @@ -6677,8 +6677,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: reserveDialcodeCollection uris: "{{ collection_prefix }}/v1/dialcode/reserve" @@ -6719,8 +6719,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: publishContentV2 uris: "{{ content_prefix }}/v2/publish" @@ -6740,8 +6740,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: unlistedPublishContentV2 uris: "{{ content_prefix }}/v2/unlisted/publish" @@ -6761,8 +6761,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: publishCollection uris: "{{ collection_prefix }}/v1/publish" @@ -6782,8 +6782,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: unlistedPublishCollection uris: "{{ collection_prefix }}/v1/unlisted/publish" @@ -6803,8 +6803,8 @@ kong_apis: - name: request-size-limiting config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks - config.required: false - config.enabled: false + config.required: true + config.enabled: true - name: createLock uris: "{{ lock_service_prefix }}/v1/create" From 7400c3c98f150d336f70ede59aa8449ef09cea55 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Thu, 23 Feb 2023 17:14:01 +0530 Subject: [PATCH 277/434] Issue #LR-307 chore: Onboarded getDataExhaustRequest and listDataExhaustRequest Obsrv APIs --- ansible/roles/kong-api/defaults/main.yml | 66 +++++++++++++++++++++++- 1 file changed, 65 insertions(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index ea2d6a6d38..00684a16a0 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -73,6 +73,7 @@ assessment_prefix: /assessment # Obsrv service prefixes device_prefix: /v3/device +dataset_service_prefix: /dataset # Service URLs learning_service_url: "http://learner-service:9000" @@ -6889,4 +6890,67 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: false - config.enabled: false \ No newline at end of file + config.enabled: false + +- name: submitDataExhaustRequest + uris: "{{ dataset_service_prefix }}/v1/request/submit" + upstream_url: "{{ analytics_api_service_url }}/request/submit" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - dataCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: true + config.enabled: true + +- name: getDataExhaustRequest + uris: "{{ dataset_service_prefix }}/v1/request/read" + upstream_url: "{{ analytics_api_service_url }}/request/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - dataAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: true + config.enabled: true + +- name: listDataExhaustRequest + uris: "{{ dataset_service_prefix }}/v1/request/list" + upstream_url: "{{ analytics_api_service_url }}/request/list" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - dataAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: true + config.enabled: true \ No newline at end of file From 1687ff7f7e7a16cc4f4b706f7f978356690167a6 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Thu, 23 Feb 2023 18:05:04 +0530 Subject: [PATCH 278/434] Issue #LR-307 chore: Updated the lock APIs --- ansible/roles/kong-api/defaults/main.yml | 63 ++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 00684a16a0..e4e656f73e 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -6828,6 +6828,69 @@ kong_apis: config.required: true config.enabled: true +- name: listLock + uris: "{{ lock_service_prefix }}/v1/list" + upstream_url: "{{ knowledge_mw_service_url }}/v1/lock/list" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: true + config.enabled: true + +- name: refreshLock + uris: "{{ lock_service_prefix }}/v1/refresh" + upstream_url: "{{ knowledge_mw_service_url }}/v1/lock/refresh" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: true + config.enabled: true + +- name: retireLock + uris: "{{ lock_service_prefix }}/v1/retire" + upstream_url: "{{ knowledge_mw_service_url }}/v1/lock/retire" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: true + config.enabled: true + ### Obsrv APIs START ### - name: deviceProfile uris: "{{ device_prefix }}/profile" From cd45cb68db37e24bf085c69b0430c1c324f9433c Mon Sep 17 00:00:00 2001 From: Jayaprakash8887 Date: Fri, 24 Feb 2023 11:45:34 +0530 Subject: [PATCH 279/434] Issue #LR-325 feat: Refactoring of SB Lern Batch Service - DialCode Dependency --- .../roles/stack-sunbird/templates/sunbird_lms-service.env | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 7057b32917..facab0303c 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -147,4 +147,8 @@ sunbird_cloud_service_provider={{cloud_service_provider}} isMultiDCEnabled={{cassandra_isMultiDCEnabled}} # Release-5.0.1 -cloud_storage_base_url={{cloud_storage_base_url}} \ No newline at end of file +cloud_storage_base_url={{cloud_storage_base_url}} + +# Release-5.2.0 LR-325 +sunbird_dial_service_base_url = {{ dial_service_url | default('http://dial-service:9000') }} +sunbird_dial_service_search_url = "/v1/dialcode/search" \ No newline at end of file From af5779530b43a3770f3477e6144bb9597d89d773 Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Mon, 27 Feb 2023 23:12:27 +0530 Subject: [PATCH 280/434] Fix: Release-5.1.0 installation issues (#3747) * Fix azcopy cmd execute issue * Update Learner service storage vars * Add new jenkins vars for KP and DP repo * Add adminutil_learner_api_key consumer api permissions --- ansible/roles/kong-consumer/defaults/main.yml | 3 +++ .../templates/sunbird_learner-service.env | 10 +++++----- deploy/jenkins/jenkins-server-setup.sh | 1 + deploy/jenkins/jenkins.yaml | 4 ++++ .../dev/jobs/DataPipeline/jobs/AdhocScripts/config.xml | 2 +- .../dev/jobs/DataPipeline/jobs/Analytics/config.xml | 2 +- .../jobs/DataPipeline/jobs/AnalyticsCore/config.xml | 2 +- .../dev/jobs/DataPipeline/jobs/ApiModule/config.xml | 2 +- .../jobs/DataPipeline/jobs/CoreDataProducts/config.xml | 2 +- .../dev/jobs/DataPipeline/jobs/DataReplay/config.xml | 2 +- .../DataPipeline/jobs/DruidAnomalyDetection/config.xml | 2 +- .../jobs/dev/jobs/DataPipeline/jobs/ETLJobs/config.xml | 2 +- .../jobs/DataPipeline/jobs/EdDataProducts/config.xml | 2 +- .../DataPipeline/jobs/FlinkPipelineJobs/config.xml | 2 +- .../dev/jobs/DataPipeline/jobs/MLWorkbench/config.xml | 2 +- .../jobs/dev/jobs/DataPipeline/jobs/Secor/config.xml | 2 +- .../KnowledgePlatform/jobs/CassandraTrigger/config.xml | 2 +- .../jobs/KnowledgePlatform/jobs/FlinkJobs/config.xml | 2 +- .../jobs/KnowledgePlatform/jobs/Learning/config.xml | 2 +- .../dev/jobs/KnowledgePlatform/jobs/Neo4j/config.xml | 2 +- .../jobs/KnowledgePlatform/jobs/SyncTool/config.xml | 2 +- .../dev/jobs/KnowledgePlatform/jobs/Yarn/config.xml | 2 +- 22 files changed, 31 insertions(+), 23 deletions(-) diff --git a/ansible/roles/kong-consumer/defaults/main.yml b/ansible/roles/kong-consumer/defaults/main.yml index 9acffb2f50..a28f773309 100644 --- a/ansible/roles/kong-consumer/defaults/main.yml +++ b/ansible/roles/kong-consumer/defaults/main.yml @@ -68,6 +68,9 @@ anonymous_user_groups: - anonymousAppAccess - anonymousUserCreate +userAccess: + - userAccess + kong_all_consumer_groups: - announcementAccess - appAccess diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index 3b6a3f122e..c8b8d9aca9 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -28,8 +28,8 @@ sunbird_mail_server_password={{sunbird_mail_server_password}} sunbird_mail_server_from_email={{sunbird_mail_server_from_email}} sunbird_encryption_key={{sunbird_encryption_key}} sunbird_encryption_mode={{sunbird_encryption_mode}} -sunbird_account_name={{sunbird_public_storage_account_name}} -sunbird_account_key={{sunbird_public_storage_account_key}} +sunbird_account_name={{cloud_public_storage_accountname}} +sunbird_account_key={{cloud_private_storage_secret}} sunbird_quartz_mode={{sunbird_sunbird_quartz_mode}} sunbird_env_logo_url={{sunbird_env_logo_url}} sunbird_web_url={{sunbird_web_url}} @@ -79,7 +79,7 @@ sunbird_course_batch_notification_enabled={{sunbird_course_batch_notification_en sunbird_course_batch_notification_signature={{sunbird_course_batch_notification_signature}} sunbird_otp_expiration={{sunbird_otp_expiration}} sunbird_otp_length={{sunbird_otp_length}} -sunbird_content_azure_storage_container={{sunbird_content_azure_storage_container}} +sunbird_content_azure_storage_container={{cloud_storage_content_bucketname}} # Release-1.14 sunbird_time_zone={{sunbird_time_zone}} # Release-1.15 @@ -87,8 +87,8 @@ sunbird_health_check_enable={{sunbird_health_check_enable}} sunbird_keycloak_user_federation_provider_id={{core_vault_sunbird_keycloak_user_federation_provider_id}} sunbird_gzip_enable={{sunbird_gzip_enable}} sunbird_gzip_size_threshold={{sunbird_gzip_size_threshold | default(262144)}} -sunbird_analytics_blob_account_name={{sunbird_private_storage_account_name}} -sunbird_analytics_blob_account_key={{sunbird_private_storage_account_key}} +sunbird_analytics_blob_account_name={{cloud_private_storage_accountname}} +sunbird_analytics_blob_account_key={{cloud_private_storage_secret}} # Optional for caching sunbird_cache_enable={{sunbird_cache_enable | default(false)}} # Set below variables if above true diff --git a/deploy/jenkins/jenkins-server-setup.sh b/deploy/jenkins/jenkins-server-setup.sh index 670395335b..d96e3b4228 100755 --- a/deploy/jenkins/jenkins-server-setup.sh +++ b/deploy/jenkins/jenkins-server-setup.sh @@ -89,6 +89,7 @@ apt update wget https://aka.ms/downloadazcopy-v10-linux tar -xf downloadazcopy-v10-linux cp ./azcopy_linux_amd64_*/azcopy /usr/bin/ +chmod +x /usr/bin/azcopy rm -rf downloadazcopy-v10-linux* azcopy_linux_amd* ### diff --git a/deploy/jenkins/jenkins.yaml b/deploy/jenkins/jenkins.yaml index 5f4b9523f0..6833b9be97 100644 --- a/deploy/jenkins/jenkins.yaml +++ b/deploy/jenkins/jenkins.yaml @@ -46,6 +46,10 @@ jenkins: value: "${GH_PRIVATE_REPO_URL}" - key: public_repo_branch value: "${GH_PUBLIC_REPO_BRANCH}" + - key: kp_public_repo_branch + value: "${KP_PUBLIC_REPO_BRANCH}" # branch of https://github.com/project-sunbird/sunbird-learning-platform + - key: dp_public_repo_branch + value: "${DP_PUBLIC_REPO_BRANCH}" # branch of https://github.com/project-sunbird/sunbird-data-pipeline.git - key: override_private_branch value: "true" - key: override_public_branch diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/AdhocScripts/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/AdhocScripts/config.xml index 9a042704ae..8b38850fbf 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/AdhocScripts/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/AdhocScripts/config.xml @@ -85,7 +85,7 @@ ArtifactRepo - Upload and keep a copy of the artifact in Jenkins, JenkinsJob - J - ${public_repo_branch} + ${dp_public_repo_branch} false diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/Analytics/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/Analytics/config.xml index b4458fb7cd..a43fba3f1a 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/Analytics/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/Analytics/config.xml @@ -85,7 +85,7 @@ ArtifactRepo - Upload and keep a copy of the artifact in Jenkins, JenkinsJob - J - ${public_repo_branch} + ${dp_public_repo_branch} false diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/AnalyticsCore/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/AnalyticsCore/config.xml index 6de1a96449..fbc389f9d2 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/AnalyticsCore/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/AnalyticsCore/config.xml @@ -85,7 +85,7 @@ ArtifactRepo - Upload and keep a copy of the artifact in Jenkins, JenkinsJob - J - ${public_repo_branch} + ${dp_public_repo_branch} false diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/ApiModule/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/ApiModule/config.xml index af4862b0f2..af16918b5d 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/ApiModule/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/ApiModule/config.xml @@ -86,7 +86,7 @@ ArtifactRepo - Push the docker image to container registry. - ${public_repo_branch} + ${dp_public_repo_branch} false diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/CoreDataProducts/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/CoreDataProducts/config.xml index f93395f5e0..5951bbf3c0 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/CoreDataProducts/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/CoreDataProducts/config.xml @@ -85,7 +85,7 @@ ArtifactRepo - Upload and keep a copy of the artifact in Jenkins, JenkinsJob - J - ${public_repo_branch} + ${dp_public_repo_branch} false diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/DataReplay/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/DataReplay/config.xml index fa45925735..ac8b00eeec 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/DataReplay/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/DataReplay/config.xml @@ -85,7 +85,7 @@ ArtifactRepo - Upload and keep a copy of the artifact in Jenkins, JenkinsJob - J - ${public_repo_branch} + ${dp_public_repo_branch} false diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/DruidAnomalyDetection/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/DruidAnomalyDetection/config.xml index a0fd3c44f9..6e6adfc2e7 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/DruidAnomalyDetection/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/DruidAnomalyDetection/config.xml @@ -85,7 +85,7 @@ ArtifactRepo - Upload and keep a copy of the artifact in Jenkins, JenkinsJob - J - ${public_repo_branch} + ${dp_public_repo_branch} false diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/ETLJobs/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/ETLJobs/config.xml index bd031ec623..0629551eab 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/ETLJobs/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/ETLJobs/config.xml @@ -85,7 +85,7 @@ ArtifactRepo - Upload and keep a copy of the artifact in Jenkins, JenkinsJob - J - ${public_repo_branch} + ${dp_public_repo_branch} false diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/EdDataProducts/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/EdDataProducts/config.xml index 6e67c63781..fc0724ce71 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/EdDataProducts/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/EdDataProducts/config.xml @@ -85,7 +85,7 @@ ArtifactRepo - Upload and keep a copy of the artifact in Jenkins, JenkinsJob - J - ${public_repo_branch} + ${dp_public_repo_branch} false diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/FlinkPipelineJobs/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/FlinkPipelineJobs/config.xml index 78602a563a..045ac15dd5 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/FlinkPipelineJobs/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/FlinkPipelineJobs/config.xml @@ -85,7 +85,7 @@ ArtifactRepo - Push the docker image to container registry. - ${public_repo_branch} + ${dp_public_repo_branch} false diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/MLWorkbench/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/MLWorkbench/config.xml index 590eab1e26..d083cc3b47 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/MLWorkbench/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/MLWorkbench/config.xml @@ -85,7 +85,7 @@ ArtifactRepo - Push the docker image to container registry. - ${public_repo_branch} + ${dp_public_repo_branch} false diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/Secor/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/Secor/config.xml index d39e2833b0..15dbf5cc52 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/Secor/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/DataPipeline/jobs/Secor/config.xml @@ -86,7 +86,7 @@ ArtifactRepo - Push the docker image to container registry. - ${public_repo_branch} + ${dp_public_repo_branch} false diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/CassandraTrigger/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/CassandraTrigger/config.xml index f954ac1cbe..4b0d6ba729 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/CassandraTrigger/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/CassandraTrigger/config.xml @@ -85,7 +85,7 @@ ArtifactRepo - Upload and keep a copy of the artifact in Jenkins, JenkinsJob - J - ${public_repo_branch} + ${kp_public_repo_branch} false diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/FlinkJobs/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/FlinkJobs/config.xml index 1aa83cd9de..5df283b12c 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/FlinkJobs/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/FlinkJobs/config.xml @@ -85,7 +85,7 @@ ArtifactRepo - Push the docker image to container registry. - ${public_repo_branch} + ${kp_public_repo_branch} false diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/Learning/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/Learning/config.xml index 6611070f09..5422f59573 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/Learning/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/Learning/config.xml @@ -85,7 +85,7 @@ ArtifactRepo - Upload and keep a copy of the artifact in Jenkins, JenkinsJob - J - ${public_repo_branch} + ${kp_public_repo_branch} false diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/Neo4j/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/Neo4j/config.xml index fd7ef60977..24395bb70a 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/Neo4j/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/Neo4j/config.xml @@ -85,7 +85,7 @@ ArtifactRepo - Upload and keep a copy of the artifact in Jenkins, JenkinsJob - J - ${public_repo_branch} + ${kp_public_repo_branch} false diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/SyncTool/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/SyncTool/config.xml index 6a9af8f80c..65cf0a8657 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/SyncTool/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/SyncTool/config.xml @@ -85,7 +85,7 @@ ArtifactRepo - Upload and keep a copy of the artifact in Jenkins, JenkinsJob - J - ${public_repo_branch} + ${kp_public_repo_branch} false diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/Yarn/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/Yarn/config.xml index ab7ab56194..eb90f787aa 100644 --- a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/Yarn/config.xml +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/Yarn/config.xml @@ -85,7 +85,7 @@ ArtifactRepo - Upload and keep a copy of the artifact in Jenkins, JenkinsJob - J - ${public_repo_branch} + ${kp_public_repo_branch} false From ef1f7d62df393119976fc1301db204c36b0738cb Mon Sep 17 00:00:00 2001 From: Akhil <30873558+saiakhil46@users.noreply.github.com> Date: Tue, 28 Feb 2023 11:58:07 +0530 Subject: [PATCH 281/434] Sunbird installation issue fixes (#3746) * removed questionset-publish from KP flink job list * updated keycloak provision role * removed enc-service upstream * changed the order of mail server vars * updated the order of graylog and log-es hosts --- .../roles/keycloak-provision/tasks/main.yml | 11 ++++++++ .../jobs/FlinkJobs/config.xml | 1 - .../core/nginx-public-ingress/values.j2 | 6 +--- .../ansible/inventory/dev/Core/common.yml | 28 +++++++++---------- private_repo/ansible/inventory/dev/Core/hosts | 24 ++++++++-------- 5 files changed, 38 insertions(+), 32 deletions(-) diff --git a/ansible/roles/keycloak-provision/tasks/main.yml b/ansible/roles/keycloak-provision/tasks/main.yml index bc8c3a581b..1020348520 100644 --- a/ansible/roles/keycloak-provision/tasks/main.yml +++ b/ansible/roles/keycloak-provision/tasks/main.yml @@ -27,3 +27,14 @@ with_items: - zip - unzip + +- name: Install pip2 + apt: + name: python-pip + state: present + become: true + +- name: Install Certifi python package supported to python2 + pip: + name: certifi==2018.1.18 + become: true diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/KnowledgePlatform/jobs/FlinkJobs/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/KnowledgePlatform/jobs/FlinkJobs/config.xml index 9a0134703e..ea3f456189 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/KnowledgePlatform/jobs/FlinkJobs/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/KnowledgePlatform/jobs/FlinkJobs/config.xml @@ -99,7 +99,6 @@ return """<b>This parameter is not used</b>""" 'azure_cli', 'aws_cli', 'gcloud_cli', -'oci_cli' +'oci_cli', 'all'] true diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 9732e74960..a19745724f 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -791,7 +791,7 @@ proxyconfig: |- add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Methods GET; proxy_set_header X-Request-ID $sb_request_id; - proxy_pass https://$offline_bucket/$url_full; + proxy_pass $offline_bucket/$url_full; } # compression for svg certs download location /api/certreg/v2/certs/download { From 726375e04fdd5b80679ed373b8f9fbefeeb7327d Mon Sep 17 00:00:00 2001 From: Shakthieshwari Date: Wed, 8 Mar 2023 16:28:21 +0530 Subject: [PATCH 284/434] Addition of ML Program UserInfoExhaustJob --- .../jobs/dev/jobs/Lern/jobs/LernAnalyticsReplayJobs/config.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernAnalyticsReplayJobs/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernAnalyticsReplayJobs/config.xml index 6567620e9c..434456e4e5 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernAnalyticsReplayJobs/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernAnalyticsReplayJobs/config.xml @@ -61,6 +61,7 @@ response-exhaust-v2 course-batch-status-updater score-metric-migration-job + program-user-exhaust @@ -191,4 +192,4 @@ return """<b>This parameter is not used</b>""" false - \ No newline at end of file + From c0aaea63bfd60845abe87f49e5b86032306db01d Mon Sep 17 00:00:00 2001 From: Rajesh Kumaravel Date: Thu, 9 Mar 2023 11:28:16 +0530 Subject: [PATCH 285/434] Issue #ED-1429 fix: Updated pData version to 5.2.0 --- .../artifacts/sunbird/login/resources/js/telemetry_service.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js b/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js index f9250fd425..cd664d20eb 100644 --- a/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js +++ b/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js @@ -2506,7 +2506,7 @@ if(client_id.toLowerCase() === 'android'){ "telemetry": { "pdata": { "id": pdataId, - "ver": "5.1.0", + "ver": "5.2.0", "pid": "sunbird-portal" } } From d7a62486fe966d28925b89dd8db85e57c4e5f84c Mon Sep 17 00:00:00 2001 From: Ashwiniev95 <52481775+Ashwiniev95@users.noreply.github.com> Date: Fri, 10 Mar 2023 19:30:27 +0530 Subject: [PATCH 286/434] Addition of ml-jobs --- .../Deploy/jobs/dev/jobs/Lern/jobs/LernFlinkJobs/config.xml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernFlinkJobs/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernFlinkJobs/config.xml index 19322ba1a4..3af45869a8 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernFlinkJobs/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernFlinkJobs/config.xml @@ -105,7 +105,8 @@ return """<b>This parameter is not used</b>""" 'merge-user-courses', 'assessment-aggregator', 'enrolment-reconciliation', -'notification-job'] +'notification-job' +'program-user-info'] true @@ -167,4 +168,4 @@ return """<b>This parameter is not used</b>""" false - \ No newline at end of file + From 8cf6a456f38181135f8062e0486c117554a08f94 Mon Sep 17 00:00:00 2001 From: Ashwiniev95 <52481775+Ashwiniev95@users.noreply.github.com> Date: Fri, 10 Mar 2023 19:32:46 +0530 Subject: [PATCH 287/434] Update config.xml --- .../Deploy/jobs/dev/jobs/Lern/jobs/LernFlinkJobs/config.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernFlinkJobs/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernFlinkJobs/config.xml index 3af45869a8..396590af95 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernFlinkJobs/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Lern/jobs/LernFlinkJobs/config.xml @@ -105,7 +105,7 @@ return """<b>This parameter is not used</b>""" 'merge-user-courses', 'assessment-aggregator', 'enrolment-reconciliation', -'notification-job' +'notification-job', 'program-user-info'] true From f6619eb6762a73c9bf97832490578e6fafd87511 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 14 Mar 2023 13:01:00 +0530 Subject: [PATCH 288/434] Issue #LR-101 feat: Updated the ansible script for Lern cassandra migration --- pipelines/deploy/cassandra-deploy/Jenkinsfile | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/pipelines/deploy/cassandra-deploy/Jenkinsfile b/pipelines/deploy/cassandra-deploy/Jenkinsfile index 903c1568bd..c170c285b8 100644 --- a/pipelines/deploy/cassandra-deploy/Jenkinsfile +++ b/pipelines/deploy/cassandra-deploy/Jenkinsfile @@ -29,8 +29,17 @@ node() { sh """ unzip ${artifact} """ + sh """ + rm -rf script_repo + git clone ${params.script_repo} -b ${params.script_repo_branch_or_tag} script_repo + """ + println ${currentWs} + sh """ + echo ${currentWs} + pwd + """ ansiblePlaybook = "${currentWs}/ansible/cassandra-deploy.yml" - ansibleExtraArgs = "--vault-password-file /var/lib/jenkins/secrets/vault-pass -v" + ansibleExtraArgs = "--extra-vars script_location=filesystem:${currentWs}/script_repo/sunbird-cassandra-migration/cassandra-migration/src/main/resources/${params.cassandra_keyspace_to_migrate} cassandra_keyspace_to_migrate=${params.cassandra_keyspace_to_migrate} --vault-password-file /var/lib/jenkins/secrets/vault-pass -v" values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) println values From 86d804e53fe2238948ff2acafc5b8fca11402bc5 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 14 Mar 2023 18:52:53 +0530 Subject: [PATCH 289/434] Issue #LR-101 feat: Updated the ansible script for Lern cassandra migration --- pipelines/deploy/cassandra-deploy/Jenkinsfile | 1 - 1 file changed, 1 deletion(-) diff --git a/pipelines/deploy/cassandra-deploy/Jenkinsfile b/pipelines/deploy/cassandra-deploy/Jenkinsfile index c170c285b8..6d756abb0d 100644 --- a/pipelines/deploy/cassandra-deploy/Jenkinsfile +++ b/pipelines/deploy/cassandra-deploy/Jenkinsfile @@ -33,7 +33,6 @@ node() { rm -rf script_repo git clone ${params.script_repo} -b ${params.script_repo_branch_or_tag} script_repo """ - println ${currentWs} sh """ echo ${currentWs} pwd From 416c668c48e24d429d867c4db1f1746444c2b4e2 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 14 Mar 2023 19:00:10 +0530 Subject: [PATCH 290/434] Issue #LR-101 feat: Updated the ansible script for Lern cassandra migration --- pipelines/deploy/cassandra-deploy/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pipelines/deploy/cassandra-deploy/Jenkinsfile b/pipelines/deploy/cassandra-deploy/Jenkinsfile index 6d756abb0d..2801940f04 100644 --- a/pipelines/deploy/cassandra-deploy/Jenkinsfile +++ b/pipelines/deploy/cassandra-deploy/Jenkinsfile @@ -38,7 +38,7 @@ node() { pwd """ ansiblePlaybook = "${currentWs}/ansible/cassandra-deploy.yml" - ansibleExtraArgs = "--extra-vars script_location=filesystem:${currentWs}/script_repo/sunbird-cassandra-migration/cassandra-migration/src/main/resources/${params.cassandra_keyspace_to_migrate} cassandra_keyspace_to_migrate=${params.cassandra_keyspace_to_migrate} --vault-password-file /var/lib/jenkins/secrets/vault-pass -v" + ansibleExtraArgs = "--extra-vars script_location=filesystem:${currentWs}/script_repo/sunbird-cassandra-migration/cassandra-migration/src/main/resources/db/migration/cassandra/${params.cassandra_keyspace_to_migrate} cassandra_keyspace_to_migrate=${params.cassandra_keyspace_to_migrate} --vault-password-file /var/lib/jenkins/secrets/vault-pass -v" values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) println values From f1262c6d8c686ef5a6b278e4b09f8b526202fb87 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 14 Mar 2023 19:05:02 +0530 Subject: [PATCH 291/434] Issue #LR-101 feat: Updated the ansible script for Lern cassandra migration --- pipelines/deploy/cassandra-deploy/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pipelines/deploy/cassandra-deploy/Jenkinsfile b/pipelines/deploy/cassandra-deploy/Jenkinsfile index 2801940f04..aa3aacd25e 100644 --- a/pipelines/deploy/cassandra-deploy/Jenkinsfile +++ b/pipelines/deploy/cassandra-deploy/Jenkinsfile @@ -38,7 +38,7 @@ node() { pwd """ ansiblePlaybook = "${currentWs}/ansible/cassandra-deploy.yml" - ansibleExtraArgs = "--extra-vars script_location=filesystem:${currentWs}/script_repo/sunbird-cassandra-migration/cassandra-migration/src/main/resources/db/migration/cassandra/${params.cassandra_keyspace_to_migrate} cassandra_keyspace_to_migrate=${params.cassandra_keyspace_to_migrate} --vault-password-file /var/lib/jenkins/secrets/vault-pass -v" + ansibleExtraArgs = "--extra-vars \"script_location=filesystem:${currentWs}/script_repo/sunbird-cassandra-migration/cassandra-migration/src/main/resources/db/migration/cassandra/${params.cassandra_keyspace_to_migrate} cassandra_keyspace_to_migrate=${params.cassandra_keyspace_to_migrate}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass -v" values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) println values From cb11ef1f8cde7525c324daa8d6973069c60117ce Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 14 Mar 2023 19:20:17 +0530 Subject: [PATCH 292/434] Issue #LR-101 feat: Updated the ansible script for Lern cassandra migration --- ansible/roles/cassandra-deploy/tasks/main.yml | 3 ++- pipelines/deploy/cassandra-deploy/Jenkinsfile | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ansible/roles/cassandra-deploy/tasks/main.yml b/ansible/roles/cassandra-deploy/tasks/main.yml index 5025ee4612..fb428da53b 100644 --- a/ansible/roles/cassandra-deploy/tasks/main.yml +++ b/ansible/roles/cassandra-deploy/tasks/main.yml @@ -15,7 +15,8 @@ run_once: true - name: Run the application - shell: java -cp "cassandra-migration-0.0.1-SNAPSHOT-jar-with-dependencies.jar" com.contrastsecurity.cassandra.migration.utils.MigrationScriptEntryPoint +# shell: java -cp "cassandra-migration-0.0.1-SNAPSHOT-jar-with-dependencies.jar" com.contrastsecurity.cassandra.migration.utils.MigrationScriptEntryPoint + shell: java -jar -Dcassandra.migration.scripts.locations=filesystem:{{ script_location }} -Dcassandra.migration.cluster.contactpoints=localhost -Dcassandra.migration.cluster.port={{ sunbird_cassandra_port }} -Dcassandra.migration.cluster.username=cassandra -Dcassandra.migration.cluster.password=cassandra -Dcassandra.migration.keyspace.name={{ cassandra_keyspace_to_migrate }} target/*-jar-with-dependencies.jar migrate run_once: true register: migration_status diff --git a/pipelines/deploy/cassandra-deploy/Jenkinsfile b/pipelines/deploy/cassandra-deploy/Jenkinsfile index aa3aacd25e..0cdf567558 100644 --- a/pipelines/deploy/cassandra-deploy/Jenkinsfile +++ b/pipelines/deploy/cassandra-deploy/Jenkinsfile @@ -38,7 +38,7 @@ node() { pwd """ ansiblePlaybook = "${currentWs}/ansible/cassandra-deploy.yml" - ansibleExtraArgs = "--extra-vars \"script_location=filesystem:${currentWs}/script_repo/sunbird-cassandra-migration/cassandra-migration/src/main/resources/db/migration/cassandra/${params.cassandra_keyspace_to_migrate} cassandra_keyspace_to_migrate=${params.cassandra_keyspace_to_migrate}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass -v" + ansibleExtraArgs = "--extra-vars \"script_location=${currentWs}/script_repo/sunbird-cassandra-migration/cassandra-migration/src/main/resources/db/migration/cassandra/${params.cassandra_keyspace_to_migrate} cassandra_keyspace_to_migrate=${params.cassandra_keyspace_to_migrate}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass -v" values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) println values From f9cccaaf19cd2191c0f4d3e6a3845db90caa65a8 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 14 Mar 2023 19:23:48 +0530 Subject: [PATCH 293/434] Issue #LR-101 feat: Updated the ansible script for Lern cassandra migration --- ansible/roles/cassandra-deploy/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/cassandra-deploy/tasks/main.yml b/ansible/roles/cassandra-deploy/tasks/main.yml index fb428da53b..841f648d6b 100644 --- a/ansible/roles/cassandra-deploy/tasks/main.yml +++ b/ansible/roles/cassandra-deploy/tasks/main.yml @@ -16,7 +16,7 @@ - name: Run the application # shell: java -cp "cassandra-migration-0.0.1-SNAPSHOT-jar-with-dependencies.jar" com.contrastsecurity.cassandra.migration.utils.MigrationScriptEntryPoint - shell: java -jar -Dcassandra.migration.scripts.locations=filesystem:{{ script_location }} -Dcassandra.migration.cluster.contactpoints=localhost -Dcassandra.migration.cluster.port={{ sunbird_cassandra_port }} -Dcassandra.migration.cluster.username=cassandra -Dcassandra.migration.cluster.password=cassandra -Dcassandra.migration.keyspace.name={{ cassandra_keyspace_to_migrate }} target/*-jar-with-dependencies.jar migrate + shell: java -jar -Dcassandra.migration.scripts.locations=filesystem:{{ script_location }} -Dcassandra.migration.cluster.contactpoints=localhost -Dcassandra.migration.cluster.port="{{ sunbird_cassandra_port }}" -Dcassandra.migration.cluster.username=cassandra -Dcassandra.migration.cluster.password=cassandra -Dcassandra.migration.keyspace.name={{ cassandra_keyspace_to_migrate }} target/*-jar-with-dependencies.jar migrate run_once: true register: migration_status From 3aa1ca7118fa41ec5149160c8ea5fdbc67d518c5 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 14 Mar 2023 19:31:46 +0530 Subject: [PATCH 294/434] Issue #LR-101 feat: Updated the ansible script for Lern cassandra migration --- ansible/roles/cassandra-deploy/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/cassandra-deploy/tasks/main.yml b/ansible/roles/cassandra-deploy/tasks/main.yml index 841f648d6b..4654954c55 100644 --- a/ansible/roles/cassandra-deploy/tasks/main.yml +++ b/ansible/roles/cassandra-deploy/tasks/main.yml @@ -16,7 +16,7 @@ - name: Run the application # shell: java -cp "cassandra-migration-0.0.1-SNAPSHOT-jar-with-dependencies.jar" com.contrastsecurity.cassandra.migration.utils.MigrationScriptEntryPoint - shell: java -jar -Dcassandra.migration.scripts.locations=filesystem:{{ script_location }} -Dcassandra.migration.cluster.contactpoints=localhost -Dcassandra.migration.cluster.port="{{ sunbird_cassandra_port }}" -Dcassandra.migration.cluster.username=cassandra -Dcassandra.migration.cluster.password=cassandra -Dcassandra.migration.keyspace.name={{ cassandra_keyspace_to_migrate }} target/*-jar-with-dependencies.jar migrate + shell: java -jar -Dcassandra.migration.scripts.locations=filesystem:{{ script_location }} -Dcassandra.migration.cluster.contactpoints=localhost -Dcassandra.migration.cluster.port=9042 -Dcassandra.migration.cluster.username=cassandra -Dcassandra.migration.cluster.password=cassandra -Dcassandra.migration.keyspace.name={{ cassandra_keyspace_to_migrate }} target/*-jar-with-dependencies.jar migrate run_once: true register: migration_status From b9c9e26a2d7fb3d0be8ddb7d7348c9c98a7294bb Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 14 Mar 2023 19:34:31 +0530 Subject: [PATCH 295/434] Issue #LR-101 feat: Updated the ansible script for Lern cassandra migration --- ansible/roles/cassandra-deploy/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/cassandra-deploy/tasks/main.yml b/ansible/roles/cassandra-deploy/tasks/main.yml index 4654954c55..91445148e7 100644 --- a/ansible/roles/cassandra-deploy/tasks/main.yml +++ b/ansible/roles/cassandra-deploy/tasks/main.yml @@ -16,7 +16,7 @@ - name: Run the application # shell: java -cp "cassandra-migration-0.0.1-SNAPSHOT-jar-with-dependencies.jar" com.contrastsecurity.cassandra.migration.utils.MigrationScriptEntryPoint - shell: java -jar -Dcassandra.migration.scripts.locations=filesystem:{{ script_location }} -Dcassandra.migration.cluster.contactpoints=localhost -Dcassandra.migration.cluster.port=9042 -Dcassandra.migration.cluster.username=cassandra -Dcassandra.migration.cluster.password=cassandra -Dcassandra.migration.keyspace.name={{ cassandra_keyspace_to_migrate }} target/*-jar-with-dependencies.jar migrate + shell: java -jar -Dcassandra.migration.scripts.locations=filesystem:{{ script_location }} -Dcassandra.migration.cluster.contactpoints=localhost -Dcassandra.migration.cluster.port=9042 -Dcassandra.migration.cluster.username=cassandra -Dcassandra.migration.cluster.password=cassandra -Dcassandra.migration.keyspace.name={{ cassandra_keyspace_to_migrate }} *-jar-with-dependencies.jar migrate run_once: true register: migration_status From 705db769fbb55c1188f74bdfb2418eb1810473e2 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 14 Mar 2023 19:49:16 +0530 Subject: [PATCH 296/434] Issue #LR-101 feat: Updated the ansible script for Lern cassandra migration --- ansible/roles/cassandra-deploy/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/cassandra-deploy/tasks/main.yml b/ansible/roles/cassandra-deploy/tasks/main.yml index 91445148e7..c00c6f7085 100644 --- a/ansible/roles/cassandra-deploy/tasks/main.yml +++ b/ansible/roles/cassandra-deploy/tasks/main.yml @@ -1,10 +1,10 @@ - name: checking for last failed migration - shell: cqlsh -e 'SELECT version from sunbird.cassandra_migration_version where success=false ALLOW FILTERING ;' | tail -n +4 | head -n -2 | sort | tail -n1 | xargs + shell: cqlsh -e 'SELECT version from {{ cassandra_keyspace_to_migrate }}.cassandra_migration_version where success=false ALLOW FILTERING ;' | tail -n +4 | head -n -2 | sort | tail -n1 | xargs register: version run_once: true - name: Dropping failed migration {{ version.stdout }} - shell: cqlsh -e "delete from sunbird.cassandra_migration_version where version='{{version.stdout}}';" + shell: cqlsh -e "delete from {{ cassandra_keyspace_to_migrate }}.cassandra_migration_version where version='{{version.stdout}}';" when: version.stdout run_once: true From b5f9a0cb807f62e2b7cddb0990ee0bba70f0d21c Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 14 Mar 2023 20:03:58 +0530 Subject: [PATCH 297/434] Issue #LR-101 feat: Updated the ansible script for Lern cassandra migration --- ansible/roles/cassandra-deploy/tasks/main.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ansible/roles/cassandra-deploy/tasks/main.yml b/ansible/roles/cassandra-deploy/tasks/main.yml index c00c6f7085..a3ed5f0efd 100644 --- a/ansible/roles/cassandra-deploy/tasks/main.yml +++ b/ansible/roles/cassandra-deploy/tasks/main.yml @@ -14,9 +14,16 @@ dest: "/home/{{ansible_ssh_user}}/" run_once: true +- name: Copy the migration script + copy: + src: "{{ script_location }}" + dest: "/home/{{ansible_ssh_user}}/" + shell: ls /home/{{ansible_ssh_user}}/ + run_once: true + - name: Run the application # shell: java -cp "cassandra-migration-0.0.1-SNAPSHOT-jar-with-dependencies.jar" com.contrastsecurity.cassandra.migration.utils.MigrationScriptEntryPoint - shell: java -jar -Dcassandra.migration.scripts.locations=filesystem:{{ script_location }} -Dcassandra.migration.cluster.contactpoints=localhost -Dcassandra.migration.cluster.port=9042 -Dcassandra.migration.cluster.username=cassandra -Dcassandra.migration.cluster.password=cassandra -Dcassandra.migration.keyspace.name={{ cassandra_keyspace_to_migrate }} *-jar-with-dependencies.jar migrate + shell: java -jar -Dcassandra.migration.scripts.locations=filesystem:/home/{{ansible_ssh_user}}/ -Dcassandra.migration.cluster.contactpoints=localhost -Dcassandra.migration.cluster.port=9042 -Dcassandra.migration.cluster.username=cassandra -Dcassandra.migration.cluster.password=cassandra -Dcassandra.migration.keyspace.name={{ cassandra_keyspace_to_migrate }} *-jar-with-dependencies.jar migrate run_once: true register: migration_status From e99b327e6fbc01d9231ebc093e7b0b11e40f4a13 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 14 Mar 2023 20:06:04 +0530 Subject: [PATCH 298/434] Issue #LR-101 feat: Updated the ansible script for Lern cassandra migration --- ansible/roles/cassandra-deploy/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible/roles/cassandra-deploy/tasks/main.yml b/ansible/roles/cassandra-deploy/tasks/main.yml index a3ed5f0efd..ef9503c530 100644 --- a/ansible/roles/cassandra-deploy/tasks/main.yml +++ b/ansible/roles/cassandra-deploy/tasks/main.yml @@ -18,6 +18,9 @@ copy: src: "{{ script_location }}" dest: "/home/{{ansible_ssh_user}}/" + run_once: true + +- name: Script location shell: ls /home/{{ansible_ssh_user}}/ run_once: true From b2f8075cb9552c3c75366d0f66335a1dbad905e9 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 14 Mar 2023 21:10:44 +0530 Subject: [PATCH 299/434] Issue #LR-101 feat: Updated the ansible script for Lern cassandra migration --- ansible/roles/cassandra-deploy/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/cassandra-deploy/tasks/main.yml b/ansible/roles/cassandra-deploy/tasks/main.yml index ef9503c530..7d1d70e129 100644 --- a/ansible/roles/cassandra-deploy/tasks/main.yml +++ b/ansible/roles/cassandra-deploy/tasks/main.yml @@ -17,11 +17,11 @@ - name: Copy the migration script copy: src: "{{ script_location }}" - dest: "/home/{{ansible_ssh_user}}/" + dest: "/home/{{ansible_ssh_user}}/migration-script/" run_once: true - name: Script location - shell: ls /home/{{ansible_ssh_user}}/ + shell: ls /home/{{ansible_ssh_user}}/migration-script/{{ cassandra_keyspace_to_migrate }} run_once: true - name: Run the application From bfc70df6a457f53ec9d629adefb12fa6460ba6e1 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 14 Mar 2023 21:22:36 +0530 Subject: [PATCH 300/434] Issue #LR-101 feat: Updated the ansible script for Lern cassandra migration --- ansible/roles/cassandra-deploy/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/cassandra-deploy/tasks/main.yml b/ansible/roles/cassandra-deploy/tasks/main.yml index 7d1d70e129..d3eee07156 100644 --- a/ansible/roles/cassandra-deploy/tasks/main.yml +++ b/ansible/roles/cassandra-deploy/tasks/main.yml @@ -21,12 +21,12 @@ run_once: true - name: Script location - shell: ls /home/{{ansible_ssh_user}}/migration-script/{{ cassandra_keyspace_to_migrate }} + shell: ls migration-script/{{ cassandra_keyspace_to_migrate }} run_once: true - name: Run the application # shell: java -cp "cassandra-migration-0.0.1-SNAPSHOT-jar-with-dependencies.jar" com.contrastsecurity.cassandra.migration.utils.MigrationScriptEntryPoint - shell: java -jar -Dcassandra.migration.scripts.locations=filesystem:/home/{{ansible_ssh_user}}/ -Dcassandra.migration.cluster.contactpoints=localhost -Dcassandra.migration.cluster.port=9042 -Dcassandra.migration.cluster.username=cassandra -Dcassandra.migration.cluster.password=cassandra -Dcassandra.migration.keyspace.name={{ cassandra_keyspace_to_migrate }} *-jar-with-dependencies.jar migrate + shell: java -jar -Dcassandra.migration.scripts.locations=filesystem:migration-script/{{ cassandra_keyspace_to_migrate }}/ -Dcassandra.migration.cluster.contactpoints=localhost -Dcassandra.migration.cluster.port=9042 -Dcassandra.migration.cluster.username=cassandra -Dcassandra.migration.cluster.password=cassandra -Dcassandra.migration.keyspace.name={{ cassandra_keyspace_to_migrate }} *-jar-with-dependencies.jar migrate run_once: true register: migration_status From b86b926e08c1ba7caa5084829bf2cb297468ae4b Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 14 Mar 2023 22:40:31 +0530 Subject: [PATCH 301/434] Issue #LR-101 feat: Updated the ansible script for Lern cassandra migration --- ansible/cassandra-deploy.yml | 3 ++- ansible/roles/cassandra-deploy/tasks/main.yml | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/ansible/cassandra-deploy.yml b/ansible/cassandra-deploy.yml index a8d556bbc0..f4edb2c1bd 100644 --- a/ansible/cassandra-deploy.yml +++ b/ansible/cassandra-deploy.yml @@ -3,7 +3,8 @@ environment: sunbird_cassandra_host: "{{ groups['cassandra'][0] }}" sunbird_cassandra_port: 9042 - sunbird_cassandra_keyspace: sunbird + sunbird_cassandra_keyspace: "{{cassandra_keyspace_to_migrate}}" + sunbird_cassandra_migration_location: "filesystem:migration-script/{{cassandra_keyspace_to_migrate}}" vars_files: - ['{{inventory_dir}}/secrets.yml', 'secrets/{{env}}.yml'] roles: diff --git a/ansible/roles/cassandra-deploy/tasks/main.yml b/ansible/roles/cassandra-deploy/tasks/main.yml index d3eee07156..24fab31a06 100644 --- a/ansible/roles/cassandra-deploy/tasks/main.yml +++ b/ansible/roles/cassandra-deploy/tasks/main.yml @@ -25,8 +25,8 @@ run_once: true - name: Run the application -# shell: java -cp "cassandra-migration-0.0.1-SNAPSHOT-jar-with-dependencies.jar" com.contrastsecurity.cassandra.migration.utils.MigrationScriptEntryPoint - shell: java -jar -Dcassandra.migration.scripts.locations=filesystem:migration-script/{{ cassandra_keyspace_to_migrate }}/ -Dcassandra.migration.cluster.contactpoints=localhost -Dcassandra.migration.cluster.port=9042 -Dcassandra.migration.cluster.username=cassandra -Dcassandra.migration.cluster.password=cassandra -Dcassandra.migration.keyspace.name={{ cassandra_keyspace_to_migrate }} *-jar-with-dependencies.jar migrate + shell: java -cp "cassandra-migration-0.0.1-SNAPSHOT-jar-with-dependencies.jar" com.contrastsecurity.cassandra.migration.utils.MigrationScriptEntryPoint +# shell: java -jar -Dcassandra.migration.scripts.locations=filesystem:migration-script/{{ cassandra_keyspace_to_migrate }}/ -Dcassandra.migration.cluster.contactpoints=localhost -Dcassandra.migration.cluster.port=9042 -Dcassandra.migration.cluster.username=cassandra -Dcassandra.migration.cluster.password=cassandra -Dcassandra.migration.keyspace.name={{ cassandra_keyspace_to_migrate }} *-jar-with-dependencies.jar migrate run_once: true register: migration_status From f3b2f043a4e68fcd3abc9211bc954912fcebca5f Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 14 Mar 2023 22:47:20 +0530 Subject: [PATCH 302/434] Issue #LR-101 feat: Updated the ansible script for Lern cassandra migration --- pipelines/deploy/cassandra-deploy/Jenkinsfile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/pipelines/deploy/cassandra-deploy/Jenkinsfile b/pipelines/deploy/cassandra-deploy/Jenkinsfile index 0cdf567558..051774137c 100644 --- a/pipelines/deploy/cassandra-deploy/Jenkinsfile +++ b/pipelines/deploy/cassandra-deploy/Jenkinsfile @@ -33,10 +33,6 @@ node() { rm -rf script_repo git clone ${params.script_repo} -b ${params.script_repo_branch_or_tag} script_repo """ - sh """ - echo ${currentWs} - pwd - """ ansiblePlaybook = "${currentWs}/ansible/cassandra-deploy.yml" ansibleExtraArgs = "--extra-vars \"script_location=${currentWs}/script_repo/sunbird-cassandra-migration/cassandra-migration/src/main/resources/db/migration/cassandra/${params.cassandra_keyspace_to_migrate} cassandra_keyspace_to_migrate=${params.cassandra_keyspace_to_migrate}\" --vault-password-file /var/lib/jenkins/secrets/vault-pass -v" values.put('ansiblePlaybook', ansiblePlaybook) From 65633aa0d0ce0fec8a26997353e0ddeeabce09c3 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Thu, 16 Mar 2023 17:52:07 +0530 Subject: [PATCH 303/434] Issue #LR-101 feat: Removed unused keyspace sunbirdplugin --- .../cassandra-cql-update/templates/cassandra.cql | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/ansible/roles/cassandra-cql-update/templates/cassandra.cql b/ansible/roles/cassandra-cql-update/templates/cassandra.cql index c20e9924db..736ca5b571 100644 --- a/ansible/roles/cassandra-cql-update/templates/cassandra.cql +++ b/ansible/roles/cassandra-cql-update/templates/cassandra.cql @@ -501,19 +501,6 @@ CREATE TABLE IF NOT EXISTS sunbird.skills(id text,skills list, PRIMARY KEY //25th Oct ALTER TABLE sunbird.organisation ADD orgTypeId text; -//Announcement apis -27th Oct -{% if (cassandra_cluster_size | int) > 1 %} -CREATE KEYSPACE IF NOT EXISTS sunbirdplugin WITH REPLICATION = { 'class' : 'NetworkTopologyStrategy', 'datacenter1' : 2 }; -{% else %} -CREATE KEYSPACE IF NOT EXISTS sunbirdplugin WITH REPLICATION = {'class':'SimpleStrategy','replication_factor':1}; -{% endif %} -//CREATE TYPE IF NOT EXISTS sunbirdplugin.attachment (id text,filename text,mimetype text); -CREATE TABLE sunbirdplugin.announcement (id text,userid text,sourceid text,details map,links list,attachments list,target text,sentcount int,priority text,expiry text,status text,createddate text,updateddate text, PRIMARY KEY (id)); -CREATE TABLE sunbirdplugin.attachment (id text,file text,filename text,mimetype text,createdby text,status text,createddate text, PRIMARY KEY (id)); -CREATE TABLE sunbirdplugin.metrics (id text,userid text,announcementid text,activity text,channel text,createddate text, PRIMARY KEY (id)); -CREATE TABLE sunbirdplugin.announcementtype (id text,rootorgid text,name text,status text,createddate text, PRIMARY KEY (id)); -CREATE TABLE sunbirdplugin.announcementauth (id text,userid text,rootorgid text,permissions map,status text,createddate text, PRIMARY KEY (id)); - insert into sunbird.role_group (id,name) values ('ANNOUNCEMENT_SENDER','Announcement Sender'); update sunbird.role_group set url_action_ids=['Announcement Sender'] where id='ANNOUNCEMENT_SENDER'; insert into sunbird.role (id,name,rolegroupid,status) values ('ANNOUNCEMENT_SENDER','Announcement Sender',['ANNOUNCEMENT_SENDER'],1); @@ -543,9 +530,6 @@ ALTER TABLE sunbird.organisation ADD locationId text; ALTER TABLE sunbird.user ADD profileVisibility map; -// 9th Nov 2017 -ALTER TABLE sunbirdplugin.announcement DROP target ; -ALTER TABLE sunbirdplugin.announcement ADD target map>>>>; //adding default one Skills. insert into skills (id,skills) values ('001',['java']); ALTER TABLE sunbird.user_skills drop endorsers; From 7fe8141b66dd3c98f3e20c19d15c7c27815291ee Mon Sep 17 00:00:00 2001 From: Reshmi Nair Date: Mon, 20 Mar 2023 19:44:18 +0530 Subject: [PATCH 304/434] LR-307 Merging 5.2.0 to 5.2.0-lern branch --- Installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Installation.md b/Installation.md index 192cfc2a1a..ea185346a4 100644 --- a/Installation.md +++ b/Installation.md @@ -1 +1 @@ -### Installation wiki moved to [here.](http://docs.sunbird.org/latest/developer-docs/server-installation/prerequisites/) +### Installation wiki moved to [here.](http://www.sunbird.org/developer-docs/installation) From f659659ea78074a3775961060b1dba3db71857d8 Mon Sep 17 00:00:00 2001 From: Reshmi Nair Date: Mon, 20 Mar 2023 19:50:29 +0530 Subject: [PATCH 305/434] LR-307 Merging 5.2.0 to 5.2.0-lern branch --- kubernetes/ansible/cassandrainfo.yaml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 kubernetes/ansible/cassandrainfo.yaml diff --git a/kubernetes/ansible/cassandrainfo.yaml b/kubernetes/ansible/cassandrainfo.yaml deleted file mode 100644 index 72ca57866d..0000000000 --- a/kubernetes/ansible/cassandrainfo.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Retrieve information from cassandra - -- hosts: "{{server_group}}" - gather_facts: false - vars_files: - - "{{inventory_dir}}/secrets.yml" - tasks: - - name: validate the cassandra query - shell: "echo {{cassandra_query}} | grep -iE 'drop|delete|truncate|alter|update|insert'" - register: validator_output - run_once: true - - - name: execute the query on succesful validation - shell: "cqlsh --request-timeout=3600 \"{{cassandra_query}}\"" - when: validator_output.rc == 1 - run_once: true From ee5f0906ed9c5c74466d4015c4a3464f58e175a7 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Thu, 23 Mar 2023 18:35:49 +0530 Subject: [PATCH 306/434] Issue #LR-101 feat: Added the delete folder command. --- ansible/roles/cassandra-deploy/tasks/main.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/ansible/roles/cassandra-deploy/tasks/main.yml b/ansible/roles/cassandra-deploy/tasks/main.yml index 24fab31a06..8359bbc928 100644 --- a/ansible/roles/cassandra-deploy/tasks/main.yml +++ b/ansible/roles/cassandra-deploy/tasks/main.yml @@ -14,16 +14,17 @@ dest: "/home/{{ansible_ssh_user}}/" run_once: true +- name: Delete migration-script + file: + state: absent + path: "/home/{{ansible_ssh_user}}/migration-script/" + - name: Copy the migration script copy: src: "{{ script_location }}" dest: "/home/{{ansible_ssh_user}}/migration-script/" run_once: true -- name: Script location - shell: ls migration-script/{{ cassandra_keyspace_to_migrate }} - run_once: true - - name: Run the application shell: java -cp "cassandra-migration-0.0.1-SNAPSHOT-jar-with-dependencies.jar" com.contrastsecurity.cassandra.migration.utils.MigrationScriptEntryPoint # shell: java -jar -Dcassandra.migration.scripts.locations=filesystem:migration-script/{{ cassandra_keyspace_to_migrate }}/ -Dcassandra.migration.cluster.contactpoints=localhost -Dcassandra.migration.cluster.port=9042 -Dcassandra.migration.cluster.username=cassandra -Dcassandra.migration.cluster.password=cassandra -Dcassandra.migration.keyspace.name={{ cassandra_keyspace_to_migrate }} *-jar-with-dependencies.jar migrate From 5d1ab2979d667efb02af8ad64b09604612e88627 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Thu, 23 Mar 2023 18:51:38 +0530 Subject: [PATCH 307/434] Issue #LR-307 feat: Onboarded inQuiry APIs --- ansible/roles/kong-api/defaults/main.yml | 476 ++++++++++++++++++++++- 1 file changed, 475 insertions(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index e4e656f73e..8567531542 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -75,6 +75,10 @@ assessment_prefix: /assessment device_prefix: /v3/device dataset_service_prefix: /dataset +# inQuiry service prefixes +question_prefix: /question +questionset_prefix: /questionset + # Service URLs learning_service_url: "http://learner-service:9000" am_util_url: "http://adminutil:4000" @@ -7016,4 +7020,474 @@ kong_apis: config.allowed_payload_size: "{{ small_request_size_limit }}" - name: opa-checks config.required: true - config.enabled: true \ No newline at end of file + config.enabled: true + +### inQuiry APIs START ### +- name: questionCreate + uris: "{{ question_prefix }}/v1/create" + upstream_url: "{{ assessment_service_url }}/question/v4/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionRead + uris: "{{ question_prefix }}/v1/read" + upstream_url: "{{ assessment_service_url }}/question/v4/read" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionPrivateRead + uris: "{{ question_prefix }}/v1/private/read" + upstream_url: "{{ assessment_service_url }}/question/v4/private/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionUpdate + uris: "{{ question_prefix }}/v1/update" + upstream_url: "{{ assessment_service_url }}/question/v4/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionRetire + uris: "{{ question_prefix }}/v1/retire" + upstream_url: "{{ assessment_service_url }}/question/v4/retire" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionReview + uris: "{{ question_prefix }}/v1/review" + upstream_url: "{{ assessment_service_url }}/question/v4/review" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionPublish + uris: "{{ question_prefix }}/v1/publish" + upstream_url: "{{ assessment_service_url }}/question/v4/publish" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionList + uris: "{{ question_prefix }}/v1/list" + upstream_url: "{{ assessment_service_url }}/question/v4/list" + strip_uri: true + plugins: + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionReject + uris: "{{ question_prefix }}/v1/reject" + upstream_url: "{{ assessment_service_url }}/question/v4/reject" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetCreate + uris: "{{ questionset_prefix }}/v1/create" + upstream_url: "{{ assessment_service_url }}/questionset/v4/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetRead + uris: "{{ questionset_prefix }}/v1/read" + upstream_url: "{{ assessment_service_url }}/questionset/v4/read" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetPrivateRead + uris: "{{ questionset_prefix }}/v1/private/read" + upstream_url: "{{ assessment_service_url }}/questionset/v4/private/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetUpdate + uris: "{{ questionset_prefix }}/v1/update" + upstream_url: "{{ assessment_service_url }}/questionset/v4/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetAddQuestion + uris: "{{ questionset_prefix }}/v1/add" + upstream_url: "{{ assessment_service_url }}/questionset/v4/add" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentUpdate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetRemoveQuestion + uris: "{{ questionset_prefix }}/v1/remove" + upstream_url: "{{ assessment_service_url }}/questionset/v4/remove" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentUpdate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetRetire + uris: "{{ questionset_prefix }}/v1/retire" + upstream_url: "{{ assessment_service_url }}/questionset/v4/retire" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetReview + uris: "{{ questionset_prefix }}/v1/review" + upstream_url: "{{ assessment_service_url }}/questionset/v4/review" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetPublish + uris: "{{ questionset_prefix }}/v1/publish" + upstream_url: "{{ assessment_service_url }}/questionset/v4/publish" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetUpdateHierarchy + uris: "{{ questionset_prefix }}/v1/hierarchy/update" + upstream_url: "{{ assessment_service_url }}/questionset/v4/hierarchy/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetReadHierarchy + uris: "{{ questionset_prefix }}/v1/hierarchy" + upstream_url: "{{ assessment_service_url }}/questionset/v4/hierarchy" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - anonymousContentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetReject + uris: "{{ questionset_prefix }}/v1/reject" + upstream_url: "{{ assessment_service_url }}/questionset/v4/reject" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionImportAPI + uris: "{{ question_prefix }}/v1/import" + upstream_url: "{{ assessment_service_url }}/question/v4/import" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionsetImportAPI + uris: "{{ questionset_prefix }}/v1/import" + upstream_url: "{{ assessment_service_url }}/questionset/v4/import" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false \ No newline at end of file From d39912e9de787be1e584560b05c90df0fa1d0db7 Mon Sep 17 00:00:00 2001 From: Pankaj Jangid <103931276+pankajjangid05@users.noreply.github.com> Date: Mon, 27 Mar 2023 17:19:50 +0530 Subject: [PATCH 308/434] UCI-2 - env variables for doubtnut integration (#3768) * UCI-2 - remove default values from env file for doubtnut integration * UCI-2 - change default values in env file for doubtnut integration --- ansible/roles/stack-sunbird/templates/transformer.env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/transformer.env b/ansible/roles/stack-sunbird/templates/transformer.env index 9d14a6e932..f111c5229e 100644 --- a/ansible/roles/stack-sunbird/templates/transformer.env +++ b/ansible/roles/stack-sunbird/templates/transformer.env @@ -83,6 +83,6 @@ SELECTED_FILE_CDN=sunbird #Doubtnut config DOUBTNUT_BASE_URL={{doubtnut_base_url | default("") }} DOUBTNUT_AUTH_KEY={{doubtnut_auth_key | default("") }} -DOUBTNUT_WELCOME_MSG={{doubtnut_bot_welcome_msg | default("Welcome to doubtnut.\nYou can ask any question by typing or clicking a image of the question and submitting it.") }} -DOUBTNUT_WELCOME_VIDEO={{doubtnut_bot_video_url | default("http://techslides.com/demos/sample-videos/small.mp4") }} +DOUBTNUT_WELCOME_MSG={{doubtnut_bot_welcome_msg | default("Welcome to doubtnut") }} +DOUBTNUT_WELCOME_VIDEO={{doubtnut_bot_video_url | default("") }} From 9c98384759a532e6cd8462e3e81168f46f65d2fa Mon Sep 17 00:00:00 2001 From: Pankaj Jangid <103931276+pankajjangid05@users.noreply.github.com> Date: Mon, 27 Mar 2023 20:59:54 +0530 Subject: [PATCH 309/434] UCI-2 - env variables for doubtnut integration (#3769) * UCI-2 - remove default values from env file for doubtnut integration * UCI-2 - change default values in env file for doubtnut integration * UCI-2 - added nlapp variables in env file * UCI-2 - added nlapp variables in env file --------- Co-authored-by: Santhosh Gandham --- ansible/roles/stack-sunbird/templates/transformer.env | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ansible/roles/stack-sunbird/templates/transformer.env b/ansible/roles/stack-sunbird/templates/transformer.env index f111c5229e..9c96eb97da 100644 --- a/ansible/roles/stack-sunbird/templates/transformer.env +++ b/ansible/roles/stack-sunbird/templates/transformer.env @@ -86,3 +86,10 @@ DOUBTNUT_AUTH_KEY={{doubtnut_auth_key | default("") }} DOUBTNUT_WELCOME_MSG={{doubtnut_bot_welcome_msg | default("Welcome to doubtnut") }} DOUBTNUT_WELCOME_VIDEO={{doubtnut_bot_video_url | default("") }} + +#nl app url +NLAPP_USER_URL={{nlapp_user_url | default("") }} +NLAPP_USER_AUTH={{nl_user_auth | default("") }} +NLAPP_USER_XAPPID={{nlapp_user_xappid | default("") }} + + From c46b28cf5d51bc3327739dc9bc4fb0e4d3f69099 Mon Sep 17 00:00:00 2001 From: Santhosh Gandham <31979949+gandham-santhosh@users.noreply.github.com> Date: Thu, 30 Mar 2023 21:52:13 +0530 Subject: [PATCH 310/434] ED-539 Added proxy end point for android deeplink support --- ansible/inventory/env/group_vars/all.yml | 1 + .../core/nginx-public-ingress/values.j2 | 24 +++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 6cbd63ec03..b0b23d8ecf 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -17,6 +17,7 @@ env_short_name: "{{env}}" sunbird_env: "{{env}}" #Ekstep environment to connect to. Use `qa` for non-prod deployments, and `prod` for prod deployment. sunbird_app_name: "{{env}}" env_prefix: "{{env}}" +mobile_deeplink_url: "{{mobile_deeplink_url}}" # Keycloak keycloak_api_management_user_first_name: "admin" diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index e0699cdb50..96a9bd51c3 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -756,6 +756,30 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://player; } + location ~* ^/.well-known/assetlinks.json { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "{{mobile_deeplink_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_pass $bucket; + } location ~* ^/desktop/(.*) { # Enabling cache for Response code 200 expires 1M; From ed05a67a5c12708bcced50fee8408ba454c42a1f Mon Sep 17 00:00:00 2001 From: Santhosh Gandham <31979949+gandham-santhosh@users.noreply.github.com> Date: Mon, 3 Apr 2023 12:23:35 +0530 Subject: [PATCH 311/434] ED-539 Added proxy end point for android deeplink support --- .../core/nginx-public-ingress/values.j2 | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 96a9bd51c3..80a6a267c0 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -775,9 +775,22 @@ proxyconfig: |- add_header Content-Type text/plain; return 200; } - set $bucket "{{mobile_deeplink_url}}"; + set $bucket "{{ mobile_deeplink_url }}"; set $url_full '$1'; proxy_http_version 1.1; + proxy_set_header Host "{{mobile_deeplink_url.split('/')[2]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; proxy_pass $bucket; } location ~* ^/desktop/(.*) { From d003ed364bb2942a6aa5b37c3d3fdfd653e9a2cd Mon Sep 17 00:00:00 2001 From: BharathwajShankar Date: Tue, 4 Apr 2023 18:44:14 +0530 Subject: [PATCH 312/434] LR-101-Merging from lern_5.2.0 to devops_5.2.0 --- ansible/roles/stack-sunbird/templates/sunbird_lms-service.env | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index ef5e044ec5..a1682a6971 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -152,6 +152,7 @@ cloud_storage_dial_bucketname={{ cloud_storage_dial_bucketname | default('dial') cloud_storage_path_prefix_dial={{ cloudstorage_relative_path_prefix_dial | default('DIAL_STORAGE_BASE_PATH') }} cloud_store_base_path_placeholder={{ cloud_store_base_path_placeholder | default('CLOUD_BASE_PATH') }} + # Release-5.2.0 LR-325 sunbird_dial_service_base_url = {{ dial_service_url | default('http://dial-service:9000') }} sunbird_dial_service_search_url = "/v1/dialcode/search" \ No newline at end of file From c43cfe60aeac79e72308c34e73d1dc10e5024eba Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 18 Apr 2023 17:56:12 +0530 Subject: [PATCH 313/434] Issue #LR-422 feat: Pointed the channel create and update to content-service instead on learning-service. --- .../roles/stack-sunbird/templates/sunbird_learner-service.env | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index d02bd84ba8..5fd974cd21 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -11,7 +11,6 @@ sunbird_cassandra_username=cassandra sunbird_cassandra_password=password actor_hostname=actor-service bind_hostname=0.0.0.0 -ekstep_authorization={{sunbird_ekstep_api_key}} sunbird_pg_host={{sunbird_pg_host}} sunbird_pg_port={{sunbird_pg_port}} sunbird_pg_db={{sunbird_pg_db}} @@ -20,7 +19,7 @@ sunbird_pg_password={{sunbird_pg_password}} sunbird_installation={{sunbird_installation}} sunbird_analytics_api_base_url={{sunbird_analytics_api_base_url}} sunbird_search_service_api_base_url={{sunbird_search_service_api_base_url}} -ekstep_api_base_url={{sunbird_content_repo_api_base_url}} +sunbird_content_service_api_base_url={{sunbird_content_service_api_base_url}} sunbird_mail_server_host={{sunbird_mail_server_host}} sunbird_mail_server_port={{sunbird_mail_server_port}} sunbird_mail_server_username={{sunbird_mail_server_username}} From 350385d8476a016c517846763ec147e727ffc536 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 18 Apr 2023 18:06:17 +0530 Subject: [PATCH 314/434] Issue #LR-422 feat: Removed unused variables --- .../roles/stack-sunbird/templates/sunbird_learner-service.env | 2 -- 1 file changed, 2 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index 5fd974cd21..fe5e9f6605 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -57,8 +57,6 @@ telemetry_pdata_pid=learner-service sunbird_telemetry_base_url=http://telemetry-service:9001 telemetry_queue_threshold_value=100 sunbird_default_channel={{sunbird_default_channel}} -sunbird_api_mgr_base_url=http://knowledge-mw-service:5000 -sunbird_cs_base_url=http://knowledge-mw-service:5000 sunbird_cs_search_path=/v1/content/search sunbird_user_bulk_upload_size={{sunbird_user_bulk_upload_size}} From 1a308deac8a2906f0410ab744f0fdcf1f198caf8 Mon Sep 17 00:00:00 2001 From: Jayaprakash8887 Date: Tue, 25 Apr 2023 15:53:02 +0530 Subject: [PATCH 315/434] Issue #LR-517 feat: new API to upload public encryption key --- ansible/roles/kong-api/defaults/main.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 8567531542..2381071916 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -1335,6 +1335,27 @@ kong_apis: config.required: false config.enabled: false +- name: orgAddEncryptionKey + uris: "{{ org_service_prefix }}/v1/update/encryptionkey" + upstream_url: "{{ learning_service_url }}/v1/org/update/encryptionkey" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - orgAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + - name: orgBulkUpload uris: "{{ org_service_prefix }}/v1/upload" upstream_url: "{{ learning_service_url }}/v1/org/upload" From 1028d87a7213205b4cac779fae48be40d6b132b2 Mon Sep 17 00:00:00 2001 From: Santhosh Gandham Date: Wed, 26 Apr 2023 12:10:42 +0530 Subject: [PATCH 316/434] Update sunbird_learner-service.env --- .../roles/stack-sunbird/templates/sunbird_learner-service.env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index c8b8d9aca9..d02bd84ba8 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -29,7 +29,7 @@ sunbird_mail_server_from_email={{sunbird_mail_server_from_email}} sunbird_encryption_key={{sunbird_encryption_key}} sunbird_encryption_mode={{sunbird_encryption_mode}} sunbird_account_name={{cloud_public_storage_accountname}} -sunbird_account_key={{cloud_private_storage_secret}} +sunbird_account_key={{cloud_public_storage_secret}} sunbird_quartz_mode={{sunbird_sunbird_quartz_mode}} sunbird_env_logo_url={{sunbird_env_logo_url}} sunbird_web_url={{sunbird_web_url}} @@ -79,7 +79,7 @@ sunbird_course_batch_notification_enabled={{sunbird_course_batch_notification_en sunbird_course_batch_notification_signature={{sunbird_course_batch_notification_signature}} sunbird_otp_expiration={{sunbird_otp_expiration}} sunbird_otp_length={{sunbird_otp_length}} -sunbird_content_azure_storage_container={{cloud_storage_content_bucketname}} +sunbird_content_cloud_storage_container={{cloud_storage_content_bucketname}} # Release-1.14 sunbird_time_zone={{sunbird_time_zone}} # Release-1.15 From 634bb0a4ca06f60bf6da96e093eb2ab55493c581 Mon Sep 17 00:00:00 2001 From: VISHNUDAS <95604247+VISHNUDAS-tunerlabs@users.noreply.github.com> Date: Thu, 27 Apr 2023 10:00:34 +0530 Subject: [PATCH 317/434] Devops changes for Program join stories (ED-599) && Block Level Filters (ED-94) (#3737) * Devops changes for PII data stories * env variable change * env variable and kong api name changed: Review fix * ED-94 Devops changes --- ansible/roles/kong-api/defaults/main.yml | 27 +++++++++++++++++-- .../templates/ml-core-service.env | 14 +++++++++- .../templates/ml-reports-service.env | 13 +++++++++ 3 files changed, 51 insertions(+), 3 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 7af41e2149..2eb03d3a85 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -123,6 +123,8 @@ uci_admin_prefix: /uci notification_service_prefix: /notification registry_service_prefix: /rc assessment_prefix: /assessment +programs_service_prefix: /programs +resource_prefix: /resource # Service URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" @@ -7522,8 +7524,8 @@ kong_apis: config.enabled: false - name: getSolutionReportInformation - uris: "{{ solutions_service_prefix }}/mlcore/v1/read" - upstream_url: "{{ ml_core_service_url }}/v1/solutions/read" + uris: "{{ resource_prefix }}/mlreports/v1/filtervalues" + upstream_url: "{{{ ml_reports_service_url }}/v1/resource/filtervalues" strip_uri: true plugins: - name: jwt @@ -10001,3 +10003,24 @@ kong_apis: - name: opa-checks config.required: true config.enabled: true + +- name: joinProgramByUser + uris: "{{ programs_service_prefix }}/mlcore/v1/join" + upstream_url: "{{ ml_core_service_url }}/v1/programs/join" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - programAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false diff --git a/ansible/roles/stack-sunbird/templates/ml-core-service.env b/ansible/roles/stack-sunbird/templates/ml-core-service.env index e3db337464..2795c258e1 100755 --- a/ansible/roles/stack-sunbird/templates/ml-core-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-core-service.env @@ -81,4 +81,16 @@ ELASTICSEARCH_ENTITIES_INDEX={{ml_core_elasticsearch_user_extension_index_type | USER_SERVICE_URL={{ml_core_user_service_URL | default("http://learner-service:9000")}} ## portal url of env -APP_PORTAL_BASE_URL={{ proto }}://{{ domain_name }} \ No newline at end of file +APP_PORTAL_BASE_URL={{ proto }}://{{ domain_name }} + +# Kafka enable or disable communication flag +KAFKA_COMMUNICATIONS_ON_OFF={{ml_core_kafka_communications_on_off | default("ON")}} + +# IP address of kafka server with port without HTTP +KAFKA_URL={{ml_core_kafka_url | default(groups['processing-cluster-kafka'][0]+':9092')}} + +# Kafka consumer group for ML Core Service +KAFKA_GROUP_ID={{ml_core_kafka_group_id | default("ml-core-service")}} + +#Kafka topic name for pushing programUsers +PROGRAM_USERS_JOINED_TOPIC={{ml_core_program_users_joined_topic | default (env_name+".programuser.info")}} \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/ml-reports-service.env b/ansible/roles/stack-sunbird/templates/ml-reports-service.env index 6df09e49c6..744a2d124d 100644 --- a/ansible/roles/stack-sunbird/templates/ml-reports-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-reports-service.env @@ -20,6 +20,19 @@ SURVEY_DATASOURCE_NAME={{ml_report_survey_datasource_name | default("sl-survey") # Survey evidence data source name SURVEY_EVIDENCE_DATASOURCE_NAME={{ml_report_survey_evidence_datasource_name | default("sl-survey-evidence")}} +# Project Solution Resource data source name +PROJECT_RESOURCE_DATASOURCE_NAME = {{ml_project_resource_datasource_name | default("ml-project-status")}} + +# Observation Solution Resource data source name +OBSERVATION_RESOURCE_DATASOURCE_NAME = {{ml_observation_resource_datasource_name | default("ml-obs-status")}} + +# Survey Solution Resource data source name +SURVEY_RESOURCE_DATASOURCE_NAME = {{ml_survey_resource_datasource_name | default("ml-survey-status")}} + + +# Program Resource data source name +PROGRAM_RESOURCE_DATASOURCE_NAME = {{ml_program_resource_datasource_name | default("ml-user-program")}} + # Dhiti Thresold Values #Restrict number of records to be shown for container reports CONTENT_REPORT_THRESHOLD={{ml_report_content_report_threshold | default("5")}} From 8c05d034a8d66f63f2c417b35a1bdf38b5115dbc Mon Sep 17 00:00:00 2001 From: Jayaprakash8887 Date: Fri, 28 Apr 2023 12:00:45 +0530 Subject: [PATCH 318/434] Issue #LR-517 feat: new API to upload public encryption key --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 2381071916..da972a1665 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -1345,7 +1345,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - orgAdmin + - orgSuperAdmin - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" From 996904f3ec155c69c194d68f6bd2985a01389704 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Wed, 3 May 2023 11:05:45 +0530 Subject: [PATCH 319/434] Issue #LR-522 chore: Fixed the syntax issue --- ansible/roles/stack-sunbird/templates/sunbird_lms-service.env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index ef5e044ec5..7a2c5f7ff7 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -153,5 +153,5 @@ cloud_storage_path_prefix_dial={{ cloudstorage_relative_path_prefix_dial | defau cloud_store_base_path_placeholder={{ cloud_store_base_path_placeholder | default('CLOUD_BASE_PATH') }} # Release-5.2.0 LR-325 -sunbird_dial_service_base_url = {{ dial_service_url | default('http://dial-service:9000') }} -sunbird_dial_service_search_url = "/v1/dialcode/search" \ No newline at end of file +sunbird_dial_service_base_url={{ dial_service_url | default('http://dial-service:9000') }} +sunbird_dial_service_search_url="/v1/dialcode/search" \ No newline at end of file From b626c0008998d2db6dbd07dd5e6ebb7b6b132029 Mon Sep 17 00:00:00 2001 From: Akash Shah Date: Wed, 3 May 2023 16:35:49 +0530 Subject: [PATCH 320/434] Fix syntax for API getSolutionReportInformation --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 2eb03d3a85..4c217d1692 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7525,7 +7525,7 @@ kong_apis: - name: getSolutionReportInformation uris: "{{ resource_prefix }}/mlreports/v1/filtervalues" - upstream_url: "{{{ ml_reports_service_url }}/v1/resource/filtervalues" + upstream_url: "{{ ml_reports_service_url }}/v1/resource/filtervalues" strip_uri: true plugins: - name: jwt From 75f96b6e2176dea3cf4993e391ca14a454b27fd5 Mon Sep 17 00:00:00 2001 From: Reshmi Nair Date: Thu, 4 May 2023 12:19:10 +0530 Subject: [PATCH 321/434] LR-539 Exhaust Proxy Apis added --- ansible/roles/kong-api/defaults/main.yml | 42 ++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index da972a1665..bb9e3c667e 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -435,6 +435,48 @@ kong_apis: config.required: true config.enabled: true +- name: exhaustSubmitProxyAPI + uris: "{{ course_service_prefix }}/v1/jobrequest/submit" + upstream_url: "{{ lms_service_url }}/v1/jobrequest/submit" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - courseAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: exhaustListProxyAPI + uris: "{{ course_service_prefix }}/v1/jobrequest/list" + upstream_url: "{{ lms_service_url }}/v1/jobrequest/list" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - courseAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + - name: createCertTemplate uris: "{{ cert_service_prefix }}/v1/template/create" upstream_url: "{{ cert_service_url }}/cert/v1/template/create" From 10444c8ad7b7677b9216f5d314d8d44805cda8c9 Mon Sep 17 00:00:00 2001 From: Reshmi Nair Date: Thu, 4 May 2023 12:39:35 +0530 Subject: [PATCH 322/434] LR-539 Exhaust Service apis properties fixed --- .../roles/stack-sunbird/templates/sunbird_lms-service.env | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 7a2c5f7ff7..7dfd4bfed7 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -154,4 +154,9 @@ cloud_store_base_path_placeholder={{ cloud_store_base_path_placeholder | default # Release-5.2.0 LR-325 sunbird_dial_service_base_url={{ dial_service_url | default('http://dial-service:9000') }} -sunbird_dial_service_search_url="/v1/dialcode/search" \ No newline at end of file +sunbird_dial_service_search_url="/v1/dialcode/search" + +# Release-5.3.0 LR-539 +exhaust_api_base_url={{ analytics_service_url | default('http://analytics-service:9000') }} +exhaust_api_submit_endpoint=/request/submit +exhaust_api_list_endpoint=/request/list/ \ No newline at end of file From 531a46186cd42cb5abf6f55db5afadd04e8f7f37 Mon Sep 17 00:00:00 2001 From: kumarks1122 Date: Sat, 6 May 2023 23:46:36 +0530 Subject: [PATCH 323/434] LR-438 | RC registry template changes --- .../sunbird-RC/registry/schemas/TrainingCertificate.json | 4 +++- utils/sunbird-RC/schema/credential_template.json | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json b/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json index 84dc1d5429..3f5a5fed18 100644 --- a/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json +++ b/kubernetes/helm_charts/sunbird-RC/registry/schemas/TrainingCertificate.json @@ -53,8 +53,10 @@ }, "certificateLabel":{ "type": "string" + }, + "issuedOn": { + "type": "string" } - } } }, diff --git a/utils/sunbird-RC/schema/credential_template.json b/utils/sunbird-RC/schema/credential_template.json index a999eca8da..123457817b 100644 --- a/utils/sunbird-RC/schema/credential_template.json +++ b/utils/sunbird-RC/schema/credential_template.json @@ -9,7 +9,12 @@ ], {% raw %} "id":"did:sunbird:{{osid}}", + {{#if issuedOn}} + "issuanceDate": "{{issuedOn}}", + {{/if}} + {{#unless issuedOn}} "issuanceDate": "{{osCreatedAt}}", + {{/unless}} "credentialSubject": { "type":"{{certificateLabel}}", "recipientName": "{{recipient.name}}", From e049397be32b7e094c5ac7c2a08cc781535a1edf Mon Sep 17 00:00:00 2001 From: VISHNUDAS-tunerlabse Date: Thu, 11 May 2023 14:10:03 +0530 Subject: [PATCH 324/434] ml-reports env syntax error fix added --- .../roles/stack-sunbird/templates/ml-reports-service.env | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/ml-reports-service.env b/ansible/roles/stack-sunbird/templates/ml-reports-service.env index 744a2d124d..cd6754ac01 100644 --- a/ansible/roles/stack-sunbird/templates/ml-reports-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-reports-service.env @@ -21,17 +21,17 @@ SURVEY_DATASOURCE_NAME={{ml_report_survey_datasource_name | default("sl-survey") SURVEY_EVIDENCE_DATASOURCE_NAME={{ml_report_survey_evidence_datasource_name | default("sl-survey-evidence")}} # Project Solution Resource data source name -PROJECT_RESOURCE_DATASOURCE_NAME = {{ml_project_resource_datasource_name | default("ml-project-status")}} +PROJECT_RESOURCE_DATASOURCE_NAME={{ml_project_resource_datasource_name | default("ml-project-status")}} # Observation Solution Resource data source name -OBSERVATION_RESOURCE_DATASOURCE_NAME = {{ml_observation_resource_datasource_name | default("ml-obs-status")}} +OBSERVATION_RESOURCE_DATASOURCE_NAME={{ml_observation_resource_datasource_name | default("ml-obs-status")}} # Survey Solution Resource data source name -SURVEY_RESOURCE_DATASOURCE_NAME = {{ml_survey_resource_datasource_name | default("ml-survey-status")}} +SURVEY_RESOURCE_DATASOURCE_NAME={{ml_survey_resource_datasource_name | default("ml-survey-status")}} # Program Resource data source name -PROGRAM_RESOURCE_DATASOURCE_NAME = {{ml_program_resource_datasource_name | default("ml-user-program")}} +PROGRAM_RESOURCE_DATASOURCE_NAME={{ml_program_resource_datasource_name | default("ml-user-program")}} # Dhiti Thresold Values #Restrict number of records to be shown for container reports From 2f67f7a43daa4cdc0ccc86eb2d7b5b35ac5c76d4 Mon Sep 17 00:00:00 2001 From: princegupta1131 <114015020+princegupta1131@users.noreply.github.com> Date: Mon, 15 May 2023 11:56:35 +0530 Subject: [PATCH 325/434] ED-1945 feat:onboarded Question-set,question copy api --- ansible/roles/kong-api/defaults/main.yml | 42 ++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 4c217d1692..c59e52bf17 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7459,6 +7459,48 @@ kong_apis: - name: opa-checks config.required: false config.enabled: false + +- name: questionsetCopy + uris: "{{ questionset_prefix }}/v1/copy" + upstream_url: "{{ assessment_service_url }}/questionset/v4/copy" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionCopy + uris: "{{ question_prefix }}/v1/copy" + upstream_url: "{{ assessment_service_url }}/question/v4/copy" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false - name: getUsersPrograms uris: "{{ users_service_prefix }}/mlcore/v1/programs" From 9cdd587a2e7632df2e40b96cdd12b5c5f2028f13 Mon Sep 17 00:00:00 2001 From: VISHNUDAS-tunerlabse Date: Mon, 15 May 2023 16:58:33 +0530 Subject: [PATCH 326/434] programuser.info Kafka topic added to script --- ansible/roles/setup-kafka/defaults/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ansible/roles/setup-kafka/defaults/main.yml b/ansible/roles/setup-kafka/defaults/main.yml index cb2bb2f38f..293a9f9988 100644 --- a/ansible/roles/setup-kafka/defaults/main.yml +++ b/ansible/roles/setup-kafka/defaults/main.yml @@ -83,6 +83,10 @@ ml_service_topics: retention_time: 172800000 replication_factor: 1 num_of_partitions: 1 + - name: programuser.info + retention_time: 172800000 + replication_factor: 1 + num_of_partitions: 1 uci_service_topics: - name: inbound-error From 3e657821d09a4e5e3abe94f0e6fb8ec271e7cf55 Mon Sep 17 00:00:00 2001 From: princegupta1131 <114015020+princegupta1131@users.noreply.github.com> Date: Thu, 18 May 2023 13:44:34 +0530 Subject: [PATCH 327/434] ED-1945 feat:onboarded Question-set,question copy api (#3820) --- ansible/roles/kong-api/defaults/main.yml | 42 ++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 4c217d1692..c59e52bf17 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -7459,6 +7459,48 @@ kong_apis: - name: opa-checks config.required: false config.enabled: false + +- name: questionsetCopy + uris: "{{ questionset_prefix }}/v1/copy" + upstream_url: "{{ assessment_service_url }}/questionset/v4/copy" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionCopy + uris: "{{ question_prefix }}/v1/copy" + upstream_url: "{{ assessment_service_url }}/question/v4/copy" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false - name: getUsersPrograms uris: "{{ users_service_prefix }}/mlcore/v1/programs" From 2998eec2c2d4d63c09434036bd074127bc1fc234 Mon Sep 17 00:00:00 2001 From: sachin patil <91308046+spsac08@users.noreply.github.com> Date: Thu, 18 May 2023 14:31:23 +0530 Subject: [PATCH 328/434] Update main.yml Updated the value and added new keys and Values --- ansible/roles/ml-analytics-service/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 15f9b438c4..c859d0da48 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -58,7 +58,7 @@ ml_analytics_druid_project_injestion_spec : '{"type":"index","spec":{"ioConfig": ml_analytics_druid_distinctCnt_obs_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount/ml_observation_distinctCount_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"status"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' ml_analytics_druid_distinctCnt_obs_domain_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount_domain/ml_observation_distinctCount_domain.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-domain","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"string","name":"domain_name"},{"type":"string","name":"domain_externalId"},{"type":"string","name":"domain_level"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' ml_analytics_druid_distinctCnt_obs_domain_criteria_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount_domain_criteria/ml_observation_distinctCount_domain_criteria.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-domain-criteria","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"string","name":"domain_name"},{"type":"string","name":"domain_externalId"},{"type":"string","name":"domain_level"},{"type":"string","name":"criteria_name"},{"type":"string","name":"criteria_score"},{"type":"string","name":"criteria_id"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' -ml_analytics_druid_distinctCnt_projects_status_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/projects/distinctCount/ml_projects_distinctCount.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"project_title"},{"type":"string","name":"solution_id"},{"type":"string","name":"status_of_project"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"private_program"},{"type":"string","name":"project_created_type"},{"type":"string","name":"parent_channel"},{"type":"long","name":"unique_projects"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"long","name":"no_of_imp_with_evidence"},{"type":"string","name":"time_stamp"},{"type":"long","name":"no_of_certificate_issued"}]},"metricsSpec":[]}}}' +ml_analytics_druid_distinctCnt_projects_status_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/projects/distinctCount/ml_projects_distinctCount.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"project_title"},{"type":"string","name":"solution_id"},{"type":"string","name":"status_of_project"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"private_program"},{"type":"string","name":"project_created_type"},{"type":"string","name":"parent_channel"},{"type":"long","name":"unique_projects"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"long","name":"no_of_imp_with_evidence"},{"type":"long","name":"no_of_imp_with_evidence_inprogress"},{"type":"string","name":"time_stamp"},{"type":"long","name":"no_of_certificate_issued"}]},"metricsSpec":[]}}}' ml_analytics_obs_distinctCnt_cloud_blob_path: "observation/distinctCount/" ml_analytics_obs_distinctCnt_domain_cloud_blob_path: "observation/distinctCount_domain/" ml_analytics_obs_distinctCnt_domain_criteria_cloud_blob_path: "observation/distinctCount_domain_criteria/" @@ -116,3 +116,5 @@ ml_analytics_project_program : "{{ WORKDIR }}/ml-analytics-service/projects/prog ml_analytics_projects_program_filename: "{{ config_path }}/projects/program_ids.txt" ml_analytics_nvsk_imp_projects_data_local_path: "{{ config_path }}/urgent_data_metrics/output/" ml_analytics_nvsk_imp_projects_data_blob_path: "Manage_Learn_Data/micro_improvement/" +ml_analytics_nvsk_imp_projects_state_data_local_path: "{{ config_path }}/urgent_data_metrics/output_state/" +ml_analytics_nvsk_imp_projects_state_data_blob_path: "Manage_Learn_Data/micro_improvement_state/" From e37c90ebe17e5e38ae1f9957f6a02302d39ed892 Mon Sep 17 00:00:00 2001 From: BharathwajShankar Date: Fri, 26 May 2023 11:58:34 +0530 Subject: [PATCH 329/434] Issue #LR-324 fix:adding content_read_url to environment variable to make it dynamic --- .../roles/stack-sunbird/templates/sunbird_lms-service.env | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 7dfd4bfed7..b08a937fc7 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -159,4 +159,7 @@ sunbird_dial_service_search_url="/v1/dialcode/search" # Release-5.3.0 LR-539 exhaust_api_base_url={{ analytics_service_url | default('http://analytics-service:9000') }} exhaust_api_submit_endpoint=/request/submit -exhaust_api_list_endpoint=/request/list/ \ No newline at end of file +exhaust_api_list_endpoint=/request/list/ + +# Release-5.3.0 LR-324 +content_read_url=/content/v3/read/ \ No newline at end of file From ca6d8cf3f21b6235369c56f13059e10686b9fb3f Mon Sep 17 00:00:00 2001 From: anilgupta Date: Fri, 2 Jun 2023 14:31:43 +0530 Subject: [PATCH 330/434] Issue #LR-101 feat: Added the updated jenkins for Cassandra deploy. --- .../jobs/Kubernetes/jobs/Cassandra/config.xml | 474 ++++++++++-------- 1 file changed, 258 insertions(+), 216 deletions(-) diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Cassandra/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Cassandra/config.xml index 1e9db63132..3304f15fad 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Cassandra/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Cassandra/config.xml @@ -1,219 +1,261 @@ - - - false - - - - -1 - 10 - -1 - 2 - - - - - false - false - - - - - absolute_job_path - <font color=dimgray size=2><b>Do not change this value! The metadata.json will be copied from this job.</b></font> - ArtifactUpload/dev/Core/Cassandra - false - - - artifact_source - <font color=dimgray size=2><b> -ArtifactRepo - Download the artifact from azure blob, JenkinsJob - Use the atrifact from Jenkins job.</b></font> - choice-parameter-9600649228560 - 1 - - true - - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - - PT_SINGLE_SELECT - false - 1 - - - build_number - - choice-parameter-9600651313765 - 1 - - true - - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - artifact_source - ET_FORMATTED_HTML - true - - - artifact_version - - choice-parameter-9600653373369 - 1 - - true - - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - artifact_source - ET_FORMATTED_HTML - true - - - private_branch - - choice-parameter-2544395024638227 - 1 - - true - - - - true - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - - ET_FORMATTED_HTML - true - - - branch_or_tag - - choice-parameter-2620434998790477 - 1 - + true + + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + + PT_SINGLE_SELECT + false + 1 + + + build_number + choice-parameter-591902397549104 + 1 + + true + + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + artifact_source + ET_FORMATTED_HTML + true + + + artifact_version + choice-parameter-591902398907654 + 1 + + true + + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + artifact_source + ET_FORMATTED_HTML + false + + + private_branch + choice-parameter-2544395024638227 + 1 + + true + + + + true + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + + ET_FORMATTED_HTML + true + + + branch_or_tag + choice-parameter-2620434998790477 + 1 + - true - - - - true - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - - ET_FORMATTED_HTML - true - - - - - 0 - 0 - - false - project - false - - - - - - - - ArtifactUpload/dev/Core/Cassandra - - SUCCESS - 0 - BLUE - true - - - - - - - - 2 - - - https://github.com/project-sunbird/sunbird-devops.git - - - - - ${branch_or_tag} - - - false - - - - true - false - - 0 - false - - - - pipelines/deploy/cassandra-deploy/Jenkinsfile - false - - - false + } + else + return """<b>This parameter is not used</b>""" + true + + + + true + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + + ET_FORMATTED_HTML + true + + + script_repo + Enter the repo url from which keyspace script folder to be uploaded + https://github.com/Sunbird-Lern/sunbird-utils.git + false + + + script_repo_branch_or_tag + Enter the branch or tag for keyspace script repo + ${branch_or_tag} + false + + + cassandra_keyspace_to_migrate + choice-parameter-598043621453772 + 1 + + true + + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + + PT_SINGLE_SELECT + false + 1 + + + + + 0 + 0 + + false + project + false + + + + + + + + ArtifactUpload/dev/Core/Cassandra + + SUCCESS + 0 + BLUE + true + + + + + + + + 2 + + + https://github.com/project-sunbird/sunbird-devops.git + + + + + ${public_repo_branch} + + + false + + + + true + false + + 0 + false + + + + pipelines/deploy/cassandra-deploy/Jenkinsfile + false + + + false \ No newline at end of file From 8ffc2dede846cfc7e397bc155904a0526e5e0044 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Fri, 2 Jun 2023 14:36:00 +0530 Subject: [PATCH 331/434] Issue #LR-101 feat: Added the updated jenkins for Cassandra deploy. --- .../jobs/Kubernetes/jobs/Cassandra/config.xml | 474 ++++++++++-------- 1 file changed, 258 insertions(+), 216 deletions(-) diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Cassandra/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Cassandra/config.xml index 1e9db63132..3304f15fad 100644 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Cassandra/config.xml +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/Cassandra/config.xml @@ -1,219 +1,261 @@ - - - false - - - - -1 - 10 - -1 - 2 - - - - - false - false - - - - - absolute_job_path - <font color=dimgray size=2><b>Do not change this value! The metadata.json will be copied from this job.</b></font> - ArtifactUpload/dev/Core/Cassandra - false - - - artifact_source - <font color=dimgray size=2><b> -ArtifactRepo - Download the artifact from azure blob, JenkinsJob - Use the atrifact from Jenkins job.</b></font> - choice-parameter-9600649228560 - 1 - - true - - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - - PT_SINGLE_SELECT - false - 1 - - - build_number - - choice-parameter-9600651313765 - 1 - - true - - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - artifact_source - ET_FORMATTED_HTML - true - - - artifact_version - - choice-parameter-9600653373369 - 1 - - true - - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - artifact_source - ET_FORMATTED_HTML - true - - - private_branch - - choice-parameter-2544395024638227 - 1 - - true - - - - true - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - - ET_FORMATTED_HTML - true - - - branch_or_tag - - choice-parameter-2620434998790477 - 1 - + true + + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + + PT_SINGLE_SELECT + false + 1 + + + build_number + choice-parameter-591902397549104 + 1 + + true + + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + artifact_source + ET_FORMATTED_HTML + true + + + artifact_version + choice-parameter-591902398907654 + 1 + + true + + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + artifact_source + ET_FORMATTED_HTML + false + + + private_branch + choice-parameter-2544395024638227 + 1 + + true + + + + true + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + + ET_FORMATTED_HTML + true + + + branch_or_tag + choice-parameter-2620434998790477 + 1 + - true - - - - true - - - Cassandra - Deploy/dev/Kubernetes/Cassandra - - - ET_FORMATTED_HTML - true - - - - - 0 - 0 - - false - project - false - - - - - - - - ArtifactUpload/dev/Core/Cassandra - - SUCCESS - 0 - BLUE - true - - - - - - - - 2 - - - https://github.com/project-sunbird/sunbird-devops.git - - - - - ${branch_or_tag} - - - false - - - - true - false - - 0 - false - - - - pipelines/deploy/cassandra-deploy/Jenkinsfile - false - - - false + } + else + return """<b>This parameter is not used</b>""" + true + + + + true + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + + ET_FORMATTED_HTML + true + + + script_repo + Enter the repo url from which keyspace script folder to be uploaded + https://github.com/Sunbird-Lern/sunbird-utils.git + false + + + script_repo_branch_or_tag + Enter the branch or tag for keyspace script repo + ${branch_or_tag} + false + + + cassandra_keyspace_to_migrate + choice-parameter-598043621453772 + 1 + + true + + + + Cassandra + Deploy/dev/Kubernetes/Cassandra + + + PT_SINGLE_SELECT + false + 1 + + + + + 0 + 0 + + false + project + false + + + + + + + + ArtifactUpload/dev/Core/Cassandra + + SUCCESS + 0 + BLUE + true + + + + + + + + 2 + + + https://github.com/project-sunbird/sunbird-devops.git + + + + + ${public_repo_branch} + + + false + + + + true + false + + 0 + false + + + + pipelines/deploy/cassandra-deploy/Jenkinsfile + false + + + false \ No newline at end of file From 72febe57270a52bff98fd41b3de074ad79325980 Mon Sep 17 00:00:00 2001 From: Shakthieshwari <39152861+Shakthieshwari@users.noreply.github.com> Date: Fri, 2 Jun 2023 20:50:02 +0530 Subject: [PATCH 332/434] Added ML PII New Data Product Job Id to the SubmitDataExhaustAPI (#3833) --- kubernetes/opa/analytics/policies.rego | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/opa/analytics/policies.rego b/kubernetes/opa/analytics/policies.rego index a76d5d03ac..b590c6e3e8 100644 --- a/kubernetes/opa/analytics/policies.rego +++ b/kubernetes/opa/analytics/policies.rego @@ -57,7 +57,7 @@ submitDataExhaustRequest { roles :=["PROGRAM_MANAGER", "PROGRAM_DESIGNER"] super.acls_check(acls) super.role_check(roles) - input.parsed_body.request.dataset in ["druid-dataset"] + input.parsed_body.request.dataset in ["druid-dataset","program-user-exhaust"] x_channel_id x_authenticated_userid == super.userid } @@ -65,4 +65,4 @@ submitDataExhaustRequest { submitDataExhaustRequest { not x_authenticated_user_token not x_authenticated_userid -} \ No newline at end of file +} From 1ff879ed940558f908e4df4e6c89294c773f2e10 Mon Sep 17 00:00:00 2001 From: Shakthieshwari Date: Mon, 5 Jun 2023 18:12:14 +0530 Subject: [PATCH 333/434] Added ML PII New Data Product Job Id to the SubmitDataExhaustAPI to 5.2.0-lern branch --- kubernetes/opa/analytics/policies.rego | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/opa/analytics/policies.rego b/kubernetes/opa/analytics/policies.rego index a76d5d03ac..b590c6e3e8 100644 --- a/kubernetes/opa/analytics/policies.rego +++ b/kubernetes/opa/analytics/policies.rego @@ -57,7 +57,7 @@ submitDataExhaustRequest { roles :=["PROGRAM_MANAGER", "PROGRAM_DESIGNER"] super.acls_check(acls) super.role_check(roles) - input.parsed_body.request.dataset in ["druid-dataset"] + input.parsed_body.request.dataset in ["druid-dataset","program-user-exhaust"] x_channel_id x_authenticated_userid == super.userid } @@ -65,4 +65,4 @@ submitDataExhaustRequest { submitDataExhaustRequest { not x_authenticated_user_token not x_authenticated_userid -} \ No newline at end of file +} From c5687dc87159cc050de774baf25188f72f71861c Mon Sep 17 00:00:00 2001 From: princegupta1131 <114015020+princegupta1131@users.noreply.github.com> Date: Tue, 6 Jun 2023 12:41:10 +0530 Subject: [PATCH 334/434] #SB-0000 fix: updating the pdataid and version --- .../artifacts/sunbird/login/resources/js/telemetry_service.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js b/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js index cd664d20eb..e858bfb817 100644 --- a/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js +++ b/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js @@ -2488,6 +2488,8 @@ if (window.location.origin.indexOf("diksha.gov.in") >= 0) { tenantSlug = "sunbird"; } else { pdataId = "preprod.diksha.portal"; + tenantSlug = "sunbird"; + } let curUrlObj = window.location; @@ -2506,7 +2508,7 @@ if(client_id.toLowerCase() === 'android'){ "telemetry": { "pdata": { "id": pdataId, - "ver": "5.2.0", + "ver": "6.0.0", "pid": "sunbird-portal" } } From 5d52491523e023d329276958e93ec776b601ef2c Mon Sep 17 00:00:00 2001 From: Shakthieshwari Date: Tue, 6 Jun 2023 17:00:58 +0530 Subject: [PATCH 335/434] Added ML PII Data Product job to submit APO --- kubernetes/opa/analytics/policies.rego | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/opa/analytics/policies.rego b/kubernetes/opa/analytics/policies.rego index a76d5d03ac..b590c6e3e8 100644 --- a/kubernetes/opa/analytics/policies.rego +++ b/kubernetes/opa/analytics/policies.rego @@ -57,7 +57,7 @@ submitDataExhaustRequest { roles :=["PROGRAM_MANAGER", "PROGRAM_DESIGNER"] super.acls_check(acls) super.role_check(roles) - input.parsed_body.request.dataset in ["druid-dataset"] + input.parsed_body.request.dataset in ["druid-dataset","program-user-exhaust"] x_channel_id x_authenticated_userid == super.userid } @@ -65,4 +65,4 @@ submitDataExhaustRequest { submitDataExhaustRequest { not x_authenticated_user_token not x_authenticated_userid -} \ No newline at end of file +} From beb77b424787b3e39cba572edc4043e65fbca953 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Wed, 7 Jun 2023 16:39:38 +0530 Subject: [PATCH 336/434] Issue #LR-122 feat: Renamed user-org to userorg --- .../helm_charts/core/user-org/Chart.yaml | 5 - .../core/user-org/templates/configmap.yaml | 25 --- .../core/user-org/templates/deployment.yaml | 170 ------------------ .../core/user-org/templates/hpa.yaml | 27 --- .../helm_charts/core/user-org/values.j2 | 72 -------- .../core/{user-org => userorg}/.helmignore | 0 .../helm_charts/core/userorg/Chart.yaml | 2 +- .../templates/_helpers.tpl | 0 .../core/userorg/templates/configmap.yaml | 35 ++-- .../core/userorg/templates/deployment.yaml | 115 +++++++++++- .../templates/envoy-config.yaml | 0 .../templates/serviceMonitor.yaml | 0 kubernetes/helm_charts/core/userorg/values.j2 | 72 ++++++-- 13 files changed, 195 insertions(+), 328 deletions(-) delete mode 100644 kubernetes/helm_charts/core/user-org/Chart.yaml delete mode 100644 kubernetes/helm_charts/core/user-org/templates/configmap.yaml delete mode 100644 kubernetes/helm_charts/core/user-org/templates/deployment.yaml delete mode 100644 kubernetes/helm_charts/core/user-org/templates/hpa.yaml delete mode 100644 kubernetes/helm_charts/core/user-org/values.j2 rename kubernetes/helm_charts/core/{user-org => userorg}/.helmignore (100%) rename kubernetes/helm_charts/core/{user-org => userorg}/templates/_helpers.tpl (100%) rename kubernetes/helm_charts/core/{user-org => userorg}/templates/envoy-config.yaml (100%) rename kubernetes/helm_charts/core/{user-org => userorg}/templates/serviceMonitor.yaml (100%) diff --git a/kubernetes/helm_charts/core/user-org/Chart.yaml b/kubernetes/helm_charts/core/user-org/Chart.yaml deleted file mode 100644 index b6eea73a17..0000000000 --- a/kubernetes/helm_charts/core/user-org/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: "1.0" -description: A Helm chart for Kubernetes -name: user-org -version: 0.1.0 diff --git a/kubernetes/helm_charts/core/user-org/templates/configmap.yaml b/kubernetes/helm_charts/core/user-org/templates/configmap.yaml deleted file mode 100644 index 7c91ec6cca..0000000000 --- a/kubernetes/helm_charts/core/user-org/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -{{- $keys := .Files.Glob "keys/*" }} -{{ if $keys }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Chart.Name }}-access-keys -type: Opaque -data: -{{ (.Files.Glob "keys/*").AsSecrets | indent 2 }} -{{ end }} - ---- -{{- if .Values.learner_opa_enabled }} -{{- $bundle := .Files.Glob "bundle/*" }} -{{ if $bundle }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Chart.Name }}-opa-policy - namespace: {{ .Values.namespace }} -binaryData: - bundle.tar.gz: {{ (.Files.Get "bundle/bundle.tar.gz") | b64enc }} -{{ end }} -{{ end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/user-org/templates/deployment.yaml b/kubernetes/helm_charts/core/user-org/templates/deployment.yaml deleted file mode 100644 index 9ae78bfebf..0000000000 --- a/kubernetes/helm_charts/core/user-org/templates/deployment.yaml +++ /dev/null @@ -1,170 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Chart.Name }} - namespace: {{ .Values.namespace }} - annotations: - reloader.stakater.com/auto: "true" -spec: - replicas: {{ .Values.replicaCount }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.strategy.maxsurge }} - maxUnavailable: {{ .Values.strategy.maxunavailable }} - selector: - matchLabels: - app: {{ .Chart.Name }} - template: - metadata: - labels: - app: {{ .Chart.Name }} - spec: -{{- if .Values.imagepullsecrets }} - imagePullSecrets: - - name: {{ .Values.imagepullsecrets }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.dockerhub }}/{{ .Values.repository }}:{{ .Values.image_tag }}" - imagePullPolicy: Always - env: - - name: JAVA_OPTIONS - value: {{ .Values.env.javaoptions | quote }} - - name: _JAVA_OPTIONS - value: -Dlog4j2.formatMsgNoLookups=true - envFrom: - - configMapRef: - name: {{ .Chart.Name }}-config - resources: -{{ toYaml .Values.resources | indent 10 }} - ports: - - containerPort: {{ .Values.network.port }} - {{- if .Values.healthcheck }} - livenessProbe: -{{ toYaml .Values.livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.readinessProbe | indent 10 }} - {{- end }} - volumeMounts: - - name: {{ .Chart.Name }}-xml-config - mountPath: /home/sunbird/user-org-service-1.0-SNAPSHOT/config/logback.xml - subPath: user-org-service_logback.xml -{{- $keys := .Files.Glob "keys/*" }} -{{- if $keys }} - - mountPath: {{ .Values.learner_access_basepath }} - name: access-keys -{{- end }} -{{- if .Values.learner_opa_enabled }} - - args: - - envoy - - --config-path - - /config/envoy-config.yaml - env: - - name: ENVOY_UID - value: "1111" - image: envoyproxy/envoy:v1.20.0 - imagePullPolicy: IfNotPresent - name: envoy - {{- if .Values.envoy_healthcheck }} - livenessProbe: -{{ toYaml .Values.envoy_livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.envoy_readinessProbe | indent 10 }} - {{- end }} - resources: -{{ toYaml .Values.envoy_resources | indent 10 }} - volumeMounts: - - mountPath: /config - name: envoy-config - readOnly: true - - args: - - run - - --server - - /bundle - - --addr=localhost:8181 - - --diagnostic-addr=0.0.0.0:8282 - - --set=plugins.envoy_ext_authz_grpc.addr=:9191 - - --set=plugins.envoy_ext_authz_grpc.path=main/allow - - --set=decision_logs.plugin=print_decision_logs_on_failure - - --set=plugins.print_decision_logs_on_failure.stdout=true - - --log-level=error - - --ignore=.* - image: sunbird/opa:0.34.2-envoy - imagePullPolicy: IfNotPresent - name: opa - {{- if .Values.opa_healthcheck }} - livenessProbe: -{{ toYaml .Values.opa_livenessProbe | indent 10 }} - readinessProbe: -{{ toYaml .Values.opa_readinessProbe | indent 10 }} - {{- end }} - resources: -{{ toYaml .Values.opa_resources | indent 10 }} - volumeMounts: - - mountPath: /bundle - name: opa-policy - readOnly: true - initContainers: - - args: - - -p - - "9999" - - -u - - "1111" - - -w - - "8282,10000" - image: openpolicyagent/proxy_init:v5 - imagePullPolicy: IfNotPresent - name: proxy-init - resources: -{{ toYaml .Values.initcontainer_resources | indent 10 }} - securityContext: - capabilities: - add: - - NET_ADMIN - runAsNonRoot: false - runAsUser: 0 -{{- end }} - volumes: - - name: {{ .Chart.Name }}-xml-config - configMap: - name: {{ .Chart.Name }}-xml-config -{{- $keys := .Files.Glob "keys/*" }} -{{- if $keys }} - - name: access-keys - secret: - secretName: {{ .Chart.Name }}-access-keys -{{- end }} -{{- if .Values.learner_opa_enabled }} - - name: envoy-config - configMap: - name: {{ .Chart.Name }}-envoy-config - - name: opa-policy - configMap: - name: {{ .Chart.Name }}-opa-policy -{{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Chart.Name }}-service - namespace: {{ .Values.namespace }} - labels: - app: {{ .Chart.Name }} -spec: - ports: - - name: http-{{ .Chart.Name }} - protocol: TCP - port: {{ .Values.network.targetport }} -{{- if .Values.learner_opa_enabled }} - - name: opa-metrics - port: 8181 - protocol: TCP - targetPort: 8181 - - name: envoy-metrics - port: 10000 - protocol: TCP - targetPort: 10000 -{{- end }} - selector: - app: {{ .Chart.Name }} diff --git a/kubernetes/helm_charts/core/user-org/templates/hpa.yaml b/kubernetes/helm_charts/core/user-org/templates/hpa.yaml deleted file mode 100644 index 1ba4f89a8b..0000000000 --- a/kubernetes/helm_charts/core/user-org/templates/hpa.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ .Chart.Name }} - namespace: {{ .Values.namespace }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ .Chart.Name }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/user-org/values.j2 b/kubernetes/helm_charts/core/user-org/values.j2 deleted file mode 100644 index e07e2a512e..0000000000 --- a/kubernetes/helm_charts/core/user-org/values.j2 +++ /dev/null @@ -1,72 +0,0 @@ - -### Default variable file for user-org-service ### - -namespace: {{ namespace }} -imagepullsecrets: {{ imagepullsecrets }} -dockerhub: {{ dockerhub }} - -env: - javaoptions: {{learner_java_mem_limit|default('-Xmx600m')}} - -replicaCount: {{learner_replicacount|default(1)}} -repository: {{learner_repository|default('user-org-service')}} -image_tag: {{ image_tag }} -resources: - requests: - cpu: {{learner_cpu_req|default('100m')}} - memory: {{learner_mem_req|default('100Mi')}} - limits: - cpu: {{learner_cpu_limit|default('1')}} - memory: {{learner_mem_limit|default('1024Mi')}} -network: - port: 9000 - targetport: 9000 -strategy: - type: RollingUpdate - maxsurge: {{ learner_maxsurge|default('25%') }} - maxunavailable: {{ learner_maxunavailable|default('25%') }} - -{{ learner_liveness_readiness | to_nice_yaml }} -{{ opa_liveness_readiness | to_nice_yaml }} -{{ envoy_liveness_readiness | to_nice_yaml }} - -learner_opa_enabled: {{ learner_opa_enabled | default('true') }} - -envoy_resources: - requests: - cpu: "{{ learner_envoy_cpu_req | default('100m') }}" - memory: "{{ learner_envoy_mem_req | default('100Mi') }}" - limits: - cpu: "{{ learner_envoy_cpu_limit | default('1') }}" - memory: "{{ learner_envoy_mem_limit | default('1024Mi') }}" - -opa_resources: - requests: - cpu: "{{ learner_opa_cpu_req | default('100m') }}" - memory: "{{ learner_opa_mem_req | default('100Mi') }}" - limits: - cpu: "{{ learner_opa_cpu_limit | default('1') }}" - memory: "{{ learner_opa_mem_limit | default('1024Mi') }}" - -initcontainer_resources: - requests: - cpu: "{{ learner_initcontainer_cpu_req | default('100m') }}" - memory: "{{ learner_initcontainer_mem_req | default('100Mi') }}" - limits: - cpu: "{{ learner_initcontainer_cpu_limit | default('100m') }}" - memory: "{{ learner_initcontainer_mem_limit | default('100Mi') }}" - -learner_access_basepath: {{ learner_access_basepath | default('/keys/') }} - -serviceMonitor: - enabled: true - labels: # labels with which the prometheus choose the serviceMonitor - app: prometheus-operator - release: prometheus-operator - -autoscaling: - enabled: {{ learner_autoscaling_enabled | default('false') }} - minReplicas: {{ learner_autoscaling_minReplicas|default(1) }} - maxReplicas: {{ learner_autoscaling_maxReplicas|default(2) }} - targetCPUUtilizationPercentage: {{ learner_autoscaling_targetCPUUtilizationPercentage|default(60) }} - targetMemoryUtilizationPercentage: {{ learner_autoscaling_targetMemoryUtilizationPercentage|default('') }} diff --git a/kubernetes/helm_charts/core/user-org/.helmignore b/kubernetes/helm_charts/core/userorg/.helmignore similarity index 100% rename from kubernetes/helm_charts/core/user-org/.helmignore rename to kubernetes/helm_charts/core/userorg/.helmignore diff --git a/kubernetes/helm_charts/core/userorg/Chart.yaml b/kubernetes/helm_charts/core/userorg/Chart.yaml index c7c993ab63..b6eea73a17 100644 --- a/kubernetes/helm_charts/core/userorg/Chart.yaml +++ b/kubernetes/helm_charts/core/userorg/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes -name: userorg +name: user-org version: 0.1.0 diff --git a/kubernetes/helm_charts/core/user-org/templates/_helpers.tpl b/kubernetes/helm_charts/core/userorg/templates/_helpers.tpl similarity index 100% rename from kubernetes/helm_charts/core/user-org/templates/_helpers.tpl rename to kubernetes/helm_charts/core/userorg/templates/_helpers.tpl diff --git a/kubernetes/helm_charts/core/userorg/templates/configmap.yaml b/kubernetes/helm_charts/core/userorg/templates/configmap.yaml index 94fd443c77..7c91ec6cca 100644 --- a/kubernetes/helm_charts/core/userorg/templates/configmap.yaml +++ b/kubernetes/helm_charts/core/userorg/templates/configmap.yaml @@ -1,10 +1,25 @@ -#apiVersion: v1 -#data: -# {{- range $key, $val := .Values.userorgenv }} -# {{ $key }}: {{ $val }} -# {{- end }} -#kind: ConfigMap -#metadata: -# creationTimestamp: null -# name: {{ .Chart.Name }}-config -# namespace: {{ .Values.namespace }} +--- +{{- $keys := .Files.Glob "keys/*" }} +{{ if $keys }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-access-keys +type: Opaque +data: +{{ (.Files.Glob "keys/*").AsSecrets | indent 2 }} +{{ end }} + +--- +{{- if .Values.learner_opa_enabled }} +{{- $bundle := .Files.Glob "bundle/*" }} +{{ if $bundle }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-opa-policy + namespace: {{ .Values.namespace }} +binaryData: + bundle.tar.gz: {{ (.Files.Get "bundle/bundle.tar.gz") | b64enc }} +{{ end }} +{{ end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/userorg/templates/deployment.yaml b/kubernetes/helm_charts/core/userorg/templates/deployment.yaml index d3f83edaf7..9ae78bfebf 100644 --- a/kubernetes/helm_charts/core/userorg/templates/deployment.yaml +++ b/kubernetes/helm_charts/core/userorg/templates/deployment.yaml @@ -28,6 +28,11 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.dockerhub }}/{{ .Values.repository }}:{{ .Values.image_tag }}" imagePullPolicy: Always + env: + - name: JAVA_OPTIONS + value: {{ .Values.env.javaoptions | quote }} + - name: _JAVA_OPTIONS + value: -Dlog4j2.formatMsgNoLookups=true envFrom: - configMapRef: name: {{ .Chart.Name }}-config @@ -41,12 +46,108 @@ spec: readinessProbe: {{ toYaml .Values.readinessProbe | indent 10 }} {{- end }} - + volumeMounts: + - name: {{ .Chart.Name }}-xml-config + mountPath: /home/sunbird/user-org-service-1.0-SNAPSHOT/config/logback.xml + subPath: user-org-service_logback.xml +{{- $keys := .Files.Glob "keys/*" }} +{{- if $keys }} + - mountPath: {{ .Values.learner_access_basepath }} + name: access-keys +{{- end }} +{{- if .Values.learner_opa_enabled }} + - args: + - envoy + - --config-path + - /config/envoy-config.yaml + env: + - name: ENVOY_UID + value: "1111" + image: envoyproxy/envoy:v1.20.0 + imagePullPolicy: IfNotPresent + name: envoy + {{- if .Values.envoy_healthcheck }} + livenessProbe: +{{ toYaml .Values.envoy_livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.envoy_readinessProbe | indent 10 }} + {{- end }} + resources: +{{ toYaml .Values.envoy_resources | indent 10 }} + volumeMounts: + - mountPath: /config + name: envoy-config + readOnly: true + - args: + - run + - --server + - /bundle + - --addr=localhost:8181 + - --diagnostic-addr=0.0.0.0:8282 + - --set=plugins.envoy_ext_authz_grpc.addr=:9191 + - --set=plugins.envoy_ext_authz_grpc.path=main/allow + - --set=decision_logs.plugin=print_decision_logs_on_failure + - --set=plugins.print_decision_logs_on_failure.stdout=true + - --log-level=error + - --ignore=.* + image: sunbird/opa:0.34.2-envoy + imagePullPolicy: IfNotPresent + name: opa + {{- if .Values.opa_healthcheck }} + livenessProbe: +{{ toYaml .Values.opa_livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.opa_readinessProbe | indent 10 }} + {{- end }} + resources: +{{ toYaml .Values.opa_resources | indent 10 }} + volumeMounts: + - mountPath: /bundle + name: opa-policy + readOnly: true + initContainers: + - args: + - -p + - "9999" + - -u + - "1111" + - -w + - "8282,10000" + image: openpolicyagent/proxy_init:v5 + imagePullPolicy: IfNotPresent + name: proxy-init + resources: +{{ toYaml .Values.initcontainer_resources | indent 10 }} + securityContext: + capabilities: + add: + - NET_ADMIN + runAsNonRoot: false + runAsUser: 0 +{{- end }} + volumes: + - name: {{ .Chart.Name }}-xml-config + configMap: + name: {{ .Chart.Name }}-xml-config +{{- $keys := .Files.Glob "keys/*" }} +{{- if $keys }} + - name: access-keys + secret: + secretName: {{ .Chart.Name }}-access-keys +{{- end }} +{{- if .Values.learner_opa_enabled }} + - name: envoy-config + configMap: + name: {{ .Chart.Name }}-envoy-config + - name: opa-policy + configMap: + name: {{ .Chart.Name }}-opa-policy +{{- end }} --- apiVersion: v1 kind: Service metadata: - name: user-org-service + name: {{ .Chart.Name }}-service namespace: {{ .Values.namespace }} labels: app: {{ .Chart.Name }} @@ -55,5 +156,15 @@ spec: - name: http-{{ .Chart.Name }} protocol: TCP port: {{ .Values.network.targetport }} +{{- if .Values.learner_opa_enabled }} + - name: opa-metrics + port: 8181 + protocol: TCP + targetPort: 8181 + - name: envoy-metrics + port: 10000 + protocol: TCP + targetPort: 10000 +{{- end }} selector: app: {{ .Chart.Name }} diff --git a/kubernetes/helm_charts/core/user-org/templates/envoy-config.yaml b/kubernetes/helm_charts/core/userorg/templates/envoy-config.yaml similarity index 100% rename from kubernetes/helm_charts/core/user-org/templates/envoy-config.yaml rename to kubernetes/helm_charts/core/userorg/templates/envoy-config.yaml diff --git a/kubernetes/helm_charts/core/user-org/templates/serviceMonitor.yaml b/kubernetes/helm_charts/core/userorg/templates/serviceMonitor.yaml similarity index 100% rename from kubernetes/helm_charts/core/user-org/templates/serviceMonitor.yaml rename to kubernetes/helm_charts/core/userorg/templates/serviceMonitor.yaml diff --git a/kubernetes/helm_charts/core/userorg/values.j2 b/kubernetes/helm_charts/core/userorg/values.j2 index 2b0a36cc24..e07e2a512e 100644 --- a/kubernetes/helm_charts/core/userorg/values.j2 +++ b/kubernetes/helm_charts/core/userorg/values.j2 @@ -1,32 +1,72 @@ -### Default variable file for userorg-service ### + +### Default variable file for user-org-service ### namespace: {{ namespace }} imagepullsecrets: {{ imagepullsecrets }} dockerhub: {{ dockerhub }} -replicaCount: {{userorg_replicacount|default(1)}} -repository: {{userorg_repository|default('user_org_service')}} +env: + javaoptions: {{learner_java_mem_limit|default('-Xmx600m')}} + +replicaCount: {{learner_replicacount|default(1)}} +repository: {{learner_repository|default('user-org-service')}} image_tag: {{ image_tag }} resources: requests: - cpu: {{userorg_cpu_req|default('100m')}} - memory: {{userorg_mem_req|default('100Mi')}} + cpu: {{learner_cpu_req|default('100m')}} + memory: {{learner_mem_req|default('100Mi')}} limits: - cpu: {{userorg_cpu_limit|default('1')}} - memory: {{userorg_mem_limit|default('1024Mi')}} + cpu: {{learner_cpu_limit|default('1')}} + memory: {{learner_mem_limit|default('1024Mi')}} network: - port: 9008 + port: 9000 targetport: 9000 strategy: type: RollingUpdate - maxsurge: {{ userorg_maxsurge|default('25%') }} - maxunavailable: {{ userorg_maxunavailable|default('25%') }} + maxsurge: {{ learner_maxsurge|default('25%') }} + maxunavailable: {{ learner_maxunavailable|default('25%') }} + +{{ learner_liveness_readiness | to_nice_yaml }} +{{ opa_liveness_readiness | to_nice_yaml }} +{{ envoy_liveness_readiness | to_nice_yaml }} + +learner_opa_enabled: {{ learner_opa_enabled | default('true') }} + +envoy_resources: + requests: + cpu: "{{ learner_envoy_cpu_req | default('100m') }}" + memory: "{{ learner_envoy_mem_req | default('100Mi') }}" + limits: + cpu: "{{ learner_envoy_cpu_limit | default('1') }}" + memory: "{{ learner_envoy_mem_limit | default('1024Mi') }}" + +opa_resources: + requests: + cpu: "{{ learner_opa_cpu_req | default('100m') }}" + memory: "{{ learner_opa_mem_req | default('100Mi') }}" + limits: + cpu: "{{ learner_opa_cpu_limit | default('1') }}" + memory: "{{ learner_opa_mem_limit | default('1024Mi') }}" + +initcontainer_resources: + requests: + cpu: "{{ learner_initcontainer_cpu_req | default('100m') }}" + memory: "{{ learner_initcontainer_mem_req | default('100Mi') }}" + limits: + cpu: "{{ learner_initcontainer_cpu_limit | default('100m') }}" + memory: "{{ learner_initcontainer_mem_limit | default('100Mi') }}" + +learner_access_basepath: {{ learner_access_basepath | default('/keys/') }} -{{ userorg_liveness_readiness | to_nice_yaml }} +serviceMonitor: + enabled: true + labels: # labels with which the prometheus choose the serviceMonitor + app: prometheus-operator + release: prometheus-operator autoscaling: - enabled: {{ userorg_autoscaling_enabled | default('false') }} - minReplicas: {{ userorg_autoscaling_minReplicas|default(1) }} - maxReplicas: {{ userorg_autoscaling_maxReplicas|default(2) }} - targetCPUUtilizationPercentage: {{ userorg_autoscaling_targetCPUUtilizationPercentage|default(60) }} - targetMemoryUtilizationPercentage: {{ userorg_autoscaling_targetMemoryUtilizationPercentage|default('') }} \ No newline at end of file + enabled: {{ learner_autoscaling_enabled | default('false') }} + minReplicas: {{ learner_autoscaling_minReplicas|default(1) }} + maxReplicas: {{ learner_autoscaling_maxReplicas|default(2) }} + targetCPUUtilizationPercentage: {{ learner_autoscaling_targetCPUUtilizationPercentage|default(60) }} + targetMemoryUtilizationPercentage: {{ learner_autoscaling_targetMemoryUtilizationPercentage|default('') }} From 6149a71a13830c3367e7b37852c9396f0471e16e Mon Sep 17 00:00:00 2001 From: anilgupta Date: Wed, 7 Jun 2023 21:47:39 +0530 Subject: [PATCH 337/434] Issue #LR-122 feat: Renamed user_org_service to userorg_service --- ansible/inventory/env/group_vars/all.yml | 8 +- ansible/logstash-provision.yml | 16 +- ansible/roles/kong-api/defaults/main.yml | 160 +++++++++--------- .../lms-logstash-deploy/defaults/main.yml | 4 +- .../roles/lms-logstash-deploy/tasks/main.yml | 6 +- ansible/roles/logstash/defaults/main.yml | 4 +- ansible/roles/logstash/tasks/main.yml | 12 +- ansible/roles/logstash/templates/logstash.j2 | 2 +- .../logstash/templates/logstash.service.j2 | 4 +- .../roles/post-install/tasks/user_org.yaml | 6 +- ansible/roles/redis-backup/defaults/main.yml | 2 +- ansible/roles/reset-docker/tasks/main.yml | 4 +- ansible/roles/stack-keycloak/tasks/common.yml | 2 +- .../stack-monitor-stateful/defaults/main.yml | 2 +- ansible/roles/stack-monitor/defaults/main.yml | 2 +- .../templates/proxy-default.conf | 6 +- .../stack-proxy/templates/proxy-default.conf | 2 +- ansible/roles/stack-sunbird/defaults/main.yml | 31 ++-- ansible/roles/stack-sunbird/tasks/main.yml | 5 +- .../stack-sunbird/tasks/user-org-service.yml | 9 - .../stack-sunbird/tasks/user_org_service.yml | 7 - .../stack-sunbird/tasks/userorg-service.yml | 9 + .../templates/ml-core-service.env | 2 +- .../templates/ml-projects-service.env | 2 +- .../templates/ml-survey-service.env | 2 +- ..._service.yml => stack_userorg_service.yml} | 10 +- .../templates/sunbird_groups-service.env | 2 +- .../sunbird_notification-service.env | 2 +- ...ervice.env => sunbird_userorg-service.env} | 0 ...er-org-service.env => userorg-service.env} | 6 +- ...ogback.xml => userorg-service_logback.xml} | 0 ansible/static-files/health.sh | 2 +- deploy/deploy-core.sh | 2 +- deploy/gitOPS/github.csv | 2 +- .../General/service-memory-usage-ds1.json | 4 +- deploy/postInstallation.sh | 4 +- deploy/version.env | 2 +- .../sunbird-monitoring/defaults/main.yml | 4 +- kubernetes/ansible/static-files/health.sh | 2 +- .../templates/configmap.yaml | 6 +- .../core/nginx-public-ingress/values.j2 | 4 +- .../helm_charts/core/userorg/Chart.yaml | 2 +- .../core/userorg/templates/_helpers.tpl | 12 +- .../core/userorg/templates/configmap.yaml | 2 +- .../core/userorg/templates/deployment.yaml | 12 +- .../core/userorg/templates/envoy-config.yaml | 2 +- .../userorg/templates/serviceMonitor.yaml | 2 +- kubernetes/helm_charts/core/userorg/values.j2 | 60 +++---- .../dashboards/dashboards/service-memory.json | 4 +- .../networkconfig/templates/private-vs.yaml | 6 +- .../opa/{user-org => userorg}/common.rego | 0 .../opa/{user-org => userorg}/main.rego | 0 .../opa/{user-org => userorg}/policies.rego | 0 .../{user-org => userorg}/policies_test.rego | 0 pipelines/deploy/user-org/Jenkinsfile | 36 ---- pipelines/deploy/userorg/Jenkinsfile | 2 +- 56 files changed, 227 insertions(+), 274 deletions(-) delete mode 100644 ansible/roles/stack-sunbird/tasks/user-org-service.yml delete mode 100644 ansible/roles/stack-sunbird/tasks/user_org_service.yml create mode 100644 ansible/roles/stack-sunbird/tasks/userorg-service.yml rename ansible/roles/stack-sunbird/templates/{stack_user_org_service.yml => stack_userorg_service.yml} (65%) rename ansible/roles/stack-sunbird/templates/{sunbird_user-org-service.env => sunbird_userorg-service.env} (100%) rename ansible/roles/stack-sunbird/templates/{user-org-service.env => userorg-service.env} (98%) rename ansible/roles/stack-sunbird/templates/{user-org-service_logback.xml => userorg-service_logback.xml} (100%) rename kubernetes/opa/{user-org => userorg}/common.rego (100%) rename kubernetes/opa/{user-org => userorg}/main.rego (100%) rename kubernetes/opa/{user-org => userorg}/policies.rego (100%) rename kubernetes/opa/{user-org => userorg}/policies_test.rego (100%) delete mode 100644 pipelines/deploy/user-org/Jenkinsfile diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 68ae89385c..6ae05528e0 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -10,7 +10,7 @@ api_proxy_name: "api.{{proxy_server_name}}" # Domain name on which device reg swarm_load_balancer: "{{proxy_server_name}}" proxy_site_key: "{{ core_vault_proxy_site_key }}" #SSL certificate's site.key file contents. More details in this wiki: {{proto}}://github.com/project-sunbird/sunbird-commons/wiki/Updating-SSL-certificates-in-Sunbird-Proxy-service proxy_site_crt: "{{ core_vault_proxy_site_crt }}" #SSL certificate's site.crt file contents. More details in this wiki: {{proto}}://github.com/project-sunbird/sunbird-commons/wiki/Updating-SSL-certificates-in-Sunbird-Proxy-service -sunbird_environment: "{{env}}" # +content-service user-org +sunbird_environment: "{{env}}" # +content-service userorg sunbird_installation: "{{env}}" # +keycloak sunbird_instance: "{{env}}" env_short_name: "{{env}}" @@ -175,7 +175,7 @@ sunbird_plugin_repo_api_base_url: "{{ sunbird_search_service_api_base_url }}" sunbird_data_service_api_base_url: "{{sunbird_ekstep_api_base_url}}" sunbird_data_service_api_key: "{{ core_vault_sunbird_api_auth_token }}" sunbird_content_service_api_base_url: "http://content-service.{{namespace}}.svc.cluster.local:9000" -sunbird_user_service_api_base_url: "http://user-org-service.{{namespace}}.svc.cluster.local:9000" +sunbird_user_service_api_base_url: "http://userorg-service.{{namespace}}.svc.cluster.local:9000" sunbird_group_service_api_base_url: "http://groups-service:9000" plugin_media_base_url: "{{proto}}://{{domain_name}}" @@ -236,7 +236,7 @@ enable_scraping_docker_metrics: false postgres_exporter_postgres_port: 5432 postgres_exporter_user: postgres_exporter sunbird_cs_base_url: "http://{{sunbird_swarm_manager_lb_ip}}:5000" -sunbird_user_service_base_url: "http://{{private_ingressgateway_ip}}/user-org" +sunbird_user_service_base_url: "http://{{private_ingressgateway_ip}}/userorg" kong_admin_api_url: http://localhost:8001 @@ -419,7 +419,7 @@ sunbird_sso_kafka_topic: "{{env_name}}.lms.sso.events" __yarn_host__: "{{ groups['yarn-master'][0] }}" zookeepers: "{{groups['zookeeper']|join(':2181,')}}:2181" kafka_brokers: "{{groups['processing-cluster-kafka']|join(':9092,')}}:9092" -__lms_host__: "http://{{private_ingressgateway_ip}}/user-org" +__lms_host__: "http://{{private_ingressgateway_ip}}/userorg" sunbird_redis_host: "{{ groups['lp-redis'][0] }}" ### Release 2.1.0 ### diff --git a/ansible/logstash-provision.yml b/ansible/logstash-provision.yml index 228c345d20..c4eb7945b0 100644 --- a/ansible/logstash-provision.yml +++ b/ansible/logstash-provision.yml @@ -1,24 +1,24 @@ - hosts: cassandra vars: - learner_group: user-org - learner_name: user-org + userorg_group: userorg + userorg_name: userorg vars_files: - "{{inventory_dir}}/secrets.yml" pre_tasks: - - name: Create user-org group + - name: Create userorg group become: yes group: state: present - name: "{{ learner_group }}" + name: "{{ userorg_group }}" system: yes - - name: Create user-org user + - name: Create userorg user become: yes user: state: present - name: "{{ learner_user }}" - comment: user-org user + name: "{{ userorg_user }}" + comment: userorg user system: yes createhome: yes - group: "{{ learner_group }}" + group: "{{ userorg_group }}" roles: - logstash diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 4d31d23bdd..0289d0fdd9 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -80,7 +80,7 @@ question_prefix: /question questionset_prefix: /questionset # Service URLs -user_org_service_url: "http://user-org-service:9000" +userorg_service_url: "http://userorg-service:9000" am_util_url: "http://adminutil:4000" lms_service_url: "http://lms-service:9000" cert_service_url: "http://cert-service:9000" @@ -125,7 +125,7 @@ premium_consumer_rate_limits: kong_apis: - name: acceptTermsAndCondition uris: "{{ user_service_prefix }}/v1/tnc/accept" - upstream_url: "{{ user_org_service_url }}/v1/user/tnc/accept" + upstream_url: "{{ userorg_service_url }}/v1/user/tnc/accept" strip_uri: true plugins: - name: jwt @@ -146,7 +146,7 @@ kong_apis: - name: addSystemSettings uris: "{{ data_service_prefix }}/v1/system/settings/set" - upstream_url: "{{ user_org_service_url }}/v1/system/settings/set" + upstream_url: "{{ userorg_service_url }}/v1/system/settings/set" strip_uri: true plugins: - name: jwt @@ -184,7 +184,7 @@ kong_apis: - name: assignRole uris: "{{ user_service_prefix }}/v1/role/assign" - upstream_url: "{{ user_org_service_url }}/v1/user/assign/role" + upstream_url: "{{ userorg_service_url }}/v1/user/assign/role" strip_uri: true plugins: - name: jwt @@ -205,7 +205,7 @@ kong_apis: - name: assignRoleV2 uris: "{{ user_service_prefix }}/v2/role/assign" - upstream_url: "{{ user_org_service_url }}/v2/user/assign/role" + upstream_url: "{{ userorg_service_url }}/v2/user/assign/role" strip_uri: true plugins: - name: jwt @@ -268,7 +268,7 @@ kong_apis: - name: blockUser uris: "{{ user_service_prefix }}/v1/block" - upstream_url: "{{ user_org_service_url }}/v1/user/block" + upstream_url: "{{ userorg_service_url }}/v1/user/block" strip_uri: true plugins: - name: jwt @@ -289,7 +289,7 @@ kong_apis: - name: checkUploadJobStatus uris: "{{ data_service_prefix }}/v1/upload/status" - upstream_url: "{{ user_org_service_url }}/v1/upload/status" + upstream_url: "{{ userorg_service_url }}/v1/upload/status" strip_uri: true plugins: - name: jwt @@ -521,7 +521,7 @@ kong_apis: - name: createNote uris: "{{ notes_service_prefix }}/v1/create" - upstream_url: "{{ user_org_service_url }}/v1/note/create" + upstream_url: "{{ userorg_service_url }}/v1/note/create" strip_uri: true plugins: - name: jwt @@ -542,7 +542,7 @@ kong_apis: - name: createOrg uris: "{{ org_service_prefix }}/v1/create" - upstream_url: "{{ user_org_service_url }}/v1/org/create" + upstream_url: "{{ userorg_service_url }}/v1/org/create" strip_uri: true plugins: - name: jwt @@ -605,7 +605,7 @@ kong_apis: - name: createUser uris: "{{ user_service_prefix }}/v1/create" - upstream_url: "{{ user_org_service_url }}/v1/user/create" + upstream_url: "{{ userorg_service_url }}/v1/user/create" strip_uri: true plugins: - name: jwt @@ -626,7 +626,7 @@ kong_apis: - name: createUserLearnerV3 uris: "{{ user_service_prefix }}/v1/signup" - upstream_url: "{{ user_org_service_url }}/v1/user/signup" + upstream_url: "{{ userorg_service_url }}/v1/user/signup" strip_uri: true plugins: - name: jwt @@ -647,7 +647,7 @@ kong_apis: - name: createUserVersion2 uris: "{{ user_service_prefix }}/v2/create" - upstream_url: "{{ user_org_service_url }}/v2/user/create" + upstream_url: "{{ userorg_service_url }}/v2/user/create" strip_uri: true plugins: - name: jwt @@ -668,7 +668,7 @@ kong_apis: - name: createUserVersion3 uris: "{{ user_service_prefix }}/v3/create" - upstream_url: "{{ user_org_service_url }}/v3/user/create" + upstream_url: "{{ userorg_service_url }}/v3/user/create" strip_uri: true plugins: - name: jwt @@ -689,7 +689,7 @@ kong_apis: - name: createUserVersion4 uris: "{{ user_service_prefix }}/v4/create" - upstream_url: "{{ user_org_service_url }}/v4/user/create" + upstream_url: "{{ userorg_service_url }}/v4/user/create" strip_uri: true plugins: - name: jwt @@ -710,7 +710,7 @@ kong_apis: - name: deleteNote uris: "{{ notes_service_prefix }}/v1/delete" - upstream_url: "{{ user_org_service_url }}/v1/note/delete" + upstream_url: "{{ userorg_service_url }}/v1/note/delete" strip_uri: true plugins: - name: jwt @@ -811,7 +811,7 @@ kong_apis: - name: generateOtp uris: "{{ otp_service_prefix }}/v1/generate" - upstream_url: "{{ user_org_service_url }}/v1/otp/generate" + upstream_url: "{{ userorg_service_url }}/v1/otp/generate" strip_uri: true plugins: - name: jwt @@ -832,7 +832,7 @@ kong_apis: - name: generateOtpV2 uris: "{{ otp_service_prefix }}/v2/generate" - upstream_url: "{{ user_org_service_url }}/v2/otp/generate" + upstream_url: "{{ userorg_service_url }}/v2/otp/generate" strip_uri: true plugins: - name: jwt @@ -937,7 +937,7 @@ kong_apis: - name: getSystemSettings uris: "{{ data_service_prefix }}/v1/system/settings/get" - upstream_url: "{{ user_org_service_url }}/v1/system/settings/get" + upstream_url: "{{ userorg_service_url }}/v1/system/settings/get" strip_uri: true plugins: - name: jwt @@ -958,7 +958,7 @@ kong_apis: - name: getUserByKey uris: "{{ user_service_prefix }}/v1/get" - upstream_url: "{{ user_org_service_url }}/v1/user/get" + upstream_url: "{{ userorg_service_url }}/v1/user/get" strip_uri: true plugins: - name: jwt @@ -979,7 +979,7 @@ kong_apis: - name: getUserByKeyV2 uris: "{{ user_service_prefix }}/v2/get" - upstream_url: "{{ user_org_service_url }}/v2/user/get" + upstream_url: "{{ userorg_service_url }}/v2/user/get" strip_uri: true plugins: - name: jwt @@ -1000,7 +1000,7 @@ kong_apis: - name: getUserProfile uris: "{{ user_service_prefix }}/v1/read" - upstream_url: "{{ user_org_service_url }}/v1/user/read" + upstream_url: "{{ userorg_service_url }}/v1/user/read" strip_uri: true plugins: - name: jwt @@ -1021,7 +1021,7 @@ kong_apis: - name: getUserProfileV2 uris: "{{ user_service_prefix }}/v2/read" - upstream_url: "{{ user_org_service_url }}/v2/user/read" + upstream_url: "{{ userorg_service_url }}/v2/user/read" strip_uri: true plugins: - name: jwt @@ -1042,7 +1042,7 @@ kong_apis: - name: indexSync uris: "{{ data_service_prefix }}/v1/index/sync" - upstream_url: "{{ user_org_service_url }}/v1/data/sync" + upstream_url: "{{ userorg_service_url }}/v1/data/sync" strip_uri: true plugins: - name: jwt @@ -1211,7 +1211,7 @@ kong_apis: - name: listSystemSettings uris: "{{ data_service_prefix }}/v1/system/settings/list" - upstream_url: "{{ user_org_service_url }}/v1/system/settings/list" + upstream_url: "{{ userorg_service_url }}/v1/system/settings/list" strip_uri: true plugins: - name: jwt @@ -1232,7 +1232,7 @@ kong_apis: - name: masterLocationCreate uris: "{{ data_service_prefix }}/v1/location/create" - upstream_url: "{{ user_org_service_url }}/v1/location/create" + upstream_url: "{{ userorg_service_url }}/v1/location/create" strip_uri: true plugins: - name: jwt @@ -1253,7 +1253,7 @@ kong_apis: - name: masterLocationDelete uris: "{{ data_service_prefix }}/v1/location/delete" - upstream_url: "{{ user_org_service_url }}/v1/location/delete" + upstream_url: "{{ userorg_service_url }}/v1/location/delete" strip_uri: true plugins: - name: jwt @@ -1274,7 +1274,7 @@ kong_apis: - name: masterLocationSearch uris: "{{ data_service_prefix }}/v1/location/search" - upstream_url: "{{ user_org_service_url }}/v1/location/search" + upstream_url: "{{ userorg_service_url }}/v1/location/search" strip_uri: true plugins: - name: jwt @@ -1295,7 +1295,7 @@ kong_apis: - name: masterLocationUpdate uris: "{{ data_service_prefix }}/v1/location/update" - upstream_url: "{{ user_org_service_url }}/v1/location/update" + upstream_url: "{{ userorg_service_url }}/v1/location/update" strip_uri: true plugins: - name: jwt @@ -1316,7 +1316,7 @@ kong_apis: - name: masterLocationUpload uris: "{{ data_service_prefix }}/v1/bulk/location/upload" - upstream_url: "{{ user_org_service_url }}/v1/bulk/location/upload" + upstream_url: "{{ userorg_service_url }}/v1/bulk/location/upload" strip_uri: true plugins: - name: jwt @@ -1337,7 +1337,7 @@ kong_apis: - name: mergeUserAccounts uris: "{{ user_service_prefix }}/v1/account/merge" - upstream_url: "{{ user_org_service_url }}/private/user/v1/account/merge" + upstream_url: "{{ userorg_service_url }}/private/user/v1/account/merge" strip_uri: true plugins: - name: jwt @@ -1358,7 +1358,7 @@ kong_apis: - name: orgAssignKeys uris: "{{ org_service_prefix }}/v1/assign/key" - upstream_url: "{{ user_org_service_url }}/v1/org/assign/key" + upstream_url: "{{ userorg_service_url }}/v1/org/assign/key" strip_uri: true plugins: - name: jwt @@ -1400,7 +1400,7 @@ kong_apis: - name: orgBulkUpload uris: "{{ org_service_prefix }}/v1/upload" - upstream_url: "{{ user_org_service_url }}/v1/org/upload" + upstream_url: "{{ userorg_service_url }}/v1/org/upload" strip_uri: true plugins: - name: jwt @@ -1421,7 +1421,7 @@ kong_apis: - name: privateUserAssignRole uris: "{{ user_service_prefix }}/private/v1/assign/role" - upstream_url: "{{ user_org_service_url }}/private/user/v1/assign/role" + upstream_url: "{{ userorg_service_url }}/private/user/v1/assign/role" strip_uri: true plugins: - name: jwt @@ -1442,7 +1442,7 @@ kong_apis: - name: privateUserRead uris: "{{ user_service_prefix }}/private/v1/read" - upstream_url: "{{ user_org_service_url }}/private/user/v1/read" + upstream_url: "{{ userorg_service_url }}/private/user/v1/read" strip_uri: true plugins: - name: jwt @@ -1568,7 +1568,7 @@ kong_apis: - name: readNote uris: "{{ notes_service_prefix }}/v1/read" - upstream_url: "{{ user_org_service_url }}/v1/note/read" + upstream_url: "{{ userorg_service_url }}/v1/note/read" strip_uri: true plugins: - name: jwt @@ -1589,7 +1589,7 @@ kong_apis: - name: readOrg uris: "{{ org_service_prefix }}/v1/read" - upstream_url: "{{ user_org_service_url }}/v1/org/read" + upstream_url: "{{ userorg_service_url }}/v1/org/read" strip_uri: true plugins: - name: jwt @@ -1631,7 +1631,7 @@ kong_apis: - name: readRoleMapping uris: "{{ data_service_prefix }}/v1/role/read" - upstream_url: "{{ user_org_service_url }}/v1/role/read" + upstream_url: "{{ userorg_service_url }}/v1/role/read" strip_uri: true plugins: - name: jwt @@ -1652,7 +1652,7 @@ kong_apis: - name: readUserSpecificRole uris: "{{ user_service_prefix }}/v1/role/read" - upstream_url: "{{ user_org_service_url }}/v1/user/role/read" + upstream_url: "{{ userorg_service_url }}/v1/user/role/read" strip_uri: true plugins: - name: jwt @@ -1673,7 +1673,7 @@ kong_apis: - name: readUserProfile uris: "{{ user_service_prefix }}/v1/profile/read" - upstream_url: "{{ user_org_service_url }}/v1/user/getuser" + upstream_url: "{{ userorg_service_url }}/v1/user/getuser" strip_uri: true plugins: - name: jwt @@ -1967,7 +1967,7 @@ kong_apis: - name: searchNotes uris: "{{ notes_service_prefix }}/v1/search" - upstream_url: "{{ user_org_service_url }}/v1/note/search" + upstream_url: "{{ userorg_service_url }}/v1/note/search" strip_uri: true plugins: - name: jwt @@ -1988,7 +1988,7 @@ kong_apis: - name: searchOrgExtended uris: "{{ org_service_prefix }}/v1/ext/search" - upstream_url: "{{ user_org_service_url }}/v1/org/search" + upstream_url: "{{ userorg_service_url }}/v1/org/search" strip_uri: true plugins: - name: cors @@ -2005,7 +2005,7 @@ kong_apis: - name: searchOrg uris: "{{ org_service_prefix }}/v1/search" - upstream_url: "{{ user_org_service_url }}/v1/org/search" + upstream_url: "{{ userorg_service_url }}/v1/org/search" strip_uri: true plugins: - name: cors @@ -2022,7 +2022,7 @@ kong_apis: - name: searchUser uris: "{{ user_service_prefix }}/v1/search" - upstream_url: "{{ user_org_service_url }}/v1/user/search" + upstream_url: "{{ userorg_service_url }}/v1/user/search" strip_uri: true plugins: - name: jwt @@ -2043,7 +2043,7 @@ kong_apis: - name: sendEmailNotification uris: "{{ user_service_prefix }}/v1/notification/email" - upstream_url: "{{ user_org_service_url }}/v1/notification/email" + upstream_url: "{{ userorg_service_url }}/v1/notification/email" strip_uri: true plugins: - name: jwt @@ -2064,7 +2064,7 @@ kong_apis: - name: unblockUser uris: "{{ user_service_prefix }}/v1/unblock" - upstream_url: "{{ user_org_service_url }}/v1/user/unblock" + upstream_url: "{{ userorg_service_url }}/v1/user/unblock" strip_uri: true plugins: - name: jwt @@ -2148,7 +2148,7 @@ kong_apis: - name: updateNote uris: "{{ notes_service_prefix }}/v1/update" - upstream_url: "{{ user_org_service_url }}/v1/note/update" + upstream_url: "{{ userorg_service_url }}/v1/note/update" strip_uri: true plugins: - name: jwt @@ -2169,7 +2169,7 @@ kong_apis: - name: updateOrg uris: "{{ org_service_prefix }}/v1/update" - upstream_url: "{{ user_org_service_url }}/v1/org/update" + upstream_url: "{{ userorg_service_url }}/v1/org/update" strip_uri: true plugins: - name: jwt @@ -2190,7 +2190,7 @@ kong_apis: - name: updateOrgStatus uris: "{{ org_service_prefix }}/v1/status/update" - upstream_url: "{{ user_org_service_url }}/v1/org/status/update" + upstream_url: "{{ userorg_service_url }}/v1/org/status/update" strip_uri: true plugins: - name: jwt @@ -2253,7 +2253,7 @@ kong_apis: - name: updateUser uris: "{{ user_service_prefix }}/v1/update" - upstream_url: "{{ user_org_service_url }}/v1/user/update" + upstream_url: "{{ userorg_service_url }}/v1/user/update" strip_uri: true plugins: - name: jwt @@ -2295,7 +2295,7 @@ kong_apis: - name: userBulkUpload uris: "{{ user_service_prefix }}/v1/upload" - upstream_url: "{{ user_org_service_url }}/v1/user/upload" + upstream_url: "{{ userorg_service_url }}/v1/user/upload" strip_uri: true plugins: - name: jwt @@ -2316,7 +2316,7 @@ kong_apis: - name: userExistenceApi uris: "{{ user_service_prefix }}/v1/exists" - upstream_url: "{{ user_org_service_url }}/v1/user/exists" + upstream_url: "{{ userorg_service_url }}/v1/user/exists" strip_uri: true plugins: - name: jwt @@ -2337,7 +2337,7 @@ kong_apis: - name: userExistenceApiV2 uris: "{{ user_service_prefix }}/v2/exists" - upstream_url: "{{ user_org_service_url }}/v2/user/exists" + upstream_url: "{{ userorg_service_url }}/v2/user/exists" strip_uri: true plugins: - name: jwt @@ -2358,7 +2358,7 @@ kong_apis: - name: userFeed uris: "{{ user_service_prefix }}/v1/feed" - upstream_url: "{{ user_org_service_url }}/v1/user/feed" + upstream_url: "{{ userorg_service_url }}/v1/user/feed" strip_uri: true plugins: - name: jwt @@ -2379,7 +2379,7 @@ kong_apis: - name: userFeedCreate uris: "{{ user_service_prefix }}/feed/v1/create" - upstream_url: "{{ user_org_service_url }}/v1/user/feed/create" + upstream_url: "{{ userorg_service_url }}/v1/user/feed/create" strip_uri: true plugins: - name: jwt @@ -2400,7 +2400,7 @@ kong_apis: - name: userFeedDelete uris: "{{ user_service_prefix }}/feed/v1/delete" - upstream_url: "{{ user_org_service_url }}/v1/user/feed/delete" + upstream_url: "{{ userorg_service_url }}/v1/user/feed/delete" strip_uri: true plugins: - name: jwt @@ -2421,7 +2421,7 @@ kong_apis: - name: userFeedUpdate uris: "{{ user_service_prefix }}/feed/v1/update" - upstream_url: "{{ user_org_service_url }}/v1/user/feed/update" + upstream_url: "{{ userorg_service_url }}/v1/user/feed/update" strip_uri: true plugins: - name: jwt @@ -2442,7 +2442,7 @@ kong_apis: - name: userMigrate uris: "{{ user_service_prefix }}/v1/migrate" - upstream_url: "{{ user_org_service_url }}/v1/user/migrate" + upstream_url: "{{ userorg_service_url }}/v1/user/migrate" strip_uri: true plugins: - name: jwt @@ -2484,7 +2484,7 @@ kong_apis: - name: verifyOtp uris: "{{ otp_service_prefix }}/v1/verify" - upstream_url: "{{ user_org_service_url }}/v1/otp/verify" + upstream_url: "{{ userorg_service_url }}/v1/otp/verify" strip_uri: true plugins: - name: jwt @@ -2505,7 +2505,7 @@ kong_apis: - name: verifyOtpV2 uris: "{{ otp_service_prefix }}/v2/verify" - upstream_url: "{{ user_org_service_url }}/v2/otp/verify" + upstream_url: "{{ userorg_service_url }}/v2/otp/verify" strip_uri: true plugins: - name: jwt @@ -2652,7 +2652,7 @@ kong_apis: - name: forgotPassword uris: "{{ learner_private_route_prefix }}/user/v1/password/reset" - upstream_url: "{{ user_org_service_url }}/private/user/v1/password/reset" + upstream_url: "{{ userorg_service_url }}/private/user/v1/password/reset" strip_uri: true plugins: - name: jwt @@ -2673,7 +2673,7 @@ kong_apis: - name: searchManagedUser uris: "{{ user_service_prefix }}/v1/managed" - upstream_url: "{{ user_org_service_url }}/v1/user/managed" + upstream_url: "{{ userorg_service_url }}/v1/user/managed" strip_uri: true plugins: - name: jwt @@ -2841,7 +2841,7 @@ kong_apis: - name: getUserProfileV3 uris: "{{ user_service_prefix }}/v3/read" - upstream_url: "{{ user_org_service_url }}/v3/user/read" + upstream_url: "{{ userorg_service_url }}/v3/user/read" strip_uri: true plugins: - name: jwt @@ -2862,7 +2862,7 @@ kong_apis: - name: updateUserDeclarations uris: "{{ user_service_prefix }}/v1/declarations" - upstream_url: "{{ user_org_service_url }}/v1/user/declarations" + upstream_url: "{{ userorg_service_url }}/v1/user/declarations" strip_uri: true plugins: - name: jwt @@ -2883,7 +2883,7 @@ kong_apis: - name: updateUserConsent uris: "{{ user_service_prefix }}/v1/consent/update" - upstream_url: "{{ user_org_service_url }}/v1/user/consent/update" + upstream_url: "{{ userorg_service_url }}/v1/user/consent/update" strip_uri: true plugins: - name: jwt @@ -2904,7 +2904,7 @@ kong_apis: - name: readUserConsent uris: "{{ user_service_prefix }}/v1/consent/read" - upstream_url: "{{ user_org_service_url }}/v1/user/consent/read" + upstream_url: "{{ userorg_service_url }}/v1/user/consent/read" strip_uri: true plugins: - name: jwt @@ -2925,7 +2925,7 @@ kong_apis: - name: readUserConsentV2 uris: "{{ user_service_prefix }}/v2/consent/read" - upstream_url: "{{ user_org_service_url }}/v2/user/consent/read" + upstream_url: "{{ userorg_service_url }}/v2/user/consent/read" strip_uri: true plugins: - name: jwt @@ -2946,7 +2946,7 @@ kong_apis: - name: createTenantPreferences uris: "{{ org_service_prefix }}/v2/preferences/create" - upstream_url: "{{ user_org_service_url }}/v2/org/preferences/create" + upstream_url: "{{ userorg_service_url }}/v2/org/preferences/create" strip_uri: true plugins: - name: jwt @@ -2967,7 +2967,7 @@ kong_apis: - name: updateTenantPreferences uris: "{{ org_service_prefix }}/v2/preferences/update" - upstream_url: "{{ user_org_service_url }}/v2/org/preferences/update" + upstream_url: "{{ userorg_service_url }}/v2/org/preferences/update" strip_uri: true plugins: - name: jwt @@ -2988,7 +2988,7 @@ kong_apis: - name: readTenantPreferencess uris: "{{ org_service_prefix }}/v2/preferences/read" - upstream_url: "{{ user_org_service_url }}/v2/org/preferences/read" + upstream_url: "{{ userorg_service_url }}/v2/org/preferences/read" strip_uri: true plugins: - name: jwt @@ -3618,7 +3618,7 @@ kong_apis: - name: updateUserV2 uris: "{{ user_service_prefix }}/v2/update" - upstream_url: "{{ user_org_service_url }}/v2/user/update" + upstream_url: "{{ userorg_service_url }}/v2/user/update" strip_uri: true plugins: - name: jwt @@ -3639,7 +3639,7 @@ kong_apis: - name: managedUserV1Create uris: "{{ user_service_prefix }}/v1/managed/create" - upstream_url: "{{ user_org_service_url }}/v1/manageduser/create" + upstream_url: "{{ userorg_service_url }}/v1/manageduser/create" strip_uri: true plugins: - name: jwt @@ -3660,7 +3660,7 @@ kong_apis: - name: managedUserV2Create uris: "{{ user_service_prefix }}/v2/managed/create" - upstream_url: "{{ user_org_service_url }}/v2/manageduser/create" + upstream_url: "{{ userorg_service_url }}/v2/manageduser/create" strip_uri: true plugins: - name: jwt @@ -3681,7 +3681,7 @@ kong_apis: - name: ssoUserV1Create uris: "{{ user_service_prefix }}/v1/sso/create" - upstream_url: "{{ user_org_service_url }}/v1/ssouser/create" + upstream_url: "{{ userorg_service_url }}/v1/ssouser/create" strip_uri: true plugins: - name: jwt @@ -3702,7 +3702,7 @@ kong_apis: - name: ssoUserV2Create uris: "{{ user_service_prefix }}/v2/signup" - upstream_url: "{{ user_org_service_url }}/v2/user/signup" + upstream_url: "{{ userorg_service_url }}/v2/user/signup" strip_uri: true plugins: - name: jwt @@ -3723,7 +3723,7 @@ kong_apis: - name: getUserProfileV4 uris: "{{ user_service_prefix }}/v4/read" - upstream_url: "{{ user_org_service_url }}/v4/user/read" + upstream_url: "{{ userorg_service_url }}/v4/user/read" strip_uri: true plugins: - name: jwt @@ -3744,7 +3744,7 @@ kong_apis: - name: getUserProfileV5 uris: "{{ user_service_prefix }}/v5/read" - upstream_url: "{{ user_org_service_url }}/v5/user/read" + upstream_url: "{{ userorg_service_url }}/v5/user/read" strip_uri: true plugins: - name: jwt @@ -3765,7 +3765,7 @@ kong_apis: - name: searchUserV2 uris: "{{ user_service_prefix }}/v2/search" - upstream_url: "{{ user_org_service_url }}/v2/user/search" + upstream_url: "{{ userorg_service_url }}/v2/user/search" strip_uri: true plugins: - name: jwt @@ -3786,7 +3786,7 @@ kong_apis: - name: searchUserV3 uris: "{{ user_service_prefix }}/v3/search" - upstream_url: "{{ user_org_service_url }}/v3/user/search" + upstream_url: "{{ userorg_service_url }}/v3/user/search" strip_uri: true plugins: - name: jwt @@ -3807,7 +3807,7 @@ kong_apis: - name: searchOrgV2 uris: "{{ org_service_prefix }}/v2/search" - upstream_url: "{{ user_org_service_url }}/v2/org/search" + upstream_url: "{{ userorg_service_url }}/v2/org/search" strip_uri: true plugins: - name: cors @@ -3907,7 +3907,7 @@ kong_apis: - name: updateUserV3 uris: "{{ user_service_prefix }}/v3/update" - upstream_url: "{{ user_org_service_url }}/v3/user/update" + upstream_url: "{{ userorg_service_url }}/v3/user/update" strip_uri: true plugins: - name: jwt diff --git a/ansible/roles/lms-logstash-deploy/defaults/main.yml b/ansible/roles/lms-logstash-deploy/defaults/main.yml index 6c0ee25fa6..725abaf7ea 100644 --- a/ansible/roles/lms-logstash-deploy/defaults/main.yml +++ b/ansible/roles/lms-logstash-deploy/defaults/main.yml @@ -1,5 +1,5 @@ -learner_user: user-org -learner_user_home: /home/{{learner_user}} +userorg_user: userorg +learner_user_home: /home/{{userorg_user}} logstash_version: 6.3.1 logstash_home: "{{learner_user_home}}/logstash-{{logstash_version}}" kafka_topic_prefix: "{{env}}" diff --git a/ansible/roles/lms-logstash-deploy/tasks/main.yml b/ansible/roles/lms-logstash-deploy/tasks/main.yml index 9069343afa..ae9aa92558 100644 --- a/ansible/roles/lms-logstash-deploy/tasks/main.yml +++ b/ansible/roles/lms-logstash-deploy/tasks/main.yml @@ -1,10 +1,10 @@ - name: permissions become: yes - file: path={{ logstash_home }} mode=775 owner={{ learner_user }} group={{ learner_user }} recurse=yes + file: path={{ logstash_home }} mode=775 owner={{ userorg_user }} group={{ userorg_user }} recurse=yes - name: Copy logstash configuration files for platform become: yes - become_user: "{{learner_user}}" + become_user: "{{userorg_user}}" template: src={{item}}.j2 dest={{ logstash_home }}/{{item}}.conf with_items: "{{ platform.logstash_config }}" @@ -15,7 +15,7 @@ - name: create folder for logs become: yes - become_user: "{{learner_user}}" + become_user: "{{userorg_user}}" file: path={{logstash_home}}/logs state=directory mode=0755 - name: Start logstash processes related to platform diff --git a/ansible/roles/logstash/defaults/main.yml b/ansible/roles/logstash/defaults/main.yml index 3be76255ba..eac428d0cc 100644 --- a/ansible/roles/logstash/defaults/main.yml +++ b/ansible/roles/logstash/defaults/main.yml @@ -1,7 +1,7 @@ --- # vars file for logstash -learner_user: user-org -learner_user_home: /home/{{learner_user}} +userorg_user: userorg +learner_user_home: /home/{{userorg_user}} logstash_home: "{{learner_user_home}}/logstash-{{logstash_version}}" ip: localhost port: 9092 diff --git a/ansible/roles/logstash/tasks/main.yml b/ansible/roles/logstash/tasks/main.yml index 506c3fa43c..2d2840e8eb 100644 --- a/ansible/roles/logstash/tasks/main.yml +++ b/ansible/roles/logstash/tasks/main.yml @@ -2,25 +2,25 @@ # tasks file for logstash - name: add permissions become: yes - file: path={{learner_user_home}} mode=0755 recurse=yes owner={{learner_user}} group={{learner_user}} + file: path={{learner_user_home}} mode=0755 recurse=yes owner={{userorg_user}} group={{userorg_user}} - name: Download the zip become: yes - become_user: "{{learner_user}}" + become_user: "{{userorg_user}}" get_url: url=https://artifacts.elastic.co/downloads/logstash/logstash-{{logstash_version}}.tar.gz dest={{learner_user_home}} timeout=1000 force=yes - name: unzip become: yes - become_user: "{{learner_user}}" - unarchive: src={{learner_user_home}}/logstash-{{logstash_version}}.tar.gz dest={{learner_user_home}} copy=no group={{learner_user}} owner={{learner_user}} creates={{learner_user_home}}/logstash-{{logstash_version}} + become_user: "{{userorg_user}}" + unarchive: src={{learner_user_home}}/logstash-{{logstash_version}}.tar.gz dest={{learner_user_home}} copy=no group={{userorg_user}} owner={{userorg_user}} creates={{learner_user_home}}/logstash-{{logstash_version}} - name: set permissions become: yes - file: path={{learner_user_home}}/logstash-{{logstash_version}} owner={{learner_user}} group={{learner_user}} mode=0755 recurse=yes + file: path={{learner_user_home}}/logstash-{{logstash_version}} owner={{userorg_user}} group={{userorg_user}} mode=0755 recurse=yes - name: Delete the logstash zip file become: yes - become_user: "{{ learner_user }}" + become_user: "{{ userorg_user }}" file: path={{learner_user_home}}/logstash-{{logstash_version}}.tar.gz state=absent - name: Detect if this is a systemd based system diff --git a/ansible/roles/logstash/templates/logstash.j2 b/ansible/roles/logstash/templates/logstash.j2 index 847f0223f5..9e49c3d72b 100644 --- a/ansible/roles/logstash/templates/logstash.j2 +++ b/ansible/roles/logstash/templates/logstash.j2 @@ -9,7 +9,7 @@ ### END INIT INFO SCRIPT='{{learner_user_home}}/logstash-{{logstash_version}}/bin/logstash -f {{learner_user_home}}/logstash-{{logstash_version}}/logstash-lms.conf --verbose' -RUNAS="{{ learner_user }}" +RUNAS="{{ userorg_user }}" PROCESS_NUM='ps -ef | grep "$SCRIPT" | grep -v "grep" | wc -l' PIDFILE=/var/run/logstash.pid diff --git a/ansible/roles/logstash/templates/logstash.service.j2 b/ansible/roles/logstash/templates/logstash.service.j2 index fa46eddc16..1a6f2f0d2a 100644 --- a/ansible/roles/logstash/templates/logstash.service.j2 +++ b/ansible/roles/logstash/templates/logstash.service.j2 @@ -4,8 +4,8 @@ Description=logstash Daemon [Service] Environment="_JAVA_OPTIONS='-Dlog4j2.formatMsgNoLookups=true'" Type=simple -User={{learner_user}} -Group={{learner_user}} +User={{userorg_user}} +Group={{userorg_user}} LimitNOFILE=32768 Restart=on-failure #Environment="{{ logstash_jvm_opts }}" diff --git a/ansible/roles/post-install/tasks/user_org.yaml b/ansible/roles/post-install/tasks/user_org.yaml index ceb651823a..e8460545cb 100644 --- a/ansible/roles/post-install/tasks/user_org.yaml +++ b/ansible/roles/post-install/tasks/user_org.yaml @@ -13,10 +13,10 @@ } with_items: "{{ custodian_org_data }}" -- name: Restarting user-org service +- name: Restarting userorg service shell: | - kubectl rollout restart deployment -n {{ namespace }} user-org - kubectl rollout status deployment -n {{ namespace }} user-org + kubectl rollout restart deployment -n {{ namespace }} userorg + kubectl rollout status deployment -n {{ namespace }} userorg - name: Crating Users uri: diff --git a/ansible/roles/redis-backup/defaults/main.yml b/ansible/roles/redis-backup/defaults/main.yml index 54b7c60a89..e05d691e74 100644 --- a/ansible/roles/redis-backup/defaults/main.yml +++ b/ansible/roles/redis-backup/defaults/main.yml @@ -1,5 +1,5 @@ redis_backup_dir: /tmp/redis-backup -learner_user: learning +userorg_user: learning cloud_storage_redisbackup_bucketname: "{{ cloud_storage_management_bucketname }}" cloud_storage_redisbackup_foldername: nodebb-redis-backup diff --git a/ansible/roles/reset-docker/tasks/main.yml b/ansible/roles/reset-docker/tasks/main.yml index c34436dea8..12eb38609d 100644 --- a/ansible/roles/reset-docker/tasks/main.yml +++ b/ansible/roles/reset-docker/tasks/main.yml @@ -2,8 +2,8 @@ shell: "docker service rm actor-service" ignore_errors: yes -- name: Remove user-org service - shell: "docker service rm user-org-service" +- name: Remove userorg service + shell: "docker service rm userorg-service" ignore_errors: yes - name: Remove player service diff --git a/ansible/roles/stack-keycloak/tasks/common.yml b/ansible/roles/stack-keycloak/tasks/common.yml index 0e4d6d7757..1440dcb0dd 100644 --- a/ansible/roles/stack-keycloak/tasks/common.yml +++ b/ansible/roles/stack-keycloak/tasks/common.yml @@ -19,7 +19,7 @@ # - name: Save content configurations into an env file # template: src=sunbird_content.env dest=/home/deployer/env/sunbird_content.env mode=0644 -# - name: Save user-org configurations into an env file +# - name: Save userorg configurations into an env file # template: src=sunbird_learner.env dest=/home/deployer/env/sunbird_learner.env mode=0644 # - name: Save player configurations into an env file diff --git a/ansible/roles/stack-monitor-stateful/defaults/main.yml b/ansible/roles/stack-monitor-stateful/defaults/main.yml index a3f930568d..ad3e2323fa 100644 --- a/ansible/roles/stack-monitor-stateful/defaults/main.yml +++ b/ansible/roles/stack-monitor-stateful/defaults/main.yml @@ -106,7 +106,7 @@ service_teams: alerts_mailing_list: "{{ app_alerts_mailing_list | default(devops_alerts_mailing_list) }}" services: - actor-service - - user-org-service + - userorg-service - lms-service - content-service - player_player diff --git a/ansible/roles/stack-monitor/defaults/main.yml b/ansible/roles/stack-monitor/defaults/main.yml index 84a027969b..3eb2b5ba26 100644 --- a/ansible/roles/stack-monitor/defaults/main.yml +++ b/ansible/roles/stack-monitor/defaults/main.yml @@ -95,7 +95,7 @@ service_teams: alerts_mailing_list: "{{ app_alerts_mailing_list | default(devops_alerts_mailing_list) }}" services: - actor-service - - user-org-service + - userorg-service - lms-service - content-service - player_player diff --git a/ansible/roles/stack-proxy-private/templates/proxy-default.conf b/ansible/roles/stack-proxy-private/templates/proxy-default.conf index 05f7868432..81a96a985c 100644 --- a/ansible/roles/stack-proxy-private/templates/proxy-default.conf +++ b/ansible/roles/stack-proxy-private/templates/proxy-default.conf @@ -4,9 +4,9 @@ server { resolver 127.0.0.11 valid=5s; - location /user-org/ { - rewrite ^/user-org/(.*) /$1 break; - proxy_pass http://user-org-service:9000; + location /userorg/ { + rewrite ^/userorg/(.*) /$1 break; + proxy_pass http://userorg-service:9000; } location /api/ { rewrite ^/api/(.*) /$1 break; diff --git a/ansible/roles/stack-proxy/templates/proxy-default.conf b/ansible/roles/stack-proxy/templates/proxy-default.conf index 6c425152a9..752ba73c05 100644 --- a/ansible/roles/stack-proxy/templates/proxy-default.conf +++ b/ansible/roles/stack-proxy/templates/proxy-default.conf @@ -506,7 +506,7 @@ location ~* ^/desktop/(.*) { proxy_read_timeout 70; } - location ~ /resourcebundles/v1/read|/user-org/data/v1/(role/read|system/settings/get)|/v1/tenant/info { + location ~ /resourcebundles/v1/read|/userorg/data/v1/(role/read|system/settings/get)|/v1/tenant/info { proxy_cache_key $proxy_host$request_uri; proxy_cache proxy_cache; add_header X-Proxy-Cache $upstream_cache_status; diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index b9b3401a4d..17e5d9eeca 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -16,12 +16,12 @@ actor_replicas: 1 actor_reservation_memory: 768M actor_limit_memory: 1024M -learner_replicas: 1 -learner_reservation_memory: 512M -learner_limit_memory: 1024M -learner_reservation_cpu: 0.2 -learner_limit_cpu: 1 -learner_java_mem_limit: '-Xmx600m' +userorg_replicas: 1 +userorg_reservation_memory: 512M +userorg_limit_memory: 1024M +userorg_reservation_cpu: 0.2 +userorg_limit_cpu: 1 +userorg_java_mem_limit: '-Xmx600m' #Config Service Vars config_replicas: 1 @@ -51,8 +51,8 @@ player_limit_memory: 750M player_reserve_cpu: 0.1 player_limit_cpu: 1 -# This variable is not to access user-org service but to call the api -# user-org-service:9000/org/v1/search +# This variable is not to access userorg service but to call the api +# userorg-service:9000/org/v1/search sunbird_learner_service_base_url: http://kong:8000/ telemetry_replicas: 1 @@ -218,9 +218,9 @@ sunbird_cert_qr_container_name: "certqr" service_env: groups: ../../../../ansible/roles/stack-sunbird/templates/sunbird_groups-service.env - user-org: - - ../../../../ansible/roles/stack-sunbird/templates/user-org-service.env - - ../../../../ansible/roles/stack-sunbird/templates/user-org-service_logback.xml + userorg: + - ../../../../ansible/roles/stack-sunbird/templates/userorg-service.env + - ../../../../ansible/roles/stack-sunbird/templates/userorg-service_logback.xml lms: - ../../../../ansible/roles/stack-sunbird/templates/sunbird_lms-service.env - ../../../../ansible/roles/stack-sunbird/templates/lms-service_logback.xml @@ -241,7 +241,6 @@ service_env: enc: ../../../../ansible/roles/stack-sunbird/templates/sunbird_enc-service.env notification: ../../../../ansible/roles/stack-sunbird/templates/sunbird_notification-service.env telemetry: ../../../../ansible/roles/stack-sunbird/templates/sunbird_telemetry-service.env - userorg: ../../../../ansible/roles/stack-sunbird/templates/user-org-service.env player: ../../../../ansible/roles/stack-sunbird/templates/sunbird_player.env print: ../../../../ansible/roles/stack-sunbird/templates/sunbird_print-service.env search: @@ -997,8 +996,8 @@ dataset_metadata: "{{ env_name }}_dataset_metadata" #### Exhuats API consumer exhaust_api_consumer_ids: ["273f3b18-5dda-4a27-984a-060c7cd398d3"] # being used in analytics api to access the analytics exhaust api -user_profile_read_url: "http://user-org-service:9000/v1/user/read/" # being used in analytics api to get user details -org_search_url: "http://user-org-service:9000/v1/org/search" # being used in analytics api to get mhrd tenant id +user_profile_read_url: "http://userorg-service:9000/v1/user/read/" # being used in analytics api to get user details +org_search_url: "http://userorg-service:9000/v1/org/search" # being used in analytics api to get mhrd tenant id dataexhaust_super_admin_channel: "sunbird" # being used in analytics api for authorizing user with super admin channel #### public exhausts @@ -1008,7 +1007,7 @@ public_exhaust_datasets: ["public-data-exhaust"] data_exhaust_batch_limit: 20 mount_keycloak_key_apps: - - user-org + - userorg - lms - groups - knowledgemw @@ -1033,7 +1032,7 @@ analytics_opa_enabled: true certregistry_opa_enabled: true content_opa_enabled: true knowledgemw_opa_enabled: true -learner_opa_enabled: true +userorg_opa_enabled: true lms_opa_enabled: true notification_opa_enabled: true report_opa_enabled: true diff --git a/ansible/roles/stack-sunbird/tasks/main.yml b/ansible/roles/stack-sunbird/tasks/main.yml index ecf1dcbc40..4f51d896d3 100644 --- a/ansible/roles/stack-sunbird/tasks/main.yml +++ b/ansible/roles/stack-sunbird/tasks/main.yml @@ -4,7 +4,7 @@ - include: service_stack.yml when: deploy_stack is defined - - include: user-org-service.yml + - include: userorg-service.yml when: deploy_user_org is defined - include: lms_service.yml @@ -13,9 +13,6 @@ - include: enc_service.yml when: deploy_enc is defined - - include: user_org_service.yml - when: deploy_user_org is defined - - include: cert_service.yml when: deploy_cert is defined diff --git a/ansible/roles/stack-sunbird/tasks/user-org-service.yml b/ansible/roles/stack-sunbird/tasks/user-org-service.yml deleted file mode 100644 index 8812e97bb3..0000000000 --- a/ansible/roles/stack-sunbird/tasks/user-org-service.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Remove user-org service - shell: "docker service rm user-org-service" - ignore_errors: yes - -- name: Deploy user-org service - shell: "docker service create --with-registry-auth --replicas {{ learner_replicas }} -p 9000:9000 --name user-org-service --hostname user-org-service --reserve-memory {{ learner_reservation_memory }} --limit-memory {{ learner_limit_memory }} --limit-cpu {{ learner_limit_cpu }} --reserve-cpu {{ learner_reservation_cpu }} --health-cmd 'wget -qO- user-org-service:9000/service/health || exit 1' --health-timeout 10s --health-retries 5 --network application_default --env JAVA_OPTIONS={{ learner_java_mem_limit }} --env-file /home/deployer/env/user-org-service.env {{hub_org}}/{{image_name}}:{{image_tag}}" - args: - chdir: /home/deployer/stack diff --git a/ansible/roles/stack-sunbird/tasks/user_org_service.yml b/ansible/roles/stack-sunbird/tasks/user_org_service.yml deleted file mode 100644 index 9090d1dfdb..0000000000 --- a/ansible/roles/stack-sunbird/tasks/user_org_service.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Remove user org service - shell: "docker service rm user-org-service" - ignore_errors: yes - -- name: Deploy user org service - shell: "docker service create --with-registry-auth --replicas {{ user_org_replicas }} -p 9009:9000 --name user-org-service --hostname user-org-service --limit-memory {{ user_org_limit_memory }} --limit-cpu {{ user_org_limit_cpu }} --health-cmd 'wget -qO- user-org-service:9000/service/health || exit 1' --health-timeout 10s --health-retries 5 --network application_default --env-file /home/deployer/env/user-org-service.env {{hub_org}}/{{image_name}}:{{image_tag}}" diff --git a/ansible/roles/stack-sunbird/tasks/userorg-service.yml b/ansible/roles/stack-sunbird/tasks/userorg-service.yml new file mode 100644 index 0000000000..c72e755750 --- /dev/null +++ b/ansible/roles/stack-sunbird/tasks/userorg-service.yml @@ -0,0 +1,9 @@ +--- +- name: Remove userorg service + shell: "docker service rm userorg-service" + ignore_errors: yes + +- name: Deploy userorg service + shell: "docker service create --with-registry-auth --replicas {{ userorg_replicas }} -p 9000:9000 --name userorg-service --hostname userorg-service --reserve-memory {{ userorg_reservation_memory }} --limit-memory {{ userorg_limit_memory }} --limit-cpu {{ userorg_limit_cpu }} --reserve-cpu {{ userorg_reservation_cpu }} --health-cmd 'wget -qO- userorg-service:9000/service/health || exit 1' --health-timeout 10s --health-retries 5 --network application_default --env JAVA_OPTIONS={{ userorg_java_mem_limit }} --env-file /home/deployer/env/userorg-service.env {{hub_org}}/{{image_name}}:{{image_tag}}" + args: + chdir: /home/deployer/stack diff --git a/ansible/roles/stack-sunbird/templates/ml-core-service.env b/ansible/roles/stack-sunbird/templates/ml-core-service.env index cdb7cd9cdb..1bdb468141 100755 --- a/ansible/roles/stack-sunbird/templates/ml-core-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-core-service.env @@ -78,7 +78,7 @@ ELASTICSEARCH_HOST_URL={{ml_core_elasticsearch_host_url | default("")}} ELASTICSEARCH_ENTITIES_INDEX={{ml_core_elasticsearch_user_extension_index_type | default ("")}} # Base url of the sunbird enviornment -USER_SERVICE_URL={{ml_core_user_service_URL | default("http://user-org-service:9000")}} +USER_SERVICE_URL={{ml_core_user_service_URL | default("http://userorg-service:9000")}} ## portal url of env APP_PORTAL_BASE_URL={{ proto }}://{{ domain_name }} \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/ml-projects-service.env b/ansible/roles/stack-sunbird/templates/ml-projects-service.env index 08c08afedd..5cb7856ba5 100644 --- a/ansible/roles/stack-sunbird/templates/ml-projects-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-projects-service.env @@ -38,7 +38,7 @@ KAFKA_GROUP_ID={{ml_project_kafka_group_id | default("ml-project-service")}} PROJECT_SUBMISSION_TOPIC={{ml_project_submission_topic | default (env_name+".ml.projects.submissions")}} # Base url of the sunbird enviornment -USER_SERVICE_URL={{ml_project_user_service_URL | default("http://user-org-service:9000")}} +USER_SERVICE_URL={{ml_project_user_service_URL | default("http://userorg-service:9000")}} # certificate issuer KID value CERTIFICATE_ISSUER_KID={{certificate_issuer_kid | default("")}} diff --git a/ansible/roles/stack-sunbird/templates/ml-survey-service.env b/ansible/roles/stack-sunbird/templates/ml-survey-service.env index 363b6976b7..187a5b1120 100644 --- a/ansible/roles/stack-sunbird/templates/ml-survey-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-survey-service.env @@ -9,7 +9,7 @@ APPLICATION_ENV={{ env }} MONGODB_URL=mongodb://{{ml_mongodb_host | default(groups['mongo_master'][0]+':27017')}}/{{ ml_mongodb | default("ml-survey") }} # Base url of the sunbird enviornment -USER_SERVICE_URL={{ml_survey_user_service_URL | default("http://user-org-service:9000")}} +USER_SERVICE_URL={{ml_survey_user_service_URL | default("http://userorg-service:9000")}} # Secure token access Admin related API's # The value of internal access token can be generated by command - "openssl rand -hex 10" diff --git a/ansible/roles/stack-sunbird/templates/stack_user_org_service.yml b/ansible/roles/stack-sunbird/templates/stack_userorg_service.yml similarity index 65% rename from ansible/roles/stack-sunbird/templates/stack_user_org_service.yml rename to ansible/roles/stack-sunbird/templates/stack_userorg_service.yml index 7d4b1c26c3..2a93ef2f9e 100644 --- a/ansible/roles/stack-sunbird/templates/stack_user_org_service.yml +++ b/ansible/roles/stack-sunbird/templates/stack_userorg_service.yml @@ -1,16 +1,16 @@ version: '3.1' services: - user_org_service: + userorg_service: image: "{{hub_org}}/{{image_name}}:{{image_tag}}" env_file: - /home/deployer/env/user_org_service.env + /home/deployer/env/userorg-service.env deploy: - replicas: {{ learner_replicas | default(1) }} + replicas: {{ userorg_replicas | default(1) }} resources: reservations: - memory: "{{ learner_reservation_memory | default('256M') }}" + memory: "{{ userorg_reservation_memory | default('256M') }}" limits: - memory: "{{ learner_limit_memory | default('512M') }}" + memory: "{{ userorg_limit_memory | default('512M') }}" # healthcheck: # test: curl -f http://localhost:9000/health || exit 1 interval: 10s diff --git a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env index 5bdae1cf73..c178e9ce73 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env @@ -8,7 +8,7 @@ sunbird_cassandra_port=9042 sunbird_cassandra_password={{sunbird_cassandra_password|d('password')}} sunbird_cassandra_username={{sunbird_cassandra_username|d('cassandra')}} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} -LEARNER_SERVICE_PORT=http://user-org-service:9000 +LEARNER_SERVICE_PORT=http://userorg-service:9000 sunbird_redis_host={{sunbird_redis_host}} sunbird_redis_port={{sunbird_redis_port|default(6379)}} CONTENT_SERVICE_PORT=http://search-service:9000 diff --git a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env index 1e58b91449..3df3bf5bc8 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env @@ -31,7 +31,7 @@ sunbird_keycloak_user_federation_provider_id={{core_vault_sunbird_keycloak_user_ sunbird_keycloak_required_action_link_expiration_seconds={{sunbird_keycloak_required_action_link_expiration_seconds}} accesstoken.publickey.basepath={{notification_access_basepath | default('/keys/')}} ENV_NAME={{env_name}} -LEARNER_SERVICE_PORT=http://user-org-service:9000 +LEARNER_SERVICE_PORT=http://userorg-service:9000 sunbird_us_system_setting_url=/api/data/v1/system/settings/list sunbird_us_org_read_url=/v1/org/read notification_category_type_config=certificateUpdate diff --git a/ansible/roles/stack-sunbird/templates/sunbird_user-org-service.env b/ansible/roles/stack-sunbird/templates/sunbird_userorg-service.env similarity index 100% rename from ansible/roles/stack-sunbird/templates/sunbird_user-org-service.env rename to ansible/roles/stack-sunbird/templates/sunbird_userorg-service.env diff --git a/ansible/roles/stack-sunbird/templates/user-org-service.env b/ansible/roles/stack-sunbird/templates/userorg-service.env similarity index 98% rename from ansible/roles/stack-sunbird/templates/user-org-service.env rename to ansible/roles/stack-sunbird/templates/userorg-service.env index 17453c36cc..8ebd0b4e38 100644 --- a/ansible/roles/stack-sunbird/templates/user-org-service.env +++ b/ansible/roles/stack-sunbird/templates/userorg-service.env @@ -43,7 +43,7 @@ sunbird_cassandra_host={{sunbird_cassandra_host}} sunbird_cassandra_port=9042 {% endif %} sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} -sunbird_mw_system_host=user-org-service +sunbird_mw_system_host=userorg-service sunbird_mw_system_port=8088 background_actor_provider=local api_actor_provider=local @@ -53,7 +53,7 @@ sunbird_remote_bg_req_router_path=akka.tcp://SunbirdMWSystem@actor-service:8088/ sunbird_api_base_url=http://knowledge-mw-service:5000 sunbird_authorization={{sunbird_api_auth_token}} telemetry_pdata_id={{sunbird_telemetry_pdata_id}} -telemetry_pdata_pid=user-org-service +telemetry_pdata_pid=userorg-service sunbird_telemetry_base_url=http://telemetry-service:9001 telemetry_queue_threshold_value=100 sunbird_default_channel={{sunbird_default_channel}} @@ -98,7 +98,7 @@ sunbird_user_cert_kafka_topic={{kafka_topic_lms_user_account}} sunbird_reset_pass_msg={{sunbird_reset_pass_msg | d('You have requested to reset password. Click on the link to set a password: {0}')}} sunbird_fuzzy_search_threshold={{sunbird_fuzzy_search_threshold | d('0.5')}} sunbird_subdomain_keycloak_base_url={{sunbird_subdomain_keycloak_base_url | d('')}}/ -#Required by user-org-service to call cert service +#Required by userorg-service to call cert service sunbird_cert_service_base_url=http://cert-service:9000 quartz_shadow_user_migration_timer={{sunbird_quartz_shadow_user_migration_timer}} sunbird_otp_allowed_attempt={{sunbird_otp_allowed_attempt|default(2)}} diff --git a/ansible/roles/stack-sunbird/templates/user-org-service_logback.xml b/ansible/roles/stack-sunbird/templates/userorg-service_logback.xml similarity index 100% rename from ansible/roles/stack-sunbird/templates/user-org-service_logback.xml rename to ansible/roles/stack-sunbird/templates/userorg-service_logback.xml diff --git a/ansible/static-files/health.sh b/ansible/static-files/health.sh index 9f7fad6f07..6b62b7dfb3 100755 --- a/ansible/static-files/health.sh +++ b/ansible/static-files/health.sh @@ -6,7 +6,7 @@ #apk add jq outpt1=$(curl -s content-service:5000/health | jq '.result.healthy') outpt2=$(curl -s player_player:3000/health| jq '.result.healthy') -outpt3=$(curl -s user-org-service:9000/health | jq '.result.response.checks[0].healthy') +outpt3=$(curl -s userorg-service:9000/health | jq '.result.response.checks[0].healthy') outpt4=$(curl -s lms-service:9005/health | jq '.result.response.checks[0].healthy') echo "" echo "" diff --git a/deploy/deploy-core.sh b/deploy/deploy-core.sh index a7d92f3e8d..339f9b493c 100755 --- a/deploy/deploy-core.sh +++ b/deploy/deploy-core.sh @@ -34,7 +34,7 @@ ansible-playbook -i $INVENTORY_PATH ../ansible/deploy.yml --tags "stack-sunbird" # Re-deploy UserOrg service echo "Redeploy UserOrg service" -ansible-playbook -i $INVENTORY_PATH ../ansible/deploy.yml --tags "stack-sunbird" --extra-vars "hub_org=${ORG} image_name=user-org-service image_tag=${USER_ORG_SERVICE_VERSION} service_name=user-org-service deploy_user_org=True sunbird_api_auth_token=${sunbird_api_auth_token} vault_badging_authorization_key=${badger_token}" --extra-vars @config.yml -v +ansible-playbook -i $INVENTORY_PATH ../ansible/deploy.yml --tags "stack-sunbird" --extra-vars "hub_org=${ORG} image_name=userorg-service image_tag=${USERORG_SERVICE_VERSION} service_name=userorg-service deploy_user_org=True sunbird_api_auth_token=${sunbird_api_auth_token} vault_badging_authorization_key=${badger_token}" --extra-vars @config.yml -v # Re-deploy Content service echo "Redeploy content service" diff --git a/deploy/gitOPS/github.csv b/deploy/gitOPS/github.csv index ebcd56fcd3..4148fc6bfb 100644 --- a/deploy/gitOPS/github.csv +++ b/deploy/gitOPS/github.csv @@ -1,5 +1,5 @@ #REPO_NAME,BRANCH_NAME,MERGE_ACCESS_USERS(;),CHECKS -user-org-service,jenkins-test,harshavardhanc;abcb,3 +userorg-service,jenkins-test,harshavardhanc;abcb,3 diff --git a/deploy/grafana/dashboards/General/service-memory-usage-ds1.json b/deploy/grafana/dashboards/General/service-memory-usage-ds1.json index 4b476382e5..6f7fd973e4 100644 --- a/deploy/grafana/dashboards/General/service-memory-usage-ds1.json +++ b/deploy/grafana/dashboards/General/service-memory-usage-ds1.json @@ -224,7 +224,7 @@ "steppedLine": false, "targets": [ { - "expr": "max(container_memory_usage_bytes{container_label_com_docker_swarm_service_name=~\"user-org-service\"})", + "expr": "max(container_memory_usage_bytes{container_label_com_docker_swarm_service_name=~\"userorg-service\"})", "format": "time_series", "intervalFactor": 2, "refId": "A", @@ -235,7 +235,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "user-org-service", + "title": "userorg-service", "tooltip": { "shared": true, "sort": 0, diff --git a/deploy/postInstallation.sh b/deploy/postInstallation.sh index bf13b5c0eb..951bac5512 100755 --- a/deploy/postInstallation.sh +++ b/deploy/postInstallation.sh @@ -134,7 +134,7 @@ check_cassandra_keyspaces() { } check_version() { - list=(actor-service player_player user-org-service content-service proxy_proxy api-manager_kong) + list=(actor-service player_player userorg-service content-service proxy_proxy api-manager_kong) versionReq=$(git branch | grep \* | cut -d '-' -f2) echo -e "The Sunbird Version being used is $versionReq \n" if [ $(git branch | grep \* | cut -d '-' -f2 | grep -Ewo '.' | wc -l) -ne 3 ]; then @@ -155,7 +155,7 @@ get_logs() { mkdir -p $ServiceLogsFolder echo "Storing logs of core services in $ServiceLogsFolder" echo "-----------------------------------------" - serviceNames=(player_player user-org-service content-service proxy_proxy api-manager_kong) + serviceNames=(player_player userorg-service content-service proxy_proxy api-manager_kong) for service in ${serviceNames[@]}; do echo -e "\nexporting $service logs to $ServiceLogsFolder" sudo docker service logs $service --tail 10000 > $ServiceLogsFolder/$service diff --git a/deploy/version.env b/deploy/version.env index feca8b68da..c7d8020919 100755 --- a/deploy/version.env +++ b/deploy/version.env @@ -1,6 +1,6 @@ PLAYER_VERSION=1.11.0-gold CONTENT_SERVICE_VERSION=1.11.0-gold -USER_ORG_SERVICE_VERSION=1.11.0-gold +USERORG_SERVICE_VERSION=1.11.0-gold PROXY_VERSION=1.8.0-gold BADGER_SERVICE_VERSION=1.8.0-gold KONG_VERSION=1.8.0-gold diff --git a/kubernetes/ansible/roles/sunbird-monitoring/defaults/main.yml b/kubernetes/ansible/roles/sunbird-monitoring/defaults/main.yml index 10db0b3617..3ce5e1bed7 100644 --- a/kubernetes/ansible/roles/sunbird-monitoring/defaults/main.yml +++ b/kubernetes/ansible/roles/sunbird-monitoring/defaults/main.yml @@ -266,8 +266,8 @@ service_health_checks: targets: "http://content-service.{{ namespace }}.svc.cluster.local:9000/health" - service_name: 'lms' targets: "http://lms-service.{{ namespace }}.svc.cluster.local:9000/health" - - service_name: 'user-org' - targets: "http://user-org-service.{{ namespace }}.svc.cluster.local:9000/health" + - service_name: 'userorg' + targets: "http://userorg-service.{{ namespace }}.svc.cluster.local:9000/health" api_response_upward_trend_threshold: 0.3 diff --git a/kubernetes/ansible/static-files/health.sh b/kubernetes/ansible/static-files/health.sh index 9f7fad6f07..6b62b7dfb3 100755 --- a/kubernetes/ansible/static-files/health.sh +++ b/kubernetes/ansible/static-files/health.sh @@ -6,7 +6,7 @@ #apk add jq outpt1=$(curl -s content-service:5000/health | jq '.result.healthy') outpt2=$(curl -s player_player:3000/health| jq '.result.healthy') -outpt3=$(curl -s user-org-service:9000/health | jq '.result.response.checks[0].healthy') +outpt3=$(curl -s userorg-service:9000/health | jq '.result.response.checks[0].healthy') outpt4=$(curl -s lms-service:9005/health | jq '.result.response.checks[0].healthy') echo "" echo "" diff --git a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml index ca2c58a0cd..ff6051fbeb 100644 --- a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml +++ b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml @@ -43,9 +43,9 @@ data: resolver {{ .Values.kube_dns_ip }}; - location /user-org/ { - set $target http://user-org-service.{{ .Values.namespace }}.svc.cluster.local:9000; - rewrite ^/user-org/(.*) /$1 break; + location /userorg/ { + set $target http://userorg-service.{{ .Values.namespace }}.svc.cluster.local:9000; + rewrite ^/userorg/(.*) /$1 break; proxy_http_version 1.1; proxy_pass $target; } diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index b0a340cfea..2916eb18f7 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -246,7 +246,7 @@ proxyconfig: |- proxy_pass http://keycloak; } # This is Caching mechanism for POST requests location search - location ~ /user-org/data/v1/location/search { + location ~ /userorg/data/v1/location/search { # Enabling compression include /etc/nginx/defaults.d/compression.conf; # Enabling caching @@ -289,7 +289,7 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } - location /user-org/certreg/v2/certs/download { + location /userorg/certreg/v2/certs/download { # Compression gzip on; gzip_comp_level 5; diff --git a/kubernetes/helm_charts/core/userorg/Chart.yaml b/kubernetes/helm_charts/core/userorg/Chart.yaml index b6eea73a17..c7c993ab63 100644 --- a/kubernetes/helm_charts/core/userorg/Chart.yaml +++ b/kubernetes/helm_charts/core/userorg/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes -name: user-org +name: userorg version: 0.1.0 diff --git a/kubernetes/helm_charts/core/userorg/templates/_helpers.tpl b/kubernetes/helm_charts/core/userorg/templates/_helpers.tpl index a6acb1aa2c..d7fef3727e 100644 --- a/kubernetes/helm_charts/core/userorg/templates/_helpers.tpl +++ b/kubernetes/helm_charts/core/userorg/templates/_helpers.tpl @@ -2,7 +2,7 @@ {{/* Expand the name of the chart. */}} -{{- define "user-org.name" -}} +{{- define "userorg.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -11,7 +11,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "user-org.fullname" -}} +{{- define "userorg.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -27,16 +27,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "user-org.chart" -}} +{{- define "userorg.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Common labels */}} -{{- define "user-org.labels" -}} -app.kubernetes.io/name: {{ include "user-org.name" . }} -helm.sh/chart: {{ include "user-org.chart" . }} +{{- define "userorg.labels" -}} +app.kubernetes.io/name: {{ include "userorg.name" . }} +helm.sh/chart: {{ include "userorg.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} diff --git a/kubernetes/helm_charts/core/userorg/templates/configmap.yaml b/kubernetes/helm_charts/core/userorg/templates/configmap.yaml index 7c91ec6cca..d806c1d5ab 100644 --- a/kubernetes/helm_charts/core/userorg/templates/configmap.yaml +++ b/kubernetes/helm_charts/core/userorg/templates/configmap.yaml @@ -11,7 +11,7 @@ data: {{ end }} --- -{{- if .Values.learner_opa_enabled }} +{{- if .Values.userorg_opa_enabled }} {{- $bundle := .Files.Glob "bundle/*" }} {{ if $bundle }} apiVersion: v1 diff --git a/kubernetes/helm_charts/core/userorg/templates/deployment.yaml b/kubernetes/helm_charts/core/userorg/templates/deployment.yaml index 9ae78bfebf..1ff7e4a69e 100644 --- a/kubernetes/helm_charts/core/userorg/templates/deployment.yaml +++ b/kubernetes/helm_charts/core/userorg/templates/deployment.yaml @@ -48,14 +48,14 @@ spec: {{- end }} volumeMounts: - name: {{ .Chart.Name }}-xml-config - mountPath: /home/sunbird/user-org-service-1.0-SNAPSHOT/config/logback.xml - subPath: user-org-service_logback.xml + mountPath: /home/sunbird/userorg-service-1.0-SNAPSHOT/config/logback.xml + subPath: userorg-service_logback.xml {{- $keys := .Files.Glob "keys/*" }} {{- if $keys }} - - mountPath: {{ .Values.learner_access_basepath }} + - mountPath: {{ .Values.userorg_access_basepath }} name: access-keys {{- end }} -{{- if .Values.learner_opa_enabled }} +{{- if .Values.userorg_opa_enabled }} - args: - envoy - --config-path @@ -135,7 +135,7 @@ spec: secret: secretName: {{ .Chart.Name }}-access-keys {{- end }} -{{- if .Values.learner_opa_enabled }} +{{- if .Values.userorg_opa_enabled }} - name: envoy-config configMap: name: {{ .Chart.Name }}-envoy-config @@ -156,7 +156,7 @@ spec: - name: http-{{ .Chart.Name }} protocol: TCP port: {{ .Values.network.targetport }} -{{- if .Values.learner_opa_enabled }} +{{- if .Values.userorg_opa_enabled }} - name: opa-metrics port: 8181 protocol: TCP diff --git a/kubernetes/helm_charts/core/userorg/templates/envoy-config.yaml b/kubernetes/helm_charts/core/userorg/templates/envoy-config.yaml index 3fc1bfc45a..0465d1653d 100644 --- a/kubernetes/helm_charts/core/userorg/templates/envoy-config.yaml +++ b/kubernetes/helm_charts/core/userorg/templates/envoy-config.yaml @@ -1,5 +1,5 @@ --- -{{- if .Values.learner_opa_enabled }} +{{- if .Values.userorg_opa_enabled }} apiVersion: v1 data: envoy-config.yaml: | diff --git a/kubernetes/helm_charts/core/userorg/templates/serviceMonitor.yaml b/kubernetes/helm_charts/core/userorg/templates/serviceMonitor.yaml index 5d659175ce..d54263a5bf 100644 --- a/kubernetes/helm_charts/core/userorg/templates/serviceMonitor.yaml +++ b/kubernetes/helm_charts/core/userorg/templates/serviceMonitor.yaml @@ -1,4 +1,4 @@ -{{- if .Values.learner_opa_enabled }} +{{- if .Values.userorg_opa_enabled }} {{- if .Values.serviceMonitor.enabled }} {{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.serviceMonitor.enabled ) }} apiVersion: monitoring.coreos.com/v1 diff --git a/kubernetes/helm_charts/core/userorg/values.j2 b/kubernetes/helm_charts/core/userorg/values.j2 index e07e2a512e..a0f25da4e4 100644 --- a/kubernetes/helm_charts/core/userorg/values.j2 +++ b/kubernetes/helm_charts/core/userorg/values.j2 @@ -1,62 +1,62 @@ -### Default variable file for user-org-service ### +### Default variable file for userorg-service ### namespace: {{ namespace }} imagepullsecrets: {{ imagepullsecrets }} dockerhub: {{ dockerhub }} env: - javaoptions: {{learner_java_mem_limit|default('-Xmx600m')}} + javaoptions: {{userorg_java_mem_limit|default('-Xmx600m')}} -replicaCount: {{learner_replicacount|default(1)}} -repository: {{learner_repository|default('user-org-service')}} +replicaCount: {{userorg_replicacount|default(1)}} +repository: {{userorg_repository|default('userorg-service')}} image_tag: {{ image_tag }} resources: requests: - cpu: {{learner_cpu_req|default('100m')}} - memory: {{learner_mem_req|default('100Mi')}} + cpu: {{userorg_cpu_req|default('100m')}} + memory: {{userorg_mem_req|default('100Mi')}} limits: - cpu: {{learner_cpu_limit|default('1')}} - memory: {{learner_mem_limit|default('1024Mi')}} + cpu: {{userorg_cpu_limit|default('1')}} + memory: {{userorg_mem_limit|default('1024Mi')}} network: port: 9000 targetport: 9000 strategy: type: RollingUpdate - maxsurge: {{ learner_maxsurge|default('25%') }} - maxunavailable: {{ learner_maxunavailable|default('25%') }} + maxsurge: {{ userorg_maxsurge|default('25%') }} + maxunavailable: {{ userorg_maxunavailable|default('25%') }} -{{ learner_liveness_readiness | to_nice_yaml }} +{{ userorg_liveness_readiness | to_nice_yaml }} {{ opa_liveness_readiness | to_nice_yaml }} {{ envoy_liveness_readiness | to_nice_yaml }} -learner_opa_enabled: {{ learner_opa_enabled | default('true') }} +userorg_opa_enabled: {{ userorg_opa_enabled | default('true') }} envoy_resources: requests: - cpu: "{{ learner_envoy_cpu_req | default('100m') }}" - memory: "{{ learner_envoy_mem_req | default('100Mi') }}" + cpu: "{{ userorg_envoy_cpu_req | default('100m') }}" + memory: "{{ userorg_envoy_mem_req | default('100Mi') }}" limits: - cpu: "{{ learner_envoy_cpu_limit | default('1') }}" - memory: "{{ learner_envoy_mem_limit | default('1024Mi') }}" + cpu: "{{ userorg_envoy_cpu_limit | default('1') }}" + memory: "{{ userorg_envoy_mem_limit | default('1024Mi') }}" opa_resources: requests: - cpu: "{{ learner_opa_cpu_req | default('100m') }}" - memory: "{{ learner_opa_mem_req | default('100Mi') }}" + cpu: "{{ userorg_opa_cpu_req | default('100m') }}" + memory: "{{ userorg_opa_mem_req | default('100Mi') }}" limits: - cpu: "{{ learner_opa_cpu_limit | default('1') }}" - memory: "{{ learner_opa_mem_limit | default('1024Mi') }}" + cpu: "{{ userorg_opa_cpu_limit | default('1') }}" + memory: "{{ userorg_opa_mem_limit | default('1024Mi') }}" initcontainer_resources: requests: - cpu: "{{ learner_initcontainer_cpu_req | default('100m') }}" - memory: "{{ learner_initcontainer_mem_req | default('100Mi') }}" + cpu: "{{ userorg_initcontainer_cpu_req | default('100m') }}" + memory: "{{ userorg_initcontainer_mem_req | default('100Mi') }}" limits: - cpu: "{{ learner_initcontainer_cpu_limit | default('100m') }}" - memory: "{{ learner_initcontainer_mem_limit | default('100Mi') }}" + cpu: "{{ userorg_initcontainer_cpu_limit | default('100m') }}" + memory: "{{ userorg_initcontainer_mem_limit | default('100Mi') }}" -learner_access_basepath: {{ learner_access_basepath | default('/keys/') }} +userorg_access_basepath: {{ userorg_access_basepath | default('/keys/') }} serviceMonitor: enabled: true @@ -65,8 +65,8 @@ serviceMonitor: release: prometheus-operator autoscaling: - enabled: {{ learner_autoscaling_enabled | default('false') }} - minReplicas: {{ learner_autoscaling_minReplicas|default(1) }} - maxReplicas: {{ learner_autoscaling_maxReplicas|default(2) }} - targetCPUUtilizationPercentage: {{ learner_autoscaling_targetCPUUtilizationPercentage|default(60) }} - targetMemoryUtilizationPercentage: {{ learner_autoscaling_targetMemoryUtilizationPercentage|default('') }} + enabled: {{ userorg_autoscaling_enabled | default('false') }} + minReplicas: {{ userorg_autoscaling_minReplicas|default(1) }} + maxReplicas: {{ userorg_autoscaling_maxReplicas|default(2) }} + targetCPUUtilizationPercentage: {{ userorg_autoscaling_targetCPUUtilizationPercentage|default(60) }} + targetMemoryUtilizationPercentage: {{ userorg_autoscaling_targetMemoryUtilizationPercentage|default('') }} diff --git a/kubernetes/helm_charts/monitoring/dashboards/dashboards/service-memory.json b/kubernetes/helm_charts/monitoring/dashboards/dashboards/service-memory.json index 07f9878773..aa9bf99675 100644 --- a/kubernetes/helm_charts/monitoring/dashboards/dashboards/service-memory.json +++ b/kubernetes/helm_charts/monitoring/dashboards/dashboards/service-memory.json @@ -225,7 +225,7 @@ "steppedLine": false, "targets": [ { - "expr": "max(container_memory_usage_bytes{container_label_com_docker_swarm_service_name=~\"user-org-service\"})", + "expr": "max(container_memory_usage_bytes{container_label_com_docker_swarm_service_name=~\"userorg-service\"})", "format": "time_series", "intervalFactor": 2, "refId": "A", @@ -236,7 +236,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "user-org-service", + "title": "userorg-service", "tooltip": { "shared": true, "sort": 0, diff --git a/kubernetes/helm_charts/networkconfig/templates/private-vs.yaml b/kubernetes/helm_charts/networkconfig/templates/private-vs.yaml index 16e0946759..2a358c1069 100644 --- a/kubernetes/helm_charts/networkconfig/templates/private-vs.yaml +++ b/kubernetes/helm_charts/networkconfig/templates/private-vs.yaml @@ -31,14 +31,14 @@ spec: host: kiali.istio-system.svc.cluster.local - match: - uri: - prefix: /user-org/ + prefix: /userorg/ - uri: - prefix: /user-org + prefix: /userorg rewrite: uri: / route: - destination: - host: user-org-service + host: userorg-service - match: - uri: prefix: /api/ diff --git a/kubernetes/opa/user-org/common.rego b/kubernetes/opa/userorg/common.rego similarity index 100% rename from kubernetes/opa/user-org/common.rego rename to kubernetes/opa/userorg/common.rego diff --git a/kubernetes/opa/user-org/main.rego b/kubernetes/opa/userorg/main.rego similarity index 100% rename from kubernetes/opa/user-org/main.rego rename to kubernetes/opa/userorg/main.rego diff --git a/kubernetes/opa/user-org/policies.rego b/kubernetes/opa/userorg/policies.rego similarity index 100% rename from kubernetes/opa/user-org/policies.rego rename to kubernetes/opa/userorg/policies.rego diff --git a/kubernetes/opa/user-org/policies_test.rego b/kubernetes/opa/userorg/policies_test.rego similarity index 100% rename from kubernetes/opa/user-org/policies_test.rego rename to kubernetes/opa/userorg/policies_test.rego diff --git a/pipelines/deploy/user-org/Jenkinsfile b/pipelines/deploy/user-org/Jenkinsfile deleted file mode 100644 index 9a002ae5dd..0000000000 --- a/pipelines/deploy/user-org/Jenkinsfile +++ /dev/null @@ -1,36 +0,0 @@ -@Library('deploy-conf') _ -node() { - try { - stage('checkout public repo') { - folder = new File("$WORKSPACE/.git") - if (folder.exists()) - { - println "Found .git folder. Clearing it.." - sh'git clean -fxd' - } - checkout scm - } - - stage('deploy') { - values = docker_params() - currentWs = sh(returnStdout: true, script: 'pwd').trim() - ansiblePlaybook = "$currentWs/ansible/deploy.yml" - ansibleExtraArgs = "--tags \"stack-sunbird\" --extra-vars \"hub_org=$hub_org image_name=$values.image_name image_tag=$values.image_tag service_name=user-org-service deploy_learner=True\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" - values.put('currentWs', currentWs) - values.put('ansiblePlaybook', ansiblePlaybook) - values.put('ansibleExtraArgs', ansibleExtraArgs) - ansible_playbook_run(values) - archiveArtifacts 'metadata.json' - currentBuild.description = "Image: ${values.image_tag}, Private: ${params.private_branch}, Public: ${params.branch_or_tag}" - } - summary() - } - catch (err) { - currentBuild.result = "FAILURE" - throw err - } - finally { - slack_notify(currentBuild.result) - email_notify() - } -} diff --git a/pipelines/deploy/userorg/Jenkinsfile b/pipelines/deploy/userorg/Jenkinsfile index 9f8b96da02..63eeb04015 100644 --- a/pipelines/deploy/userorg/Jenkinsfile +++ b/pipelines/deploy/userorg/Jenkinsfile @@ -15,7 +15,7 @@ node() { values = docker_params() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "$currentWs/ansible/deploy.yml" - ansibleExtraArgs = "--tags \"stack-sunbird\" --extra-vars \"hub_org=$hub_org image_name=$values.image_name image_tag=$values.image_tag service_name=user-org-service deploy_user_org=True\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansibleExtraArgs = "--tags \"stack-sunbird\" --extra-vars \"hub_org=$hub_org image_name=$values.image_name image_tag=$values.image_tag service_name=userorg-service deploy_user_org=True\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('currentWs', currentWs) values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) From cb1c07869e6920376ecdfd6764ad748bce84cb16 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Wed, 7 Jun 2023 22:34:33 +0530 Subject: [PATCH 338/434] Issue #LR-122 feat: Renamed deploy_user_org to deploy_userorg --- ansible/roles/stack-sunbird/tasks/main.yml | 2 +- deploy/deploy-core.sh | 2 +- pipelines/deploy/userorg/Jenkinsfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/stack-sunbird/tasks/main.yml b/ansible/roles/stack-sunbird/tasks/main.yml index 4f51d896d3..b686c9e580 100644 --- a/ansible/roles/stack-sunbird/tasks/main.yml +++ b/ansible/roles/stack-sunbird/tasks/main.yml @@ -5,7 +5,7 @@ when: deploy_stack is defined - include: userorg-service.yml - when: deploy_user_org is defined + when: deploy_userorg is defined - include: lms_service.yml when: deploy_lms is defined diff --git a/deploy/deploy-core.sh b/deploy/deploy-core.sh index 339f9b493c..65f24fa50b 100755 --- a/deploy/deploy-core.sh +++ b/deploy/deploy-core.sh @@ -34,7 +34,7 @@ ansible-playbook -i $INVENTORY_PATH ../ansible/deploy.yml --tags "stack-sunbird" # Re-deploy UserOrg service echo "Redeploy UserOrg service" -ansible-playbook -i $INVENTORY_PATH ../ansible/deploy.yml --tags "stack-sunbird" --extra-vars "hub_org=${ORG} image_name=userorg-service image_tag=${USERORG_SERVICE_VERSION} service_name=userorg-service deploy_user_org=True sunbird_api_auth_token=${sunbird_api_auth_token} vault_badging_authorization_key=${badger_token}" --extra-vars @config.yml -v +ansible-playbook -i $INVENTORY_PATH ../ansible/deploy.yml --tags "stack-sunbird" --extra-vars "hub_org=${ORG} image_name=userorg-service image_tag=${USERORG_SERVICE_VERSION} service_name=userorg-service deploy_userorg=True sunbird_api_auth_token=${sunbird_api_auth_token} vault_badging_authorization_key=${badger_token}" --extra-vars @config.yml -v # Re-deploy Content service echo "Redeploy content service" diff --git a/pipelines/deploy/userorg/Jenkinsfile b/pipelines/deploy/userorg/Jenkinsfile index 63eeb04015..4c3e8fa95f 100644 --- a/pipelines/deploy/userorg/Jenkinsfile +++ b/pipelines/deploy/userorg/Jenkinsfile @@ -15,7 +15,7 @@ node() { values = docker_params() currentWs = sh(returnStdout: true, script: 'pwd').trim() ansiblePlaybook = "$currentWs/ansible/deploy.yml" - ansibleExtraArgs = "--tags \"stack-sunbird\" --extra-vars \"hub_org=$hub_org image_name=$values.image_name image_tag=$values.image_tag service_name=userorg-service deploy_user_org=True\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + ansibleExtraArgs = "--tags \"stack-sunbird\" --extra-vars \"hub_org=$hub_org image_name=$values.image_name image_tag=$values.image_tag service_name=userorg-service deploy_userorg=True\" --vault-password-file /var/lib/jenkins/secrets/vault-pass" values.put('currentWs', currentWs) values.put('ansiblePlaybook', ansiblePlaybook) values.put('ansibleExtraArgs', ansibleExtraArgs) From dc10d864ed42a4fe985820701b6e0d310198697a Mon Sep 17 00:00:00 2001 From: anilgupta Date: Thu, 8 Jun 2023 11:22:52 +0530 Subject: [PATCH 339/434] Issue #LR-122 feat: Renamed learning_service_url to userorg_service_url --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 0289d0fdd9..f3781f23f6 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -1379,7 +1379,7 @@ kong_apis: - name: orgAddEncryptionKey uris: "{{ org_service_prefix }}/v1/update/encryptionkey" - upstream_url: "{{ learning_service_url }}/v1/org/update/encryptionkey" + upstream_url: "{{ userorg_service_url }}/v1/org/update/encryptionkey" strip_uri: true plugins: - name: jwt From 217e1d2ae7943e7926c9885723d83b2878a353d5 Mon Sep 17 00:00:00 2001 From: Ashwiniev95 Date: Mon, 19 Jun 2023 17:37:42 +0530 Subject: [PATCH 340/434] Add variable forreport automation --- .../ml-analytics-service/defaults/main.yml | 27 ++++++++ .../ml-analytics-service/templates/config.j2 | 64 +++++++++++++++++++ 2 files changed, 91 insertions(+) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index c859d0da48..006dab3da6 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -118,3 +118,30 @@ ml_analytics_nvsk_imp_projects_data_local_path: "{{ config_path }}/urgent_data_m ml_analytics_nvsk_imp_projects_data_blob_path: "Manage_Learn_Data/micro_improvement/" ml_analytics_nvsk_imp_projects_state_data_local_path: "{{ config_path }}/urgent_data_metrics/output_state/" ml_analytics_nvsk_imp_projects_state_data_blob_path: "Manage_Learn_Data/micro_improvement_state/" +ml_analytics_authorization_access_token : "{{ ml_analytics_authorization_access_token }}" +ml_analytics_content_type_url : "{{ ml_analytics_content_type_url }}" +ml_analytics_mongo_reports_log_collec : "{{ ml_analytics_mongo_reports_log_collec }}" +ml_analytics_client_id : "{{ ml_analytics_client_id }}" +ml_analytics_client_secret : "{{ ml_analytics_client_secret }}" +ml_analytics_grant_type : "{{ ml_analytics_grant_type }}" +ml_analytics_username : "{{ ml_analytics_username }}" +ml_analytics_password : "{{ ml_analytics_password }}" +ml_analytics_api_base_url : "{{ ml_analytics_api_base_url }}" +ml_analytics_refresh_token : "auth/realms/sunbird/protocol/openid-connect/token" +ml_analytics_access_token : "auth/v1/refresh/token" +ml_analytics_backend_create : "api/data/v1/report/jobs/submit" +ml_analytics_frontend_create : "/api/data/v1/report-service/report/create" +ml_analytics_frontend_get : "/api/data/v1/report-service/report/get/" +ml_analytics_frontend_update : "/api/data/v1/report-service/report/update/" +ml_analytics_backend_update : "/api/data/v1/report-service/report/update/" +ml_analytics_frontend_retire : "/api/data/v1/report-service/report/delete/" +ml_analytics_backend_retire : "/report/jobs/deactivate/" +ml_analytics_folder_name : 6.0.0 +ml_analytics_script_path : "/opt/sparkjobs/ml-analytics-service/migrations/lib" +ml_analytics_folder_config : "/opt/sparkjobs/ml-analytics-service/migrations/releases/6.0.0/config/" +ml_analytics_createdBy : "{{ ml_analytics_createdBy }}" +ml_analytics_reports_container : "{{ ml_analytics_reports_container }}" +ml_analytics_reports_store : "{{ ml_analytics_reports_store }}" +ml_analytics_reports_key : "{{ ml_analytics_reports_key }}" +ml_analytics_update_tag : "{{ ml_analytics_update_tag }}" + diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index 70fe0ff018..f0ecf38bc8 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -15,6 +15,10 @@ authorization = {{ ml_analytics_api_authorization_key }} internal_access_token = {{ ml_analytics_api_access_token }} +authorization_access_token = {{ ml_analytics_authorization_access_token }} + +content_type_url = {{ ml_analytics_content_type_url }} + [ML_SURVEY_SERVICE_URL] @@ -61,6 +65,8 @@ survey_submissions_collection = {{ ml_analytics_mongo_survey_submissions_collect survey_collection = {{ ml_analytics_mongo_survey_collection }} +reports_log_collec = {{ ml_analytics_mongo_reports_log_collec }} + [DRUID] @@ -283,3 +289,61 @@ cname_url = {{ ml_analytics_cname_url }} nvsk_imp_projects_data_local_path = {{ ml_analytics_nvsk_imp_projects_data_local_path }} nvsk_imp_projects_data_blob_path = {{ ml_analytics_nvsk_imp_projects_data_blob_path }} + +[API_CREDENTIALS] + +client_id = {{ ml_analytics_client_id }} + +client_secret = {{ ml_analytics_client_secret }} + +grant_type = {{ ml_analytics_grant_type }} + +username = {{ ml_analytics_username }} + +password = {{ ml_analytics_password }} + +[API_ENDPOINTS] + +base_url = {{ ml_analytics_api_base_url }} + +refresh_token = {{ ml_analytics_refresh_token }} + +access_token = {{ ml_analytics_access_token }} + +backend_create = {{ ml_analytics_backend_create }} + +frontend_create = {{ ml_analytics_frontend_create }} + +frontend_get = {{ ml_analytics_frontend_get }} + +frontend_update = {{ ml_analytics_frontend_update }} + +backend_update = {{ ml_analytics_backend_update }} + +frontend_retire = {{ ml_analytics_frontend_retire }} + +backend_retire = {{ ml_analytics_backend_retire }} + + +[REPORTS_FILEPATH] + +folder_name = {{ ml_analytics_folder_name }} + +script_path = {{ ml_analytics_script_path }} + +folder_config = {{ ml_analytics_folder_config }} + + +[JSON_VARIABLE] + +createdBy = {{ ml_analytics_createdBy }} + +container = {{ ml_analytics_reports_container }} + +store = {{ ml_analytics_reports_store }} + +key = {{ ml_analytics_reports_key }} + +[REPORT_IDS] + +update_tag = {{ ml_analytics_update_tag }} From f5c211d202aa1654bde3620c5ef0152bbf0d72b2 Mon Sep 17 00:00:00 2001 From: Abhishek Nagesh Date: Tue, 20 Jun 2023 10:07:32 +0530 Subject: [PATCH 341/434] Issue #ED-0000 fix:added env variable to store default board value --- ansible/roles/stack-sunbird/templates/sunbird_player.env | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_player.env b/ansible/roles/stack-sunbird/templates/sunbird_player.env index 30d4e1830f..0f749f913a 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_player.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_player.env @@ -233,3 +233,6 @@ cloud_private_storage_project={{cloud_private_storage_project | default("")}} cloud_storage_privatereports_bucketname={{cloud_storage_privatereports_bucketname | default("reports")}} cloud_storage_resourceBundle_bucketname={{cloud_storage_label_bucketname | default("label")}} cloud_storage_desktopCrash_bucketname={{cloud_storage_desktopcrash_bucketname | default("desktopappcrashlogs")}} + +#release-6.0.0 +sunbird_default_board={{sunbird_default_board}} \ No newline at end of file From 5266249fa623110fba7628026ace10d6f36ccfbb Mon Sep 17 00:00:00 2001 From: Abhishek Nagesh Date: Tue, 20 Jun 2023 10:20:22 +0530 Subject: [PATCH 342/434] Issue #ED-0000 fix:added fallback for default board --- ansible/roles/stack-sunbird/templates/sunbird_player.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_player.env b/ansible/roles/stack-sunbird/templates/sunbird_player.env index 0f749f913a..6c2c86f19f 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_player.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_player.env @@ -235,4 +235,4 @@ cloud_storage_resourceBundle_bucketname={{cloud_storage_label_bucketname | defau cloud_storage_desktopCrash_bucketname={{cloud_storage_desktopcrash_bucketname | default("desktopappcrashlogs")}} #release-6.0.0 -sunbird_default_board={{sunbird_default_board}} \ No newline at end of file +sunbird_default_board={{sunbird_default_board | default("")}} \ No newline at end of file From ff5b2d351b8bc1e96642bcb9659358eca81d8cbd Mon Sep 17 00:00:00 2001 From: ankitshahu Date: Tue, 20 Jun 2023 04:52:48 +0000 Subject: [PATCH 343/434] Added env key for timezone Difference --- ansible/roles/stack-sunbird/templates/ml-core-service.env | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/ml-core-service.env b/ansible/roles/stack-sunbird/templates/ml-core-service.env index 2795c258e1..3d2277b8f8 100755 --- a/ansible/roles/stack-sunbird/templates/ml-core-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-core-service.env @@ -93,4 +93,7 @@ KAFKA_URL={{ml_core_kafka_url | default(groups['processing-cluster-kafka'][0]+': KAFKA_GROUP_ID={{ml_core_kafka_group_id | default("ml-core-service")}} #Kafka topic name for pushing programUsers -PROGRAM_USERS_JOINED_TOPIC={{ml_core_program_users_joined_topic | default (env_name+".programuser.info")}} \ No newline at end of file +PROGRAM_USERS_JOINED_TOPIC={{ml_core_program_users_joined_topic | default (env_name+".programuser.info")}} + +#TimeOffset with respect to UTC +TIMEZONE_DIFFRENECE_BETWEEN_LOCAL_TIME_AND_UTC={{ml_core_timezone_diffrenece_between_local_time_and_utc | default ("+05:30))}} \ No newline at end of file From aba7e5f71fcc55529b265587ce4d98e27c7bb8a3 Mon Sep 17 00:00:00 2001 From: ankitshahu Date: Tue, 20 Jun 2023 04:53:55 +0000 Subject: [PATCH 344/434] Added env key for timezone Difference --- ansible/roles/stack-sunbird/templates/ml-core-service.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/ml-core-service.env b/ansible/roles/stack-sunbird/templates/ml-core-service.env index 3d2277b8f8..0f9f0e4963 100755 --- a/ansible/roles/stack-sunbird/templates/ml-core-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-core-service.env @@ -96,4 +96,4 @@ KAFKA_GROUP_ID={{ml_core_kafka_group_id | default("ml-core-service")}} PROGRAM_USERS_JOINED_TOPIC={{ml_core_program_users_joined_topic | default (env_name+".programuser.info")}} #TimeOffset with respect to UTC -TIMEZONE_DIFFRENECE_BETWEEN_LOCAL_TIME_AND_UTC={{ml_core_timezone_diffrenece_between_local_time_and_utc | default ("+05:30))}} \ No newline at end of file +TIMEZONE_DIFFRENECE_BETWEEN_LOCAL_TIME_AND_UTC={{ml_core_timezone_diffrenece_between_local_time_and_utc | default ("+05:30"))}} \ No newline at end of file From cfe06e65de39ae7ce32c1edafcf4348a022113b1 Mon Sep 17 00:00:00 2001 From: ankitshahu Date: Tue, 20 Jun 2023 05:13:24 +0000 Subject: [PATCH 345/434] Added env key for timezone Difference --- ansible/roles/stack-sunbird/templates/ml-core-service.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/ml-core-service.env b/ansible/roles/stack-sunbird/templates/ml-core-service.env index 0f9f0e4963..0209e84ae6 100755 --- a/ansible/roles/stack-sunbird/templates/ml-core-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-core-service.env @@ -96,4 +96,4 @@ KAFKA_GROUP_ID={{ml_core_kafka_group_id | default("ml-core-service")}} PROGRAM_USERS_JOINED_TOPIC={{ml_core_program_users_joined_topic | default (env_name+".programuser.info")}} #TimeOffset with respect to UTC -TIMEZONE_DIFFRENECE_BETWEEN_LOCAL_TIME_AND_UTC={{ml_core_timezone_diffrenece_between_local_time_and_utc | default ("+05:30"))}} \ No newline at end of file +TIMEZONE_DIFFRENECE_BETWEEN_LOCAL_TIME_AND_UTC={{ml_core_timezone_diffrenece_between_local_time_and_utc | default ("+05:30")}} \ No newline at end of file From 696ab858a1a71e45ed8929c48a5b1232cf6cf0d3 Mon Sep 17 00:00:00 2001 From: Ashwiniev95 Date: Tue, 20 Jun 2023 13:53:35 +0530 Subject: [PATCH 346/434] update variables --- .../ml-analytics-service/defaults/main.yml | 14 ++------- .../ml-analytics-service/templates/config.j2 | 31 ------------------- .../templates/shell_script_config.j2 | 2 ++ 3 files changed, 4 insertions(+), 43 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 006dab3da6..8ccb540082 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -119,7 +119,6 @@ ml_analytics_nvsk_imp_projects_data_blob_path: "Manage_Learn_Data/micro_improvem ml_analytics_nvsk_imp_projects_state_data_local_path: "{{ config_path }}/urgent_data_metrics/output_state/" ml_analytics_nvsk_imp_projects_state_data_blob_path: "Manage_Learn_Data/micro_improvement_state/" ml_analytics_authorization_access_token : "{{ ml_analytics_authorization_access_token }}" -ml_analytics_content_type_url : "{{ ml_analytics_content_type_url }}" ml_analytics_mongo_reports_log_collec : "{{ ml_analytics_mongo_reports_log_collec }}" ml_analytics_client_id : "{{ ml_analytics_client_id }}" ml_analytics_client_secret : "{{ ml_analytics_client_secret }}" @@ -127,21 +126,12 @@ ml_analytics_grant_type : "{{ ml_analytics_grant_type }}" ml_analytics_username : "{{ ml_analytics_username }}" ml_analytics_password : "{{ ml_analytics_password }}" ml_analytics_api_base_url : "{{ ml_analytics_api_base_url }}" -ml_analytics_refresh_token : "auth/realms/sunbird/protocol/openid-connect/token" -ml_analytics_access_token : "auth/v1/refresh/token" -ml_analytics_backend_create : "api/data/v1/report/jobs/submit" -ml_analytics_frontend_create : "/api/data/v1/report-service/report/create" -ml_analytics_frontend_get : "/api/data/v1/report-service/report/get/" -ml_analytics_frontend_update : "/api/data/v1/report-service/report/update/" -ml_analytics_backend_update : "/api/data/v1/report-service/report/update/" -ml_analytics_frontend_retire : "/api/data/v1/report-service/report/delete/" -ml_analytics_backend_retire : "/report/jobs/deactivate/" -ml_analytics_folder_name : 6.0.0 ml_analytics_script_path : "/opt/sparkjobs/ml-analytics-service/migrations/lib" -ml_analytics_folder_config : "/opt/sparkjobs/ml-analytics-service/migrations/releases/6.0.0/config/" ml_analytics_createdBy : "{{ ml_analytics_createdBy }}" ml_analytics_reports_container : "{{ ml_analytics_reports_container }}" ml_analytics_reports_store : "{{ ml_analytics_reports_store }}" ml_analytics_reports_key : "{{ ml_analytics_reports_key }}" ml_analytics_update_tag : "{{ ml_analytics_update_tag }}" +ml_analytics_driver_memory: "{{ ml_analytics_driver_memory | default('50g') }}" +ml_analytics_executor_memory: "{{ ml_analytics_executor_memory | default('50g') }}" diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index f0ecf38bc8..1789286872 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -17,9 +17,6 @@ internal_access_token = {{ ml_analytics_api_access_token }} authorization_access_token = {{ ml_analytics_authorization_access_token }} -content_type_url = {{ ml_analytics_content_type_url }} - - [ML_SURVEY_SERVICE_URL] url = {{ ml_analytics_survey_service }} @@ -302,38 +299,10 @@ username = {{ ml_analytics_username }} password = {{ ml_analytics_password }} -[API_ENDPOINTS] - -base_url = {{ ml_analytics_api_base_url }} - -refresh_token = {{ ml_analytics_refresh_token }} - -access_token = {{ ml_analytics_access_token }} - -backend_create = {{ ml_analytics_backend_create }} - -frontend_create = {{ ml_analytics_frontend_create }} - -frontend_get = {{ ml_analytics_frontend_get }} - -frontend_update = {{ ml_analytics_frontend_update }} - -backend_update = {{ ml_analytics_backend_update }} - -frontend_retire = {{ ml_analytics_frontend_retire }} - -backend_retire = {{ ml_analytics_backend_retire }} - - [REPORTS_FILEPATH] -folder_name = {{ ml_analytics_folder_name }} - script_path = {{ ml_analytics_script_path }} -folder_config = {{ ml_analytics_folder_config }} - - [JSON_VARIABLE] createdBy = {{ ml_analytics_createdBy }} diff --git a/ansible/roles/ml-analytics-service/templates/shell_script_config.j2 b/ansible/roles/ml-analytics-service/templates/shell_script_config.j2 index 97e35a4db0..e04fbd4418 100644 --- a/ansible/roles/ml-analytics-service/templates/shell_script_config.j2 +++ b/ansible/roles/ml-analytics-service/templates/shell_script_config.j2 @@ -1 +1,3 @@ projects_program_filename={{ ml_analytics_projects_program_filename }} +driver_memory={{ml_analytics_driver_memory}} +executor_memory={{ml_analytics_executor_memory}} From c3e0f45d8f537ce0e26f0188d2fb320987581c24 Mon Sep 17 00:00:00 2001 From: Ashwiniev95 Date: Tue, 20 Jun 2023 16:49:13 +0530 Subject: [PATCH 347/434] remove a variable --- ansible/roles/ml-analytics-service/defaults/main.yml | 1 - ansible/roles/ml-analytics-service/templates/config.j2 | 2 -- 2 files changed, 3 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 8ccb540082..92721e0104 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -130,7 +130,6 @@ ml_analytics_script_path : "/opt/sparkjobs/ml-analytics-service/migrations/lib" ml_analytics_createdBy : "{{ ml_analytics_createdBy }}" ml_analytics_reports_container : "{{ ml_analytics_reports_container }}" ml_analytics_reports_store : "{{ ml_analytics_reports_store }}" -ml_analytics_reports_key : "{{ ml_analytics_reports_key }}" ml_analytics_update_tag : "{{ ml_analytics_update_tag }}" ml_analytics_driver_memory: "{{ ml_analytics_driver_memory | default('50g') }}" ml_analytics_executor_memory: "{{ ml_analytics_executor_memory | default('50g') }}" diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index 1789286872..166c833e55 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -311,8 +311,6 @@ container = {{ ml_analytics_reports_container }} store = {{ ml_analytics_reports_store }} -key = {{ ml_analytics_reports_key }} - [REPORT_IDS] update_tag = {{ ml_analytics_update_tag }} From 5f3a35f3c34e8ec365a6e9ba3754a746756a18e7 Mon Sep 17 00:00:00 2001 From: Ashwiniev95 Date: Tue, 20 Jun 2023 18:47:23 +0530 Subject: [PATCH 348/434] remove the variable --- ansible/roles/ml-analytics-service/defaults/main.yml | 2 -- ansible/roles/ml-analytics-service/templates/config.j2 | 6 ------ 2 files changed, 8 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 92721e0104..7bc5e8c541 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -122,11 +122,9 @@ ml_analytics_authorization_access_token : "{{ ml_analytics_authorization_access_ ml_analytics_mongo_reports_log_collec : "{{ ml_analytics_mongo_reports_log_collec }}" ml_analytics_client_id : "{{ ml_analytics_client_id }}" ml_analytics_client_secret : "{{ ml_analytics_client_secret }}" -ml_analytics_grant_type : "{{ ml_analytics_grant_type }}" ml_analytics_username : "{{ ml_analytics_username }}" ml_analytics_password : "{{ ml_analytics_password }}" ml_analytics_api_base_url : "{{ ml_analytics_api_base_url }}" -ml_analytics_script_path : "/opt/sparkjobs/ml-analytics-service/migrations/lib" ml_analytics_createdBy : "{{ ml_analytics_createdBy }}" ml_analytics_reports_container : "{{ ml_analytics_reports_container }}" ml_analytics_reports_store : "{{ ml_analytics_reports_store }}" diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index 166c833e55..2b85b70359 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -293,16 +293,10 @@ client_id = {{ ml_analytics_client_id }} client_secret = {{ ml_analytics_client_secret }} -grant_type = {{ ml_analytics_grant_type }} - username = {{ ml_analytics_username }} password = {{ ml_analytics_password }} -[REPORTS_FILEPATH] - -script_path = {{ ml_analytics_script_path }} - [JSON_VARIABLE] createdBy = {{ ml_analytics_createdBy }} From 2b913e07bc508f21db4e76ff8fe5345dfa2401a5 Mon Sep 17 00:00:00 2001 From: Ashwiniev95 Date: Wed, 21 Jun 2023 11:38:38 +0530 Subject: [PATCH 349/434] Remove a variable --- ansible/roles/ml-analytics-service/defaults/main.yml | 1 - ansible/roles/ml-analytics-service/templates/config.j2 | 3 --- 2 files changed, 4 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 7bc5e8c541..dea0395a56 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -128,7 +128,6 @@ ml_analytics_api_base_url : "{{ ml_analytics_api_base_url }}" ml_analytics_createdBy : "{{ ml_analytics_createdBy }}" ml_analytics_reports_container : "{{ ml_analytics_reports_container }}" ml_analytics_reports_store : "{{ ml_analytics_reports_store }}" -ml_analytics_update_tag : "{{ ml_analytics_update_tag }}" ml_analytics_driver_memory: "{{ ml_analytics_driver_memory | default('50g') }}" ml_analytics_executor_memory: "{{ ml_analytics_executor_memory | default('50g') }}" diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index 2b85b70359..4c480341af 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -305,6 +305,3 @@ container = {{ ml_analytics_reports_container }} store = {{ ml_analytics_reports_store }} -[REPORT_IDS] - -update_tag = {{ ml_analytics_update_tag }} From 42b2bd7ea670570a3dec1a3a4dd3f16df8ff9d1f Mon Sep 17 00:00:00 2001 From: Ashwiniev95 Date: Thu, 22 Jun 2023 12:34:38 +0530 Subject: [PATCH 350/434] Remove a variable --- ansible/roles/ml-analytics-service/defaults/main.yml | 2 -- ansible/roles/ml-analytics-service/templates/config.j2 | 4 ---- 2 files changed, 6 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index dea0395a56..95a5267c1d 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -119,7 +119,6 @@ ml_analytics_nvsk_imp_projects_data_blob_path: "Manage_Learn_Data/micro_improvem ml_analytics_nvsk_imp_projects_state_data_local_path: "{{ config_path }}/urgent_data_metrics/output_state/" ml_analytics_nvsk_imp_projects_state_data_blob_path: "Manage_Learn_Data/micro_improvement_state/" ml_analytics_authorization_access_token : "{{ ml_analytics_authorization_access_token }}" -ml_analytics_mongo_reports_log_collec : "{{ ml_analytics_mongo_reports_log_collec }}" ml_analytics_client_id : "{{ ml_analytics_client_id }}" ml_analytics_client_secret : "{{ ml_analytics_client_secret }}" ml_analytics_username : "{{ ml_analytics_username }}" @@ -130,4 +129,3 @@ ml_analytics_reports_container : "{{ ml_analytics_reports_container }}" ml_analytics_reports_store : "{{ ml_analytics_reports_store }}" ml_analytics_driver_memory: "{{ ml_analytics_driver_memory | default('50g') }}" ml_analytics_executor_memory: "{{ ml_analytics_executor_memory | default('50g') }}" - diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index 4c480341af..3d64637aa5 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -62,9 +62,6 @@ survey_submissions_collection = {{ ml_analytics_mongo_survey_submissions_collect survey_collection = {{ ml_analytics_mongo_survey_collection }} -reports_log_collec = {{ ml_analytics_mongo_reports_log_collec }} - - [DRUID] metadata_url = http://{{ ml_analytics_druid_url }}/druid/coordinator/v1/datasources/ @@ -304,4 +301,3 @@ createdBy = {{ ml_analytics_createdBy }} container = {{ ml_analytics_reports_container }} store = {{ ml_analytics_reports_store }} - From f99495cb0c7327ee6f53ca1bace241a93567927c Mon Sep 17 00:00:00 2001 From: adithya_dinesh Date: Thu, 22 Jun 2023 18:16:18 +0530 Subject: [PATCH 351/434] Added base url to config --- ansible/roles/ml-analytics-service/templates/config.j2 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index 3d64637aa5..ad762488c6 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -7,6 +7,11 @@ integrated_app = {{ ml_analytics_integrated_app_name }} integrated_portal = {{ ml_analytics_integrated_portal }} +[API_ENDPOINTS] + +base_url = {{ ml_analytics_api_base_url }} + + [API_HEADERS] content_type = application/json From d9ffaccb32c8c9231fcd9f36d7d29f1934154374 Mon Sep 17 00:00:00 2001 From: Akash Shah Date: Thu, 22 Jun 2023 22:23:04 +0530 Subject: [PATCH 352/434] Update main.yml --- ansible/roles/ml-analytics-service/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 95a5267c1d..a926db246d 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -123,9 +123,9 @@ ml_analytics_client_id : "{{ ml_analytics_client_id }}" ml_analytics_client_secret : "{{ ml_analytics_client_secret }}" ml_analytics_username : "{{ ml_analytics_username }}" ml_analytics_password : "{{ ml_analytics_password }}" -ml_analytics_api_base_url : "{{ ml_analytics_api_base_url }}" ml_analytics_createdBy : "{{ ml_analytics_createdBy }}" -ml_analytics_reports_container : "{{ ml_analytics_reports_container }}" -ml_analytics_reports_store : "{{ ml_analytics_reports_store }}" +ml_analytics_api_base_url : "https://{{ domain_name }}/" +ml_analytics_reports_store : "{{ cloud_service_provider }}" +ml_analytics_reports_container : "{{ cloud_storage_privatereports_bucketname }}" ml_analytics_driver_memory: "{{ ml_analytics_driver_memory | default('50g') }}" ml_analytics_executor_memory: "{{ ml_analytics_executor_memory | default('50g') }}" From 1d7ae765fffd8e786513bad3760db45082d867b2 Mon Sep 17 00:00:00 2001 From: Akash Shah Date: Mon, 26 Jun 2023 10:04:07 +0530 Subject: [PATCH 353/434] Update main.yml --- ansible/roles/ml-analytics-service/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index a926db246d..e5863e010c 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -127,5 +127,5 @@ ml_analytics_createdBy : "{{ ml_analytics_createdBy }}" ml_analytics_api_base_url : "https://{{ domain_name }}/" ml_analytics_reports_store : "{{ cloud_service_provider }}" ml_analytics_reports_container : "{{ cloud_storage_privatereports_bucketname }}" -ml_analytics_driver_memory: "{{ ml_analytics_driver_memory | default('50g') }}" -ml_analytics_executor_memory: "{{ ml_analytics_executor_memory | default('50g') }}" +ml_analytics_driver_memory: "{{ ml_analytics_driver_memory | default('5g') }}" +ml_analytics_executor_memory: "{{ ml_analytics_executor_memory | default('5g') }}" From b04cc0563b7626974fd965ab356ca44aa574368d Mon Sep 17 00:00:00 2001 From: Akash Shah Date: Mon, 26 Jun 2023 17:42:50 +0530 Subject: [PATCH 354/434] Add reference for pvt repo values --- private_repo/ansible/inventory/dev/Core/common.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index 3af9204051..4598e3dc5d 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -475,3 +475,12 @@ sunbird_kong_device_register: 'true' # enables refersh token api call after log sunbird_kong_device_register_anonymous: 'true' # enables anonymous sessions sunbird_session_store_type: redis # uses redis for session data instead of cassandra portal_redis_connection_string: "redis://:@{{ sunbird_redis_host }}:6379/3" # Uses KP redis and DB number 3 to store session data + +#### ML Analytics Service ##### +ml_analytics_cname_url: # Reference value - https://obj.dev.sunbirded.org/samiksha/ + +### Variables added as part of 6.0.0 release - https://github.com/Sunbird-Ed/ml-analytics-service/tree/release-6.0.0/release-notes/6.0.0.md +ml_analytics_client_id : project-sunbird-dev-client # Keycloak client group +ml_analytics_username : reportAdmin1 # Username of a user which has roles of "PROGRAM_MANAGER", "PROGRAM_DESIGNER", "REPORT_ADMIN", "REPORT_VIEWER" +ml_analytics_password : Test@123 # Password of a user which has roles of "PROGRAM_MANAGER", "PROGRAM_DESIGNER", "REPORT_ADMIN", "REPORT_VIEWER" +ml_analytics_createdBy : fb85a044-d9eb-479b-a55a-faf1bfaea14d # Unique system generated user UUID which is the same user as above From 94de8aae11287a92f9aa3e8bb0dedb0a52355f36 Mon Sep 17 00:00:00 2001 From: Akash Shah Date: Mon, 26 Jun 2023 17:49:08 +0530 Subject: [PATCH 355/434] Add reference for pvt repo secret values --- private_repo/ansible/inventory/dev/Core/secrets.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml index 1107874126..68a42532b2 100644 --- a/private_repo/ansible/inventory/dev/Core/secrets.yml +++ b/private_repo/ansible/inventory/dev/Core/secrets.yml @@ -231,3 +231,9 @@ uci_odk_password: "admin" # ------------------------------------------------------------------------------------------------------------ # # Optional variables - Can be left blank if you dont plan to use the intended features lp_vault_youtube_api_key: # youtube api token if you want to upload youtube video urls on your site + +#### ML Analytics Service ##### +### Variables added as part of 6.0.0 release - https://github.com/Sunbird-Ed/ml-analytics-service/tree/release-6.0.0/release-notes/6.0.0.md +# Examples values added below +ml_analytics_authorization_access_token : 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkOTY3NzRjYzXXXXXXXXXXXXXQ4Y2RiOWQ2Mzg0OSJ9.n4hXxKxl_698yeZPSWhXeGvMOb4esfgPadIZe8jZ0Z4' # Bearer auth token which has access to APIs as defined in the release note +ml_analytics_client_secret : fd241dce-4ZZ9-47e1-97cf-1c7de7a44216 # Keycloak client secret for creating tokens, mapped to client id supplied to variable ml_analytics_client_id From 4e59b60afb4e7ead6bc16333d0f26bc77141e083 Mon Sep 17 00:00:00 2001 From: Akash Shah Date: Mon, 26 Jun 2023 18:38:29 +0530 Subject: [PATCH 356/434] Update common.yml --- private_repo/ansible/inventory/dev/Core/common.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index 4598e3dc5d..aef622d8cc 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -482,5 +482,4 @@ ml_analytics_cname_url: # Reference value - https://obj.dev.sunbirded.org/samiks ### Variables added as part of 6.0.0 release - https://github.com/Sunbird-Ed/ml-analytics-service/tree/release-6.0.0/release-notes/6.0.0.md ml_analytics_client_id : project-sunbird-dev-client # Keycloak client group ml_analytics_username : reportAdmin1 # Username of a user which has roles of "PROGRAM_MANAGER", "PROGRAM_DESIGNER", "REPORT_ADMIN", "REPORT_VIEWER" -ml_analytics_password : Test@123 # Password of a user which has roles of "PROGRAM_MANAGER", "PROGRAM_DESIGNER", "REPORT_ADMIN", "REPORT_VIEWER" ml_analytics_createdBy : fb85a044-d9eb-479b-a55a-faf1bfaea14d # Unique system generated user UUID which is the same user as above From 140485a08cfe94be784e2c95227050b08520d311 Mon Sep 17 00:00:00 2001 From: Akash Shah Date: Mon, 26 Jun 2023 18:39:31 +0530 Subject: [PATCH 357/434] Update secrets.yml --- private_repo/ansible/inventory/dev/Core/secrets.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml index 68a42532b2..2e16859454 100644 --- a/private_repo/ansible/inventory/dev/Core/secrets.yml +++ b/private_repo/ansible/inventory/dev/Core/secrets.yml @@ -236,4 +236,5 @@ lp_vault_youtube_api_key: # youtube api token if you want ### Variables added as part of 6.0.0 release - https://github.com/Sunbird-Ed/ml-analytics-service/tree/release-6.0.0/release-notes/6.0.0.md # Examples values added below ml_analytics_authorization_access_token : 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkOTY3NzRjYzXXXXXXXXXXXXXQ4Y2RiOWQ2Mzg0OSJ9.n4hXxKxl_698yeZPSWhXeGvMOb4esfgPadIZe8jZ0Z4' # Bearer auth token which has access to APIs as defined in the release note +ml_analytics_password : Test@123 # Password of a user which has roles of "PROGRAM_MANAGER", "PROGRAM_DESIGNER", "REPORT_ADMIN", "REPORT_VIEWER" matching with supplied username to variable ml_analytics_username ml_analytics_client_secret : fd241dce-4ZZ9-47e1-97cf-1c7de7a44216 # Keycloak client secret for creating tokens, mapped to client id supplied to variable ml_analytics_client_id From b99d3882a6c692fb35e5d1640a071fb5a5b61186 Mon Sep 17 00:00:00 2001 From: BharathwajShankar Date: Fri, 30 Jun 2023 12:18:43 +0530 Subject: [PATCH 358/434] Issue #LR-512 feat:Ability for Lern to connect to shared instances adding redis db index for groups --- .../roles/stack-sunbird/templates/sunbird_groups-service.env | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env index c178e9ce73..db8dedb6b2 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env @@ -11,6 +11,8 @@ sunbird_cassandra_consistency_level={{sunbird_cassandra_consistency_level}} LEARNER_SERVICE_PORT=http://userorg-service:9000 sunbird_redis_host={{sunbird_redis_host}} sunbird_redis_port={{sunbird_redis_port|default(6379)}} +# Release-5.3.0 LR-512 +sunbird_redis_dbIndex={{sunbird_redis_dbIndex|default(0)}} CONTENT_SERVICE_PORT=http://search-service:9000 sunbird_sso_publickey={{sunbird_sso_publickey}} sunbird_sso_url={{keycloak_auth_server_url}}/ From a0a630f3561dbe0956dd4a5793f40834e8c0dc43 Mon Sep 17 00:00:00 2001 From: Akash Shah Date: Fri, 30 Jun 2023 13:04:05 +0530 Subject: [PATCH 359/434] Remove space for 6.0 added variables --- .../roles/ml-analytics-service/defaults/main.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index e5863e010c..cf896db7ae 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -119,13 +119,13 @@ ml_analytics_nvsk_imp_projects_data_blob_path: "Manage_Learn_Data/micro_improvem ml_analytics_nvsk_imp_projects_state_data_local_path: "{{ config_path }}/urgent_data_metrics/output_state/" ml_analytics_nvsk_imp_projects_state_data_blob_path: "Manage_Learn_Data/micro_improvement_state/" ml_analytics_authorization_access_token : "{{ ml_analytics_authorization_access_token }}" -ml_analytics_client_id : "{{ ml_analytics_client_id }}" -ml_analytics_client_secret : "{{ ml_analytics_client_secret }}" -ml_analytics_username : "{{ ml_analytics_username }}" -ml_analytics_password : "{{ ml_analytics_password }}" -ml_analytics_createdBy : "{{ ml_analytics_createdBy }}" -ml_analytics_api_base_url : "https://{{ domain_name }}/" -ml_analytics_reports_store : "{{ cloud_service_provider }}" -ml_analytics_reports_container : "{{ cloud_storage_privatereports_bucketname }}" +ml_analytics_client_id: "{{ ml_analytics_client_id }}" +ml_analytics_client_secret: "{{ ml_analytics_client_secret }}" +ml_analytics_username: "{{ ml_analytics_username }}" +ml_analytics_password: "{{ ml_analytics_password }}" +ml_analytics_createdBy: "{{ ml_analytics_createdBy }}" +ml_analytics_api_base_url: "https://{{ domain_name }}/" +ml_analytics_reports_store: "{{ cloud_service_provider }}" +ml_analytics_reports_container: "{{ cloud_storage_privatereports_bucketname }}" ml_analytics_driver_memory: "{{ ml_analytics_driver_memory | default('5g') }}" ml_analytics_executor_memory: "{{ ml_analytics_executor_memory | default('5g') }}" From c05302f03f43e49082355a599c0d534105452299 Mon Sep 17 00:00:00 2001 From: Akash Shah Date: Fri, 30 Jun 2023 14:11:43 +0530 Subject: [PATCH 360/434] Remove extra spaces --- ansible/roles/ml-analytics-service/defaults/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index cf896db7ae..c979561d7b 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -53,8 +53,8 @@ ml_analytics_project_output_dir: "{{ WORKDIR }}/source/projects/output" ml_analytics_observation_status_output_dir: "{{ WORKDIR }}/source/observations/status/output" ml_analytics_api_authorization_key: "{{ml_api_auth_token | default('sunbird_api_auth_token')}}" ml_analytics_api_access_token: "{{ml_api_access_token | default('ml_core_internal_access_token')}}" -ml_analytics_druid_observation_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "azure","uris": ["azure://telemetry-data-store/observation/status/sl_observation_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-observation-status","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"auto"},"dimensionsSpec":{"dimensions":["status","entity_externalId","entity_id","entity_type","solution_id","solution_externalId","submission_id","entity_name","solution_name","role_title","school_name","school_code","school_externalId","state_name","state_code","state_externalId","district_name","district_code","district_externalId","block_name","block_code","block_externalId","cluster_name","cluster_code","cluster_externalId","completedDate","channel","parent_channel","program_id","program_externalId","program_name","app_name","user_id","private_program","solution_type","organisation_name","ecm_marked_na","board_name","updatedAt","organisation_id","user_type","observed_school_name","observed_school_id","observed_school_code","observed_state_name","observed_state_id","observed_state_code","observed_district_name","observed_district_id","observed_district_code","observed_block_name","observed_block_id","observed_block_code","observed_cluster_name","observed_cluster_id","observed_cluster_code","isRubricDriven","criteriaLevelReport"]},"metricsSpec":[]}}}' -ml_analytics_druid_project_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "azure","uris": ["azure://telemetry-data-store/projects/sl_projects.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-project","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"project_updated_date","format":"auto"},"dimensionsSpec":{"dimensions":[]},"metricsSpec":[]}}}' +ml_analytics_druid_observation_status_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "azure","uris": ["azure://telemetry-data-store/observation/status/sl_observation_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-observation-status","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"auto"},"dimensionsSpec":{"dimensions":["status","entity_externalId","entity_id","entity_type","solution_id","solution_externalId","submission_id","entity_name","solution_name","role_title","school_name","school_code","school_externalId","state_name","state_code","state_externalId","district_name","district_code","district_externalId","block_name","block_code","block_externalId","cluster_name","cluster_code","cluster_externalId","completedDate","channel","parent_channel","program_id","program_externalId","program_name","app_name","user_id","private_program","solution_type","organisation_name","ecm_marked_na","board_name","updatedAt","organisation_id","user_type","observed_school_name","observed_school_id","observed_school_code","observed_state_name","observed_state_id","observed_state_code","observed_district_name","observed_district_id","observed_district_code","observed_block_name","observed_block_id","observed_block_code","observed_cluster_name","observed_cluster_id","observed_cluster_code","isRubricDriven","criteriaLevelReport"]},"metricsSpec":[]}}}' +ml_analytics_druid_project_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "azure","uris": ["azure://telemetry-data-store/projects/sl_projects.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-project","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"project_updated_date","format":"auto"},"dimensionsSpec":{"dimensions":[]},"metricsSpec":[]}}}' ml_analytics_druid_distinctCnt_obs_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount/ml_observation_distinctCount_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"status"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' ml_analytics_druid_distinctCnt_obs_domain_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount_domain/ml_observation_distinctCount_domain.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-domain","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"string","name":"domain_name"},{"type":"string","name":"domain_externalId"},{"type":"string","name":"domain_level"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' ml_analytics_druid_distinctCnt_obs_domain_criteria_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount_domain_criteria/ml_observation_distinctCount_domain_criteria.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-domain-criteria","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"string","name":"domain_name"},{"type":"string","name":"domain_externalId"},{"type":"string","name":"domain_level"},{"type":"string","name":"criteria_name"},{"type":"string","name":"criteria_score"},{"type":"string","name":"criteria_id"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' @@ -81,7 +81,7 @@ ml_analytics_druid_distinctCnt_prglevel_projects_status_injestion_spec : '{"type ml_analytics_projects_distinctCnt_prglevel_output_dir: "{{ WORKDIR }}/source/projects/distinctCountPrglevel/output" ml_analytics_projects_distinctCnt_prglevel_cloud_blob_path: "projects/distinctCountPrglevel/" ml_analytics_survey_status_output_dir : "{{ WORKDIR }}/source/survey/status/output" -ml_analytics_survey_cloud_blob_path : "survey/status/" +ml_analytics_survey_cloud_blob_path: "survey/status/" ml_analytics_druid_survey_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/survey/status/sl_survey_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-survey-status","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":true,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"iso"},"dimensionsSpec":{"dimensions":["survey_submission_id", "submission_status", "user_id", "user_sub_type", "user_type", "state_externalId", "block_externalId", "district_externalId", "cluster_externalId", "school_externalId", "state_name", "block_name", "district_name", "cluster_name", "school_name", "board_name", "organisation_id", "organisation_name", "program_externalId", "program_id", "program_name", "survey_name", "survey_id", "survey_externalId", "created_date", "submission_date", "updatedAt", "parent_channel", "solution_name", "solution_id","private_program","state_code","school_code","district_code","block_code","cluster_code"]},"metricsSpec":[]}}}' ml_slack_token: "{{ ml_analytics_slack_token | default('') }}" ml_slack_channel: "{{ ml_analytics_slack_channel | default('') }}" @@ -96,7 +96,7 @@ ml_analytics_observation_submission_id_filepath: "{{ WORKDIR }}/ml-analytics-ser ml_analytics_observation_batchupdate_output_dir: "{{ WORKDIR }}/source/observations/" ml_analytics_druid_survey_query_spec : '{"queryType":"scan","dataSource":"sl-survey","resultFormat":"list","columns":["completedDate","createdAt","createdBy","criteriaExternalId","criteriaId","criteriaName","surveyId","surveyName","surveySubmissionId","questionAnswer","questionECM","questionExternalId","questionId","questionName","questionResponseLabel","questionResponseType","solutionExternalId","solutionId","solutionName","updatedAt","instanceParentId","instanceId","instanceParentResponsetype","instanceParentQuestion","questionSequenceByEcm","maxScore","minScore","percentageScore","pointsBasedScoreInParent","totalScore","scoreAchieved","totalpercentage","instanceParentExternalId","instanceParentEcmSequence","remarks","total_evidences","evidence_count","instanceParentCriteriaId","instanceParentCriteriaExternalId","instanceParentCriteriaName","isAPrivateProgram","programId","programName","programExternalId","questionResponseLabel_number","channel","parent_channel","appName","organisation_name","user_subtype","user_type","board_name","district_code","district_name","district_externalId","block_code","block_name","block_externalId","school_code","school_name","school_externalId","cluster_code","cluster_name","cluster_externalId","state_code","state_name","state_externalId","organisation_id","evidences"],"intervals":["1901-01-01T00:00:00+00:00/2101-01-01T00:00:00+00:00"]}' ml_analytics_druid_survey_batch_ingestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris": ["azure://telemetry-data-store/survey/batchDeletion/druidData.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-survey","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"completedDate","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"completedDate"},{"type":"string","name":"createdAt"},{"type":"string","name":"createdBy"},{"type":"string","name":"criteriaExternalId"},{"type":"string","name":"criteriaId"},{"type":"string","name":"criteriaName"},{"type":"string","name":"surveyId"},{"type":"string","name":"surveyName"},{"type":"string","name":"surveySubmissionId"},{"type":"string","name":"questionAnswer"},{"type":"string","name":"questionECM"},{"type":"string","name":"questionExternalId"},{"type":"string","name":"questionId"},{"type":"string","name":"questionName"},{"type":"string","name":"questionResponseLabel"},{"type":"string","name":"questionResponseType"},{"type":"string","name":"solutionExternalId"},{"type":"string","name":"solutionId"},{"type":"string","name":"solutionName"},{"type":"string","name":"updatedAt"},{"type":"string","name":"instanceParentId"},{"type":"string","name":"instanceId"},{"type":"string","name":"instanceParentResponsetype"},{"type":"string","name":"instanceParentQuestion"},{"type":"string","name":"questionSequenceByEcm"},{"type":"string","name":"maxScore"},{"type":"string","name":"minScore"},{"type":"string","name":"percentageScore"},{"type":"string","name":"pointsBasedScoreInParent"},{"type":"string","name":"totalScore"},{"type":"string","name":"scoreAchieved"},{"type":"string","name":"totalpercentage"},{"type":"string","name":"instanceParentExternalId"},{"type":"string","name":"instanceParentEcmSequence"},{"type":"string","name":"remarks"},{"type":"string","name":"total_evidences"},{"type":"string","name":"evidence_count"},{"type":"string","name":"evidences"},{"type":"string","name":"instanceParentCriteriaId"},{"type":"string","name":"instanceParentCriteriaExternalId"},{"type":"string","name":"instanceParentCriteriaName"},{"type":"string","name":"isAPrivateProgram"},{"type":"string","name":"programId"},{"type":"string","name":"programName"},{"type":"string","name":"programExternalId"},{"name":"questionResponseLabel_number","type":"float"},{"type":"string","name":"channel"},{"type":"string","name":"parent_channel"},{"type":"string","name":"appName"},{"type":"string","name":"organisation_name"},{"type":"string","name":"user_subtype"},{"type":"string","name":"user_type"},{"type":"string","name":"board_name"},{"type":"string","name":"district_code"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_code"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"school_code"},{"type":"string","name":"school_name"},{"type":"string","name":"school_externalId"},{"type":"string","name":"cluster_code"},{"type":"string","name":"cluster_name"},{"type":"string","name":"cluster_externalId"},{"type":"string","name":"state_code"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"organisation_id"},{"type":"string","name":"isSubmissionDeleted"}]},"metricsSpec":[{"type":"floatSum","name":"question_response_number","fieldName":"questionResponseLabel_number"}]}}}' -ml_analytics_survey_batchupdate_cloud_blob_path : "survey/batchDeletion" +ml_analytics_survey_batchupdate_cloud_blob_path: "survey/batchDeletion" ml_analytics_survey_submission_id_filepath : "{{ WORKDIR }}/ml-analytics-service/survey/submissions.csv" ml_analytics_survey_batchupdate_output_dir : "{{ WORKDIR }}/source/survey/" ml_analytics_druid_interval_list: '["1901-01-01T00:00:00+00:00/2020-01-01T00:00:00+00:00","2020-01-01T00:00:00+00:00/2020-06-01T00:00:00+00:00","2020-06-01T00:00:00+00:00/2021-01-01T00:00:00+00:00","2021-01-01T00:00:00+00:00/2021-06-01T00:00:00+00:00","2021-06-01T00:00:00+00:00/2022-01-01T00:00:00+00:00","2022-01-01T00:00:00+00:00/2022-03-01T00:00:00+00:00","2022-03-01T00:00:00+00:00/2022-06-01T00:00:00+00:00","2022-06-01T00:00:00+00:00/2022-09-01T00:00:00+00:00","2022-09-01T00:00:00+00:00/2023-01-01T00:00:00+00:00"]' @@ -118,7 +118,7 @@ ml_analytics_nvsk_imp_projects_data_local_path: "{{ config_path }}/urgent_data_m ml_analytics_nvsk_imp_projects_data_blob_path: "Manage_Learn_Data/micro_improvement/" ml_analytics_nvsk_imp_projects_state_data_local_path: "{{ config_path }}/urgent_data_metrics/output_state/" ml_analytics_nvsk_imp_projects_state_data_blob_path: "Manage_Learn_Data/micro_improvement_state/" -ml_analytics_authorization_access_token : "{{ ml_analytics_authorization_access_token }}" +ml_analytics_authorization_access_token: "{{ ml_analytics_authorization_access_token }}" ml_analytics_client_id: "{{ ml_analytics_client_id }}" ml_analytics_client_secret: "{{ ml_analytics_client_secret }}" ml_analytics_username: "{{ ml_analytics_username }}" From 6dfd079db31c674968f649cc1a5126b9681f6310 Mon Sep 17 00:00:00 2001 From: Akash Shah Date: Fri, 30 Jun 2023 14:14:29 +0530 Subject: [PATCH 361/434] Update main.yml --- ansible/roles/ml-analytics-service/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index c979561d7b..881afcbd41 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -97,8 +97,8 @@ ml_analytics_observation_batchupdate_output_dir: "{{ WORKDIR }}/source/observati ml_analytics_druid_survey_query_spec : '{"queryType":"scan","dataSource":"sl-survey","resultFormat":"list","columns":["completedDate","createdAt","createdBy","criteriaExternalId","criteriaId","criteriaName","surveyId","surveyName","surveySubmissionId","questionAnswer","questionECM","questionExternalId","questionId","questionName","questionResponseLabel","questionResponseType","solutionExternalId","solutionId","solutionName","updatedAt","instanceParentId","instanceId","instanceParentResponsetype","instanceParentQuestion","questionSequenceByEcm","maxScore","minScore","percentageScore","pointsBasedScoreInParent","totalScore","scoreAchieved","totalpercentage","instanceParentExternalId","instanceParentEcmSequence","remarks","total_evidences","evidence_count","instanceParentCriteriaId","instanceParentCriteriaExternalId","instanceParentCriteriaName","isAPrivateProgram","programId","programName","programExternalId","questionResponseLabel_number","channel","parent_channel","appName","organisation_name","user_subtype","user_type","board_name","district_code","district_name","district_externalId","block_code","block_name","block_externalId","school_code","school_name","school_externalId","cluster_code","cluster_name","cluster_externalId","state_code","state_name","state_externalId","organisation_id","evidences"],"intervals":["1901-01-01T00:00:00+00:00/2101-01-01T00:00:00+00:00"]}' ml_analytics_druid_survey_batch_ingestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris": ["azure://telemetry-data-store/survey/batchDeletion/druidData.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-survey","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"completedDate","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"completedDate"},{"type":"string","name":"createdAt"},{"type":"string","name":"createdBy"},{"type":"string","name":"criteriaExternalId"},{"type":"string","name":"criteriaId"},{"type":"string","name":"criteriaName"},{"type":"string","name":"surveyId"},{"type":"string","name":"surveyName"},{"type":"string","name":"surveySubmissionId"},{"type":"string","name":"questionAnswer"},{"type":"string","name":"questionECM"},{"type":"string","name":"questionExternalId"},{"type":"string","name":"questionId"},{"type":"string","name":"questionName"},{"type":"string","name":"questionResponseLabel"},{"type":"string","name":"questionResponseType"},{"type":"string","name":"solutionExternalId"},{"type":"string","name":"solutionId"},{"type":"string","name":"solutionName"},{"type":"string","name":"updatedAt"},{"type":"string","name":"instanceParentId"},{"type":"string","name":"instanceId"},{"type":"string","name":"instanceParentResponsetype"},{"type":"string","name":"instanceParentQuestion"},{"type":"string","name":"questionSequenceByEcm"},{"type":"string","name":"maxScore"},{"type":"string","name":"minScore"},{"type":"string","name":"percentageScore"},{"type":"string","name":"pointsBasedScoreInParent"},{"type":"string","name":"totalScore"},{"type":"string","name":"scoreAchieved"},{"type":"string","name":"totalpercentage"},{"type":"string","name":"instanceParentExternalId"},{"type":"string","name":"instanceParentEcmSequence"},{"type":"string","name":"remarks"},{"type":"string","name":"total_evidences"},{"type":"string","name":"evidence_count"},{"type":"string","name":"evidences"},{"type":"string","name":"instanceParentCriteriaId"},{"type":"string","name":"instanceParentCriteriaExternalId"},{"type":"string","name":"instanceParentCriteriaName"},{"type":"string","name":"isAPrivateProgram"},{"type":"string","name":"programId"},{"type":"string","name":"programName"},{"type":"string","name":"programExternalId"},{"name":"questionResponseLabel_number","type":"float"},{"type":"string","name":"channel"},{"type":"string","name":"parent_channel"},{"type":"string","name":"appName"},{"type":"string","name":"organisation_name"},{"type":"string","name":"user_subtype"},{"type":"string","name":"user_type"},{"type":"string","name":"board_name"},{"type":"string","name":"district_code"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_code"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"school_code"},{"type":"string","name":"school_name"},{"type":"string","name":"school_externalId"},{"type":"string","name":"cluster_code"},{"type":"string","name":"cluster_name"},{"type":"string","name":"cluster_externalId"},{"type":"string","name":"state_code"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"organisation_id"},{"type":"string","name":"isSubmissionDeleted"}]},"metricsSpec":[{"type":"floatSum","name":"question_response_number","fieldName":"questionResponseLabel_number"}]}}}' ml_analytics_survey_batchupdate_cloud_blob_path: "survey/batchDeletion" -ml_analytics_survey_submission_id_filepath : "{{ WORKDIR }}/ml-analytics-service/survey/submissions.csv" -ml_analytics_survey_batchupdate_output_dir : "{{ WORKDIR }}/source/survey/" +ml_analytics_survey_submission_id_filepath: "{{ WORKDIR }}/ml-analytics-service/survey/submissions.csv" +ml_analytics_survey_batchupdate_output_dir: "{{ WORKDIR }}/source/survey/" ml_analytics_druid_interval_list: '["1901-01-01T00:00:00+00:00/2020-01-01T00:00:00+00:00","2020-01-01T00:00:00+00:00/2020-06-01T00:00:00+00:00","2020-06-01T00:00:00+00:00/2021-01-01T00:00:00+00:00","2021-01-01T00:00:00+00:00/2021-06-01T00:00:00+00:00","2021-06-01T00:00:00+00:00/2022-01-01T00:00:00+00:00","2022-01-01T00:00:00+00:00/2022-03-01T00:00:00+00:00","2022-03-01T00:00:00+00:00/2022-06-01T00:00:00+00:00","2022-06-01T00:00:00+00:00/2022-09-01T00:00:00+00:00","2022-09-01T00:00:00+00:00/2023-01-01T00:00:00+00:00"]' ML_Cloud_Service_Provider: "{{ cloud_service_provider | default('azure') }}" ## Valid options - ORACLE, gcloud, aws & azure ml_analytics_cloud_package_path: "{{ config_path }}/cloud_storage" From f2f6a80fef4ff7e33ed1577d849626076416f27c Mon Sep 17 00:00:00 2001 From: Akash Shah Date: Fri, 30 Jun 2023 18:09:56 +0530 Subject: [PATCH 362/434] Update main.yml --- ansible/roles/ml-analytics-service/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 881afcbd41..d62a4cfd31 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -127,5 +127,5 @@ ml_analytics_createdBy: "{{ ml_analytics_createdBy }}" ml_analytics_api_base_url: "https://{{ domain_name }}/" ml_analytics_reports_store: "{{ cloud_service_provider }}" ml_analytics_reports_container: "{{ cloud_storage_privatereports_bucketname }}" -ml_analytics_driver_memory: "{{ ml_analytics_driver_memory | default('5g') }}" -ml_analytics_executor_memory: "{{ ml_analytics_executor_memory | default('5g') }}" +ml_analytics_driver_memory: "{{ ml_analytics_default_driver_memory | default('5g') }}" +ml_analytics_executor_memory: "{{ ml_analytics_default_executor_memory | default('5g') }}" From b3324519b97009bfe250957d8507e3ced550f183 Mon Sep 17 00:00:00 2001 From: BharathwajShankar Date: Mon, 3 Jul 2023 10:41:19 +0530 Subject: [PATCH 363/434] Issue #LR-512 feat:Ability for Lern to connect to shared instances adding redis db index for lms,user-org,notification --- .../stack-sunbird/templates/sunbird_lms-service.env | 13 ++++++++++++- .../templates/sunbird_notification-service.env | 2 ++ .../stack-sunbird/templates/userorg-service.env | 6 ++++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index b08a937fc7..4a317d881a 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -162,4 +162,15 @@ exhaust_api_submit_endpoint=/request/submit exhaust_api_list_endpoint=/request/list/ # Release-5.3.0 LR-324 -content_read_url=/content/v3/read/ \ No newline at end of file +content_read_url=/content/v3/read/ + +# Release-5.4.0 - LR-511 +sunbird_keyspace=sunbird +sunbird_course_keyspace=sunbird_courses +dialcode_keyspace=dialcodes +redis.dbIndex=0 +es_course_index=cbatch +es_course_batch_index=course-batch +es_user_index=user +es_organisation_index=org +es_user_courses_index=user-courses \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env index 3df3bf5bc8..9ae9675705 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_notification-service.env @@ -37,3 +37,5 @@ sunbird_us_org_read_url=/v1/org/read notification_category_type_config=certificateUpdate # Release-5.0.0 isMultiDCEnabled={{cassandra_multi_dc_enabled}} +# Release-5.4.0 - LR-512 +sunbird_notification_keyspace=sunbird_notifications diff --git a/ansible/roles/stack-sunbird/templates/userorg-service.env b/ansible/roles/stack-sunbird/templates/userorg-service.env index 8ebd0b4e38..2c07df56e9 100644 --- a/ansible/roles/stack-sunbird/templates/userorg-service.env +++ b/ansible/roles/stack-sunbird/templates/userorg-service.env @@ -128,3 +128,9 @@ sunbird_sso_lb_ip={{keycloak_url}} # Release-5.0.0 sunbird_cloud_service_provider={{cloud_service_provider}} isMultiDCEnabled={{cassandra_multi_dc_enabled}} + +# Release 5.4.0 LR-102 +es_user_notes_index=usernotes +es_location_index=location +es_user_feed_index=userfeed +sunbird_keyspace=sunbird \ No newline at end of file From ac256eabcc445480eb0b55a42c24d88a72629225 Mon Sep 17 00:00:00 2001 From: sachin patil <91308046+spsac08@users.noreply.github.com> Date: Mon, 3 Jul 2023 17:13:15 +0530 Subject: [PATCH 364/434] Update config.j2 Updated the Loggers path in config.j2 --- .../ml-analytics-service/templates/config.j2 | 24 ++++++------------- 1 file changed, 7 insertions(+), 17 deletions(-) diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index ad762488c6..e15c7eb70b 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -131,29 +131,19 @@ survey_druid_topic = {{ ml_analytics_kafka_survey_druid_topic_name }} [LOGS] -observation_streaming_success = {{ ml_analytics_observation_log_folder_path }}/success.log +observation_streaming_success_error = {{ ml_analytics_observation_log_folder_path }}/ -observation_streaming_error = {{ ml_analytics_observation_log_folder_path }}/error.log +observation_streaming_evidence_success_error = {{ ml_analytics_observation_log_folder_path }}/evidence/ -observation_streaming_evidence_success = {{ ml_analytics_observation_log_folder_path }}/evidence/success.log +observation_status_success_error = {{ ml_analytics_observation_log_folder_path }}/status/ -observation_streaming_evidence_error = {{ ml_analytics_observation_log_folder_path }}/evidence/error.log +project_success_error = {{ ml_analytics_project_log_folder_path }}/ -observation_status_success = {{ ml_analytics_observation_log_folder_path }}/status/success.log +survey_evidence_streaming_success_error = {{ ml_analytics_survey_log_folder_path }}/evidence/ -observation_status_error = {{ ml_analytics_observation_log_folder_path }}/status/error.log +survey_streaming_success_error = {{ ml_analytics_survey_log_folder_path }}/ -project_success = {{ ml_analytics_project_log_folder_path }}/success.log - -project_error = {{ ml_analytics_project_log_folder_path }}/error.log - -survey_evidence_streaming_success = {{ ml_analytics_survey_log_folder_path }}/evidence/success.log - -survey_evidence_streaming_error = {{ ml_analytics_survey_log_folder_path }}/evidence/error.log - -survey_streaming_success = {{ ml_analytics_survey_log_folder_path }}/success.log - -survey_streaming_error = {{ ml_analytics_survey_log_folder_path }}/error.log +survey_status_success_error = {{ ml_analytics_survey_log_folder_path }}/status/ {% if ML_Cloud_Service_Provider is equalto 'ORACLE' %} From 04143ef02e0bb4658a33e75d9ee8065760c050a6 Mon Sep 17 00:00:00 2001 From: BharathwajShankar Date: Tue, 4 Jul 2023 12:03:28 +0530 Subject: [PATCH 365/434] Issue #LR-512 feat:Ability for Lern to connect to shared instances adding redis db index for lms,user-org,notification --- .../roles/stack-sunbird/templates/sunbird_groups-service.env | 2 +- ansible/roles/stack-sunbird/templates/sunbird_lms-service.env | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env index db8dedb6b2..83f3262daf 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_groups-service.env @@ -12,7 +12,7 @@ LEARNER_SERVICE_PORT=http://userorg-service:9000 sunbird_redis_host={{sunbird_redis_host}} sunbird_redis_port={{sunbird_redis_port|default(6379)}} # Release-5.3.0 LR-512 -sunbird_redis_dbIndex={{sunbird_redis_dbIndex|default(0)}} +sunbird_redis_db_index={{sunbird_redis_db_index|default(0)}} CONTENT_SERVICE_PORT=http://search-service:9000 sunbird_sso_publickey={{sunbird_sso_publickey}} sunbird_sso_url={{keycloak_auth_server_url}}/ diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 4a317d881a..c949e0134f 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -167,8 +167,7 @@ content_read_url=/content/v3/read/ # Release-5.4.0 - LR-511 sunbird_keyspace=sunbird sunbird_course_keyspace=sunbird_courses -dialcode_keyspace=dialcodes -redis.dbIndex=0 +sunbird_redis_db_index={{sunbird_redis_db_index|default(0)}} es_course_index=cbatch es_course_batch_index=course-batch es_user_index=user From 85adf34016c9f090fbbeb72bbc6e903c87f7dbd6 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Thu, 6 Jul 2023 11:33:30 +0530 Subject: [PATCH 366/434] Issue #LR-122 chore: updated the nginx-public-ingress config --- .../core/nginx-public-ingress/values.j2 | 1269 +++++++++++++---- 1 file changed, 1007 insertions(+), 262 deletions(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 2916eb18f7..43cc7bf673 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -30,6 +30,9 @@ nginx_volumes: - name: proxy-config configMap: name: proxy-default + - name: nginx-config + configMap: + name: nginx-conf volumemounts: - name: tls mountPath: /etc/secrets @@ -115,22 +118,204 @@ proxyconfig: |- ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. resolver {{ kube_dns_ip }} valid=30s; - location / { - rewrite ^/(.*) /$1 break; + # Admin API Endpoints for sunbird realm fpr forgot password flow + location ~ /auth/admin/realms/sunbird/users/ { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Sunbird realm keycloak API endpoints + location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Static Assets for keycloak endpoints with caching + location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) { + # Enabling caching + proxy_cache_key $proxy_host$request_uri; + proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_connect_timeout 5; proxy_send_timeout 60; proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # This is Caching mechanism for POST requests location search + location ~ /userorg/data/v1/location/search { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; proxy_http_version 1.1; proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://player; } - - location /api/ { + # Caching for content consumption + location ~ /api/(content/v1/read|course/v1/hierarchy|course/v1/batch/read) { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.large_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.medium_validity}}; + # Increasing the proxy buffer size + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://kong; + } + # This is Caching mechanism for Content search + location ~ /api/content/v1/search { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.large_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.medium_validity}}; + # Increasing the proxy buffer size + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://kong; + } + # This is Caching mechanism for POST requests + location ~ /api/data/v1/form/read { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location ~ /api/(framework/v1/read|data/v1/system/settings/get|org/v1/search|org/v2/search|data/v1/location/search) { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_methods GET HEAD POST; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + rewrite ^/api/(.*) /$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + proxy_pass http://kong; + } + location /api/ { if ($request_method = OPTIONS ) { add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; @@ -160,8 +345,121 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } - - location /discussions/ { + # Oauth2 config + location /oauth2/ { + set $target http://oauth2-proxy.logging.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Auth-Request-Redirect $request_uri; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location = /oauth2/auth { + set $target http://oauth2-proxy.logging.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + # nginx auth_request includes headers but not body + proxy_set_header Content-Length ""; + proxy_pass_request_body off; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } +{% if graylog_open_to_public %} + location /graylog/ { + auth_request /oauth2/auth; + error_page 401 = /oauth2/sign_in; + # Setting target url + auth_request_set $target http://graylog.logging.svc.cluster.local; + # pass information via X-User and X-Email headers to backend, + # requires running with --set-xauthrequest flag + auth_request_set $user $upstream_http_x_auth_request_user; + auth_request_set $email $upstream_http_x_auth_request_email; + proxy_set_header X-User $user; + proxy_set_header X-Email $email; + # if you enabled --cookie-refresh, this is needed for it to work with auth_request + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Scheme $scheme; + proxy_set_header Graylog-User viewer; + proxy_set_header X-Graylog-Server-URL {{proto}}://{{ proxy_server_name }}/graylog/; + rewrite ^/graylog/(.*)$ /$1 break; + proxy_pass $target; + } + location /dashboard { + return 301 /graylog/; + } +{% else %} + location /dashboard/ { + auth_request /oauth2/auth; + error_page 401 = /oauth2/sign_in; + # Setting target url + auth_request_set $target http://{{ kibana_service }}; + # pass information via X-User and X-Email headers to backend, + # requires running with --set-xauthrequest flag + auth_request_set $user $upstream_http_x_auth_request_user; + auth_request_set $email $upstream_http_x_auth_request_email; + proxy_set_header X-User $user; + proxy_set_header X-Email $email; + # if you enabled --cookie-refresh, this is needed for it to work with auth_request + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } +{% endif %} + location /oauth3 { + set $target http://oauth2-proxy.monitoring.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Auth-Request-Redirect $request_uri; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location = /oauth3/auth { + set $target http://oauth2-proxy.monitoring.svc.cluster.local; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header Content-Length ""; + proxy_pass_request_body off; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /grafana/ { + auth_request /oauth3/auth; + error_page 401 = /oauth3/sign_in; + auth_request_set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; + include /etc/nginx/defaults.d/compression.conf; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local; + rewrite ^/grafana/(.*) /$1 break; + proxy_pass $target; + } + location /encryption/ { + set $target http://encryption.{{ namespace }}.svc.cluster.local; + rewrite ^/encryption/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 1; + proxy_send_timeout 30; + proxy_read_timeout 40; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $http_x_forwarded_for; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $target; + } + location /discussions/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -176,254 +474,592 @@ proxyconfig: |- #rewrite ^/discussions/(.*) /$1 break; proxy_pass $target; } - # Admin API Endpoints for sunbird realm fpr forgot password flow - location ~ /auth/admin/realms/sunbird/users/ { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # Sunbird realm keycloak API endpoints - location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header X-Request-ID $sb_request_id; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # Refresh token endpoint being routed to kong - location ~* ^/auth/v1/refresh/token { - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; + location ~* ^/assets/public/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "{{upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{upstream_url.split('/')[2]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/$url_full; + } + location ~* ^/content/preview/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[2]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/v3/preview/$url_full; } - # Static Assets for keycloak endpoints with caching - location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) { + location ~ /content-editor/telemetry|collection-editor/telemetry { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location ~* ^/content-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[2]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/content-editor/$url_full; + } + location ~* ^/discussion-ui/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + set $bucket "{{discussion_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{discussion_upstream_url.split('/')[2]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/discussion-ui/$url_full; + } + location ~* ^/collection-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[2]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/collection-editor/$url_full; + } + location ~* ^/generic-editor/(.*) { + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[2]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/generic-editor/$url_full; + } + location ~* ^/content-plugins/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $bucket "{{plugin_upstream_url}}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{plugin_upstream_url.split('/')[2]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass $bucket/content-plugins/$url_full; + } + location /thirdparty { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; + # Enabling compression + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location ~* ^/desktop/(.*) { + # Enabling cache for Response code 200 + expires 1M; + add_header Pragma public; + add_header Cache-Control "public"; # Enabling compression - include /etc/nginx/defaults.d/compression.conf; - # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}}; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; - rewrite ^/auth/(.*) /auth/$1 break; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_pass http://keycloak; - } - # This is Caching mechanism for POST requests location search - location ~ /userorg/data/v1/location/search { - # Enabling compression - include /etc/nginx/defaults.d/compression.conf; - # Enabling caching - # caching include Accept-Encoding header also, to provide gziped or plain content as per request - proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; - proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; - add_header X-Proxy-Cache $upstream_cache_status; - add_header X-Proxy-Cache-Date $upstream_http_date; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_methods GET HEAD POST; - proxy_cache_revalidate on; - proxy_cache_background_update on; - proxy_cache_lock on; - proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; - } - # compression for svg certs download - location /api/certreg/v2/certs/download { - rewrite ^/api/(.*) /$1 break; - include /etc/nginx/defaults.d/compression.conf; - proxy_set_header Connection ""; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://kong; - } - location /userorg/certreg/v2/certs/download { - # Compression - gzip on; - gzip_comp_level 5; - gzip_min_length 50000; # 50KB - gzip_proxied any; - gzip_vary on; - # Content types for compression - gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - add_header test hello; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 5; - proxy_send_timeout 60; - proxy_read_timeout 70; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_http_version 1.1; - proxy_set_header X-Request-ID $sb_request_id; - proxy_pass http://player; - } - } + gzip on; + gzip_min_length 100000; + gzip_proxied expired no-cache no-store private auth; + gzip_types application/javascript application/x-javascript text/css text/javascript; + if ($request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin "*" ; + add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; + add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; + # add_header Access-Control-Allow-Credentials "true"; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + set $offline_bucket "{{ sunbird_offline_azure_storage_account_url }}"; + set $url_full '$1'; + proxy_http_version 1.1; + proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[2]|lower}}"; + proxy_set_header Authorization ''; + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header Set-Cookie; + proxy_ignore_headers "Set-Cookie"; + proxy_buffering off; + proxy_intercept_errors on; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods GET; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass https://$offline_bucket/$url_full; + } + # compression for svg certs download + location /api/certreg/v2/certs/download { + rewrite ^/api/(.*) /$1 break; + include /etc/nginx/defaults.d/compression.conf; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location /userorg/certreg/v2/certs/download { + # Compression + gzip on; + gzip_comp_level 5; + gzip_min_length 50000; # 50KB + gzip_proxied any; + gzip_vary on; + # Content types for compression + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + add_header test hello; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location /v3/device/register { + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + proxy_set_header Connection ""; + rewrite ^/v3/device/register/(.*) /v3/device/register/$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + } + location /action/data/v3/metrics { + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + proxy_set_header Connection ""; + rewrite ^/action/data/v3/metrics/(.*) /data/v3/metrics/$1 break; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + } + location ~ /resourcebundles/v1/read|/userorg/data/v1/(role/read|system/settings/get)|/v1/tenant/info { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://player; + } + location /api/channel/v1/read { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + rewrite ^/api/channel/v1/read/(.*) /channel/v1/read/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + location ~ ^/chatapi/ { + set $target http://router-service.{{ namespace }}.svc.cluster.local:8000; + rewrite ^/chatapi/(.*) /$1 break; + proxy_pass $target; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + } + location /oauth2callback { + return 200 'OK'; + add_header Content-Type text/plain; + } + location /dial/ { + if ($dial_upstream_host = kong) { + rewrite ^/dial/(.*) /api/dialcode/v2/read/$1; + } + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://$dial_upstream_host; + } +{% if apple_app_site_association is defined %} + location /apple-app-site-association { + alias /var/www/html/; + index apple-app-site-association.json; + } +{% endif %} + {# Including custom configuration #} + {{ proxy_custom_config }}} + nginxconfig: | - user nginx; - worker_processes {{nginx_worker_processes | d("auto")}}; - {# - Can add custom modules like - eg: - nginx_modules: | - load_module modules/ngx_http_geoip2_module.so; - load_module modules/ngx_stream_geoip2_module.so; - #} - {% if nginx_modules is defined and nginx_modules %} - {{ nginx_modules | indent( width=2, indentfirst=True) }} - {% endif %} - error_log /var/log/nginx/error.log warn; - pid /var/run/nginx.pid; - events { - worker_connections 10000; - } - http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - resolver {{ kube_dns_ip }} valid=30s; - {# - This is to define custom nginx_http_configs - for example - nginx_http_config: | - geoip2 /usr/local/share/GeoLite2-Country.mmdb { - $geoip2_data_country_iso_code country iso_code; - } - map $geoip2_data_country_iso_code $allowed_country { - default no; - IN no; - } - #} - {% if nginx_http_config is defined and nginx_http_config %} - {{ nginx_http_config | indent( width=7, indentfirst=True) }} - {% endif %} - lua_load_resty_core off; - log_format main '{{ nginx_client_public_ip_header | d('$remote_addr') }} - $remote_user [$time_local] ' - '"$request" $status $request_length $body_bytes_sent' - ' $request_time $upstream_response_time $pipe' - ' "$http_referer" "$http_user_agent" "$sb_request_id"' - ' "$http_x_device_id" "$http_x_channel_id" "$http_x_app_id"' - ' "$http_x_app_ver" "$http_x_session_id" {{nginx_additional_log_fields | default("")}}'; - access_log /var/log/nginx/access.log main; - # Shared dictionary to store metrics - lua_shared_dict prometheus_metrics 100M; - lua_package_path "/etc/nginx/lua_modules/?.lua"; - # Defining request_id - # If the client send request_id it should be preffered over the default one - map $http_x_request_id $sb_request_id { - default $http_x_request_id; - '' $request_id; - } - # Defining upstream cache status for nginx metrics - map $upstream_cache_status $cache_status { - default $upstream_cache_status; - '' "NONE"; - } - map $http_accept $dial_upstream_host { - default player; - application/ld+json kong; - } - # Defining metrics - init_worker_by_lua_block { - prometheus = require("prometheus").init("prometheus_metrics") - metric_requests = prometheus:counter( - "nginx_http_requests_total", "Number of HTTP requests", {"host", "status", "request_method", "cache_status"}) - metric_latency = prometheus:histogram( - "nginx_http_request_duration_seconds", "HTTP request latency", {"host"}) - metric_connections = prometheus:gauge( - "nginx_http_connections", "Number of HTTP connections", {"state"}) - } - log_by_lua_block { - metric_requests:inc(1, {ngx.var.server_name, ngx.var.status, ngx.var.request_method, ngx.var.cache_status }) - metric_latency:observe(tonumber(ngx.var.request_time), {ngx.var.server_name}) - } - header_filter_by_lua_block { - ngx.header["server"] = nil - } - sendfile on; - #tcp_nopush on; - client_max_body_size 60M; - keepalive_timeout 65s; - keepalive_requests 200; - # Nginx connection limit per ip - limit_conn_zone $binary_remote_addr zone=limitbyaddr:10m; - limit_conn_status 429; - upstream kong { - server kong:8000; - keepalive 1000; - } - upstream keycloak { + user nginx; + worker_processes {{nginx_worker_processes | d("auto")}}; + {# + Can add custom modules like + eg: + nginx_modules: | + load_module modules/ngx_http_geoip2_module.so; + load_module modules/ngx_stream_geoip2_module.so; + #} +{% if nginx_modules is defined and nginx_modules %} + {{ nginx_modules | indent( width=2, indentfirst=True) }} +{% endif %} + error_log /var/log/nginx/error.log warn; + pid /var/run/nginx.pid; + events { + worker_connections 10000; + } + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + resolver {{ kube_dns_ip }} valid=30s; + {# + This is to define custom nginx_http_configs + for example + nginx_http_config: | + geoip2 /usr/local/share/GeoLite2-Country.mmdb { + $geoip2_data_country_iso_code country iso_code; + } + map $geoip2_data_country_iso_code $allowed_country { + default no; + IN no; + } + #} +{% if nginx_http_config is defined and nginx_http_config %} + {{ nginx_http_config | indent( width=7, indentfirst=True) }} +{% endif %} + lua_load_resty_core off; + log_format main '{{ nginx_client_public_ip_header | d('$remote_addr') }} - $remote_user [$time_local] ' + '"$request" $status $request_length $body_bytes_sent' + ' $request_time $upstream_response_time $pipe' + ' "$http_referer" "$http_user_agent" "$sb_request_id"' + ' "$http_x_device_id" "$http_x_channel_id" "$http_x_app_id"' + ' "$http_x_app_ver" "$http_x_session_id" {{nginx_additional_log_fields | default("")}}'; + access_log /var/log/nginx/access.log main; + # Shared dictionary to store metrics + lua_shared_dict prometheus_metrics 100M; + lua_package_path "/etc/nginx/lua_modules/?.lua"; + # Defining request_id + # If the client send request_id it should be preffered over the default one + map $http_x_request_id $sb_request_id { + default $http_x_request_id; + '' $request_id; + } + # Defining upstream cache status for nginx metrics + map $upstream_cache_status $cache_status { + default $upstream_cache_status; + '' "NONE"; + } + map $http_accept $dial_upstream_host { + default player; + application/ld+json kong; + } + # Defining metrics + init_worker_by_lua_block { + prometheus = require("prometheus").init("prometheus_metrics") + metric_requests = prometheus:counter( + "nginx_http_requests_total", "Number of HTTP requests", {"host", "status", "request_method", "cache_status"}) + metric_latency = prometheus:histogram( + "nginx_http_request_duration_seconds", "HTTP request latency", {"host"}) + metric_connections = prometheus:gauge( + "nginx_http_connections", "Number of HTTP connections", {"state"}) + } + log_by_lua_block { + metric_requests:inc(1, {ngx.var.server_name, ngx.var.status, ngx.var.request_method, ngx.var.cache_status }) + metric_latency:observe(tonumber(ngx.var.request_time), {ngx.var.server_name}) + } + header_filter_by_lua_block { + ngx.header["server"] = nil + } + sendfile on; + #tcp_nopush on; + client_max_body_size 60M; + keepalive_timeout 65s; + keepalive_requests 200; + # Nginx connection limit per ip + limit_conn_zone $binary_remote_addr zone=limitbyaddr:10m; + limit_conn_status 429; + upstream kong { + server kong:8000; + keepalive 1000; + } + upstream keycloak { server {{ keycloak_url.split('//')[-1] }}; keepalive 1000; } @@ -451,18 +1087,127 @@ nginxconfig: | proxy_cache_path {{value['path']}} levels={{value['levels']}} keys_zone={{value['keys_zone']}} max_size={{value['max_size']}} inactive={{value['inactive']}} use_temp_path=off; {% endfor %} - server { - listen 9145; - location /metrics { - content_by_lua_block { - metric_connections:set(ngx.var.connections_reading, {"reading"}) - metric_connections:set(ngx.var.connections_waiting, {"waiting"}) - metric_connections:set(ngx.var.connections_writing, {"writing"}) - prometheus:collect() - } + server { + listen 9145; + location /metrics { + content_by_lua_block { + metric_connections:set(ngx.var.connections_reading, {"reading"}) + metric_connections:set(ngx.var.connections_waiting, {"waiting"}) + metric_connections:set(ngx.var.connections_writing, {"writing"}) + prometheus:collect() } - } + } } + } + +keycloakconf: | + server { + listen 80; + listen [::]:80; + server_name {{ merge_proxy_server_name }}; + # Limitting open connection per ip + limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; + return 301 https://{{ merge_proxy_server_name }}$request_uri; + } + server { + listen 443 ssl; + ssl_certificate /etc/secrets-merge/tls.crt; + ssl_certificate_key /etc/secrets-merge/tls.key; + server_name {{ merge_proxy_server_name }}; + # Limitting open connection per ip + limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Proto $scheme; + ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. + resolver 127.0.0.11 valid=5s; + # Refresh token endpoint being routed to kong + location ~* ^/auth/v1/refresh/token { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } + # Admin API Endpoints for sunbird realm fpr forgot password flow + location ~ /auth/admin/realms/sunbird/users/ { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Sunbird realm keycloak API endpoints + location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header X-Request-ID $sb_request_id; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + # Static Assets for keycloak endpoints with caching + location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) { + # Enabling compression + include /etc/nginx/defaults.d/compression.conf; + # Enabling caching + # caching include Accept-Encoding header also, to provide gziped or plain content as per request + proxy_cache_key "$http_accept_encoding|$request_uri|$request_body"; + proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}}; + add_header X-Proxy-Cache $upstream_cache_status; + add_header X-Proxy-Cache-Date $upstream_http_date; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_revalidate on; + proxy_cache_background_update on; + proxy_cache_lock on; + proxy_cache_valid 200 {{proxy_cache_valid.long_validity}}; + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_pass http://keycloak; + } + location / { + rewrite ^/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; + proxy_set_header X-Scheme $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $request_id; + proxy_pass http://player; + } + } + compressionConfig: |- # Compression gzip on; From 3a6e697c7e9b5c0b009dc640cbf54e0cca8b89b9 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Thu, 6 Jul 2023 13:41:56 +0530 Subject: [PATCH 367/434] Issue #LR-122 chore: updated the nginx-public-ingress config --- .../core/nginx-public-ingress/values.j2 | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 43cc7bf673..7152477734 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -118,6 +118,22 @@ proxyconfig: |- ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. resolver {{ kube_dns_ip }} valid=30s; + # Mobile Devices Refresh token Endpoints + location ~* ^/auth/v1/refresh/token { + rewrite ^/auth/(.*) /auth/$1 break; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 5; + proxy_send_timeout 60; + proxy_read_timeout 70; + proxy_http_version 1.1; + proxy_set_header X-Request-ID $sb_request_id; + proxy_pass http://kong; + } # Admin API Endpoints for sunbird realm fpr forgot password flow location ~ /auth/admin/realms/sunbird/users/ { rewrite ^/auth/(.*) /auth/$1 break; From d116ed41bf8db0f5cad3201465e169bb313803f0 Mon Sep 17 00:00:00 2001 From: Rajesh Kumaravel Date: Mon, 10 Jul 2023 11:29:54 +0530 Subject: [PATCH 368/434] Issue #ED-2580 fix: Update default tenant --- .../sunbird/login/resources/js/telemetry_service.js | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js b/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js index e858bfb817..6d2e91f79b 100644 --- a/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js +++ b/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js @@ -2477,19 +2477,14 @@ if (typeof module != 'undefined') { let pdataId = ""; let tenantSlug; -if (window.location.origin.indexOf("diksha.gov.in") >= 0) { - pdataId = "prod.diksha.portal"; -} else if (window.location.origin.indexOf("staging.ntp.net.in") >= 0) { - pdataId = "staging.diksha.portal"; -} else if (window.location.origin.indexOf("staging.sunbirded.org") >= 0) { +if (window.location.origin.indexOf("staging.sunbirded.org") >= 0) { pdataId = "staging.diksha.portal"; } else if (window.location.origin.indexOf("dev.sunbirded.org") >= 0) { pdataId = "dev.sunbird.portal"; tenantSlug = "sunbird"; } else { - pdataId = "preprod.diksha.portal"; tenantSlug = "sunbird"; - + pdataId = "dev.sunbird.portal"; } let curUrlObj = window.location; From d83a3484624cb32d32861b45852bac58074b6073 Mon Sep 17 00:00:00 2001 From: Rajesh Kumaravel Date: Mon, 10 Jul 2023 12:02:24 +0530 Subject: [PATCH 369/434] Issue #ED-2580 fix: Update default tenant --- .../artifacts/sunbird/login/resources/js/telemetry_service.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js b/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js index 6d2e91f79b..5b4b6c6125 100644 --- a/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js +++ b/ansible/artifacts/sunbird/login/resources/js/telemetry_service.js @@ -2530,7 +2530,7 @@ if(client_id.toLowerCase() === 'android'){ request: { filters: { isTenant: true, - slug: id || 'ntp' + slug: id || 'sunbird' } } }), From 8494c44bceff86514a2ae4846d3b14f1c7d0e15a Mon Sep 17 00:00:00 2001 From: Rajeev Satish Date: Wed, 19 Jul 2023 11:28:26 +0530 Subject: [PATCH 370/434] Issue fix ED-2586 'Diksha' text is appearing in help page and in SSO login --- ansible/artifacts/sunbird/login/messages/messages_en.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/artifacts/sunbird/login/messages/messages_en.properties b/ansible/artifacts/sunbird/login/messages/messages_en.properties index 311b7512a0..9e66019f5b 100644 --- a/ansible/artifacts/sunbird/login/messages/messages_en.properties +++ b/ansible/artifacts/sunbird/login/messages/messages_en.properties @@ -56,7 +56,7 @@ noAccount=Don''t have an account? username=Username or Mobile number goBack=< Date: Wed, 26 Jul 2023 10:12:46 +0530 Subject: [PATCH 371/434] [ED-2164] Release 6.0.0 changes (#3840) * Add missing var * ED-2164: Add new var assessment service - #IQ-329 * Update dial service search var * Fix sytax issue * Onboard new apis lern-release-5.3.0 --- ansible/roles/kong-api/defaults/main.yml | 66 +++++++++++++++++++ .../assessment-service_application.conf | 5 +- .../templates/sunbird_lms-service.env | 4 +- .../inventory/dev/DataPipeline/common.yml | 5 +- 4 files changed, 75 insertions(+), 5 deletions(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index c59e52bf17..6090bfff0f 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10066,3 +10066,69 @@ kong_apis: - name: opa-checks config.required: false config.enabled: false + +#Lern release-5.3.0 + +- name: exhaustSubmitProxyAPI + uris: "{{ course_service_prefix }}/v1/jobrequest/submit" + upstream_url: "{{ lms_service_url }}/v1/jobrequest/submit" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - courseAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: exhaustListProxyAPI + uris: "{{ course_service_prefix }}/v1/jobrequest/list" + upstream_url: "{{ lms_service_url }}/v1/jobrequest/list" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - courseAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: orgAddEncryptionKey + uris: "{{ org_service_prefix }}/v1/update/encryptionkey" + upstream_url: "{{ learning_service_url }}/v1/org/update/encryptionkey" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - orgSuperAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false +#Lern release-5.3.0 diff --git a/ansible/roles/stack-sunbird/templates/assessment-service_application.conf b/ansible/roles/stack-sunbird/templates/assessment-service_application.conf index c06a44f2d8..d5e7723a19 100644 --- a/ansible/roles/stack-sunbird/templates/assessment-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/assessment-service_application.conf @@ -429,4 +429,7 @@ cloudstorage { relative_path_prefix="{{ cloudstorage_relative_path_prefix | default('CLOUD_STORAGE_BASE_PATH') }}" read_base_path="{{ cloudstorage_base_path }}" write_base_path={{ valid_cloudstorage_base_urls }} -} \ No newline at end of file +} + +#Inquiry-release-5.6.0 +question.list.limit={{ question_list_api_request_limit | default('20') }} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index a1682a6971..0318a4ed7e 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -154,5 +154,5 @@ cloud_store_base_path_placeholder={{ cloud_store_base_path_placeholder | default # Release-5.2.0 LR-325 -sunbird_dial_service_base_url = {{ dial_service_url | default('http://dial-service:9000') }} -sunbird_dial_service_search_url = "/v1/dialcode/search" \ No newline at end of file +sunbird_dial_service_base_url={{ dial_service_url | default('http://dial-service:9000') }} +sunbird_dial_service_search_url=/dialcode/v3/search diff --git a/private_repo/ansible/inventory/dev/DataPipeline/common.yml b/private_repo/ansible/inventory/dev/DataPipeline/common.yml index 09431526ea..971c04935c 100644 --- a/private_repo/ansible/inventory/dev/DataPipeline/common.yml +++ b/private_repo/ansible/inventory/dev/DataPipeline/common.yml @@ -3,8 +3,9 @@ cloud_service_provider: "" # Your cloud service provider name. Supported values are aws, azure, gcloud domain_name: "" # your domain name like example.com # docker hub details -dockerhub: "change.docker.url" # docker hub username or url incase of private registry -private_ingressgateway_ip: "" # your private kubernetes load balancer ip +dockerhub: "change.docker.url" # docker hub username or url incase of private registry +private_ingressgateway_ip: "" # your private kubernetes load balancer ip +search_lb_ip: # search service Load balancer IP # Cloud Service Provider Variables # If cloud_service_provider is AWS then update with access key as value From 4df16ffa522f80096c0ae141490bfc00c74ec305 Mon Sep 17 00:00:00 2001 From: Abhishek P N <116337484+abhishekpnt@users.noreply.github.com> Date: Wed, 9 Aug 2023 17:04:03 +0530 Subject: [PATCH 372/434] Issue #ED-2632 fix: removed unused env variables and added OCI endpoint variable (#3876) * Issue #ED-2632 fix: removed unused env variables and added OCI endpoint variable * Issue #ED-2632 cleanup: Removed Azure related variables * Issue #ED-2632 cleanup: changed added storage account url --- .../templates/sunbird_player.env | 27 +++---------------- 1 file changed, 3 insertions(+), 24 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_player.env b/ansible/roles/stack-sunbird/templates/sunbird_player.env index 6c2c86f19f..6486898185 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_player.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_player.env @@ -15,8 +15,6 @@ sunbird_api_auth_token={{sunbird_api_auth_token}} sunbird_enable_permission_check=1 sunbird_cassandra_urls={{sunbird_cassandra_urls}} sunbird_session_store_type={{sunbird_session_store_type}} -AZURE_STORAGE_ACCOUNT={{sunbird_public_storage_account_name}} -AZURE_STORAGE_KEY={{sunbird_public_storage_account_key}} sunbird_dataservice_url={{sunbird_dataservice_url}} sunbird_telemetry_packet_size={{sunbird_telemetry_packet_size}} sunbird_environment={{sunbird_environment}} @@ -42,9 +40,6 @@ sunbird_google_captcha_site_key={{sunbird_google_captcha_site_key}} sunbird_google_keycloak_client_id={{sunbird_google_keycloak_client_id}} sunbird_google_keycloak_secret={{sunbird_google_keycloak_secret}} sunbird_help_link_visibility={{sunbird_help_link_visibility|default('FALSE')}} -sunbird_azure_report_container_name={{sunbird_azure_report_container_name}} -sunbird_azure_account_name={{sunbird_private_storage_account_name}} -sunbird_azure_account_key={{sunbird_private_storage_account_key}} sunbird_response_cache_ttl={{sunbird_response_cache_ttl}} sunbird_portal_preview_cdn_url={{sunbird_portal_preview_cdn_url}} @@ -162,7 +157,7 @@ sunbird_base_proto={{sunbird_base_proto | default(proto)}} ml_survey_url={{ml_survey_url|default(proto+'://' +domain_name) }} #Release-4.1.0 -sunbird_azure_storage_account_name={{ cloud_storage_url }}/ +sunbird_public_storage_account_name={{ cloud_storage_url }}/ #Release-4.1.0 sunbird_google_oauth_ios_clientId={{sunbird_google_oauth_ios_clientId | default("")}} @@ -205,27 +200,10 @@ sunbird_questionset_children_limit={{ sunbird_questionset_children_limit | defau #release-5.0.0 -#AWS config for storage access -#To be reverted post testing sunbird_cloud_storage_provider={{cloud_service_provider}} -sunbird_aws_bucket_name={{aws_private_bucket_name | default("")}} -sunbird_aws_reports={{aws_reports_folder_name | default("reports")}} -sunbird_aws_labels={{aws_labels_folder_name | default("labels")}} -sunbird_aws_access_key={{aws_private_bucket_access_key | default("")}} -sunbird_aws_secret_key={{aws_private_bucket_secret_key | default("")}} -sunbird_aws_region={{aws_private_bucket_region | default("ap-south-1")}} - -#GCLOUD config for storage access -sunbird_gcloud_bucket_name={{gcloud_private_bucket_name | default("")}} -sunbird_gcloud_reports={{gcloud_reports_folder_name | default("reports")}} -sunbird_gcloud_labels={{gcloud_labels_folder_name | default("labels")}} -sunbird_gcloud_client_email={{gcloud_private_bucket_client_email | default("")}} -sunbird_gcloud_private_key={{gcloud_private_bucket_private_key | default("")}} -sunbird_gcloud_projectId={{gcloud_private_bucket_projectId | default("")}} #release-5.1.0 #CSP configuration variables changes -cloud_service_provider={{cloud_service_provider}} cloud_private_storage_accountname={{cloud_private_storage_accountname | default("")}} cloud_private_storage_secret={{cloud_private_storage_secret | default("")}} cloud_private_storage_region={{cloud_private_storage_region | default("ap-south-1")}} @@ -235,4 +213,5 @@ cloud_storage_resourceBundle_bucketname={{cloud_storage_label_bucketname | defau cloud_storage_desktopCrash_bucketname={{cloud_storage_desktopcrash_bucketname | default("desktopappcrashlogs")}} #release-6.0.0 -sunbird_default_board={{sunbird_default_board | default("")}} \ No newline at end of file +sunbird_default_board={{sunbird_default_board | default("")}} +cloud_private_storage_endpoint={{cloud_private_storage_endpoint | default("")}} \ No newline at end of file From da25f005379da758d44d1a3822bddb230dbce01b Mon Sep 17 00:00:00 2001 From: VISHNUDAS <95604247+VISHNUDAS-tunerlabs@users.noreply.github.com> Date: Mon, 14 Aug 2023 15:54:12 +0530 Subject: [PATCH 373/434] ENV changes related to CSP (#3878) * envChange CSP(Azure) * CSP env changes * removed csp references * env changes for core service * default added * added all variables * env variable name change * ENV changes * Changes to env variables --- .../templates/ml-core-service.env | 45 ++++--------------- 1 file changed, 9 insertions(+), 36 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/ml-core-service.env b/ansible/roles/stack-sunbird/templates/ml-core-service.env index 0209e84ae6..515495006a 100755 --- a/ansible/roles/stack-sunbird/templates/ml-core-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-core-service.env @@ -19,42 +19,15 @@ INTERNAL_ACCESS_TOKEN={{ml_core_internal_access_token}} #Gotenberg configuration GOTENBERG_SERVICE_URL={{ml_gotenberg_url | default("http://gotenberg-service:3000")}} -## Cloud Environment platform -# which will be templatized from the above variable (default) - -# Cloud configuration for assesment service -# Options available -# -## Azure Cloud Configuration -# -# CLOUD_STORAGE=AZURE -# AZURE_ACCOUNT_NAME= -# AZURE_ACCOUNT_KEY= -# AZURE_STORAGE_CONTAINER= -# -## Google Cloud Configuration -# -# CLOUD_STORAGE=GCP -# GCP_PATH= -# GCP_BUCKET_NAME= -# -## AWS Cloud Configuration -# -# CLOUD_STORAGE=AWS -# AWS_ACCESS_KEY_ID= -# AWS_SECRET_ACCESS_KEY= -# AWS_BUCKET_NAME= -# AWS_BUCKET_ENDPOINT= -# AWS_BUCKET_REGION= -# To change the cloud config for azure, override below variable in common.yaml -# For Example, -# ml_survey_cloud_config: | -# CLOUD_STORAGE=AZURE -# AZURE_ACCOUNT_NAME=mystorageaccount -# AZURE_ACCOUNT_KEY=xx123supersecretpassword -# AZURE_STORAGE_CONTAINER=slassessmentscontainer - -{{ml_cloud_config}} + +# CLOUD STORAGE +CLOUD_STORAGE_PROVIDER={{sunbird_cloud_storage_provider}} +CLOUD_STORAGE_ACCOUNTNAME={{cloud_private_storage_accountname | default("")}} +CLOUD_STORAGE_SECRET={{cloud_private_storage_secret | default("")}} +CLOUD_STORAGE_BUCKETNAME={{ml_container | default("")}} +CLOUD_STORAGE_REGION={{cloud_private_storage_region | default("")}} +CLOUD_STORAGE_PROJECT={{cloud_private_storage_project | default("")}} +CLOUD_ENDPOINT={{cloud_private_storage_endpoint | default("")}} # OFFLINE TOKEN VALIDATION From 100ef92cd237d67203c6b1ee974b2a0634f43b49 Mon Sep 17 00:00:00 2001 From: VISHNUDAS <95604247+VISHNUDAS-tunerlabs@users.noreply.github.com> Date: Wed, 16 Aug 2023 12:56:24 +0530 Subject: [PATCH 374/434] provider variable name change (#3880) --- ansible/roles/stack-sunbird/templates/ml-core-service.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/ml-core-service.env b/ansible/roles/stack-sunbird/templates/ml-core-service.env index 515495006a..30018c5cd8 100755 --- a/ansible/roles/stack-sunbird/templates/ml-core-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-core-service.env @@ -21,7 +21,7 @@ GOTENBERG_SERVICE_URL={{ml_gotenberg_url | default("http://gotenberg-service:300 # CLOUD STORAGE -CLOUD_STORAGE_PROVIDER={{sunbird_cloud_storage_provider}} +CLOUD_STORAGE_PROVIDER={{cloud_service_provider}} CLOUD_STORAGE_ACCOUNTNAME={{cloud_private_storage_accountname | default("")}} CLOUD_STORAGE_SECRET={{cloud_private_storage_secret | default("")}} CLOUD_STORAGE_BUCKETNAME={{ml_container | default("")}} From f484132a869fa4f97d6d8f3c455282727f18cee3 Mon Sep 17 00:00:00 2001 From: sachin patil <91308046+spsac08@users.noreply.github.com> Date: Wed, 16 Aug 2023 14:28:41 +0530 Subject: [PATCH 375/434] #ED-1383 Release 6.0.0 (#3875) * Update config.j2 Adding new variables for Survey data sources * Update main.yml Adding Variables * Druid injestion spec update --- .../ml-analytics-service/defaults/main.yml | 29 ++++++++++--------- .../ml-analytics-service/templates/config.j2 | 6 ++++ 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index d62a4cfd31..98be525421 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -53,12 +53,13 @@ ml_analytics_project_output_dir: "{{ WORKDIR }}/source/projects/output" ml_analytics_observation_status_output_dir: "{{ WORKDIR }}/source/observations/status/output" ml_analytics_api_authorization_key: "{{ml_api_auth_token | default('sunbird_api_auth_token')}}" ml_analytics_api_access_token: "{{ml_api_access_token | default('ml_core_internal_access_token')}}" -ml_analytics_druid_observation_status_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "azure","uris": ["azure://telemetry-data-store/observation/status/sl_observation_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-observation-status","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"auto"},"dimensionsSpec":{"dimensions":["status","entity_externalId","entity_id","entity_type","solution_id","solution_externalId","submission_id","entity_name","solution_name","role_title","school_name","school_code","school_externalId","state_name","state_code","state_externalId","district_name","district_code","district_externalId","block_name","block_code","block_externalId","cluster_name","cluster_code","cluster_externalId","completedDate","channel","parent_channel","program_id","program_externalId","program_name","app_name","user_id","private_program","solution_type","organisation_name","ecm_marked_na","board_name","updatedAt","organisation_id","user_type","observed_school_name","observed_school_id","observed_school_code","observed_state_name","observed_state_id","observed_state_code","observed_district_name","observed_district_id","observed_district_code","observed_block_name","observed_block_id","observed_block_code","observed_cluster_name","observed_cluster_id","observed_cluster_code","isRubricDriven","criteriaLevelReport"]},"metricsSpec":[]}}}' -ml_analytics_druid_project_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "azure","uris": ["azure://telemetry-data-store/projects/sl_projects.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-project","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"project_updated_date","format":"auto"},"dimensionsSpec":{"dimensions":[]},"metricsSpec":[]}}}' -ml_analytics_druid_distinctCnt_obs_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount/ml_observation_distinctCount_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"status"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' -ml_analytics_druid_distinctCnt_obs_domain_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount_domain/ml_observation_distinctCount_domain.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-domain","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"string","name":"domain_name"},{"type":"string","name":"domain_externalId"},{"type":"string","name":"domain_level"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' -ml_analytics_druid_distinctCnt_obs_domain_criteria_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/distinctCount_domain_criteria/ml_observation_distinctCount_domain_criteria.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-domain-criteria","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"string","name":"domain_name"},{"type":"string","name":"domain_externalId"},{"type":"string","name":"domain_level"},{"type":"string","name":"criteria_name"},{"type":"string","name":"criteria_score"},{"type":"string","name":"criteria_id"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' -ml_analytics_druid_distinctCnt_projects_status_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/projects/distinctCount/ml_projects_distinctCount.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"project_title"},{"type":"string","name":"solution_id"},{"type":"string","name":"status_of_project"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"private_program"},{"type":"string","name":"project_created_type"},{"type":"string","name":"parent_channel"},{"type":"long","name":"unique_projects"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"long","name":"no_of_imp_with_evidence"},{"type":"long","name":"no_of_imp_with_evidence_inprogress"},{"type":"string","name":"time_stamp"},{"type":"long","name":"no_of_certificate_issued"}]},"metricsSpec":[]}}}' +ml_analytics_druid_observation_status_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "CloudType","uris": ["CloudURI"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-observation-status","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"auto"},"dimensionsSpec":{"dimensions":["status","entity_externalId","entity_id","entity_type","solution_id","solution_externalId","submission_id","entity_name","solution_name","role_title","school_name","school_code","school_externalId","state_name","state_code","state_externalId","district_name","district_code","district_externalId","block_name","block_code","block_externalId","cluster_name","cluster_code","cluster_externalId","completedDate","channel","parent_channel","program_id","program_externalId","program_name","app_name","user_id","private_program","solution_type","organisation_name","ecm_marked_na","board_name","updatedAt","organisation_id","user_type","observed_school_name","observed_school_id","observed_school_code","observed_state_name","observed_state_id","observed_state_code","observed_district_name","observed_district_id","observed_district_code","observed_block_name","observed_block_id","observed_block_code","observed_cluster_name","observed_cluster_id","observed_cluster_code","isRubricDriven","criteriaLevelReport"]},"metricsSpec":[]}}}' +ml_analytics_druid_project_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "CloudType","uris": ["CloudURI"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-project","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"project_updated_date","format":"auto"},"dimensionsSpec":{"dimensions":[]},"metricsSpec":[]}}}' +ml_analytics_druid_distinctCnt_obs_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"CloudType","uris":["CloudURI"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"status"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' +ml_analytics_druid_distinctCnt_obs_domain_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"CloudType","uris":["CloudURI"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-domain","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"string","name":"domain_name"},{"type":"string","name":"domain_externalId"},{"type":"string","name":"domain_level"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' +ml_analytics_druid_distinctCnt_obs_domain_criteria_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"CloudType","uris":["CloudURI"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-obs-domain-criteria","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"solution_name"},{"type":"string","name":"solution_id"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"parent_channel"},{"type":"string","name":"solution_type"},{"type":"string","name":"private_program"},{"type":"string","name":"domain_name"},{"type":"string","name":"domain_externalId"},{"type":"string","name":"domain_level"},{"type":"string","name":"criteria_name"},{"type":"string","name":"criteria_score"},{"type":"string","name":"criteria_id"},{"type":"long","name":"unique_submissions"},{"type":"long","name":"unique_entities"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' +ml_analytics_druid_distinctCnt_projects_status_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"CloudType","uris":["CloudURI"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"project_title"},{"type":"string","name":"solution_id"},{"type":"string","name":"status_of_project"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"private_program"},{"type":"string","name":"project_created_type"},{"type":"string","name":"parent_channel"},{"type":"long","name":"unique_projects"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_solution"},{"type":"long","name":"no_of_imp_with_evidence"},{"type":"long","name":"no_of_imp_with_evidence_inprogress"},{"type":"string","name":"time_stamp"},{"type":"long","name":"no_of_certificate_issued"}]},"metricsSpec":[]}}}' +ml_analytics_druid_distinctCnt_survey_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"CloudType","uris":["CloudURI"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-surveydistinctCount-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"survey_name"},{"type":"string","name":"survey_id"},{"type":"string","name":"submission_status"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"organisation_name"},{"type":"string","name":"organisation_id"},{"type":"string","name":"private_program"},{"type":"string","name":"parent_channel"},{"type":"long","name":"unique_users"},{"type":"long","name":"unique_submissions"},{"type":"string","name":"time_stamp"}]},"metricsSpec":[]}}}' ml_analytics_obs_distinctCnt_cloud_blob_path: "observation/distinctCount/" ml_analytics_obs_distinctCnt_domain_cloud_blob_path: "observation/distinctCount_domain/" ml_analytics_obs_distinctCnt_domain_criteria_cloud_blob_path: "observation/distinctCount_domain_criteria/" @@ -67,22 +68,24 @@ ml_analytics_obs_distinctCnt_output_dir: "{{ WORKDIR }}/source/observations/dist ml_analytics_obs_distinctCnt_domain_output_dir: "{{ WORKDIR }}/source/observations/distinctCount_domain/output" ml_analytics_obs_distinctCnt_domain_criteria_output_dir: "{{ WORKDIR }}/source/observations/distinctCount_domain_criteria/output" ml_analytics_projects_distinctCnt_output_dir: "{{ WORKDIR }}/source/projects/distinctCount/output" +ml_analytics_survey_distinctCnt_output_dir: "{{ WORKDIR }}/source/survey/distinctCount/output" ml_analytics_survey_rollup_cloud_blob_path: "survey/rollup/" -ml_analytics_druid_survey_rollup_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/survey/rollup/sl_survey_rollup.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-survey-status-rollup","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":true,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"iso"},"dimensionsSpec":{"dimensions":["survey_submission_id", "submission_status", "user_id", "user_sub_type", "user_type", "state_externalId", "block_externalId", "district_externalId", "cluster_externalId", "school_externalId", "state_name", "block_name", "district_name", "cluster_name", "school_name", "board_name", "organisation_id", "organisation_name", "program_externalId", "program_id", "program_name", "survey_name", "survey_id", "survey_externalId", "created_date", "submission_date", "updatedAt", "parent_channel",{"type":"long","name":"status_code"}, "solution_name", "solution_id"]},"metricsSpec":[{"name":"count","type":"count"},{"name":"sum___v","type":"longSum","fieldName":"__v"},{"name":"sum_status_code","type":"longMax","fieldName":"status_code"},{"type":"HLLSketchBuild","name":"count_of_user_id","fieldName":"user_id"},{"type":"HLLSketchBuild","name":"count_of_survey_submission_id","fieldName":"survey_submission_id"},{"type":"HLLSketchBuild","name":"count_of_solution_id","fieldName":"solution_id"},{"type":"HLLSketchBuild","name":"count_of_program_id","fieldName":"program_id"}]}}}' +ml_analytics_druid_survey_rollup_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"CloudType","uris":["CloudURI"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-survey-status-rollup","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":true,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"iso"},"dimensionsSpec":{"dimensions":["survey_submission_id", "submission_status", "user_id", "user_sub_type", "user_type", "state_externalId", "block_externalId", "district_externalId", "cluster_externalId", "school_externalId", "state_name", "block_name", "district_name", "cluster_name", "school_name", "board_name", "organisation_id", "organisation_name", "program_externalId", "program_id", "program_name", "survey_name", "survey_id", "survey_externalId", "created_date", "submission_date", "updatedAt", "parent_channel",{"type":"long","name":"status_code"}, "solution_name", "solution_id"]},"metricsSpec":[{"name":"count","type":"count"},{"name":"sum___v","type":"longSum","fieldName":"__v"},{"name":"sum_status_code","type":"longMax","fieldName":"status_code"},{"type":"HLLSketchBuild","name":"count_of_user_id","fieldName":"user_id"},{"type":"HLLSketchBuild","name":"count_of_survey_submission_id","fieldName":"survey_submission_id"},{"type":"HLLSketchBuild","name":"count_of_solution_id","fieldName":"solution_id"},{"type":"HLLSketchBuild","name":"count_of_program_id","fieldName":"program_id"}]}}}' ml_analytics_survey_rollup_output_dir: "/opt/sparkjobs/source/survey/output" ml_analytics_project_rollup_cloud_blob_path: "projects/rollup" ml_analytics_observation_rollup_cloud_blob_path: "observation/rollup" ml_analytics_project_rollup_output_dir: "/opt/sparkjobs/source/projects/output_rollup" ml_analytics_observation_status_rollup_output_dir: "/opt/sparkjobs/source/observations/output_rollup" -ml_analytics_druid_project_rollup_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/projects/rollup/projects_rollup.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-status-rollup","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"project_updated_date","format":"iso"},"dimensionsSpec":{"dimensions":["project_title","project_goal","area_of_improvement","status_of_project","tasks_name","tasks_status","designation","task_evidence_status","project_id","task_id","project_created_type","parent_channel","program_id","program_name","project_updated_date","createdBy","program_externalId","private_program","task_deleted_flag","project_terms_and_condition","state_externalId","block_externalId","district_externalId","cluster_externalId","school_externalId","state_name","block_name","district_name","cluster_name","school_name","board_name","organisation_name","solution_id","organisation_id",{"name":"status_code","type":"long"}]},"metricsSpec":[{"name":"count","type":"count"},{"name":"sum___v","type":"longSum","fieldName":"__v"},{"name":"sum_status_code","type":"longMax","fieldName":"status_code"},{"type":"HLLSketchBuild","name":"count_of_createBy","fieldName":"createdBy"},{"type":"HLLSketchBuild","name":"count_of_project_id","fieldName":"project_id"},{"type":"HLLSketchBuild","name":"count_of_solution_id","fieldName":"solution_id"},{"type":"HLLSketchBuild","name":"count_of_program_id","fieldName":"program_id"}]}}}' -ml_analytics_druid_observation_status_rollup_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/observation/rollup/observation_status_rollup.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-observation-status-rollup","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"iso"},"dimensionsSpec":{"dimensions":["status","user_id","solution_id","submission_id","entity_name","completedDate","program_id","private_program","solution_type","updatedAt","role_title","solution_name","program_name","channel","parent_channel","block_name","district_name","school_name","cluster_name","state_name","organisation_name","board_name","district_externalId","state_externalId","block_externalId","cluster_externalId","school_externalId","organisation_id",{"type":"long","name":"status_code"}]},"metricsSpec":[{"type":"count","name":"count"},{"type":"longSum","name":"sum___v","fieldName":"__v","expression":null},{"type":"HLLSketchBuild","name":"count_distinct_solution","fieldName":"solution_id","lgK":12,"tgtHllType":"HLL_4","round":false},{"type":"HLLSketchBuild","name":"count_distinct_submission_id","fieldName":"submission_id","lgK":12,"tgtHllType":"HLL_4","round":false},{"type":"HLLSketchBuild","name":"count_distinct_user_id","fieldName":"user_id","lgK":12,"tgtHllType":"HLL_4","round":false}]}}}' +ml_analytics_druid_project_rollup_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"CloudType","uris":["CloudURI"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-status-rollup","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"project_updated_date","format":"iso"},"dimensionsSpec":{"dimensions":["project_title","project_goal","area_of_improvement","status_of_project","tasks_name","tasks_status","designation","task_evidence_status","project_id","task_id","project_created_type","parent_channel","program_id","program_name","project_updated_date","createdBy","program_externalId","private_program","task_deleted_flag","project_terms_and_condition","state_externalId","block_externalId","district_externalId","cluster_externalId","school_externalId","state_name","block_name","district_name","cluster_name","school_name","board_name","organisation_name","solution_id","organisation_id",{"name":"status_code","type":"long"}]},"metricsSpec":[{"name":"count","type":"count"},{"name":"sum___v","type":"longSum","fieldName":"__v"},{"name":"sum_status_code","type":"longMax","fieldName":"status_code"},{"type":"HLLSketchBuild","name":"count_of_createBy","fieldName":"createdBy"},{"type":"HLLSketchBuild","name":"count_of_project_id","fieldName":"project_id"},{"type":"HLLSketchBuild","name":"count_of_solution_id","fieldName":"solution_id"},{"type":"HLLSketchBuild","name":"count_of_program_id","fieldName":"program_id"}]}}}' +ml_analytics_druid_observation_status_rollup_injestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"CloudType","uris":["CloudURI"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-observation-status-rollup","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"iso"},"dimensionsSpec":{"dimensions":["status","user_id","solution_id","submission_id","entity_name","completedDate","program_id","private_program","solution_type","updatedAt","role_title","solution_name","program_name","channel","parent_channel","block_name","district_name","school_name","cluster_name","state_name","organisation_name","board_name","district_externalId","state_externalId","block_externalId","cluster_externalId","school_externalId","organisation_id",{"type":"long","name":"status_code"}]},"metricsSpec":[{"type":"count","name":"count"},{"type":"longSum","name":"sum___v","fieldName":"__v","expression":null},{"type":"HLLSketchBuild","name":"count_distinct_solution","fieldName":"solution_id","lgK":12,"tgtHllType":"HLL_4","round":false},{"type":"HLLSketchBuild","name":"count_distinct_submission_id","fieldName":"submission_id","lgK":12,"tgtHllType":"HLL_4","round":false},{"type":"HLLSketchBuild","name":"count_distinct_user_id","fieldName":"user_id","lgK":12,"tgtHllType":"HLL_4","round":false}]}}}' ml_analytics_druid_rollup_url: "{{groups['druid'][0]}}:8081" -ml_analytics_druid_distinctCnt_prglevel_projects_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/projects/distinctCountPrglevel/ml_projects_distinctCount_prgmlevel.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-programLevel-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"status_of_project"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"private_program"},{"type":"string","name":"project_created_type"},{"type":"string","name":"parent_channel"},{"type":"long","name":"unique_projects"},{"type":"long","name":"unique_users"},{"type":"long","name":"no_of_imp_with_evidence"},{"type":"string","name":"time_stamp"},{"type":"long","name":"no_of_certificate_issued"}]},"metricsSpec":[]}}}' +ml_analytics_druid_distinctCnt_prglevel_projects_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"CloudType","uris":["CloudURI"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-project-programLevel-status","granularitySpec":{"type":"uniform","queryGranularity":"none","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"time_stamp","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"program_name"},{"type":"string","name":"program_id"},{"type":"string","name":"status_of_project"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"private_program"},{"type":"string","name":"project_created_type"},{"type":"string","name":"parent_channel"},{"type":"long","name":"unique_projects"},{"type":"long","name":"unique_users"},{"type":"long","name":"no_of_imp_with_evidence"},{"type":"string","name":"time_stamp"},{"type":"long","name":"no_of_certificate_issued"}]},"metricsSpec":[]}}}' ml_analytics_projects_distinctCnt_prglevel_output_dir: "{{ WORKDIR }}/source/projects/distinctCountPrglevel/output" ml_analytics_projects_distinctCnt_prglevel_cloud_blob_path: "projects/distinctCountPrglevel/" ml_analytics_survey_status_output_dir : "{{ WORKDIR }}/source/survey/status/output" ml_analytics_survey_cloud_blob_path: "survey/status/" -ml_analytics_druid_survey_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris":["azure://telemetry-data-store/survey/status/sl_survey_status.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-survey-status","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":true,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"iso"},"dimensionsSpec":{"dimensions":["survey_submission_id", "submission_status", "user_id", "user_sub_type", "user_type", "state_externalId", "block_externalId", "district_externalId", "cluster_externalId", "school_externalId", "state_name", "block_name", "district_name", "cluster_name", "school_name", "board_name", "organisation_id", "organisation_name", "program_externalId", "program_id", "program_name", "survey_name", "survey_id", "survey_externalId", "created_date", "submission_date", "updatedAt", "parent_channel", "solution_name", "solution_id","private_program","state_code","school_code","district_code","block_code","cluster_code"]},"metricsSpec":[]}}}' +ml_analytics_survey_distinctCnt_cloud_blob_path: "survey/distinctCount/" +ml_analytics_druid_survey_status_injestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"CloudType","uris":["CloudURI"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"ml-survey-status","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":true,"segmentGranularity":"DAY"},"timestampSpec":{"column":"updatedAt","format":"iso"},"dimensionsSpec":{"dimensions":["survey_submission_id", "submission_status", "user_id", "user_sub_type", "user_type", "state_externalId", "block_externalId", "district_externalId", "cluster_externalId", "school_externalId", "state_name", "block_name", "district_name", "cluster_name", "school_name", "board_name", "organisation_id", "organisation_name", "program_externalId", "program_id", "program_name", "survey_name", "survey_id", "survey_externalId", "created_date", "submission_date", "updatedAt", "parent_channel", "solution_name", "solution_id","private_program","state_code","school_code","district_code","block_code","cluster_code"]},"metricsSpec":[]}}}' ml_slack_token: "{{ ml_analytics_slack_token | default('') }}" ml_slack_channel: "{{ ml_analytics_slack_channel | default('') }}" ml_analytics_program_dashboard_cloud_blob_path: "{{ ml_program_blob_path | default('') }}" @@ -90,12 +93,12 @@ ml_druid_query_data: "{{ ml_druid_query | default('') }}" ml_program_dashboard_data: "{{ ml_program_data | default('') }}" ml_analytics_druid_query_url: "{{groups['druid'][0]}}:8082" ml_analytics_druid_observation_query_spec: '{"queryType":"scan","dataSource":"sl-observation","resultFormat":"list","columns":["completedDate","createdAt","createdBy","criteriaExternalId","criteriaId","criteriaName","entityType","entityTypeId","observationId","observationName","observationSubmissionId","questionAnswer","questionECM","questionExternalId","questionId","questionName","questionResponseLabel","questionResponseType","solutionExternalId","solutionId","solutionName","updatedAt","instanceParentId","instanceId","instanceParentResponsetype","instanceParentQuestion","questionSequenceByEcm","maxScore","minScore","percentageScore","pointsBasedScoreInParent","totalScore","scoreAchieved","totalpercentage","instanceParentExternalId","instanceParentEcmSequence","remarks","total_evidences","evidence_count","school","block","district","cluster","state","schoolName","blockName","districtName","clusterName","stateName","schoolExternalId","blockExternalId","districtExternalId","clusterExternalId","stateExternalId","schoolTypes","administrationTypes","instanceParentCriteriaId","instanceParentCriteriaExternalId","instanceParentCriteriaName","role_title","location_validated_with_geotag","distance_in_meters","entity","entityExternalId","entityName","isAPrivateProgram","programId","programName","programExternalId","questionResponseLabel_number","criteriaLevel","criteriaScore","submissionNumber","submissionTitle","channel","parent_channel","user_districtName","user_blockName","user_clusterName","appName","evidences","user_stateName","domainName","domainExternalId","childName","childType","childExternalid","level","criteriaDescription","programDescription","solutionDescription","label","imp_project_id","imp_project_title","imp_project_goal","imp_project_externalId","ancestorName","scoringSystem","domainLevel","domainScore","criteriaLevelReport","user_schoolName","user_schoolId","user_schoolUDISE_code","solution_type","organisation_name","user_boardName","district_externalId","state_externalId","block_externalId","cluster_externalId","organisation_id","user_type"],"intervals":["1901-01-01T00:00:00+00:00/2101-01-01T00:00:00+00:00"]}' -ml_analytics_druid_observation_batch_ingestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "azure","uris": ["azure://telemetry-data-store/observation/batchDeletion/druidData.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-observation","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"completedDate","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"completedDate"},{"type":"string","name":"createdAt"},{"type":"string","name":"createdBy"},{"type":"string","name":"criteriaExternalId"},{"type":"string","name":"criteriaId"},{"type":"string","name":"criteriaName"},{"type":"string","name":"entityType"},{"type":"string","name":"entityTypeId"},{"type":"string","name":"observationId"},{"type":"string","name":"observationName"},{"type":"string","name":"observationSubmissionId"},{"type":"string","name":"questionAnswer"},{"type":"string","name":"questionECM"},{"type":"string","name":"questionExternalId"},{"type":"string","name":"questionId"},{"type":"string","name":"questionName"},{"type":"string","name":"questionResponseLabel"},{"type":"string","name":"questionResponseType"},{"type":"string","name":"solutionExternalId"},{"type":"string","name":"solutionId"},{"type":"string","name":"solutionName"},{"type":"string","name":"updatedAt"},{"type":"string","name":"instanceParentId"},{"type":"string","name":"instanceId"},{"type":"string","name":"instanceParentResponsetype"},{"type":"string","name":"instanceParentQuestion"},{"type":"string","name":"questionSequenceByEcm"},{"type":"string","name":"maxScore"},{"type":"string","name":"minScore"},{"type":"string","name":"percentageScore"},{"type":"string","name":"pointsBasedScoreInParent"},{"type":"string","name":"totalScore"},{"type":"string","name":"scoreAchieved"},{"type":"string","name":"totalpercentage"},{"type":"string","name":"instanceParentExternalId"},{"type":"string","name":"instanceParentEcmSequence"},{"type":"string","name":"remarks"},{"type":"string","name":"total_evidences"},{"type":"string","name":"evidence_count"},{"type":"string","name":"school"},{"type":"string","name":"block"},{"type":"string","name":"district"},{"type":"string","name":"cluster"},{"type":"string","name":"state"},{"type":"string","name":"schoolName"},{"type":"string","name":"blockName"},{"type":"string","name":"districtName"},{"type":"string","name":"clusterName"},{"type":"string","name":"stateName"},{"type":"string","name":"schoolExternalId"},{"type":"string","name":"blockExternalId"},{"type":"string","name":"districtExternalId"},{"type":"string","name":"clusterExternalId"},{"type":"string","name":"stateExternalId"},{"type":"string","name":"schoolTypes"},{"type":"string","name":"administrationTypes"},{"type":"string","name":"instanceParentCriteriaId"},{"type":"string","name":"instanceParentCriteriaExternalId"},{"type":"string","name":"instanceParentCriteriaName"},{"type":"string","name":"role_title"},{"type":"string","name":"location_validated_with_geotag"},{"type":"string","name":"distance_in_meters"},{"type":"string","name":"entity"},{"type":"string","name":"entityExternalId"},{"type":"string","name":"entityName"},{"type":"string","name":"isAPrivateProgram"},{"type":"string","name":"programId"},{"type":"string","name":"programName"},{"type":"string","name":"programExternalId"},{"name":"questionResponseLabel_number","type":"float"},{"type":"string","name":"criteriaLevel"},{"type":"string","name":"criteriaScore"},{"type":"string","name":"submissionNumber"},{"type":"string","name":"submissionTitle"},{"type":"string","name":"channel"},{"type":"string","name":"parent_channel"},{"type":"string","name":"user_districtName"},{"type":"string","name":"user_blockName"},{"type":"string","name":"user_clusterName"},{"type":"string","name":"appName"},{"type":"string","name":"evidences"},{"type":"string","name":"user_stateName"},{"type":"string","name":"domainName"},{"type":"string","name":"domainExternalId"},{"type":"string","name":"childName"},{"type":"string","name":"childType"},{"type":"string","name":"childExternalid"},{"type":"string","name":"level"},{"type":"string","name":"criteriaDescription"},{"type":"string","name":"programDescription"},{"type":"string","name":"solutionDescription"},{"type":"string","name":"label"},{"type":"string","name":"imp_project_id"},{"type":"string","name":"imp_project_title"},{"type":"string","name":"imp_project_goal"},{"type":"string","name":"imp_project_externalId"},{"type":"string","name":"ancestorName"},{"type":"string","name":"scoringSystem"},{"type":"string","name":"domainLevel"},{"type":"string","name":"domainScore"},{"name":"criteriaLevelReport","type":"boolean"},{"type":"string","name":"user_schoolName"},{"type":"string","name":"user_schoolId"},{"type":"string","name":"user_schoolUDISE_code"},{"type":"string","name":"solution_type"},{"type":"string","name":"organisation_name"},{"type":"string","name":"user_boardName"},{"type":"string","name":"district_externalId"},{"type":"string","name":"state_externalId"},{"type":"string","name":"block_externalId"},{"type":"string","name":"cluster_externalId"},{"type":"string","name":"organisation_id"},{"type":"string","name":"user_type"},{"type":"string","name":"isSubmissionDeleted"}]},"metricsSpec":[{"type":"floatSum","name":"question_response_number","fieldName":"questionResponseLabel_number"}]}}}' +ml_analytics_druid_observation_batch_ingestion_spec: '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type": "CloudType","uris": ["CloudURI"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-observation","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"completedDate","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"completedDate"},{"type":"string","name":"createdAt"},{"type":"string","name":"createdBy"},{"type":"string","name":"criteriaExternalId"},{"type":"string","name":"criteriaId"},{"type":"string","name":"criteriaName"},{"type":"string","name":"entityType"},{"type":"string","name":"entityTypeId"},{"type":"string","name":"observationId"},{"type":"string","name":"observationName"},{"type":"string","name":"observationSubmissionId"},{"type":"string","name":"questionAnswer"},{"type":"string","name":"questionECM"},{"type":"string","name":"questionExternalId"},{"type":"string","name":"questionId"},{"type":"string","name":"questionName"},{"type":"string","name":"questionResponseLabel"},{"type":"string","name":"questionResponseType"},{"type":"string","name":"solutionExternalId"},{"type":"string","name":"solutionId"},{"type":"string","name":"solutionName"},{"type":"string","name":"updatedAt"},{"type":"string","name":"instanceParentId"},{"type":"string","name":"instanceId"},{"type":"string","name":"instanceParentResponsetype"},{"type":"string","name":"instanceParentQuestion"},{"type":"string","name":"questionSequenceByEcm"},{"type":"string","name":"maxScore"},{"type":"string","name":"minScore"},{"type":"string","name":"percentageScore"},{"type":"string","name":"pointsBasedScoreInParent"},{"type":"string","name":"totalScore"},{"type":"string","name":"scoreAchieved"},{"type":"string","name":"totalpercentage"},{"type":"string","name":"instanceParentExternalId"},{"type":"string","name":"instanceParentEcmSequence"},{"type":"string","name":"remarks"},{"type":"string","name":"total_evidences"},{"type":"string","name":"evidence_count"},{"type":"string","name":"school"},{"type":"string","name":"block"},{"type":"string","name":"district"},{"type":"string","name":"cluster"},{"type":"string","name":"state"},{"type":"string","name":"schoolName"},{"type":"string","name":"blockName"},{"type":"string","name":"districtName"},{"type":"string","name":"clusterName"},{"type":"string","name":"stateName"},{"type":"string","name":"schoolExternalId"},{"type":"string","name":"blockExternalId"},{"type":"string","name":"districtExternalId"},{"type":"string","name":"clusterExternalId"},{"type":"string","name":"stateExternalId"},{"type":"string","name":"schoolTypes"},{"type":"string","name":"administrationTypes"},{"type":"string","name":"instanceParentCriteriaId"},{"type":"string","name":"instanceParentCriteriaExternalId"},{"type":"string","name":"instanceParentCriteriaName"},{"type":"string","name":"role_title"},{"type":"string","name":"location_validated_with_geotag"},{"type":"string","name":"distance_in_meters"},{"type":"string","name":"entity"},{"type":"string","name":"entityExternalId"},{"type":"string","name":"entityName"},{"type":"string","name":"isAPrivateProgram"},{"type":"string","name":"programId"},{"type":"string","name":"programName"},{"type":"string","name":"programExternalId"},{"name":"questionResponseLabel_number","type":"float"},{"type":"string","name":"criteriaLevel"},{"type":"string","name":"criteriaScore"},{"type":"string","name":"submissionNumber"},{"type":"string","name":"submissionTitle"},{"type":"string","name":"channel"},{"type":"string","name":"parent_channel"},{"type":"string","name":"user_districtName"},{"type":"string","name":"user_blockName"},{"type":"string","name":"user_clusterName"},{"type":"string","name":"appName"},{"type":"string","name":"evidences"},{"type":"string","name":"user_stateName"},{"type":"string","name":"domainName"},{"type":"string","name":"domainExternalId"},{"type":"string","name":"childName"},{"type":"string","name":"childType"},{"type":"string","name":"childExternalid"},{"type":"string","name":"level"},{"type":"string","name":"criteriaDescription"},{"type":"string","name":"programDescription"},{"type":"string","name":"solutionDescription"},{"type":"string","name":"label"},{"type":"string","name":"imp_project_id"},{"type":"string","name":"imp_project_title"},{"type":"string","name":"imp_project_goal"},{"type":"string","name":"imp_project_externalId"},{"type":"string","name":"ancestorName"},{"type":"string","name":"scoringSystem"},{"type":"string","name":"domainLevel"},{"type":"string","name":"domainScore"},{"name":"criteriaLevelReport","type":"boolean"},{"type":"string","name":"user_schoolName"},{"type":"string","name":"user_schoolId"},{"type":"string","name":"user_schoolUDISE_code"},{"type":"string","name":"solution_type"},{"type":"string","name":"organisation_name"},{"type":"string","name":"user_boardName"},{"type":"string","name":"district_externalId"},{"type":"string","name":"state_externalId"},{"type":"string","name":"block_externalId"},{"type":"string","name":"cluster_externalId"},{"type":"string","name":"organisation_id"},{"type":"string","name":"user_type"},{"type":"string","name":"isSubmissionDeleted"}]},"metricsSpec":[{"type":"floatSum","name":"question_response_number","fieldName":"questionResponseLabel_number"}]}}}' ml_analytics_observation_batchupdate_cloud_blob_path: "observation/batchDeletion" ml_analytics_observation_submission_id_filepath: "{{ WORKDIR }}/ml-analytics-service/observations/submissions.csv" ml_analytics_observation_batchupdate_output_dir: "{{ WORKDIR }}/source/observations/" ml_analytics_druid_survey_query_spec : '{"queryType":"scan","dataSource":"sl-survey","resultFormat":"list","columns":["completedDate","createdAt","createdBy","criteriaExternalId","criteriaId","criteriaName","surveyId","surveyName","surveySubmissionId","questionAnswer","questionECM","questionExternalId","questionId","questionName","questionResponseLabel","questionResponseType","solutionExternalId","solutionId","solutionName","updatedAt","instanceParentId","instanceId","instanceParentResponsetype","instanceParentQuestion","questionSequenceByEcm","maxScore","minScore","percentageScore","pointsBasedScoreInParent","totalScore","scoreAchieved","totalpercentage","instanceParentExternalId","instanceParentEcmSequence","remarks","total_evidences","evidence_count","instanceParentCriteriaId","instanceParentCriteriaExternalId","instanceParentCriteriaName","isAPrivateProgram","programId","programName","programExternalId","questionResponseLabel_number","channel","parent_channel","appName","organisation_name","user_subtype","user_type","board_name","district_code","district_name","district_externalId","block_code","block_name","block_externalId","school_code","school_name","school_externalId","cluster_code","cluster_name","cluster_externalId","state_code","state_name","state_externalId","organisation_id","evidences"],"intervals":["1901-01-01T00:00:00+00:00/2101-01-01T00:00:00+00:00"]}' -ml_analytics_druid_survey_batch_ingestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"azure","uris": ["azure://telemetry-data-store/survey/batchDeletion/druidData.json"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-survey","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"completedDate","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"completedDate"},{"type":"string","name":"createdAt"},{"type":"string","name":"createdBy"},{"type":"string","name":"criteriaExternalId"},{"type":"string","name":"criteriaId"},{"type":"string","name":"criteriaName"},{"type":"string","name":"surveyId"},{"type":"string","name":"surveyName"},{"type":"string","name":"surveySubmissionId"},{"type":"string","name":"questionAnswer"},{"type":"string","name":"questionECM"},{"type":"string","name":"questionExternalId"},{"type":"string","name":"questionId"},{"type":"string","name":"questionName"},{"type":"string","name":"questionResponseLabel"},{"type":"string","name":"questionResponseType"},{"type":"string","name":"solutionExternalId"},{"type":"string","name":"solutionId"},{"type":"string","name":"solutionName"},{"type":"string","name":"updatedAt"},{"type":"string","name":"instanceParentId"},{"type":"string","name":"instanceId"},{"type":"string","name":"instanceParentResponsetype"},{"type":"string","name":"instanceParentQuestion"},{"type":"string","name":"questionSequenceByEcm"},{"type":"string","name":"maxScore"},{"type":"string","name":"minScore"},{"type":"string","name":"percentageScore"},{"type":"string","name":"pointsBasedScoreInParent"},{"type":"string","name":"totalScore"},{"type":"string","name":"scoreAchieved"},{"type":"string","name":"totalpercentage"},{"type":"string","name":"instanceParentExternalId"},{"type":"string","name":"instanceParentEcmSequence"},{"type":"string","name":"remarks"},{"type":"string","name":"total_evidences"},{"type":"string","name":"evidence_count"},{"type":"string","name":"evidences"},{"type":"string","name":"instanceParentCriteriaId"},{"type":"string","name":"instanceParentCriteriaExternalId"},{"type":"string","name":"instanceParentCriteriaName"},{"type":"string","name":"isAPrivateProgram"},{"type":"string","name":"programId"},{"type":"string","name":"programName"},{"type":"string","name":"programExternalId"},{"name":"questionResponseLabel_number","type":"float"},{"type":"string","name":"channel"},{"type":"string","name":"parent_channel"},{"type":"string","name":"appName"},{"type":"string","name":"organisation_name"},{"type":"string","name":"user_subtype"},{"type":"string","name":"user_type"},{"type":"string","name":"board_name"},{"type":"string","name":"district_code"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_code"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"school_code"},{"type":"string","name":"school_name"},{"type":"string","name":"school_externalId"},{"type":"string","name":"cluster_code"},{"type":"string","name":"cluster_name"},{"type":"string","name":"cluster_externalId"},{"type":"string","name":"state_code"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"organisation_id"},{"type":"string","name":"isSubmissionDeleted"}]},"metricsSpec":[{"type":"floatSum","name":"question_response_number","fieldName":"questionResponseLabel_number"}]}}}' +ml_analytics_druid_survey_batch_ingestion_spec : '{"type":"index","spec":{"ioConfig":{"type":"index","inputSource":{"type":"CloudType","uris": ["CloudURI"]},"inputFormat":{"type":"json"}},"tuningConfig":{"type":"index","partitionsSpec":{"type":"dynamic"}},"dataSchema":{"dataSource":"sl-survey","granularitySpec":{"type":"uniform","queryGranularity":"DAY","rollup":false,"segmentGranularity":"DAY"},"timestampSpec":{"column":"completedDate","format":"auto"},"dimensionsSpec":{"dimensions":[{"type":"string","name":"completedDate"},{"type":"string","name":"createdAt"},{"type":"string","name":"createdBy"},{"type":"string","name":"criteriaExternalId"},{"type":"string","name":"criteriaId"},{"type":"string","name":"criteriaName"},{"type":"string","name":"surveyId"},{"type":"string","name":"surveyName"},{"type":"string","name":"surveySubmissionId"},{"type":"string","name":"questionAnswer"},{"type":"string","name":"questionECM"},{"type":"string","name":"questionExternalId"},{"type":"string","name":"questionId"},{"type":"string","name":"questionName"},{"type":"string","name":"questionResponseLabel"},{"type":"string","name":"questionResponseType"},{"type":"string","name":"solutionExternalId"},{"type":"string","name":"solutionId"},{"type":"string","name":"solutionName"},{"type":"string","name":"updatedAt"},{"type":"string","name":"instanceParentId"},{"type":"string","name":"instanceId"},{"type":"string","name":"instanceParentResponsetype"},{"type":"string","name":"instanceParentQuestion"},{"type":"string","name":"questionSequenceByEcm"},{"type":"string","name":"maxScore"},{"type":"string","name":"minScore"},{"type":"string","name":"percentageScore"},{"type":"string","name":"pointsBasedScoreInParent"},{"type":"string","name":"totalScore"},{"type":"string","name":"scoreAchieved"},{"type":"string","name":"totalpercentage"},{"type":"string","name":"instanceParentExternalId"},{"type":"string","name":"instanceParentEcmSequence"},{"type":"string","name":"remarks"},{"type":"string","name":"total_evidences"},{"type":"string","name":"evidence_count"},{"type":"string","name":"evidences"},{"type":"string","name":"instanceParentCriteriaId"},{"type":"string","name":"instanceParentCriteriaExternalId"},{"type":"string","name":"instanceParentCriteriaName"},{"type":"string","name":"isAPrivateProgram"},{"type":"string","name":"programId"},{"type":"string","name":"programName"},{"type":"string","name":"programExternalId"},{"name":"questionResponseLabel_number","type":"float"},{"type":"string","name":"channel"},{"type":"string","name":"parent_channel"},{"type":"string","name":"appName"},{"type":"string","name":"organisation_name"},{"type":"string","name":"user_subtype"},{"type":"string","name":"user_type"},{"type":"string","name":"board_name"},{"type":"string","name":"district_code"},{"type":"string","name":"district_name"},{"type":"string","name":"district_externalId"},{"type":"string","name":"block_code"},{"type":"string","name":"block_name"},{"type":"string","name":"block_externalId"},{"type":"string","name":"school_code"},{"type":"string","name":"school_name"},{"type":"string","name":"school_externalId"},{"type":"string","name":"cluster_code"},{"type":"string","name":"cluster_name"},{"type":"string","name":"cluster_externalId"},{"type":"string","name":"state_code"},{"type":"string","name":"state_name"},{"type":"string","name":"state_externalId"},{"type":"string","name":"organisation_id"},{"type":"string","name":"isSubmissionDeleted"}]},"metricsSpec":[{"type":"floatSum","name":"question_response_number","fieldName":"questionResponseLabel_number"}]}}}' ml_analytics_survey_batchupdate_cloud_blob_path: "survey/batchDeletion" ml_analytics_survey_submission_id_filepath: "{{ WORKDIR }}/ml-analytics-service/survey/submissions.csv" ml_analytics_survey_batchupdate_output_dir: "{{ WORKDIR }}/source/survey/" diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index e15c7eb70b..789a9bc090 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -93,6 +93,8 @@ ml_distinctCnt_projects_status_spec = {{ ml_analytics_druid_distinctCnt_projects ml_distinctCnt_prglevel_projects_status_spec = {{ ml_analytics_druid_distinctCnt_prglevel_projects_status_injestion_spec }} +ml_distinctCnt_survey_status_spec ={{ ml_analytics_druid_distinctCnt_survey_injestion_spec }} + observation_status_rollup_injestion_spec = {{ ml_analytics_druid_observation_status_rollup_injestion_spec }} project_rollup_injestion_spec = {{ ml_analytics_druid_project_rollup_injestion_spec }} @@ -209,6 +211,8 @@ projects_distinctCount = {{ ml_analytics_projects_distinctCnt_output_dir }} projects_distinctCount_prgmlevel = {{ ml_analytics_projects_distinctCnt_prglevel_output_dir }} +survey_distinctCount_status = {{ ml_analytics_survey_distinctCnt_output_dir }} + project_rollup = {{ ml_analytics_project_rollup_output_dir }} observation_status_rollup = {{ ml_analytics_observation_status_rollup_output_dir }} @@ -259,6 +263,8 @@ projects_distinctCnt_blob_path = {{ ml_analytics_projects_distinctCnt_cloud_blob projects_distinctCnt_prgmlevel_blob_path = {{ ml_analytics_projects_distinctCnt_prglevel_cloud_blob_path }} +survey_distinctCount_blob_path = {{ ml_analytics_survey_distinctCnt_cloud_blob_path }} + projects_rollup_blob_path = {{ ml_analytics_project_rollup_cloud_blob_path }} observation_rollup_blob_path = {{ ml_analytics_observation_rollup_cloud_blob_path }} From 7220872b7f67a928c4d0b45199754ae63ddb536d Mon Sep 17 00:00:00 2001 From: VISHNUDAS-tunerlabse Date: Wed, 16 Aug 2023 14:53:34 +0530 Subject: [PATCH 376/434] changed to public variables for cloud config --- .../roles/stack-sunbird/templates/ml-core-service.env | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/ml-core-service.env b/ansible/roles/stack-sunbird/templates/ml-core-service.env index 30018c5cd8..56313ff44f 100755 --- a/ansible/roles/stack-sunbird/templates/ml-core-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-core-service.env @@ -22,12 +22,12 @@ GOTENBERG_SERVICE_URL={{ml_gotenberg_url | default("http://gotenberg-service:300 # CLOUD STORAGE CLOUD_STORAGE_PROVIDER={{cloud_service_provider}} -CLOUD_STORAGE_ACCOUNTNAME={{cloud_private_storage_accountname | default("")}} -CLOUD_STORAGE_SECRET={{cloud_private_storage_secret | default("")}} +CLOUD_STORAGE_ACCOUNTNAME={{cloud_public_storage_accountname | default("")}} +CLOUD_STORAGE_SECRET={{cloud_public_storage_secret | default("")}} CLOUD_STORAGE_BUCKETNAME={{ml_container | default("")}} -CLOUD_STORAGE_REGION={{cloud_private_storage_region | default("")}} -CLOUD_STORAGE_PROJECT={{cloud_private_storage_project | default("")}} -CLOUD_ENDPOINT={{cloud_private_storage_endpoint | default("")}} +CLOUD_STORAGE_REGION={{cloud_public_storage_region | default("")}} +CLOUD_STORAGE_PROJECT={{cloud_public_storage_project | default("")}} +CLOUD_ENDPOINT={{cloud_public_storage_endpoint | default("")}} # OFFLINE TOKEN VALIDATION From 6d6861e15a46afffb3ae448a50dcf8ad36f79b8e Mon Sep 17 00:00:00 2001 From: adithya_dinesh Date: Mon, 21 Aug 2023 17:50:14 +0530 Subject: [PATCH 377/434] CSP ML Analytics Changes --- .../ml-analytics-service/defaults/main.yml | 1 + .../ml-analytics-service/templates/config.j2 | 49 ++----------------- 2 files changed, 6 insertions(+), 44 deletions(-) diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 98be525421..15ef432e43 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -10,6 +10,7 @@ ml_analytics_survey_app_name: "{{ ml_survey_app_name | default('sunbirdsurvey') ml_analytics_integrated_app_name: "{{ ml_integrated_app_name | default('sunbird') }}" ml_analytics_integrated_portal: "{{ ml_integrated_portal | default('dev.sunbird.portal') }}" ml_analytics_survey_service: "http://{{private_ingressgateway_ip}}/ml-survey" +ml_analytics_core_service: "http://{{private_ingressgateway_ip}}/ml-core" # SB-31155 # This should be deprecated in future in favour of ml_analytics_public_storage diff --git a/ansible/roles/ml-analytics-service/templates/config.j2 b/ansible/roles/ml-analytics-service/templates/config.j2 index 789a9bc090..935085d36a 100644 --- a/ansible/roles/ml-analytics-service/templates/config.j2 +++ b/ansible/roles/ml-analytics-service/templates/config.j2 @@ -147,54 +147,11 @@ survey_streaming_success_error = {{ ml_analytics_survey_log_folder_path }}/ survey_status_success_error = {{ ml_analytics_survey_log_folder_path }}/status/ -{% if ML_Cloud_Service_Provider is equalto 'ORACLE' %} -[ORACLE] - -endpoint_url = {{ cloud_public_storage_endpoint }} - -access_key = {{ cloud_public_storage_accountname }} - -secret_access_key = {{ cloud_public_storage_secret }} - -region_name = {{ cloud_public_storage_region }} - -bucket_name = {{ cloud_storage_telemetry_bucketname }} - -{% elif ML_Cloud_Service_Provider is equalto 'gcloud' %} - -[GCP] - -secret_data = {{ ml_Cloud_secret_json_file }} - -bucket_name = {{ cloud_storage_telemetry_bucketname }} - -{% elif ML_Cloud_Service_Provider is equalto 'aws' %} - -[AWS] - -service_name = S3 - -access_key = {{ cloud_public_storage_accountname }} - -secret_access_key = {{ cloud_public_storage_secret }} - -region_name = {{ cloud_public_storage_region }} - -bucket_name = {{ cloud_storage_telemetry_bucketname }} - -{% else %} - -[AZURE] - -account_name = {{ cloud_public_storage_accountname }} +[CLOUD] container_name = {{ cloud_storage_telemetry_bucketname }} -account_key = {{ cloud_public_storage_secret }} - -{% endif %} - [OUTPUT_DIR] project = {{ ml_analytics_project_output_dir }} @@ -302,3 +259,7 @@ createdBy = {{ ml_analytics_createdBy }} container = {{ ml_analytics_reports_container }} store = {{ ml_analytics_reports_store }} + +[ML_CORE_SERVICE_URL] + +url = {{ ml_analytics_core_service }} From af22c6997a461e54a25a27d945e501a3c46532e1 Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Tue, 22 Aug 2023 13:08:47 +0530 Subject: [PATCH 378/434] =?UTF-8?q?ED-1251=20-=20Add=20OCI=20specific=20de?= =?UTF-8?q?vops=20changes=20-=20superseeds=20PR=203817=20,=203735=E2=80=A6?= =?UTF-8?q?=20(#3881)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * ED-1251 - Add OCI specific devops changes - superseeds PR 3817 , 3735 (#3858) * added task and role for artifacts upload - oci oss Signed-off-by: Deepak Devadathan * overwrite oss file if exists Signed-off-by: Deepak Devadathan * added the switch for getting oci deployed image tag Signed-off-by: Deepak Devadathan * added oci in the task name for getting image version Signed-off-by: Deepak Devadathan * added helm values for oci for internal lb provisioning Signed-off-by: Deepak Devadathan * getting image tag for oci Signed-off-by: Deepak Devadathan * added oci oss upload for certificate template Signed-off-by: Deepak Devadathan * corrected typo in the role input variable Signed-off-by: Deepak Devadathan * removed prefix flag from bulk upload Signed-off-by: Deepak Devadathan * added oci oss task for chatbot upload Signed-off-by: Deepak Devadathan * updated the prefix logic for folder upload to oss Signed-off-by: Deepak Devadathan * uploadfaq to oci oss Signed-off-by: Deepak Devadathan * added a temp debug Signed-off-by: Deepak Devadathan * testing bulk upload logic Signed-off-by: Deepak Devadathan * testing oss_path variable Signed-off-by: Deepak Devadathan * testing with a defined prefix Signed-off-by: Deepak Devadathan * removed debug line and oss_path value Signed-off-by: Deepak Devadathan * added overwrite flag for bulk upload Signed-off-by: Deepak Devadathan * oci oss changes for uploadschema Signed-off-by: Deepak Devadathan * typo in the csp switch Signed-off-by: Deepak Devadathan * oci oss changes for plugins upload Signed-off-by: Deepak Devadathan * testing by adding privileged: true to init container Signed-off-by: Deepak Devadathan * removed privileged=true..as it didnt help the deployment Signed-off-by: Deepak Devadathan * deployed image check for oci Signed-off-by: Deepak Devadathan * added the switch for selecting api version Signed-off-by: Deepak Devadathan * corrected the right task file for plugin del and upl for oci Signed-off-by: Deepak Devadathan * added a temporary debug Signed-off-by: Deepak Devadathan * testing flow Signed-off-by: Deepak Devadathan * debug line Signed-off-by: Deepak Devadathan * testing Signed-off-by: Deepak Devadathan * disable delete and repload plugin temp Signed-off-by: Deepak Devadathan * testing Signed-off-by: Deepak Devadathan * adding OCI values for player environments * updated daemonset deployed image retrieval Signed-off-by: Deepak Devadathan * added role for oci-cli Signed-off-by: Deepak Devadathan * test home location Signed-off-by: Deepak Devadathan * updated the oci cli install location Signed-off-by: Deepak Devadathan * include option oci-cli in template edit jenkins pipeline template to include oci_cli option * updated oci related task for desktop faq upload Signed-off-by: Deepak Devadathan * added the missing uploads for desktop faq upload Signed-off-by: Deepak Devadathan * added CLOUD_STORAGE_ENDPOINT env variable Signed-off-by: Deepak Devadathan * updated the ansible variable for cloud_storage_endpoint Signed-off-by: Deepak Devadathan * updated env template for lms to add endpoint Signed-off-by: Deepak Devadathan * corrected the typo in the template for lms Signed-off-by: Deepak Devadathan * updated desktop-faq-upload for oci Signed-off-by: Deepak Devadathan * added uploadfaq for oci rc-schema Signed-off-by: Deepak Devadathan * updated bucket name for oci upload for schema Signed-off-by: Deepak Devadathan * updated bucket name for artifact upl and download for oci Signed-off-by: Deepak Devadathan * added oci oss block for asset upload Signed-off-by: Deepak Devadathan * updated oci buket name for deploy plugins Signed-off-by: Deepak Devadathan * added es snapshot for oci Signed-off-by: Deepak Devadathan * added es repository for oci Signed-off-by: Deepak Devadathan * added repository changes for log-es6 for oci Signed-off-by: Deepak Devadathan * removed access key and secret from es s3 repo settings Signed-off-by: Deepak Devadathan * add s3 compatible repository setting for es backup Signed-off-by: Deepak Devadathan * changed the repository type to s3 Signed-off-by: Deepak Devadathan * plugin repository-s3 for oci Signed-off-by: Deepak Devadathan * temporarily disabling no_log for trigage Signed-off-by: Deepak Devadathan * used the logical or Signed-off-by: Deepak Devadathan * reverted no_log Signed-off-by: Deepak Devadathan * default client name based setting Signed-off-by: Deepak Devadathan * added signer override Signed-off-by: Deepak Devadathan * added s3 client configuration for oci Signed-off-by: Deepak Devadathan * corrected elasticsearch.yml template Signed-off-by: Deepak Devadathan * corrected the variable names in elasticsearch.yml Signed-off-by: Deepak Devadathan * removed s3 compatiblity variables from elasticsearch.yaml Signed-off-by: Deepak Devadathan * tsting snapshot backup Signed-off-by: Deepak Devadathan * without path-style-acess Signed-off-by: Deepak Devadathan * testing with home region Signed-off-by: Deepak Devadathan * using ip of endpoint Signed-off-by: Deepak Devadathan * install repository-s3 plugin for log-es Signed-off-by: Deepak Devadathan * updated s3 settings values Signed-off-by: Deepak Devadathan * re arranged the order Signed-off-by: Deepak Devadathan * corrected the default values for sunbird_player.env Signed-off-by: Deepak Devadathan * removed the redundant check to get deployed image Signed-off-by: Deepak Devadathan * removed csp switch for deployed image retrival Signed-off-by: Deepak Devadathan * common login for getting deployed image Signed-off-by: Deepak Devadathan * removed csp switch for getting deployed image Signed-off-by: Deepak Devadathan * added the environment variable for instance principal for oci operation Signed-off-by: Deepak Devadathan * Fixed indentation error * Update oss-upload-batch-no-poll.yml missing content type caused a LOT of problem * Changes for postgres ssl configuration * added the storage type for deployment Signed-off-by: Deepak Devadathan * added cloud-store-proxy for cors reverse proxy Signed-off-by: Deepak Devadathan * enabling relative base path in content API * enabling relative path in content * setting relative absolute path to true * issue with npm version * Fix for DU-417 * Moved the storage config to ansible variables * typo fix * updated oci oss config entries * updated defaults Signed-off-by: Deepak Devadathan * corrected values Signed-off-by: Deepak Devadathan * updated kafka setup zookeeper Signed-off-by: Deepak Devadathan * updated the generic defaults Signed-off-by: Deepak Devadathan * added conditional check for pg ssl Signed-off-by: Deepak Devadathan * corrected misplaced oci instead of aws Signed-off-by: Deepak Devadathan * removed https Signed-off-by: Deepak Devadathan * used variable for cloud_storage_url Signed-off-by: Deepak Devadathan * removed duplicate entry Signed-off-by: Deepak Devadathan * added default values for cloud_public_storage_proxy Signed-off-by: Deepak Devadathan * added defaults to stack sunbird role Signed-off-by: Deepak Devadathan * added genereic names Signed-off-by: Deepak Devadathan * removed redundant file Signed-off-by: Deepak Devadathan * removed redundant variable cloud_store_base_path_placeholder Signed-off-by: Deepak Devadathan * removed redundant variable Signed-off-by: Deepak Devadathan * added default value for cloud_public_storage_proxy Signed-off-by: Deepak Devadathan * added sample reference value for cloud_public_storage_endpoint Signed-off-by: Deepak Devadathan --------- Signed-off-by: Deepak Devadathan Co-authored-by: Kenneth Heung Co-authored-by: subhash_chandra_budde Co-authored-by: Ramya Co-authored-by: rjanart <123344037+rjanart@users.noreply.github.com> * Update sunbird_lms-service.env * Resolving conflicts at sunbird_lms-service.env --------- Signed-off-by: Deepak Devadathan Co-authored-by: Deepak Devadathan Co-authored-by: Kenneth Heung Co-authored-by: subhash_chandra_budde Co-authored-by: Ramya Co-authored-by: rjanart <123344037+rjanart@users.noreply.github.com> Co-authored-by: Santhosh Gandham --- ansible/artifacts-download.yml | 13 +++ ansible/artifacts-upload.yml | 13 +++ ansible/assets-upload.yml | 28 +++++++ ansible/deploy-plugins.yml | 79 +++++++++++++++++- ansible/desktop-faq-upload.yml | 82 ++++++++++++++++++- ansible/es.yml | 4 + ansible/inventory/env/group_vars/all.yml | 6 +- ansible/kp_upload-schema.yml | 13 +++ ansible/roles/cert-templates/tasks/main.yml | 12 +++ .../roles/es-oci-snapshot/defaults/main.yml | 19 +++++ ansible/roles/es-oci-snapshot/tasks/main.yml | 42 ++++++++++ ansible/roles/es6/tasks/main.yml | 2 +- .../roles/es6/templates/elasticsearch.yml.j2 | 1 + ansible/roles/log-es6/tasks/main.yml | 6 +- .../log-es6/tasks/plugins/repository-oci.yml | 36 ++++++++ .../roles/oci-cloud-storage/defaults/main.yml | 3 + .../oci-cloud-storage/tasks/delete-folder.yml | 5 ++ .../roles/oci-cloud-storage/tasks/delete.yml | 7 ++ .../oci-cloud-storage/tasks/download.yml | 7 ++ .../roles/oci-cloud-storage/tasks/main.yml | 18 ++++ .../tasks/oss-delete-batch-no-poll.yml | 5 ++ .../tasks/oss-upload-batch-no-poll.yml | 5 ++ .../oci-cloud-storage/tasks/upload-folder.yml | 15 ++++ .../roles/oci-cloud-storage/tasks/upload.yml | 8 ++ ansible/roles/setup-kafka/defaults/main.yml | 2 +- ansible/roles/setup-kafka/tasks/main.yml | 10 +-- ansible/roles/stack-sunbird/defaults/main.yml | 4 + .../templates/analytics_api_service.conf | 13 +-- .../content-service_application.conf | 1 + ansible/roles/stack-sunbird/templates/odk.env | 8 +- .../templates/sunbird_cert-service.env | 1 + .../templates/sunbird_lms-service.env | 4 +- .../templates/sunbird_player.env | 1 + ansible/uploadFAQs.yml | 30 +++++++ .../roles/deploy-player/tasks/main.yml | 1 + .../ansible/roles/helm-deploy/tasks/main.yml | 1 + .../templates/configmap.yaml | 9 +- .../core/nginx-private-ingress/values.j2 | 1 + .../fluent-bit/templates/serviceaccount.yaml | 8 ++ pipelines/deploy/ContentFramework/Jenkinsfile | 1 + .../ansible/inventory/dev/Core/common.yml | 9 +- .../inventory/dev/DataPipeline/common.yml | 7 +- .../dev/KnowledgePlatform/common.yml | 9 +- 43 files changed, 522 insertions(+), 27 deletions(-) create mode 100644 ansible/roles/es-oci-snapshot/defaults/main.yml create mode 100644 ansible/roles/es-oci-snapshot/tasks/main.yml create mode 100644 ansible/roles/log-es6/tasks/plugins/repository-oci.yml create mode 100644 ansible/roles/oci-cloud-storage/defaults/main.yml create mode 100644 ansible/roles/oci-cloud-storage/tasks/delete-folder.yml create mode 100644 ansible/roles/oci-cloud-storage/tasks/delete.yml create mode 100644 ansible/roles/oci-cloud-storage/tasks/download.yml create mode 100644 ansible/roles/oci-cloud-storage/tasks/main.yml create mode 100644 ansible/roles/oci-cloud-storage/tasks/oss-delete-batch-no-poll.yml create mode 100644 ansible/roles/oci-cloud-storage/tasks/oss-upload-batch-no-poll.yml create mode 100644 ansible/roles/oci-cloud-storage/tasks/upload-folder.yml create mode 100644 ansible/roles/oci-cloud-storage/tasks/upload.yml diff --git a/ansible/artifacts-download.yml b/ansible/artifacts-download.yml index 2fc2748229..ce7a125bde 100644 --- a/ansible/artifacts-download.yml +++ b/ansible/artifacts-download.yml @@ -40,3 +40,16 @@ aws_access_key_id: "{{ cloud_artifact_storage_accountname }}" aws_secret_access_key: "{{ cloud_artifact_storage_secret }}" when: cloud_service_provider == "aws" + + - name: download artifact from oci oss + include_role: + name: oci-cloud-storage + apply: + environment: + OCI_CLI_AUTH: "instance_principal" + tasks_from: download.yml + vars: + local_file_or_folder_path: "{{ artifact_path }}" + oss_bucket_name: "{{ cloud_storage_artifacts_bucketname }}" + oss_path: "{{ artifact }}" + when: cloud_service_provider == "oci" \ No newline at end of file diff --git a/ansible/artifacts-upload.yml b/ansible/artifacts-upload.yml index 305492afc2..3e444ef163 100644 --- a/ansible/artifacts-upload.yml +++ b/ansible/artifacts-upload.yml @@ -41,3 +41,16 @@ aws_access_key_id: "{{ cloud_artifact_storage_accountname }}" aws_secret_access_key: "{{ cloud_artifact_storage_secret }}" when: cloud_service_provider == "aws" + + - name: upload artifact to oci oss + include_role: + name: oci-cloud-storage + apply: + environment: + OCI_CLI_AUTH: "instance_principal" + tasks_from: upload.yml + vars: + local_file_or_folder_path: "{{ artifact_path }}" + oss_bucket_name: "{{ cloud_storage_artifacts_bucketname }}" + oss_path: "{{ artifact }}" + when: cloud_service_provider == "oci" \ No newline at end of file diff --git a/ansible/assets-upload.yml b/ansible/assets-upload.yml index b8d5836cc6..b39f1a4694 100644 --- a/ansible/assets-upload.yml +++ b/ansible/assets-upload.yml @@ -75,3 +75,31 @@ vars: local_file_or_folder_path: "{{ assets }}/*" when: cloud_service_provider == "gcloud" + +##### OCI + - name: this block consists of tasks related to oci oss + block: + - name: set common oci variables + set_fact: + oss_bucket_name: "{{ cloud_storage_playercdn_bucketname }}" + oss_path: "" + oss_namespace: "{{oci_namespace}}" + + - name: delete files and folders from oci oss + include_role: + name: oci-cloud-storage + apply: + environment: + OCI_CLI_AUTH: "instance_principal" + tasks_from: delete-folder.yml + + - name: upload batch of files to oci oss + include_role: + name: oci-cloud-storage + apply: + environment: + OCI_CLI_AUTH: "instance_principal" + tasks_from: upload-folder.yml + vars: + local_file_or_folder_path: "{{ assets }}" + when: cloud_service_provider == "oci" \ No newline at end of file diff --git a/ansible/deploy-plugins.yml b/ansible/deploy-plugins.yml index 5774a12454..a96af44f5a 100644 --- a/ansible/deploy-plugins.yml +++ b/ansible/deploy-plugins.yml @@ -62,7 +62,6 @@ local_file_or_folder_path: "{{ source_file_name }}" tags: - preview - - block: - name: delete and re-upload plugins include_role: @@ -222,3 +221,81 @@ tags: - plugins when: cloud_service_provider == "aws" + + +################################### OCI tasks ######################### + - name: this block consists of tasks related to oci oss + block: + - name: set common oci variables + set_fact: + oss_bucket_name: "{{ cloud_storage_content_bucketname }}" + oss_namespace: "{{ oci_namespace }}" + tags: + - always + + - block: + - name: delete files and folders from oci oss + include_role: + name: oci-cloud-storage + apply: + environment: + OCI_CLI_AUTH: "instance_principal" + tasks_from: delete-folder.yml + vars: + oss_path: "{{ folder_name }}/" + tags: + - content-editor + - collection-editor + - generic-editor + - preview + + - block: + - name: upload folder to oci oss + include_role: + name: oci-cloud-storage + apply: + environment: + OCI_CLI_AUTH: "instance_principal" + tasks_from: upload-folder.yml + vars: + oss_path: "{{ folder_name }}/" + local_file_or_folder_path: "{{ source_name }}" + tags: + - content-editor + - collection-editor + - generic-editor + - preview + - editor + - core-plugins + + - block: + - name: upload file to oci oss + include_role: + name: oci-cloud-storage + apply: + environment: + OCI_CLI_AUTH: "instance_principal" + tasks_from: upload.yml + vars: + oss_path: "artefacts/content-player/content-player-{{ player_version_number }}.zip" + local_file_or_folder_path: "{{ source_file_name }}" + tags: + - preview + + - block: + - name: delete and re-upload plugins for oci + include_role: + name: oci-cloud-storage + apply: + environment: + OCI_CLI_AUTH: "instance_principal" + tasks_from: "{{ item[0] }}" + vars: + object_prefix: "content-plugins/{{ item[1] }}/" + local_file_or_folder_path: "{{ source_folder }}/{{ item[1] }}" + with_nested: + - ['oss-delete-batch-no-poll.yml', 'oss-upload-batch-no-poll.yml'] + - "{{ lookup('file', plugins_to_delete_and_upload).split('\n') }}" + tags: + - plugins + when: cloud_service_provider == "oci" diff --git a/ansible/desktop-faq-upload.yml b/ansible/desktop-faq-upload.yml index a95e8828e7..77d56dbc5b 100644 --- a/ansible/desktop-faq-upload.yml +++ b/ansible/desktop-faq-upload.yml @@ -211,7 +211,7 @@ - upload-csv-template - block: - - name: upload folder to aws s3 - discussion-ui + - name: upload folder to aws s3 - discusion-ui include_role: name: aws-cloud-storage tasks_from: upload-folder.yml @@ -222,3 +222,83 @@ tags: - upload-discussion-ui when: cloud_service_provider == "aws" + + +##### OCI Tasks #### + + - name: this block consists of tasks related to oci oss + block: + - name: set common oci variables + set_fact: + local_file_or_folder_path: "{{ playbook_dir }}/../{{ src_file_path }}" + tags: + - always + + - block: + - name: upload file to oci oss public bucket + include_role: + name: oci-cloud-storage + apply: + environment: + OCI_CLI_AUTH: "instance_principal" + tasks_from: upload.yml + vars: + oss_bucket_name: "{{ cloud_storage_public_bucketname }}" + tags: + - upload-desktop-faq + + - block: + - name: upload file to oci oss private bucket + include_role: + name: oci-cloud-storage + apply: + environment: + OCI_CLI_AUTH: "instance_principal" + tasks_from: upload.yml + vars: + oss_bucket_name: "{{ cloud_storage_label_bucketname }}" + tags: + - upload-label + + - block: + - name: upload folder to oci oss - chatbot + include_role: + name: oci-cloud-storage + apply: + environment: + OCI_CLI_AUTH: "instance_principal" + tasks_from: upload-folder.yml + vars: + oss_path: "{{ destination_path }}/" + oss_bucket_name: "{{ cloud_storage_chatbot_bucketname }}" + tags: + - upload-chatbot-config + + - block: + - name: upload folder to oci oss - csv-template + include_role: + name: oci-cloud-storage + apply: + environment: + OCI_CLI_AUTH: "instance_principal" + tasks_from: upload-folder.yml + vars: + oss_path: "{{ destination_path }}/" + oss_bucket_name: "{{ cloud_storage_sourcing_bucketname }}" + tags: + - upload-csv-template + + - block: + - name: upload folder to oci oss - discussion-ui + include_role: + name: oci-cloud-storage + apply: + environment: + OCI_CLI_AUTH: "instance_principal" + tasks_from: upload-folder.yml + vars: + oss_path: "{{ destination_path }}/" + oss_bucket_name: "{{ cloud_storage_discussionui_bucketname }}" + tags: + - upload-discussion-ui + when: cloud_service_provider == "oci" diff --git a/ansible/es.yml b/ansible/es.yml index c526414f47..193f81ab27 100644 --- a/ansible/es.yml +++ b/ansible/es.yml @@ -12,6 +12,8 @@ when: cloud_service_provider == "aws" - role: es-gcs-snapshot when: cloud_service_provider == "gcloud" + - role: es-oci-snapshot + when: cloud_service_provider == "oci" - role: es5-snapshot-purge tags: - es_backup @@ -31,6 +33,8 @@ when: cloud_service_provider == "aws" - role: es-gcs-snapshot when: cloud_service_provider == "gcloud" + - role: es-oci-snapshot + when: cloud_service_provider == "oci" - es5-snapshot-purge tags: - log_es_backup diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index b0b23d8ecf..ab39bf76ae 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -361,7 +361,7 @@ content_service_blacklisted_resourcetype: '' content_service_whitelisted_resourcetype: '' content_service_whitelisted_mimetype: '' content_service_blacklisted_mimetype: '' -sunbird_cloud_storage_urls: 'https://s3.ap-south-1.amazonaws.com/ekstep-public-{{ekstep_s3_env}}/,https://ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com/,{{ upstream_url }}/' +sunbird_cloud_storage_urls: 'https://s3.ap-south-1.amazonaws.com/ekstep-public-{{ekstep_s3_env}}/,https://ekstep-public-{{ekstep_s3_env}}.s3-ap-south-1.amazonaws.com/,{{ upstream_url }}/,https://files.xyz.in/contentsbucket/,https://obj.xyz.in/contentsbucket/' sunbird_email_max_recipients_limit: 100 sunbird_cassandra_consistency_level: local_quorum sunbird_cassandra_replication_strategy: '{"class":"SimpleStrategy","replication_factor":"1"}' @@ -566,3 +566,7 @@ plugin_upstream_url: "{{ upstream_url }}" kp_schema_base_path: "{{ upstream_url }}/schemas/local" # SB-31155 - Moved to the installation public container for now (same place where keycloaka and java artifacts are stored) h5p_library_path: "https://sunbirdpublic.blob.core.windows.net/installation/h5p-standalone-1.3.4.zip" + + +## Added default values +cloud_public_storage_proxy: "{{cloud_storage_url}}" \ No newline at end of file diff --git a/ansible/kp_upload-schema.yml b/ansible/kp_upload-schema.yml index 3a28ce5782..0f57586047 100644 --- a/ansible/kp_upload-schema.yml +++ b/ansible/kp_upload-schema.yml @@ -40,3 +40,16 @@ gcp_path: "schemas/local" local_file_or_folder_path: "{{ source_name }}" when: cloud_service_provider == "gcloud" + + - name: upload batch of files to oci oss + include_role: + name: oci-cloud-storage + apply: + environment: + OCI_CLI_AUTH: "instance_principal" + tasks_from: upload-folder.yml + vars: + oss_bucket_name: "{{ cloud_storage_content_bucketname }}" + local_file_or_folder_path: "{{ source_name }}" + oss_path: "schemas/local/" + when: cloud_service_provider == "oci" \ No newline at end of file diff --git a/ansible/roles/cert-templates/tasks/main.yml b/ansible/roles/cert-templates/tasks/main.yml index 893e0776f4..d4134d7cbd 100644 --- a/ansible/roles/cert-templates/tasks/main.yml +++ b/ansible/roles/cert-templates/tasks/main.yml @@ -68,3 +68,15 @@ gcp_path: "" local_file_or_folder_path: "{{ cert_location }}/cert-templates/certUtilScripts/out" when: cloud_service_provider == "gcloud" + +- name: upload batch of files to oci oss + include_role: + name: oci-cloud-storage + apply: + environment: + OCI_CLI_AUTH: "instance_principal" + tasks_from: upload-folder.yml + vars: + oss_bucket_name: "{{ cert_service_container_name }}" + local_file_or_folder_path: "{{ cert_location }}/cert-templates/certUtilScripts/out" + when: cloud_service_provider == "oci" \ No newline at end of file diff --git a/ansible/roles/es-oci-snapshot/defaults/main.yml b/ansible/roles/es-oci-snapshot/defaults/main.yml new file mode 100644 index 0000000000..a172208ded --- /dev/null +++ b/ansible/roles/es-oci-snapshot/defaults/main.yml @@ -0,0 +1,19 @@ +snapshot_create_request_body: { + type: s3, + settings: { + bucket: "{{ cloud_storage_esbackup_bucketname }}", + path_style_access: "{{s3_path_style_access}}", + endpoint: "{{s3_storage_endpoint}}", + region: "{{s3_region}}", + base_path: "{{ cloud_storage_esbackup_foldername }}/{{ snapshot_base_path }}_{{ base_path_date }}", + + } +} + +# Override these values +es_snapshot_host: "localhost" +snapshot_base_path: "default" +es_backup_storage: "elasticsearch-snapshots" + +cloud_storage_esbackup_bucketname: "{{ cloud_storage_management_bucketname }}" +cloud_storage_esbackup_foldername: "elasticsearch-snapshots" diff --git a/ansible/roles/es-oci-snapshot/tasks/main.yml b/ansible/roles/es-oci-snapshot/tasks/main.yml new file mode 100644 index 0000000000..aee768626c --- /dev/null +++ b/ansible/roles/es-oci-snapshot/tasks/main.yml @@ -0,0 +1,42 @@ +--- + +- set_fact: base_path_date="{{ lookup('pipe','date +%Y-%m') }}" + +- set_fact: snapshot_number="snapshot_{{ lookup('pipe','date +%s') }}" + +- name: Create S3 Repository + uri: + url: "http://{{ es_snapshot_host }}:9200/_snapshot/{{ snapshot_base_path }}" + method: PUT + body: "{{ snapshot_create_request_body | to_json }}" + headers: + Content-Type: "application/json" + +- name: Take new snapshot + uri: + url: "http://{{ es_snapshot_host }}:9200/_snapshot/{{ snapshot_base_path }}/{{ snapshot_number }}" + method: PUT + headers: + Content-Type: "application/json" + +- name: Print all snapshots + uri: + url: "http://{{ es_snapshot_host }}:9200/_snapshot/{{ snapshot_base_path }}/_all" + method: GET + +- name: Print status of current snapshot + uri: + url: "http://{{ es_snapshot_host }}:9200/_snapshot/{{ snapshot_base_path }}/{{ snapshot_number }}" + method: GET + +- name: "Wait for backup to be completed" + uri: + url: "http://{{ es_snapshot_host }}:9200/_snapshot/{{ snapshot_base_path }}/{{ snapshot_number }}" + method: GET + return_content: yes + status_code: 200 + body_format: json + register: result + until: result.json.snapshots[0].state == 'SUCCESS' + retries: 120 + delay: 10 diff --git a/ansible/roles/es6/tasks/main.yml b/ansible/roles/es6/tasks/main.yml index 1de1eeff8e..39f915a018 100644 --- a/ansible/roles/es6/tasks/main.yml +++ b/ansible/roles/es6/tasks/main.yml @@ -46,7 +46,7 @@ - name: include plugins/repository-s3.yml include: plugins/repository-s3.yml - when: cloud_service_provider == "aws" + when: cloud_service_provider == "aws" or cloud_service_provider == "oci" - name: include plugins/repository-gcs.yml include: plugins/repository-gcs.yml diff --git a/ansible/roles/es6/templates/elasticsearch.yml.j2 b/ansible/roles/es6/templates/elasticsearch.yml.j2 index d6aaab45c9..880c27da2b 100644 --- a/ansible/roles/es6/templates/elasticsearch.yml.j2 +++ b/ansible/roles/es6/templates/elasticsearch.yml.j2 @@ -56,3 +56,4 @@ network.host: 0.0.0.0 {% if es_remote_reindex is defined %} reindex.remote.whitelist: {{es_remote_host}}:9200 {% endif %} + diff --git a/ansible/roles/log-es6/tasks/main.yml b/ansible/roles/log-es6/tasks/main.yml index 646947abee..8ac712117c 100644 --- a/ansible/roles/log-es6/tasks/main.yml +++ b/ansible/roles/log-es6/tasks/main.yml @@ -68,12 +68,16 @@ - name: include plugins/repository-s3.yml include: plugins/repository-s3.yml - when: cloud_service_provider == "aws" + when: cloud_service_provider == "aws" or cloud_service_provider == "oci" - name: include plugins/repository-gcs.yml include: plugins/repository-gcs.yml when: cloud_service_provider == "gcloud" +- name: include plugins/repository-oci.yml + include: plugins/repository-oci.yml + when: cloud_service_provider == "oci" + - name: include elasticsearch-ssl.yml include: elasticsearch-ssl.yml when: es_enable_http_ssl or es_enable_transport_ssl diff --git a/ansible/roles/log-es6/tasks/plugins/repository-oci.yml b/ansible/roles/log-es6/tasks/plugins/repository-oci.yml new file mode 100644 index 0000000000..02a2b45f45 --- /dev/null +++ b/ansible/roles/log-es6/tasks/plugins/repository-oci.yml @@ -0,0 +1,36 @@ +--- +- name: Add default oci account name for backups + become: yes + shell: echo "{{ cloud_management_storage_accountname }}" | {{ es_home }}/bin/elasticsearch-keystore add -f s3.client.default.access_key + no_log: True + environment: + ES_PATH_CONF: "{{ conf_dir }}" + +- name: Add default oci account key for backups + become: yes + shell: echo "{{ cloud_management_storage_secret }}" | {{ es_home }}/bin/elasticsearch-keystore add -f s3.client.default.secret_key + no_log: True + environment: + ES_PATH_CONF: "{{ conf_dir }}" + + +- name: Add default oci endpoint for backups + become: yes + shell: echo "{{ cloud_management_storage_endpoint }}" | {{ es_home }}/bin/elasticsearch-keystore add -f s3.client.default.endpoint + no_log: True + environment: + ES_PATH_CONF: "{{ conf_dir }}" + +- name: Add default oci region for backups + become: yes + shell: echo "{{ cloud_management_storage_region }}" | {{ es_home }}/bin/elasticsearch-keystore add -f s3.client.default.region + no_log: True + environment: + ES_PATH_CONF: "{{ conf_dir }}" + +- name: Add default path-style access for backups + become: yes + shell: echo "{{ cloud_management_storage_path_style_access }}" | {{ es_home }}/bin/elasticsearch-keystore add -f s3.client.default.path_style_access + no_log: True + environment: + ES_PATH_CONF: "{{ conf_dir }}" \ No newline at end of file diff --git a/ansible/roles/oci-cloud-storage/defaults/main.yml b/ansible/roles/oci-cloud-storage/defaults/main.yml new file mode 100644 index 0000000000..72727de167 --- /dev/null +++ b/ansible/roles/oci-cloud-storage/defaults/main.yml @@ -0,0 +1,3 @@ +oss_bucket_name: "" +oss_path: "" +local_file_or_folder_path: "" diff --git a/ansible/roles/oci-cloud-storage/tasks/delete-folder.yml b/ansible/roles/oci-cloud-storage/tasks/delete-folder.yml new file mode 100644 index 0000000000..6ed4e6b8b4 --- /dev/null +++ b/ansible/roles/oci-cloud-storage/tasks/delete-folder.yml @@ -0,0 +1,5 @@ +--- +- name: delete files and folders recursively + shell: "oci os object bulk-delete -ns {{oss_namespace}} -bn {{oss_bucket_name}} --prefix {{oss_path}} --force" + async: 3600 + poll: 10 diff --git a/ansible/roles/oci-cloud-storage/tasks/delete.yml b/ansible/roles/oci-cloud-storage/tasks/delete.yml new file mode 100644 index 0000000000..65d18843ca --- /dev/null +++ b/ansible/roles/oci-cloud-storage/tasks/delete.yml @@ -0,0 +1,7 @@ +- name: Ensure oci oss bucket exists + command: oci os bucket get --name {{ oss_bucket_name }} + +- name: Upload to oci oss bucket + command: oci os object delete -bn {{ oss_bucket_name }} --name {{ oss_path }} --force + async: 3600 + poll: 10 \ No newline at end of file diff --git a/ansible/roles/oci-cloud-storage/tasks/download.yml b/ansible/roles/oci-cloud-storage/tasks/download.yml new file mode 100644 index 0000000000..63e776c348 --- /dev/null +++ b/ansible/roles/oci-cloud-storage/tasks/download.yml @@ -0,0 +1,7 @@ +- name: Ensure oci oss bucket exists + command: oci os bucket get --name {{ oss_bucket_name }} + +- name: download files from oci oss bucket + command: oci os object bulk-download -bn {{ oss_bucket_name }} --prefix {{ oss_path }} --dest-dir {{ local_file_or_folder_path }} + async: 3600 + poll: 10 \ No newline at end of file diff --git a/ansible/roles/oci-cloud-storage/tasks/main.yml b/ansible/roles/oci-cloud-storage/tasks/main.yml new file mode 100644 index 0000000000..6f9dca6b63 --- /dev/null +++ b/ansible/roles/oci-cloud-storage/tasks/main.yml @@ -0,0 +1,18 @@ +--- +- name: delete files from oci oss bucket + include: delete.yml + +- name: delete folders from oci oss bucket recursively + include: delete-folder.yml + + +- name: download file from oss + include: download.yml + +- name: upload files from a local to oci oss + include: upload.yml + +- name: upload files and folder from local directory to oci oss + include: upload-folder.yml + + diff --git a/ansible/roles/oci-cloud-storage/tasks/oss-delete-batch-no-poll.yml b/ansible/roles/oci-cloud-storage/tasks/oss-delete-batch-no-poll.yml new file mode 100644 index 0000000000..8ad3f257e3 --- /dev/null +++ b/ansible/roles/oci-cloud-storage/tasks/oss-delete-batch-no-poll.yml @@ -0,0 +1,5 @@ +--- +- name: delete files and folders - deleting {{ oss_bucket_name }}/{{ object_prefix }} + shell: oci os object bulk-delete -bn {{oss_bucket_name}} --prefix {{object_prefix}} --force + async: 1800 + poll: 0 \ No newline at end of file diff --git a/ansible/roles/oci-cloud-storage/tasks/oss-upload-batch-no-poll.yml b/ansible/roles/oci-cloud-storage/tasks/oss-upload-batch-no-poll.yml new file mode 100644 index 0000000000..31794e73e8 --- /dev/null +++ b/ansible/roles/oci-cloud-storage/tasks/oss-upload-batch-no-poll.yml @@ -0,0 +1,5 @@ +--- +- name: upload files and folders - uploading {{ oss_bucket_name }}/{{ object_prefix }} + shell: oci os object bulk-upload -bn {{oss_bucket_name}} --prefix {{object_prefix}} --src-dir {{local_file_or_folder_path}} --overwrite --content-type auto + async: 1800 + poll: 0 diff --git a/ansible/roles/oci-cloud-storage/tasks/upload-folder.yml b/ansible/roles/oci-cloud-storage/tasks/upload-folder.yml new file mode 100644 index 0000000000..2e0d45bcb7 --- /dev/null +++ b/ansible/roles/oci-cloud-storage/tasks/upload-folder.yml @@ -0,0 +1,15 @@ +--- +- name: Ensure oci oss bucket exists + command: oci os bucket get --name {{ oss_bucket_name }} + +- name: Upload folder to oci oss bucket + command: oci os object bulk-upload -bn {{ oss_bucket_name }} --src-dir {{ local_file_or_folder_path }} --content-type auto --overwrite + async: 3600 + poll: 10 + when: oss_path|length == 0 + +- name: Upload folder to oci oss bucket + command: oci os object bulk-upload -bn {{ oss_bucket_name }} --prefix {{oss_path}} --src-dir {{ local_file_or_folder_path }} --content-type auto --overwrite + async: 3600 + poll: 10 + when: oss_path|length > 0 diff --git a/ansible/roles/oci-cloud-storage/tasks/upload.yml b/ansible/roles/oci-cloud-storage/tasks/upload.yml new file mode 100644 index 0000000000..9e1ceb4289 --- /dev/null +++ b/ansible/roles/oci-cloud-storage/tasks/upload.yml @@ -0,0 +1,8 @@ +--- +- name: Ensure oci oss bucket exists + command: oci os bucket get --name {{ oss_bucket_name }} + +- name: Upload to oci oss bucket + command: oci os object put -bn {{ oss_bucket_name }} --name {{ oss_path }} --file {{ local_file_or_folder_path }} --content-type auto --force + async: 3600 + poll: 10 diff --git a/ansible/roles/setup-kafka/defaults/main.yml b/ansible/roles/setup-kafka/defaults/main.yml index 293a9f9988..fe276ab941 100644 --- a/ansible/roles/setup-kafka/defaults/main.yml +++ b/ansible/roles/setup-kafka/defaults/main.yml @@ -3,7 +3,7 @@ env: dev ml_kafka_topic_create: false uci_kafka_topic_create: false av_kafka_topic_create: false - +zookeeper_host: "{{ groups['zookeeper'][0] | default('localhost')}}" processing_kafka_overriden_topics: - name: lms.audit.events retention_time: 172800000 diff --git a/ansible/roles/setup-kafka/tasks/main.yml b/ansible/roles/setup-kafka/tasks/main.yml index 502c627bdc..28ef75f422 100644 --- a/ansible/roles/setup-kafka/tasks/main.yml +++ b/ansible/roles/setup-kafka/tasks/main.yml @@ -1,5 +1,5 @@ - name: create topics - command: /opt/kafka/bin/kafka-topics.sh --zookeeper localhost:2181 --create --topic {{env_name}}.{{item.name}} --partitions {{ item.num_of_partitions }} --replication-factor {{ item.replication_factor }} + command: /opt/kafka/bin/kafka-topics.sh --zookeeper {{zookeeper_host}}:2181 --create --topic {{env_name}}.{{item.name}} --partitions {{ item.num_of_partitions }} --replication-factor {{ item.replication_factor }} with_items: "{{processing_kafka_topics}}" ignore_errors: true when: kafka_id=="1" @@ -7,14 +7,14 @@ - processing-kafka - name: override retention time - command: /opt/kafka/bin/kafka-topics.sh --zookeeper localhost:2181 --alter --topic {{env_name}}.{{item.name}} --config retention.ms={{ item.retention_time }} + command: /opt/kafka/bin/kafka-topics.sh --zookeeper {{zookeeper_host}}:2181 --alter --topic {{env_name}}.{{item.name}} --config retention.ms={{ item.retention_time }} with_items: "{{processing_kafka_overriden_topics}}" when: kafka_id=="1" and item.retention_time is defined tags: - processing-kafka - name: create topics - command: /opt/kafka/bin/kafka-topics.sh --zookeeper localhost:2181 --create --topic {{env_name}}.{{item.name}} --partitions {{ item.num_of_partitions }} --replication-factor {{ item.replication_factor }} + command: /opt/kafka/bin/kafka-topics.sh --zookeeper {{zookeeper_host}}:2181 --create --topic {{env_name}}.{{item.name}} --partitions {{ item.num_of_partitions }} --replication-factor {{ item.replication_factor }} with_items: "{{ml_service_topics}}" ignore_errors: true when: kafka_id=="1" and ml_kafka_topic_create @@ -22,7 +22,7 @@ - processing-kafka - name: create topics - command: /opt/kafka/bin/kafka-topics.sh --zookeeper localhost:2181 --create --topic {{env_name}}.{{item.name}} --partitions {{ item.num_of_partitions }} --replication-factor {{ item.replication_factor }} + command: /opt/kafka/bin/kafka-topics.sh --zookeeper {{zookeeper_host}}:2181 --create --topic {{env_name}}.{{item.name}} --partitions {{ item.num_of_partitions }} --replication-factor {{ item.replication_factor }} with_items: "{{uci_service_topics}}" ignore_errors: true when: kafka_id=="1" and uci_kafka_topic_create @@ -30,7 +30,7 @@ - processing-kafka - name: create topics - command: /opt/kafka/bin/kafka-topics.sh --zookeeper localhost:2181 --create --topic {{env_name}}.{{item.name}} --partitions {{ item.num_of_partitions }} --replication-factor {{ item.replication_factor }} + command: /opt/kafka/bin/kafka-topics.sh --zookeeper {{zookeeper_host}}:2181 --create --topic {{env_name}}.{{item.name}} --partitions {{ item.num_of_partitions }} --replication-factor {{ item.replication_factor }} with_items: "{{av_service_topics}}" ignore_errors: true when: kafka_id=="1" and av_kafka_topic_create diff --git a/ansible/roles/stack-sunbird/defaults/main.yml b/ansible/roles/stack-sunbird/defaults/main.yml index 7fbeb17d70..581f28458b 100644 --- a/ansible/roles/stack-sunbird/defaults/main.yml +++ b/ansible/roles/stack-sunbird/defaults/main.yml @@ -73,6 +73,9 @@ sunbird_keycloak_client_id: 'portal' vault_sunbird_api_auth_token: sunbird_public_storage_account_name: sunbird_public_storage_account_key: +cloud_private_storage_accountname: +cloud_private_storage_secret: +cloud_private_storage_endpoint: sunbird_container_name: sunbird_portal_cdn_url: sunbird_dataservice_url: @@ -1070,3 +1073,4 @@ cloud_store_base_path_placeholder: "CLOUD_BASE_PATH" #Youtube Standard Licence Validation youtube_app_name: fetch-youtube-license youtube_api_key: "{{ lp_vault_youtube_api_key }}" +pgssl: "false" diff --git a/ansible/roles/stack-sunbird/templates/analytics_api_service.conf b/ansible/roles/stack-sunbird/templates/analytics_api_service.conf index 2afb0291de..8bdcd63467 100644 --- a/ansible/roles/stack-sunbird/templates/analytics_api_service.conf +++ b/ansible/roles/stack-sunbird/templates/analytics_api_service.conf @@ -7,7 +7,7 @@ data_exhaust.retry.limit="3" data_exhaust.dataset.list=["eks-consumption-raw", "eks-consumption-summary", "eks-consumption-metrics","eks-creation-raw", "eks-creation-summary", "eks-creation-metrics"] data_exhaust.dataset.default="eks-consumption-raw" data_exhaust.output_format="json" -data_exhaust.bucket="reports" +data_exhaust.bucket="{{ cloud_storage_privatereports_bucketname }}" cassandra.service.embedded.enable=false cassandra.keyspace_prefix="{{ cassandra.keyspace_prefix }}" device-register-controller-dispatcher { @@ -200,11 +200,12 @@ public { } } } -cloud_storage_type="azure" -storage.key.config="azure_storage_key" -storage.secret.config="azure_storage_secret" -public.storage.key.config="public_azure_storage_key" -public.storage.secret.config="public_azure_storage_secret" +cloud_storage_type="{{cloud_service_provider}}" +storage.key.config="{{cloud_public_storage_accountname}}" +storage.secret.config="{{cloud_public_storage_secret}}" +public.storage.key.config="{{cloud_public_storage_accountname}}" +public.storage.secret.config="{{cloud_public_storage_secret}}" +cloud_storage_endpoint_with_protocol="{{cloud_storage_url}}" metrics.time.interval.min=30 cache.refresh.time.interval.min=1440 redis.host="{{metadata_redis_host}}" diff --git a/ansible/roles/stack-sunbird/templates/content-service_application.conf b/ansible/roles/stack-sunbird/templates/content-service_application.conf index dc90131a1b..8e8fa56f35 100644 --- a/ansible/roles/stack-sunbird/templates/content-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/content-service_application.conf @@ -485,6 +485,7 @@ cloud_storage_type: "{{ cloud_service_provider }}" cloud_storage_key: "{{ cloud_public_storage_accountname }}" cloud_storage_secret: "{{ cloud_public_storage_secret }}" cloud_storage_endpoint: "{{ cloud_public_storage_endpoint }}" +cloud_storage_proxy_host: "{{ cloud_public_storage_proxy }}" cloud_storage_container: "{{ cloud_storage_content_bucketname }}" cloud_storage_client_id: "{{ cloud_public_storage_client_id | default('') }}" cloud_storage_private_key_id: "{{ cloud_public_storage_private_key_id | default('') }}" diff --git a/ansible/roles/stack-sunbird/templates/odk.env b/ansible/roles/stack-sunbird/templates/odk.env index 64ca86b1ec..5fcd16ddd4 100644 --- a/ansible/roles/stack-sunbird/templates/odk.env +++ b/ansible/roles/stack-sunbird/templates/odk.env @@ -1,7 +1,11 @@ -DB_URL=jdbc:postgresql://{{uci_postgres_host}}:5432/{{uci_odk_postgres_database}}?user={{uci_postgres_user}}&password={{uci_postgres_password}} DB_USERNAME={{uci_postgres_user}} DB_PASSWORD={{uci_postgres_password}} DB_SCHEMA=public DB_NAME={{uci_odk_postgres_database}} DB_PORT=5432 -AGGREGATE_HOST= \ No newline at end of file +AGGREGATE_HOST= +{% if pgssl == "true" %} +DB_URL=jdbc:postgresql://{{uci_postgres_host}}:5432/{{uci_odk_postgres_database}}?user={{uci_postgres_user}}&password={{uci_postgres_password}}&sslmode=require +{% else %} +DB_URL=jdbc:postgresql://{{uci_postgres_host}}:5432/{{uci_odk_postgres_database}}?user={{uci_postgres_user}}&password={{uci_postgres_password}} +{% endif %} \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env b/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env index 19a9a6c46c..2008cb28dc 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_cert-service.env @@ -11,3 +11,4 @@ ITEXT_LICENSE_PATH=/home/sunbird/itext_trail_license.xml PUBLIC_CLOUD_STORAGE_KEY={{cloud_public_storage_accountname}} PUBLIC_CLOUD_STORAGE_SECRET={{cloud_public_storage_secret}} PUBLIC_CONTAINER_NAME={{cloud_storage_certqr_bucketname}} +CLOUD_STORAGE_ENDPOINT={{cloud_public_storage_endpoint}} diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 0318a4ed7e..93cd6331fc 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -31,6 +31,7 @@ sunbird_encryption_key={{sunbird_encryption_key}} sunbird_encryption_mode={{sunbird_encryption_mode}} sunbird_account_name={{cloud_public_storage_accountname}} sunbird_account_key={{cloud_public_storage_secret}} +sunbird_account_endpoint={{cloud_public_storage_endpoint}} sunbird_quartz_mode={{sunbird_sunbird_quartz_mode}} sunbird_web_url={{sunbird_web_url}} sunbird_msg_91_auth={{sunbird_msg_91_auth}} @@ -90,6 +91,7 @@ sunbird_gzip_enable={{sunbird_gzip_enable}} sunbird_gzip_size_threshold={{sunbird_gzip_size_threshold | default(262144)}} sunbird_analytics_blob_account_name={{cloud_private_storage_accountname}} sunbird_analytics_blob_account_key={{cloud_private_storage_secret}} +sunbird_analytics_blob_account_endpoint={{cloud_private_storage_account_endpoint}} # Optional for caching sunbird_cache_enable={{sunbird_cache_enable | default(false)}} # Set below variables if above true @@ -152,7 +154,7 @@ cloud_storage_dial_bucketname={{ cloud_storage_dial_bucketname | default('dial') cloud_storage_path_prefix_dial={{ cloudstorage_relative_path_prefix_dial | default('DIAL_STORAGE_BASE_PATH') }} cloud_store_base_path_placeholder={{ cloud_store_base_path_placeholder | default('CLOUD_BASE_PATH') }} - # Release-5.2.0 LR-325 sunbird_dial_service_base_url={{ dial_service_url | default('http://dial-service:9000') }} sunbird_dial_service_search_url=/dialcode/v3/search + diff --git a/ansible/roles/stack-sunbird/templates/sunbird_player.env b/ansible/roles/stack-sunbird/templates/sunbird_player.env index 6486898185..e0c21ee7a9 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_player.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_player.env @@ -208,6 +208,7 @@ cloud_private_storage_accountname={{cloud_private_storage_accountname | default( cloud_private_storage_secret={{cloud_private_storage_secret | default("")}} cloud_private_storage_region={{cloud_private_storage_region | default("ap-south-1")}} cloud_private_storage_project={{cloud_private_storage_project | default("")}} +cloud_private_storage_endpoint={{cloud_private_storage_endpoint | default("")}} cloud_storage_privatereports_bucketname={{cloud_storage_privatereports_bucketname | default("reports")}} cloud_storage_resourceBundle_bucketname={{cloud_storage_label_bucketname | default("label")}} cloud_storage_desktopCrash_bucketname={{cloud_storage_desktopcrash_bucketname | default("desktopappcrashlogs")}} diff --git a/ansible/uploadFAQs.yml b/ansible/uploadFAQs.yml index b38f2ff99a..9913741938 100644 --- a/ansible/uploadFAQs.yml +++ b/ansible/uploadFAQs.yml @@ -58,6 +58,21 @@ with_items: - "{{ source_folder.split(',') }}" when: cloud_service_provider == "gcloud" + + - name: upload batch of files to oci oss + include_role: + name: oci-cloud-storage + apply: + environment: + OCI_CLI_AUTH: "instance_principal" + tasks_from: upload-folder.yml + vars: + oss_bucket_name: "{{ cloud_storage_public_bucketname }}" + oss_path: "" + local_file_or_folder_path: "{{ playbook_dir }}/../utils/{{ item }}" + with_items: + - "{{ source_folder.split(',') }}" + when: cloud_service_provider == "oci" tags: - upload-faqs @@ -106,5 +121,20 @@ with_items: - "{{ source_folder.split(',') }}" when: cloud_service_provider == "gcloud" + + - name: upload batch of files to oci oss + include_role: + name: oci-cloud-storage + apply: + environment: + OCI_CLI_AUTH: "instance_principal" + tasks_from: upload-folder.yml + vars: + oss_bucket_name: "{{ cloud_storage_content_bucketname }}" + oss_path: "" + local_file_or_folder_path: "{{ playbook_dir }}/../utils/{{ item }}" + with_items: + - "{{ source_folder.split(',') }}" + when: cloud_service_provider == "oci" tags: - upload-RC-schema diff --git a/kubernetes/ansible/roles/deploy-player/tasks/main.yml b/kubernetes/ansible/roles/deploy-player/tasks/main.yml index 0aa27af993..28a757f224 100644 --- a/kubernetes/ansible/roles/deploy-player/tasks/main.yml +++ b/kubernetes/ansible/roles/deploy-player/tasks/main.yml @@ -77,6 +77,7 @@ shell: kubectl get deployments.apps {{ release_name }} -o json -n {{ namespace }} | jq -r '.spec.template.spec.containers[0].image | split("/")[-1]' register: deployed_image + - set_fact: metadata_image: "{{ image_name }}:{{ image_tag }}" diff --git a/kubernetes/ansible/roles/helm-deploy/tasks/main.yml b/kubernetes/ansible/roles/helm-deploy/tasks/main.yml index 16b62ee9d6..e960145c7a 100644 --- a/kubernetes/ansible/roles/helm-deploy/tasks/main.yml +++ b/kubernetes/ansible/roles/helm-deploy/tasks/main.yml @@ -135,6 +135,7 @@ shell: kubectl get daemonsets {{ release_name }} -o json -n {{ namespace }} | jq -r '.spec.template.spec.containers[].image | split("/")[-1]' register: image + - set_fact: deployed_image: "{{ image if image.stdout_lines | length > 0 else deployed_image }}" diff --git a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml index 0dd8167be2..b59cebe9a0 100644 --- a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml +++ b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml @@ -39,8 +39,9 @@ data: server { listen 80; listen [::]:80; - server_name {{ .Values.nginx_private_ingress_ip }}; - +{{- if and .Values.nginx_private_ingress_ip (ne .Values.csp "oci") }} + server_name: {{ .Values.nginx_private_ingress_ip }}; +{{- end }} resolver {{ .Values.kube_dns_ip }}; location /learner/ { @@ -125,7 +126,9 @@ data: set $target http://report-service.{{ .Values.namespace }}.svc.cluster.local:3030; rewrite ^/report/(.*) /$1 break; proxy_http_version 1.1; +{{- if and .Values.nginx_private_ingress_ip (ne .Values.csp "oci") }} proxy_set_header Host $server_name; +{{- end }} proxy_pass $target; } location /search/ { @@ -244,7 +247,9 @@ data: set $target http://registry-service.{{ .Values.namespace }}.svc.cluster.local:8081; rewrite ^/registry-service/(.*) /$1 break; proxy_http_version 1.1; +{{- if and .Values.nginx_private_ingress_ip (ne .Values.csp "oci") }} proxy_set_header Host $server_name; +{{- end }} proxy_pass $target; } location /ml-projects/ { diff --git a/kubernetes/helm_charts/core/nginx-private-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-private-ingress/values.j2 index c1c2491446..393476d491 100644 --- a/kubernetes/helm_charts/core/nginx-private-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-private-ingress/values.j2 @@ -38,3 +38,4 @@ autoscaling: targetCPUUtilizationPercentage: {{ nginx_private_ingress_autoscaling_targetCPUUtilizationPercentage|default(60) }} targetMemoryUtilizationPercentage: {{ nginx_private_ingress_autoscaling_targetMemoryUtilizationPercentage|default('') }} +csp: {{cloud_service_provider}} \ No newline at end of file diff --git a/kubernetes/helm_charts/logging/fluent-bit/templates/serviceaccount.yaml b/kubernetes/helm_charts/logging/fluent-bit/templates/serviceaccount.yaml index f162d2bc28..83329448f6 100644 --- a/kubernetes/helm_charts/logging/fluent-bit/templates/serviceaccount.yaml +++ b/kubernetes/helm_charts/logging/fluent-bit/templates/serviceaccount.yaml @@ -4,7 +4,11 @@ metadata: name: fluent-bit namespace: {{ default .Values.namespace .Release.Namespace }} --- +{{- if (.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1") }} +apiVersion: rbac.authorization.k8s.io/v1 +{{ else }} apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- end }} kind: ClusterRole metadata: name: fluent-bit-read @@ -15,7 +19,11 @@ rules: - pods verbs: ["get", "list", "watch"] --- +{{- if (.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1") }} +apiVersion: rbac.authorization.k8s.io/v1 +{{ else }} apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- end }} kind: ClusterRoleBinding metadata: name: fluent-bit-read diff --git a/pipelines/deploy/ContentFramework/Jenkinsfile b/pipelines/deploy/ContentFramework/Jenkinsfile index a02c72eb69..f85dc9b7d3 100644 --- a/pipelines/deploy/ContentFramework/Jenkinsfile +++ b/pipelines/deploy/ContentFramework/Jenkinsfile @@ -44,6 +44,7 @@ node() { sh """ zip -r content-editor-artifact.zip ansible/content-editor cd ansible/content-editor + nvm use 6 sudo npm install -g gulp npm install npm install promise diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index aef622d8cc..3386020d08 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -204,7 +204,12 @@ monitor_alerts_mail_from_email: "{{ sunbird_mail_server_from_email }}" ekstep_s3_env: "" # This variable is not used and leave the value as empty freshDesk_token: "" -# Below endpoint is not required in current release + +# provide the s3 compatible endpoint +# for AWS +# cloud_public_storage_endpoint: "https://s3.{{ cloud_public_storage_region }}.amazonaws.com" +# for OCI +#cloud_public_storage_endpoint: "https://.compat.objectstorage.{{cloud_public_storage_region}}.oraclecloud.com" cloud_public_storage_endpoint: "" # Update below vars if seperate object storage is required @@ -238,7 +243,7 @@ cloud_artifact_storage_project: "{{ cloud_public_storage_project }}" # Building block vars cloud_storage_base_url: "{{ cloud_storage_url }}" cloudstorage_base_path: "{{ cloud_storage_url }}" -valid_cloudstorage_base_urls: '["{{ cloud_storage_url }}"]' +valid_cloudstorage_base_urls: '["{{cloud_storage_url}}"]' cloudstorage_relative_path_prefix: "CONTENT_STORAGE_BASE_PATH" # Provide the admin-api consumer access to all API's - The public repo restricts this for security reasons diff --git a/private_repo/ansible/inventory/dev/DataPipeline/common.yml b/private_repo/ansible/inventory/dev/DataPipeline/common.yml index 971c04935c..c5790ec42c 100644 --- a/private_repo/ansible/inventory/dev/DataPipeline/common.yml +++ b/private_repo/ansible/inventory/dev/DataPipeline/common.yml @@ -136,7 +136,12 @@ imagepullsecrets: "{{env}}registrysecret" # kubernetes imagePul kubeconfig_path: /var/lib/jenkins/secrets/k8s.yaml # kubeconfig file path on jenkins core_kubeconfig_path: "{{ kubeconfig_path }}" # kubeconfig file path on jenkins for core kube cluster, change this if you use separate kube cluster for core and KP + DP -# Below endpoint is not required in current release +# provide the s3 compatible endpoint +# for AWS +# cloud_public_storage_endpoint: "https://s3.{{ cloud_public_storage_region }}.amazonaws.com" +# for OCI +#cloud_public_storage_endpoint: "https://.compat.objectstorage.{{cloud_public_storage_region}}.oraclecloud.com" + cloud_public_storage_endpoint: "" # Update below vars if seperate object storage is required diff --git a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml index 86b9e1eb9a..ce4e93b37e 100644 --- a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml +++ b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml @@ -124,7 +124,12 @@ kp_schema_base_path: "{{ cloud_storage_url }}/{{ cloud_storage_content_bucketnam imagepullsecrets: "{{env}}registrysecret" # kubernetes imagePullSecrets kubeconfig_path: /var/lib/jenkins/secrets/k8s.yaml # kubeconfig file path on jenkins -# Below endpoint is not required in current release +# provide the s3 compatible endpoint +# for AWS +# cloud_public_storage_endpoint: "https://s3.{{ cloud_public_storage_region }}.amazonaws.com" +# for OCI +#cloud_public_storage_endpoint: "https://.compat.objectstorage.{{cloud_public_storage_region}}.oraclecloud.com" + cloud_public_storage_endpoint: "" # Update below vars if seperate object storage is required @@ -163,7 +168,7 @@ cloud_storage_base_url: "{{ cloud_storage_url }}" cloudstorage_base_path: "{{ cloud_storage_url }}" valid_cloudstorage_base_urls: '["{{ cloud_storage_url }}"]' cloudstorage_relative_path_prefix: "CONTENT_STORAGE_BASE_PATH" -cloud_storage_pathstyle_access: false +cloud_storage_pathstyle_access: false ### Lern BB - Adding Lern specific vars here. In future if we want to move it to seperate folder this can be used as the starting point From d2b113d6975ba44e64e0ec6843a7f6649d5072f4 Mon Sep 17 00:00:00 2001 From: Abhishek P N <116337484+abhishekpnt@users.noreply.github.com> Date: Tue, 22 Aug 2023 17:18:08 +0530 Subject: [PATCH 379/434] Issue #ED-2632 fix: removed duplicate variables (#3887) * Issue #ED-2632 fix: removed unused env variables and added OCI endpoint variable * Issue #ED-2632 cleanup: Removed Azure related variables * Issue #ED-2632 cleanup: changed added storage account url * Issue #ED-2632 fix: removed duplicate variables --- ansible/roles/stack-sunbird/templates/sunbird_player.env | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_player.env b/ansible/roles/stack-sunbird/templates/sunbird_player.env index e0c21ee7a9..f9cbbdc54d 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_player.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_player.env @@ -214,5 +214,4 @@ cloud_storage_resourceBundle_bucketname={{cloud_storage_label_bucketname | defau cloud_storage_desktopCrash_bucketname={{cloud_storage_desktopcrash_bucketname | default("desktopappcrashlogs")}} #release-6.0.0 -sunbird_default_board={{sunbird_default_board | default("")}} -cloud_private_storage_endpoint={{cloud_private_storage_endpoint | default("")}} \ No newline at end of file +sunbird_default_board={{sunbird_default_board | default("")}} \ No newline at end of file From 922167273f5522cc24723966ddd15cb7c5704c7b Mon Sep 17 00:00:00 2001 From: Jayaprakash8887 Date: Wed, 23 Aug 2023 13:03:02 +0530 Subject: [PATCH 380/434] Issue #LR-539 feat: configuration reconcile (#3888) Co-authored-by: Jayaprakash8887 --- .../roles/stack-sunbird/templates/sunbird_lms-service.env | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 93cd6331fc..5be4a2f3c8 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -158,3 +158,10 @@ cloud_store_base_path_placeholder={{ cloud_store_base_path_placeholder | default sunbird_dial_service_base_url={{ dial_service_url | default('http://dial-service:9000') }} sunbird_dial_service_search_url=/dialcode/v3/search +# Release-5.3.0 LR-539 +exhaust_api_base_url={{ analytics_service_url | default('http://analytics-service:9000') }} +exhaust_api_submit_endpoint=/request/submit +exhaust_api_list_endpoint=/request/list/ + +# Release-5.3.0 LR-324 +content_read_url=/content/v3/read/ \ No newline at end of file From 8e6b2dbf9433974f9f11d359b31061dc20187b49 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Mon, 11 Sep 2023 12:53:04 +0530 Subject: [PATCH 381/434] Issue #LR-122 chore: updated the nginx-public-ingress config --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index e325f5d339..8d5ce97115 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -184,7 +184,7 @@ proxyconfig: |- proxy_pass http://keycloak; } # This is Caching mechanism for POST requests location search - location ~ /learner/data/v1/location/search { + location ~ /userorg/data/v1/location/search { # Enabling compression include /etc/nginx/defaults.d/compression.conf; # Enabling caching @@ -846,7 +846,7 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://kong; } - location /learner/certreg/v2/certs/download { + location /userorg/certreg/v2/certs/download { # Compression gzip on; gzip_comp_level 5; @@ -927,7 +927,7 @@ proxyconfig: |- proxy_send_timeout 60; proxy_read_timeout 70; } - location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info { + location ~ /resourcebundles/v1/read|/userorg/data/v1/(role/read|system/settings/get)|/v1/tenant/info { # Enabling compression include /etc/nginx/defaults.d/compression.conf; # Enabling caching From d665d3065dc8d2ad8c21b9cf607f61ae28ca6019 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Wed, 13 Sep 2023 14:40:12 +0530 Subject: [PATCH 382/434] Issue #LR-122 chore: updated the nginx-private-ingress config --- .../core/nginx-private-ingress/templates/configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml index 36c18e2813..5b9fa2540e 100644 --- a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml +++ b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml @@ -40,7 +40,7 @@ data: listen 80; listen [::]:80; {{- if and .Values.nginx_private_ingress_ip (ne .Values.csp "oci") }} - server_name: {{ .Values.nginx_private_ingress_ip }}; + server_name {{ .Values.nginx_private_ingress_ip }}; {{- end }} resolver {{ .Values.kube_dns_ip }}; From 2bbd4fde536dba7930bb8b6cfd284673211877fb Mon Sep 17 00:00:00 2001 From: anilgupta Date: Tue, 26 Sep 2023 15:38:32 +0530 Subject: [PATCH 383/434] Issue #LR-122 chore: updated the knowlg mw config --- ansible/inventory/env/group_vars/all.yml | 6 ++++-- .../templates/sunbird_knowledge-mw-service.env | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index a018c1601d..79d8d960a5 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -567,6 +567,8 @@ kp_schema_base_path: "{{ upstream_url }}/schemas/local" # SB-31155 - Moved to the installation public container for now (same place where keycloaka and java artifacts are stored) h5p_library_path: "https://sunbirdpublic.blob.core.windows.net/installation/h5p-standalone-1.3.4.zip" - ## Added default values -cloud_public_storage_proxy: "{{cloud_storage_url}}" \ No newline at end of file +cloud_public_storage_proxy: "{{cloud_storage_url}}" + +# Lern release-5.4.0 +sunbird_learner_service_local_base_url: "http://userorg-service:9000" diff --git a/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env b/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env index c7b0533c2a..fae25933e4 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_knowledge-mw-service.env @@ -22,6 +22,7 @@ sunbird_search_service_api_base_url={{knowledge_mw_sunbird_search_service_api_ba sunbird_search_service_api_key={{sunbird_search_service_api_key}} sunbird_dial_repo_api_base_url=http://dial-service.{{namespace}}.svc.cluster.local:9000 sunbird_dial_repo_api_key={{sunbird_dial_repo_api_key}} +sunbird_learner_service_local_base_url={{ sunbird_learner_service_local_base_url }} sunbird_plugin_repo_api_base_url={{knowledge_mw_sunbird_plugin_repo_api_base_url | default('http://search-service:9000')}} sunbird_plugin_repo_api_key={{sunbird_plugin_repo_api_key}} sunbird_data_service_api_base_url={{sunbird_data_service_api_base_url}} From d705159c55afde994d73a9eb287028c8ca98db04 Mon Sep 17 00:00:00 2001 From: Kumar Gauraw Date: Wed, 4 Oct 2023 17:12:58 +0530 Subject: [PATCH 384/434] Issue #IQ-559 feat: changes for inQuiry --- ansible/functional-tests.yml | 8 + ansible/inquiry_upload-schema.yml | 15 + .../roles/functional-tests/defaults/main.yml | 0 ansible/roles/functional-tests/tasks/main.yml | 18 + ansible/roles/kong-api/defaults/main.yml | 514 ++++++++++++++++++ .../assessment-service_application.conf | 22 +- pipelines/functional-tests/JenkinsFile | 56 ++ .../knowledge-platform/schema.Jenkinsfile | 55 ++ 8 files changed, 686 insertions(+), 2 deletions(-) create mode 100644 ansible/functional-tests.yml create mode 100644 ansible/inquiry_upload-schema.yml create mode 100644 ansible/roles/functional-tests/defaults/main.yml create mode 100644 ansible/roles/functional-tests/tasks/main.yml create mode 100644 pipelines/functional-tests/JenkinsFile create mode 100644 pipelines/upload/schema/knowledge-platform/schema.Jenkinsfile diff --git a/ansible/functional-tests.yml b/ansible/functional-tests.yml new file mode 100644 index 0000000000..2bcf45bfa3 --- /dev/null +++ b/ansible/functional-tests.yml @@ -0,0 +1,8 @@ +- hosts: local + become: yes + gather_facts: false + vars_files: + - ['{{inventory_dir}}/secrets.yml'] + roles: + - functional-tests + run_once: true \ No newline at end of file diff --git a/ansible/inquiry_upload-schema.yml b/ansible/inquiry_upload-schema.yml new file mode 100644 index 0000000000..32ebde956d --- /dev/null +++ b/ansible/inquiry_upload-schema.yml @@ -0,0 +1,15 @@ +- hosts: local + become: yes + gather_facts: no + vars_files: + - "{{inventory_dir}}/secrets.yml" + environment: + AZURE_STORAGE_ACCOUNT: "{{ sunbird_public_storage_account_name }}" + AZURE_STORAGE_SAS_TOKEN: "{{ sunbird_public_storage_account_sas }}" + tasks: + - name: upload batch + command: "az storage blob upload-batch --destination {{ plugin_container_name }}/schemas/local/{{ item }} --source {{ source_path }}/{{ item }}" + with_items: + - "{{ source_name.split(',') }}" + async: 3600 + poll: 10 diff --git a/ansible/roles/functional-tests/defaults/main.yml b/ansible/roles/functional-tests/defaults/main.yml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/ansible/roles/functional-tests/tasks/main.yml b/ansible/roles/functional-tests/tasks/main.yml new file mode 100644 index 0000000000..eb02115389 --- /dev/null +++ b/ansible/roles/functional-tests/tasks/main.yml @@ -0,0 +1,18 @@ +- name: Create directories + file: + path: functional-tests-files + state: directory + owner: jenkins + group: jenkins +- name: Copy Test Script File + copy: + src: "{{ source_name }}/ft_question_questionset_{{ file_version }}.json" + dest: functional-tests-files/ft_question_questionset_{{ file_version }}.json +- name: Template Env File + template: + src: "{{ source_name }}/env_question_questionset_{{ file_version }}.json" + dest: functional-tests-files/env_question_questionset_{{ file_version }}.json +- name: Trigger Functional Test + shell: + cmd: newman run ft_question_questionset_{{ file_version }}.json -e env_question_questionset_{{ file_version }}.json --reporters cli,htmlextra,junit --reporter-htmlextra-export newman/report.html --reporter-junit-export newman/junit_report.xml ; chown -R jenkins:jenkins newman + chdir: functional-tests-files diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index 6090bfff0f..cf51212d15 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10132,3 +10132,517 @@ kong_apis: config.required: false config.enabled: false #Lern release-5.3.0 + +## inQuiry release-6.0.0 + +- name: questionCreateV2 + uris: "{{ question_prefix }}/v2/create" + upstream_url: "{{ assessment_service_url }}/question/v5/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionReadV2 + uris: "{{ question_prefix }}/v2/read" + upstream_url: "{{ assessment_service_url }}/question/v5/read" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionPrivateReadV2 + uris: "{{ question_prefix }}/v2/private/read" + upstream_url: "{{ assessment_service_url }}/question/v5/private/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionUpdateV2 + uris: "{{ question_prefix }}/v2/update" + upstream_url: "{{ assessment_service_url }}/question/v5/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionRetireV2 + uris: "{{ question_prefix }}/v2/retire" + upstream_url: "{{ assessment_service_url }}/question/v5/retire" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionReviewV2 + uris: "{{ question_prefix }}/v2/review" + upstream_url: "{{ assessment_service_url }}/question/v5/review" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionPublishV2 + uris: "{{ question_prefix }}/v2/publish" + upstream_url: "{{ assessment_service_url }}/question/v5/publish" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionListV2 + uris: "{{ question_prefix }}/v2/list" + upstream_url: "{{ assessment_service_url }}/question/v5/list" + strip_uri: true + plugins: + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionRejectV2 + uris: "{{ question_prefix }}/v2/reject" + upstream_url: "{{ assessment_service_url }}/question/v5/reject" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: copyQuestionV2 + uris: "{{ question_prefix }}/v2/copy" + upstream_url: "{{ assessment_service_url }}/question/v5/copy" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetCreateV2 + uris: "{{ questionset_prefix }}/v2/create" + upstream_url: "{{ assessment_service_url }}/questionset/v5/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetReadV2 + uris: "{{ questionset_prefix }}/v2/read" + upstream_url: "{{ assessment_service_url }}/questionset/v5/read" + strip_uri: true + plugins: + - name: cors + - "{{ statsd_pulgin }}" + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: ip + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetPrivateReadV2 + uris: "{{ questionset_prefix }}/v2/private/read" + upstream_url: "{{ assessment_service_url }}/questionset/v5/private/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetUpdateV2 + uris: "{{ questionset_prefix }}/v2/update" + upstream_url: "{{ assessment_service_url }}/questionset/v5/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetAddQuestionV2 + uris: "{{ questionset_prefix }}/v2/add" + upstream_url: "{{ assessment_service_url }}/questionset/v5/add" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentUpdate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetRemoveQuestionV2 + uris: "{{ questionset_prefix }}/v2/remove" + upstream_url: "{{ assessment_service_url }}/questionset/v5/remove" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentUpdate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetRetireV2 + uris: "{{ questionset_prefix }}/v2/retire" + upstream_url: "{{ assessment_service_url }}/questionset/v5/retire" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetReviewV2 + uris: "{{ questionset_prefix }}/v2/review" + upstream_url: "{{ assessment_service_url }}/questionset/v5/review" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetPublishV2 + uris: "{{ questionset_prefix }}/v2/publish" + upstream_url: "{{ assessment_service_url }}/questionset/v5/publish" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetUpdateHierarchyV2 + uris: "{{ questionset_prefix }}/v2/hierarchy/update" + upstream_url: "{{ assessment_service_url }}/questionset/v5/hierarchy/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetReadHierarchyV2 + uris: "{{ questionset_prefix }}/v2/hierarchy" + upstream_url: "{{ assessment_service_url }}/questionset/v5/hierarchy" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - anonymousContentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetRejectV2 + uris: "{{ questionset_prefix }}/v2/reject" + upstream_url: "{{ assessment_service_url }}/questionset/v5/reject" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionImportAPIV2 + uris: "{{ question_prefix }}/v2/import" + upstream_url: "{{ assessment_service_url }}/question/v5/import" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionsetImportAPIV2 + uris: "{{ questionset_prefix }}/v2/import" + upstream_url: "{{ assessment_service_url }}/questionset/v5/import" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: copyQuestionSetV2 + uris: "{{ questionset_prefix }}/v2/copy" + upstream_url: "{{ assessment_service_url }}/questionset/v5/copy" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentCreate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + diff --git a/ansible/roles/stack-sunbird/templates/assessment-service_application.conf b/ansible/roles/stack-sunbird/templates/assessment-service_application.conf index d5e7723a19..3e127b78ca 100644 --- a/ansible/roles/stack-sunbird/templates/assessment-service_application.conf +++ b/ansible/roles/stack-sunbird/templates/assessment-service_application.conf @@ -89,6 +89,18 @@ akka { nr-of-instances = 5 dispatcher = actors-dispatcher } + /questionV5Actor + { + router = smallest-mailbox-pool + nr-of-instances = 5 + dispatcher = actors-dispatcher + } + /questionSetV5Actor + { + router = smallest-mailbox-pool + nr-of-instances = 5 + dispatcher = actors-dispatcher + } } } } @@ -419,17 +431,23 @@ assessment.copy.props_to_remove=["downloadUrl", "artifactUrl", "variants", "LastPublishedBy", "rejectReasons", "rejectComment", "gradeLevel", "subject", "medium", "board", "topic", "purpose", "subtopic", "contentCredits", "owner", "collaborators", "creators", "contributors", "badgeAssertions", "dialcodes", - "concepts", "keywords", "reservedDialcodes", "dialcodeRequired", "leafNodes", "sYS_INTERNAL_LAST_UPDATED_ON", "prevStatus", "lastPublishedBy", "streamingUrl"] + "concepts", "keywords", "reservedDialcodes", "dialcodeRequired", "leafNodes", "sYS_INTERNAL_LAST_UPDATED_ON", "prevStatus", "lastPublishedBy", "streamingUrl", "publish_type", "migrationVersion"] cloud_storage_container: "{{ cloud_storage_content_bucketname }}" cloudstorage { metadata.replace_absolute_path={{ cloudstorage_replace_absolute_path | default('false') }} metadata.list={{ cloudstorage_metadata_list }} - relative_path_prefix="{{ cloudstorage_relative_path_prefix | default('CLOUD_STORAGE_BASE_PATH') }}" + relative_path_prefix="{{ cloudstorage_relative_path_prefix_content | default('CLOUD_STORAGE_BASE_PATH') }}" read_base_path="{{ cloudstorage_base_path }}" write_base_path={{ valid_cloudstorage_base_urls }} } #Inquiry-release-5.6.0 question.list.limit={{ question_list_api_request_limit | default('20') }} + +# V5 API Configurations +v5_supported_qumlVersions=[1.1] +v5_default_qumlVersion=1.1 + + diff --git a/pipelines/functional-tests/JenkinsFile b/pipelines/functional-tests/JenkinsFile new file mode 100644 index 0000000000..a841bc21f3 --- /dev/null +++ b/pipelines/functional-tests/JenkinsFile @@ -0,0 +1,56 @@ +@Library('deploy-conf') _ +node() { + try { + String ANSI_GREEN = "\u001B[32m" + String ANSI_NORMAL = "\u001B[0m" + String ANSI_BOLD = "\u001B[1m" + String ANSI_RED = "\u001B[31m" + String ANSI_YELLOW = "\u001B[33m" + + stage('checkout public repo') { + folder = new File("$WORKSPACE/.git") + if (folder.exists()) + { + println "Found .git folder. Clearing it.." + sh'git clean -fxd' + } + checkout scm + } + + ansiColor('xterm') { + values = [:] + currentWs = sh(returnStdout: true, script: 'pwd').trim() + envDir = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-3].trim() + module = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-2].trim() + jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() + stage('deploy artifact'){ + sh """ + rm -rf test_repo + git clone ${params.test_repo} -b ${params.test_repo_branch_or_tag} test_repo + """ + ansiblePlaybook = "${currentWs}/ansible/functional-tests.yml" + ansibleExtraArgs = "--extra-vars \" source_name=${currentWs}/test_repo/functional-tests/${params.file_version} inquiry_api_version=${params.inquiry_api_version} file_version=${params.file_version} inquiry_host_url=${params.inquiry_host_url} inquiry_channel_id=${params.inquiry_channel_id} \" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + values.put('currentWs', currentWs) + values.put('env', envDir) + values.put('module', module) + values.put('jobName', jobName) + values.put('ansiblePlaybook', ansiblePlaybook) + values.put('ansibleExtraArgs', ansibleExtraArgs) + println values + ansible_playbook_run(values) + currentBuild.result = 'SUCCESS' + currentBuild.description = "Private: ${params.private_branch}, Public: ${params.branch_or_tag}, test_repo_branch_or_tag: ${params.test_repo_branch_or_tag}" + archiveArtifacts "ansible/functional-tests-files/newman/report.html" + } + } + summary() + } + catch (err) { + currentBuild.result = 'FAILURE' + throw err + } + finally { + slack_notify(currentBuild.result) + email_notify() + } +} \ No newline at end of file diff --git a/pipelines/upload/schema/knowledge-platform/schema.Jenkinsfile b/pipelines/upload/schema/knowledge-platform/schema.Jenkinsfile new file mode 100644 index 0000000000..eb0bd8ed27 --- /dev/null +++ b/pipelines/upload/schema/knowledge-platform/schema.Jenkinsfile @@ -0,0 +1,55 @@ +@Library('deploy-conf') _ +node() { + try { + String ANSI_GREEN = "\u001B[32m" + String ANSI_NORMAL = "\u001B[0m" + String ANSI_BOLD = "\u001B[1m" + String ANSI_RED = "\u001B[31m" + String ANSI_YELLOW = "\u001B[33m" + + stage('checkout public repo') { + folder = new File("$WORKSPACE/.git") + if (folder.exists()) + { + println "Found .git folder. Clearing it.." + sh'git clean -fxd' + } + checkout scm + } + + ansiColor('xterm') { + values = [:] + currentWs = sh(returnStdout: true, script: 'pwd').trim() + envDir = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-3].trim() + module = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-2].trim() + jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() + stage('deploy artifact'){ + sh """ + rm -rf schema_repo + git clone ${params.schema_repo} -b ${params.schema_repo_branch_or_tag} schema_repo + """ + ansiblePlaybook = "${currentWs}/ansible/inquiry_upload-schema.yml" + ansibleExtraArgs = "--extra-vars \" source_name=${params.source_folder} source_path=${currentWs}/schema_repo/schemas \" --vault-password-file /var/lib/jenkins/secrets/vault-pass" + values.put('currentWs', currentWs) + values.put('env', envDir) + values.put('module', module) + values.put('jobName', jobName) + values.put('ansiblePlaybook', ansiblePlaybook) + values.put('ansibleExtraArgs', ansibleExtraArgs) + println values + ansible_playbook_run(values) + currentBuild.result = 'SUCCESS' + currentBuild.description = "Private: ${params.private_branch}, Public: ${params.branch_or_tag}, schema_repo_branch_or_tag: ${params.schema_repo_branch_or_tag}" + } + } + summary() + } + catch (err) { + currentBuild.result = 'FAILURE' + throw err + } + finally { + slack_notify(currentBuild.result) + email_notify() + } +} From 4fd3b75c61b0af71964d46bc119e75e98d147fda Mon Sep 17 00:00:00 2001 From: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Date: Thu, 5 Oct 2023 14:03:05 +0530 Subject: [PATCH 385/434] merge release-6.0.0 to 7.0.0 (#3908) * Fix syntax (#3894) * Updated vars for cron schedule (#3895) * Updated vars for cron schedule * Update main.yml * [ED-2793] Fix: release-6.0.0 installation issues (#3900) * Update Jenkins version * Fix job parameter * Fix error: You need to install jmespath prior to running json_query filter * Update main.yml with cassandra (#3845) (#3901) Co-authored-by: gohilamariappan <41056032+gohilamariappan@users.noreply.github.com> * ED-2838: ##Release-6.0.0 new variables (#3899) * ED-2838 Release-6.0.0 new variables * Added with comments * ED-2838 jenkins josb update and new variables * added storage endpoint detials * [ED-2793] Fix installation issues (#3905) * Update maven repo url * Add missing jobs * Fix docker creds secrets issue when having specialcharacters --------- Co-authored-by: Raghupathi Guduri Co-authored-by: gohilamariappan <41056032+gohilamariappan@users.noreply.github.com> Co-authored-by: Prasath Sivasubramaniyan --- ansible/roles/cassandra/defaults/main.yml | 4 +- .../ml-analytics-service/defaults/main.yml | 5 + .../roles/ml-analytics-service/tasks/main.yml | 11 +- deploy/jenkins/jenkins-server-setup.sh | 7 +- .../jobs/InquiryFlinkJob/config.xml | 108 ++++++++++++ .../Build/jobs/Core/jobs/Analytics/config.xml | 31 +++- .../jobs/Core/jobs/Assessment/config.xml | 55 ++++-- .../Build/jobs/Core/jobs/Content/config.xml | 18 ++ .../Build/jobs/Core/jobs/Learner/config.xml | 20 ++- .../jobs/Build/jobs/Core/jobs/Lms/config.xml | 18 ++ .../jobs/AnalyticsCore/config.xml | 26 ++- .../jobs/CoreDataProducts/config.xml | 23 ++- .../jobs/FlinkJobs/config.xml | 18 ++ .../jobs/InquiryFlinkJob/config.xml | 77 +++++++++ .../Lern/jobs/LernDataProducts/config.xml | 25 ++- .../jobs/Lern/jobs/LernFlinkJobs/config.xml | 18 ++ .../jobs/InquiryFlinkJob/config.xml | 149 ++++++++++++++++ .../Kubernetes/InquiryUploadSchema/config.xml | 163 ++++++++++++++++++ .../jobs/ApplicationElasticSearch/config.xml | 4 +- kubernetes/ansible/bootstrap.yaml | 2 +- kubernetes/ansible/bootstrap_minimal.yaml | 2 +- kubernetes/ansible/namespace.yml | 2 +- .../templates/configmap.yaml | 2 +- .../ansible/inventory/dev/Core/common.yml | 9 + .../ansible/inventory/dev/Core/secrets.yml | 2 +- .../dev/KnowledgePlatform/common.yml | 8 +- 26 files changed, 756 insertions(+), 51 deletions(-) create mode 100644 deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/InquiryFlinkJob/config.xml create mode 100644 deploy/jenkins/jobs/Build/jobs/KnowledgePlatform/jobs/InquiryFlinkJob/config.xml create mode 100644 deploy/jenkins/jobs/Deploy/jobs/dev/jobs/KnowledgePlatform/jobs/InquiryFlinkJob/config.xml create mode 100644 deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/InquiryUploadSchema/config.xml diff --git a/ansible/roles/cassandra/defaults/main.yml b/ansible/roles/cassandra/defaults/main.yml index 33c02c17bf..8f1f0f7951 100644 --- a/ansible/roles/cassandra/defaults/main.yml +++ b/ansible/roles/cassandra/defaults/main.yml @@ -1,5 +1,5 @@ user_home: "/home/{{ ansible_ssh_user }}/" -cassandra_repo: 'deb http://www.apache.org/dist/cassandra/debian 311x main' -cassandra_repo_key: 'https://www.apache.org/dist/cassandra/KEYS' +cassandra_repo: 'deb https://debian.cassandra.apache.org 311x main' +cassandra_repo_key: 'https://downloads.apache.org/cassandra/KEYS' resource_crunch: "yes" # make this value yes if heap size should be quarter of the Server Memory when you are deploying multiple databases, else make this value no to have 50% of the value as per the best practice of cassandra cassandra_home_directory: "/var/lib/cassandra" diff --git a/ansible/roles/ml-analytics-service/defaults/main.yml b/ansible/roles/ml-analytics-service/defaults/main.yml index 15ef432e43..a67906b1f8 100755 --- a/ansible/roles/ml-analytics-service/defaults/main.yml +++ b/ansible/roles/ml-analytics-service/defaults/main.yml @@ -133,3 +133,8 @@ ml_analytics_reports_store: "{{ cloud_service_provider }}" ml_analytics_reports_container: "{{ cloud_storage_privatereports_bucketname }}" ml_analytics_driver_memory: "{{ ml_analytics_default_driver_memory | default('5g') }}" ml_analytics_executor_memory: "{{ ml_analytics_default_executor_memory | default('5g') }}" +ml_analytics_batch_cron_minute: "{{ ml_batch_cron_minute | default('30') }}" +ml_analytics_batch_cron_hour: "{{ ml_batch_cron_hour | default('18') }}" +ml_analytics_nvsk_cron_minute: "{{ ml_nvsk_cron_minute | default('30') }}" +ml_analytics_nvsk_cron_hour: "{{ ml_nvsk_cron_hour | default('7') }}" +ml_analytics_nvsk_cron_weekday: "{{ ml_nvsk_cron_weekday | default('4') }}" diff --git a/ansible/roles/ml-analytics-service/tasks/main.yml b/ansible/roles/ml-analytics-service/tasks/main.yml index 6f37d6b3ea..7fbd3fe1ba 100755 --- a/ansible/roles/ml-analytics-service/tasks/main.yml +++ b/ansible/roles/ml-analytics-service/tasks/main.yml @@ -26,6 +26,7 @@ - python3-virtualenv - zip - unzip + - acl state: present - name: CHANGE THE OWNERSHIP FOR THIS {{ BASEPATH }} DIRECTORY @@ -135,15 +136,15 @@ cron: name: "Run Batch Ingestion Job" user: "{{ USER }}" - minute: "30" - hour: "18" + minute: "{{ ml_analytics_batch_cron_minute }}" + hour: "{{ ml_analytics_batch_cron_hour }}" job: "{{ BASEPATH }}/ml-analytics-service/run.sh > {{ BASEPATH }}/ml-analytics-service/crontab_job.log" - name: CREATE THE CRON NVSK Data Upload cron: name: "NVSK Data Upload JOB" user: "{{ USER }}" - minute: "30" - hour: "7" - weekday: "4" + minute: "{{ ml_analytics_nvsk_cron_minute }}" + hour: "{{ ml_analytics_nvsk_cron_hour }}" + weekday: "{{ ml_analytics_nvsk_cron_weekday }}" job: "{{ BASEPATH }}/ml-analytics-service/run_weekly.sh > {{ BASEPATH }}/ml-analytics-service/nvsk_data_weekly.logs" diff --git a/deploy/jenkins/jenkins-server-setup.sh b/deploy/jenkins/jenkins-server-setup.sh index d96e3b4228..2c7516a57a 100755 --- a/deploy/jenkins/jenkins-server-setup.sh +++ b/deploy/jenkins/jenkins-server-setup.sh @@ -12,10 +12,10 @@ echo -e "\n\e[0;32m${bold}Installating JDK8${normal}\n" apt-get install -y openjdk-8-jdk echo -e "\n\e[0;32m${bold}Installating Jenkins${normal}" -wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | apt-key add - +wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | apt-key add - apt-add-repository "deb https://pkg.jenkins.io/debian-stable binary/" apt-get update -apt-get install -y jenkins=2.319.3 +apt-get install -y jenkins=2.346.3 echo -e "\n\e[0;32m${bold}Installating PIP${normal}" apt-get install -y python-pip @@ -115,6 +115,7 @@ su jenkins bash -c "curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.34. echo -e "\n\e[0;32m${bold}Installing jmespath${normal}" sudo apt install -y python3-jmespath +sudo apt install python-jmespath #python2 #### Kubernetes Tools #### @@ -155,7 +156,7 @@ rm openjdk-11.0.2_linux-x64_bin.tar.gz #Install maven 3.6.3 echo -e "\n\e[0;32m${bold}Installating maven 3.6.3${normal}" -wget https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz +wget https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz tar -xf apache-maven-3.6.3-bin.tar.gz mv apache-maven-3.6.3 /opt/ mv /opt/apache-maven-3.6.3/bin/mvn /opt/apache-maven-3.6.3/bin/mvn3.6 diff --git a/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/InquiryFlinkJob/config.xml b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/InquiryFlinkJob/config.xml new file mode 100644 index 0000000000..28b220559d --- /dev/null +++ b/deploy/jenkins/jobs/ArtifactUpload/jobs/dev/jobs/KnowledgePlatform/jobs/InquiryFlinkJob/config.xml @@ -0,0 +1,108 @@ + + + + + hudson.model.ParametersDefinitionProperty + com.sonyericsson.rebuild.RebuildSettings + + + + + false + + + + -1 + 10 + -1 + 1 + + + + + false + false + + + + + absolute_job_path + <font color=dimgray size=2><b>Do not change this value! The metadata.json will be copied from this job.</b></font> + Build/KnowledgePlatform/InquiryFlinkJob + false + + + image_tag + <font color=darkgreen size=2><b>OPTIONAL: Specify the tag to upload a specific image version to the container registry.</b></font> + + false + + + artifact_source + <font color=dimgray size=2><b> +ArtifactRepo - Push the docker image to container registry. +</b></font> + + + ArtifactRepo + + + + + + + 0 + 0 + + false + project + false + + + + + + + + Build/KnowledgePlatform/InquiryFlinkJob + + SUCCESS + 0 + BLUE + true + + + + + + + + 2 + + + https://github.com/Sunbird-inQuiry/data-pipeline.git + + + + + ${inquiry_pipeline_branch_or_tag} + + + false + + + + true + false + + 0 + false + + + + kubernetes/pipelines/upload/Jenkinsfile + false + + + false + diff --git a/deploy/jenkins/jobs/Build/jobs/Core/jobs/Analytics/config.xml b/deploy/jenkins/jobs/Build/jobs/Core/jobs/Analytics/config.xml index 5bc1fe4d34..c6304ef3b4 100644 --- a/deploy/jenkins/jobs/Build/jobs/Core/jobs/Analytics/config.xml +++ b/deploy/jenkins/jobs/Build/jobs/Core/jobs/Analytics/config.xml @@ -35,6 +35,30 @@ refs/heads/${public_repo_branch} true + + CLOUD_STORE_GROUP_ID + <font style="color:dimgray;font-size:14px;"><b> +<li>Mention the cloud storage sdk group id</li> +</b></font> + org.sunbird + false + + + CLOUD_STORE_ARTIFACT_ID + <font style="color:dimgray;font-size:14px;"><b> +<li>Mention the cloud storage sdk artifact id</li> +</b></font> + cloud-store-sdk_2.12 + false + + + CLOUD_STORE_VERSION + <font style="color:dimgray;font-size:14px;"><b> +<li>Mention the cloud storage sdk version</li> +</b></font> + 1.4.0 + false + @@ -48,12 +72,7 @@ - - - H/15 * * * * - false - - + diff --git a/deploy/jenkins/jobs/Build/jobs/Core/jobs/Assessment/config.xml b/deploy/jenkins/jobs/Build/jobs/Core/jobs/Assessment/config.xml index d2c038b5fa..b4deb5e46b 100644 --- a/deploy/jenkins/jobs/Build/jobs/Core/jobs/Assessment/config.xml +++ b/deploy/jenkins/jobs/Build/jobs/Core/jobs/Assessment/config.xml @@ -1,6 +1,6 @@ - + hudson.model.ParametersDefinitionProperty com.sonyericsson.rebuild.RebuildSettings @@ -19,26 +19,47 @@ - + false false - github_release_tag + inquiry_release_tag <font style="color:dimgray;font-size:14px;"><b> <li>To build from a tag, use refs/tags/github_tag</li> <li>To build from a branch, use refs/heads/github_branch</li> -<li>The default value of ${public_repo_branch} will be the release / tag version set in global configuration</li> -<li>To build from a differnt branch, replace the ${public_repo_branch} with your branch</li> +<li>The default value of ${inquiry_service_build_branch_or_tag} will be the release / tag version set in global configuration</li> +<li>To build from a differnt branch, replace the ${inquiry_service_build_branch_or_tag} with your branch</li> </b></font> - refs/heads/${public_repo_branch} + refs/heads/${inquiry_service_build_branch_or_tag} true + + core_release_tag + <font style="color:dimgray;font-size:14px;"><b> +<li>Provide this value to build core components from Knowlg BB</li> +<li>To build from a tag, use refs/tags/github_tag</li> +<li>To build from a branch, use refs/heads/github_branch</li> +<li>The default value of ${inquiry_core_build_branch_or_tag} will be the release / tag version set in global configuration</li> +<li>To build from a differnt branch, replace the ${inquiry_core_build_branch_or_tag} with your branch</li> +</b></font> + refs/heads/${inquiry_core_build_branch_or_tag} + false + + + core_repo_link + Knowlg Core Repo + + + https://github.com/project-sunbird/knowledge-platform.git + + + - + 0 0 @@ -49,31 +70,29 @@ - - - H/15 * * * * - false - - + - - + + 2 - https://github.com/project-sunbird/knowledge-platform.git + https://github.com/Sunbird-inQuiry/inquiry-api-service.git - ${github_release_tag} + ${inquiry_release_tag} + false + + build/assessment-service/Jenkinsfile false false - \ No newline at end of file + diff --git a/deploy/jenkins/jobs/Build/jobs/Core/jobs/Content/config.xml b/deploy/jenkins/jobs/Build/jobs/Core/jobs/Content/config.xml index 7b47e1972e..f3f5d6477c 100644 --- a/deploy/jenkins/jobs/Build/jobs/Core/jobs/Content/config.xml +++ b/deploy/jenkins/jobs/Build/jobs/Core/jobs/Content/config.xml @@ -36,6 +36,24 @@ refs/heads/${public_repo_branch} true + + CLOUD_STORE_GROUP_ID + Set the Cloud store sdk group id. e.g. org.sunbird + ${cloud_store_group_id} + false + + + CLOUD_STORE_ARTIFACT_ID + Set the Cloud store sdk artifact id. e.g. cloud-store-sdk_2.12 + ${cloud_store_artifact_id} + false + + + CLOUD_STORE_VERSION + Set the Cloud store sdk version. e.g. 1.4.6 + ${cloud_store_version} + false + diff --git a/deploy/jenkins/jobs/Build/jobs/Core/jobs/Learner/config.xml b/deploy/jenkins/jobs/Build/jobs/Core/jobs/Learner/config.xml index 2cdac260ad..a12dd235f1 100644 --- a/deploy/jenkins/jobs/Build/jobs/Core/jobs/Learner/config.xml +++ b/deploy/jenkins/jobs/Build/jobs/Core/jobs/Learner/config.xml @@ -36,6 +36,24 @@ refs/heads/${public_repo_branch} true + + cloud_store_group_id + Set the Cloud store sdk group id. e.g. org.sunbird + ${cloud_store_group_id} + false + + + cloud_store_artifact_id + Set the Cloud store sdk artifact id. e.g. cloud-store-sdk + ${cloud_store_artifact_id} + false + + + cloud_store_version + Set the Cloud store sdk version. e.g. 1.4.6 + ${cloud_store_version} + false + @@ -51,7 +69,7 @@ - H/15 * * * * + false diff --git a/deploy/jenkins/jobs/Build/jobs/Core/jobs/Lms/config.xml b/deploy/jenkins/jobs/Build/jobs/Core/jobs/Lms/config.xml index 89116c8406..4eecb95a61 100644 --- a/deploy/jenkins/jobs/Build/jobs/Core/jobs/Lms/config.xml +++ b/deploy/jenkins/jobs/Build/jobs/Core/jobs/Lms/config.xml @@ -36,6 +36,24 @@ refs/heads/${public_repo_branch} true + + cloud_store_group_id + Set the Cloud store sdk group id. e.g. org.sunbird + ${cloud_store_group_id} + false + + + cloud_store_artifact_id + Set the Cloud store sdk artifact id. e.g. cloud-store-sdk + ${cloud_store_artifact_id} + false + + + cloud_store_version + Set the Cloud store sdk version. e.g 1.4.6 + ${cloud_store_version} + false + diff --git a/deploy/jenkins/jobs/Build/jobs/DataPipeline/jobs/AnalyticsCore/config.xml b/deploy/jenkins/jobs/Build/jobs/DataPipeline/jobs/AnalyticsCore/config.xml index 2b9e72c45c..5c202a759c 100644 --- a/deploy/jenkins/jobs/Build/jobs/DataPipeline/jobs/AnalyticsCore/config.xml +++ b/deploy/jenkins/jobs/Build/jobs/DataPipeline/jobs/AnalyticsCore/config.xml @@ -36,6 +36,30 @@ refs/heads/${public_repo_branch} true + + CLOUD_STORE_GROUP_ID + <font style="color:dimgray;font-size:14px;"><b> +<li>Mention the cloud storage sdk group id</li> +</b></font> + org.sunbird + false + + + CLOUD_STORE_ARTIFACT_ID + <font style="color:dimgray;font-size:14px;"><b> +<li>Mention the cloud storage sdk artifact id</li> +</b></font> + cloud-store-sdk_2.12 + false + + + CLOUD_STORE_VERSION + <font style="color:dimgray;font-size:14px;"><b> +<li>Mention the cloud storage sdk version</li> +</b></font> + 1.4.0 + false + @@ -51,7 +75,7 @@ - H/15 * * * * + false diff --git a/deploy/jenkins/jobs/Build/jobs/DataPipeline/jobs/CoreDataProducts/config.xml b/deploy/jenkins/jobs/Build/jobs/DataPipeline/jobs/CoreDataProducts/config.xml index a458418b24..8ff4dc5426 100644 --- a/deploy/jenkins/jobs/Build/jobs/DataPipeline/jobs/CoreDataProducts/config.xml +++ b/deploy/jenkins/jobs/Build/jobs/DataPipeline/jobs/CoreDataProducts/config.xml @@ -27,6 +27,27 @@ github_release_tag + <font color=red size=2><b>CAUTION: If the value is blank, latest code will be built. Specify github tag name to build from a tag.</b></font> + false + + + CLOUD_STORE_GROUP_ID + <font style="color:dimgray;font-size:14px;"><b> +<li>Mention the cloud storage sdk group id</li> +</b></font> + org.sunbird + false + + + CLOUD_STORE_ARTIFACT_ID + <font style="color:dimgray;font-size:14px;"><b> +<li>Mention the cloud storage sdk artifact id</li> +</b></font> + cloud-store-sdk_2.12 + false + + + CLOUD_STORE_VERSION <font style="color:dimgray;font-size:14px;"><b> <li>To build from a tag, use refs/tags/github_tag</li> <li>To build from a branch, use refs/heads/github_branch</li> @@ -51,7 +72,7 @@ - H/15 * * * * + false diff --git a/deploy/jenkins/jobs/Build/jobs/KnowledgePlatform/jobs/FlinkJobs/config.xml b/deploy/jenkins/jobs/Build/jobs/KnowledgePlatform/jobs/FlinkJobs/config.xml index 11f30a0d33..62a0cd1f68 100644 --- a/deploy/jenkins/jobs/Build/jobs/KnowledgePlatform/jobs/FlinkJobs/config.xml +++ b/deploy/jenkins/jobs/Build/jobs/KnowledgePlatform/jobs/FlinkJobs/config.xml @@ -36,6 +36,24 @@ refs/heads/${public_repo_branch} true + + CLOUD_STORE_GROUP_ID + Set the Cloud store sdk group id. e.g. org.sunbird + ${cloud_store_group_id} + false + + + CLOUD_STORE_ARTIFACT_ID + Set the Cloud store sdk artifact id. e.g. cloud-store-sdk_2.12 + ${cloud_store_artifact_id} + false + + + CLOUD_STORE_VERSION + Set the Cloud store sdk version. e.g. 1.4.6 + ${cloud_store_version} + false + diff --git a/deploy/jenkins/jobs/Build/jobs/KnowledgePlatform/jobs/InquiryFlinkJob/config.xml b/deploy/jenkins/jobs/Build/jobs/KnowledgePlatform/jobs/InquiryFlinkJob/config.xml new file mode 100644 index 0000000000..93b0eba8f7 --- /dev/null +++ b/deploy/jenkins/jobs/Build/jobs/KnowledgePlatform/jobs/InquiryFlinkJob/config.xml @@ -0,0 +1,77 @@ + + + + + hudson.model.ParametersDefinitionProperty + com.sonyericsson.rebuild.RebuildSettings + + + + + false + + + + -1 + 10 + -1 + 1 + + + + + false + false + + + + + inquiry_release_tag + <font style="color:dimgray;font-size:14px;"><b> +<li>To build from a tag, use refs/tags/github_tag</li> +<li>To build from a branch, use refs/heads/github_branch</li> +<li>The default value of ${inquiry_pipeline_branch_or_tag} will be the release / tag version set in global configuration</li> +<li>To build from a differnt branch, replace the ${inquiry_pipeline_branch_or_tag} with your branch</li> +</b></font> + refs/heads/${inquiry_pipeline_branch_or_tag} + true + + + + + 0 + 0 + + false + project + false + + + + + + + + + + 2 + + + https://github.com/Sunbird-inQuiry/data-pipeline.git + + + + + ${inquiry_release_tag} + + + false + + + + kubernetes/pipelines/build/Jenkinsfile + false + + + false + diff --git a/deploy/jenkins/jobs/Build/jobs/Lern/jobs/LernDataProducts/config.xml b/deploy/jenkins/jobs/Build/jobs/Lern/jobs/LernDataProducts/config.xml index 088b9fa27f..9b997d2ce1 100644 --- a/deploy/jenkins/jobs/Build/jobs/Lern/jobs/LernDataProducts/config.xml +++ b/deploy/jenkins/jobs/Build/jobs/Lern/jobs/LernDataProducts/config.xml @@ -36,6 +36,24 @@ refs/heads/${public_repo_branch} true + + cloud_store_group_id + Set the Cloud store sdk group id. e.g. org.sunbird + ${cloud_store_group_id} + false + + + cloud_store_artifact_id + Set the Cloud store sdk artifact id. e.g. cloud-store-sdk_2.12 + ${cloud_store_artifact_id} + false + + + cloud_store_version + Set the Cloud store sdk version. e.g. 1.4.6 + ${cloud_store_version} + false + @@ -49,12 +67,7 @@ - - - H/15 * * * * - false - - + diff --git a/deploy/jenkins/jobs/Build/jobs/Lern/jobs/LernFlinkJobs/config.xml b/deploy/jenkins/jobs/Build/jobs/Lern/jobs/LernFlinkJobs/config.xml index df82bece0b..f8041941e2 100644 --- a/deploy/jenkins/jobs/Build/jobs/Lern/jobs/LernFlinkJobs/config.xml +++ b/deploy/jenkins/jobs/Build/jobs/Lern/jobs/LernFlinkJobs/config.xml @@ -36,6 +36,24 @@ refs/heads/${public_repo_branch} true + + cloud_store_group_id + Set the Cloud store sdk group id. e.g. org.sunbird + ${cloud_store_group_id} + false + + + cloud_store_artifact_id + Set the Cloud store sdk artifact id. e.g. cloud-store-sdk_2.12 + ${cloud_store_artifact_id} + false + + + cloud_store_version + Set the Cloud store sdk version. e.g. 1.4.6 + ${cloud_store_version} + false + diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/KnowledgePlatform/jobs/InquiryFlinkJob/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/KnowledgePlatform/jobs/InquiryFlinkJob/config.xml new file mode 100644 index 0000000000..af888dbe75 --- /dev/null +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/KnowledgePlatform/jobs/InquiryFlinkJob/config.xml @@ -0,0 +1,149 @@ + + + + + hudson.model.ParametersDefinitionProperty + com.sonyericsson.rebuild.RebuildSettings + + + + + false + + + + -1 + 10 + -1 + 2 + + + + + false + false + + + + + private_branch + + choice-parameter-2544395024638227 + 1 + + true + + + + true + + + InquiryFlinkJob + Deploy/dev/KnowledgePlatform/InquiryFlinkJob + + + ET_FORMATTED_HTML + true + + + inquiry_release_tag + <font style="color:dimgray;font-size:14px;"><b> +<li>To build from a tag, use refs/tags/github_tag</li> +<li>To build from a branch, use refs/heads/github_branch</li> +<li>The default value of ${inquiry_pipeline_branch_or_tag} will be the release / tag version set in global configuration</li> +<li>To build from a differnt branch, replace the ${inquiry_pipeline_branch_or_tag} with your branch</li> +</b></font> + refs/heads/${inquiry_pipeline_branch_or_tag} + false + + + image_tag + <font color=red size=2><b>CAUTION: If the value is blank, image tag will be taken from the latest metadata.json.</b></font> + + false + + + absolute_job_path + <font color=dimgray size=2><b>Do not change this value! The metadata.json will be copied from this job.</b></font> + ArtifactUpload/dev/KnowledgePlatform/InquiryFlinkJob + false + + + job_names_to_deploy + <font color=green size=2><b>Choose the job names to deploy. Multi-selection is available.</b></font> + choice-parameter-1273072434092073 + 1 + + true + + + + InquiryFlinkJob + Deploy/dev/KnowledgePlatform/InquiryFlinkJob + + + PT_MULTI_SELECT + false + 1 + + + + + 0 + 0 + + false + project + false + + + + + + + + + + 2 + + + https://github.com/Sunbird-inQuiry/data-pipeline.git + + + + + ${inquiry_release_tag} + + + false + + + + true + false + + 0 + false + + + + kubernetes/pipelines/deploy/Jenkinsfile + false + + + false + diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/InquiryUploadSchema/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/InquiryUploadSchema/config.xml new file mode 100644 index 0000000000..7441f81065 --- /dev/null +++ b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/InquiryUploadSchema/config.xml @@ -0,0 +1,163 @@ + + + + false + + + + -1 + -1 + -1 + 5 + + + + + false + false + + + + + private_branch + + choice-parameter-2544395024638227 + 1 + + true + + + + true + + + InquiryUploadSchema + Deploy/dev/Kubernetes/InquiryUploadSchema + + + ET_FORMATTED_HTML + true + + + branch_or_tag + + choice-parameter-2620434998790477 + 1 + + true + + + + true + + + InquiryUploadSchema + Deploy/dev/Kubernetes/InquiryUploadSchema + + + ET_FORMATTED_HTML + true + + + schema_repo + <font color=dimgray size=2><b>Enter the repo url from which schema folder to be uploaded</b></font> + + + https://github.com/Sunbird-inQuiry/inquiry-api-service.git + https://github.com/project-sunbird/knowledge-platform.git + + + + + schema_repo_branch_or_tag + <font color=dimgray size=2><b>Enter the branch or tag for schema repo</b></font> + + false + + + source_folder + + choice-parameter-5348290139923778 + 1 + + true + + + + InquiryUploadSchema + Deploy/dev/Kubernetes/InquiryUploadSchema + + + PT_MULTI_SELECT + false + 1 + + + + + 0 + 0 + + false + project + false + + + + + + + + + + 2 + + + https://github.com/project-sunbird/sunbird-devops.git + + + + + ${branch_or_tag} + + + false + + + + true + false + + 0 + false + + + + pipelines/upload/schema/knowledge-platform/schema.Jenkinsfile + false + + + false + diff --git a/deploy/jenkins/jobs/Provision/jobs/dev/jobs/Core/jobs/ApplicationElasticSearch/config.xml b/deploy/jenkins/jobs/Provision/jobs/dev/jobs/Core/jobs/ApplicationElasticSearch/config.xml index 859b804b88..f669caa862 100644 --- a/deploy/jenkins/jobs/Provision/jobs/dev/jobs/Core/jobs/ApplicationElasticSearch/config.xml +++ b/deploy/jenkins/jobs/Provision/jobs/dev/jobs/Core/jobs/ApplicationElasticSearch/config.xml @@ -26,7 +26,7 @@ @@ -114,4 +114,4 @@ return """<b>This parameter is not used</b>""" false - \ No newline at end of file + diff --git a/kubernetes/ansible/bootstrap.yaml b/kubernetes/ansible/bootstrap.yaml index 0fa7e0acfe..72f1beacff 100644 --- a/kubernetes/ansible/bootstrap.yaml +++ b/kubernetes/ansible/bootstrap.yaml @@ -39,7 +39,7 @@ - name: "Tagging {{ namespace }} to enable istio" shell: "kubectl label namespaces {{ namespace }} istio-injection=enabled --overwrite" - name: Creating docker secrets - shell: "kubectl create secret docker-registry {{ imagepullsecrets }} --namespace {{ namespace }} --docker-server {{ vault_docker_registry_url }} --docker-username {{ vault_docker_registry_user }} --docker-password {{ vault_docker_registry_password }} --dry-run=client -o=yaml | kubectl apply -f -" + shell: "kubectl create secret docker-registry {{ imagepullsecrets }} --namespace {{ namespace }} --docker-server {{ vault_docker_registry_url }} --docker-username {{ vault_docker_registry_user }} --docker-password '{{ vault_docker_registry_password }}' --dry-run=client -o=yaml | kubectl apply -f -" - name: Installing reloader for configmaps reload shell: helm upgrade --install --atomic reloader ../helm_charts/core/reloader --namespace "{{ namespace }}" -f /tmp/helm_vars.yaml roles: diff --git a/kubernetes/ansible/bootstrap_minimal.yaml b/kubernetes/ansible/bootstrap_minimal.yaml index 44170246ae..cdb145423e 100644 --- a/kubernetes/ansible/bootstrap_minimal.yaml +++ b/kubernetes/ansible/bootstrap_minimal.yaml @@ -30,7 +30,7 @@ - logging ignore_errors: yes - name: Creating docker secrets - shell: "kubectl create secret docker-registry {{ imagepullsecrets }} --namespace {{ item }} --docker-server {{ vault_docker_registry_url }} --docker-username {{ vault_docker_registry_user }} --docker-password {{ vault_docker_registry_password }} --dry-run=client -o=yaml | kubectl apply -f -" + shell: "kubectl create secret docker-registry {{ imagepullsecrets }} --namespace {{ item }} --docker-server {{ vault_docker_registry_url }} --docker-username {{ vault_docker_registry_user }} --docker-password '{{ vault_docker_registry_password }}' --dry-run=client -o=yaml | kubectl apply -f -" when: imagepullsecrets|length > 0 with_items: - "{{ bootstrap_namespace.split(',') }}" diff --git a/kubernetes/ansible/namespace.yml b/kubernetes/ansible/namespace.yml index bc62234c2c..bc38fab7d8 100644 --- a/kubernetes/ansible/namespace.yml +++ b/kubernetes/ansible/namespace.yml @@ -28,7 +28,7 @@ - "{{ bootstrap_namespace.split(',') }}" ignore_errors: yes - name: Creating docker secrets - shell: "kubectl create secret docker-registry {{ imagepullsecrets }} --namespace {{ item }} --docker-server {{ vault_docker_registry_url }} --docker-username {{ vault_docker_registry_user }} --docker-password {{ vault_docker_registry_password }} --dry-run=client -o=yaml | kubectl apply -f -" + shell: "kubectl create secret docker-registry {{ imagepullsecrets }} --namespace {{ item }} --docker-server {{ vault_docker_registry_url }} --docker-username {{ vault_docker_registry_user }} --docker-password '{{ vault_docker_registry_password }}' --dry-run=client -o=yaml | kubectl apply -f -" when: imagepullsecrets|length > 0 with_items: - "{{ bootstrap_namespace.split(',') }}" diff --git a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml index b59cebe9a0..4cb69fd90f 100644 --- a/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml +++ b/kubernetes/helm_charts/core/nginx-private-ingress/templates/configmap.yaml @@ -40,7 +40,7 @@ data: listen 80; listen [::]:80; {{- if and .Values.nginx_private_ingress_ip (ne .Values.csp "oci") }} - server_name: {{ .Values.nginx_private_ingress_ip }}; + server_name {{ .Values.nginx_private_ingress_ip }}; {{- end }} resolver {{ .Values.kube_dns_ip }}; diff --git a/private_repo/ansible/inventory/dev/Core/common.yml b/private_repo/ansible/inventory/dev/Core/common.yml index 3386020d08..da2d8a9694 100644 --- a/private_repo/ansible/inventory/dev/Core/common.yml +++ b/private_repo/ansible/inventory/dev/Core/common.yml @@ -488,3 +488,12 @@ ml_analytics_cname_url: # Reference value - https://obj.dev.sunbirded.org/samiks ml_analytics_client_id : project-sunbird-dev-client # Keycloak client group ml_analytics_username : reportAdmin1 # Username of a user which has roles of "PROGRAM_MANAGER", "PROGRAM_DESIGNER", "REPORT_ADMIN", "REPORT_VIEWER" ml_analytics_createdBy : fb85a044-d9eb-479b-a55a-faf1bfaea14d # Unique system generated user UUID which is the same user as above +ml_container: samiksha + +# provide the s3 compatible endpoint +# for AWS +# cloud_private_storage_account_endpoint: "https://s3.{{ cloud_public_storage_region }}.amazonaws.com" +# for OCI +#cloud_private_storage_account_endpoint: "https://.compat.objectstorage.{{cloud_public_storage_region}}.oraclecloud.com" +cloud_private_storage_account_endpoint: "{{ cloud_public_storage_endpoint }}" # Leave Blank for Azure +bb_name: "" #Leave Blank diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml index 2e16859454..c7f3e5b7e4 100644 --- a/private_repo/ansible/inventory/dev/Core/secrets.yml +++ b/private_repo/ansible/inventory/dev/Core/secrets.yml @@ -237,4 +237,4 @@ lp_vault_youtube_api_key: # youtube api token if you want # Examples values added below ml_analytics_authorization_access_token : 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkOTY3NzRjYzXXXXXXXXXXXXXQ4Y2RiOWQ2Mzg0OSJ9.n4hXxKxl_698yeZPSWhXeGvMOb4esfgPadIZe8jZ0Z4' # Bearer auth token which has access to APIs as defined in the release note ml_analytics_password : Test@123 # Password of a user which has roles of "PROGRAM_MANAGER", "PROGRAM_DESIGNER", "REPORT_ADMIN", "REPORT_VIEWER" matching with supplied username to variable ml_analytics_username -ml_analytics_client_secret : fd241dce-4ZZ9-47e1-97cf-1c7de7a44216 # Keycloak client secret for creating tokens, mapped to client id supplied to variable ml_analytics_client_id +ml_analytics_client_secret : fd241dce-4ZZ9-47e1-97cf-1c7de7a44216 # Keycloak client secret for creating tokens, mapped to client id supplied to variable ml_analytics_client_id \ No newline at end of file diff --git a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml index ce4e93b37e..d87400b63c 100644 --- a/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml +++ b/private_repo/ansible/inventory/dev/KnowledgePlatform/common.yml @@ -213,4 +213,10 @@ postgres: db_admin_password: "{{dp_vault_pgdb_admin_password}}" # graylog -send_logs_to_graylog: true # filebeat agents will send logs to graylog instead of ES \ No newline at end of file +send_logs_to_graylog: true # filebeat agents will send logs to graylog instead of ES + +druid_storage_type: "" # Your cloud service provider name. Supported values are aws, azure, gcloud + +# Optional variables - Can be left blank +cloud_storage_report_verfication_bucketname: "" +dp_storage_endpoint_config: "" From a56bd7ccf44ef4b7406defbf437f847f8e68d775 Mon Sep 17 00:00:00 2001 From: Kumar Gauraw Date: Mon, 9 Oct 2023 18:33:53 +0530 Subject: [PATCH 386/434] Issue #IQ-559 fix: updated cassandra script and deleted schema upload --- ansible/inquiry_upload-schema.yml | 15 ----- .../templates/inquiry_alter_table.cql | 1 + .../templates/inquiry_create_table.cql | 44 +++++++++++++++ .../knowledge-platform/schema.Jenkinsfile | 55 ------------------- 4 files changed, 45 insertions(+), 70 deletions(-) delete mode 100644 ansible/inquiry_upload-schema.yml create mode 100644 ansible/roles/cassandra-db-update/templates/inquiry_alter_table.cql create mode 100644 ansible/roles/cassandra-db-update/templates/inquiry_create_table.cql delete mode 100644 pipelines/upload/schema/knowledge-platform/schema.Jenkinsfile diff --git a/ansible/inquiry_upload-schema.yml b/ansible/inquiry_upload-schema.yml deleted file mode 100644 index 32ebde956d..0000000000 --- a/ansible/inquiry_upload-schema.yml +++ /dev/null @@ -1,15 +0,0 @@ -- hosts: local - become: yes - gather_facts: no - vars_files: - - "{{inventory_dir}}/secrets.yml" - environment: - AZURE_STORAGE_ACCOUNT: "{{ sunbird_public_storage_account_name }}" - AZURE_STORAGE_SAS_TOKEN: "{{ sunbird_public_storage_account_sas }}" - tasks: - - name: upload batch - command: "az storage blob upload-batch --destination {{ plugin_container_name }}/schemas/local/{{ item }} --source {{ source_path }}/{{ item }}" - with_items: - - "{{ source_name.split(',') }}" - async: 3600 - poll: 10 diff --git a/ansible/roles/cassandra-db-update/templates/inquiry_alter_table.cql b/ansible/roles/cassandra-db-update/templates/inquiry_alter_table.cql new file mode 100644 index 0000000000..4924c1136a --- /dev/null +++ b/ansible/roles/cassandra-db-update/templates/inquiry_alter_table.cql @@ -0,0 +1 @@ +ALTER TABLE {{ question_keyspace_name }}.question_data ADD (outcomeDeclaration text, feedback text); \ No newline at end of file diff --git a/ansible/roles/cassandra-db-update/templates/inquiry_create_table.cql b/ansible/roles/cassandra-db-update/templates/inquiry_create_table.cql new file mode 100644 index 0000000000..c4543734e3 --- /dev/null +++ b/ansible/roles/cassandra-db-update/templates/inquiry_create_table.cql @@ -0,0 +1,44 @@ +CREATE KEYSPACE IF NOT EXISTS {{ hierarchy_keyspace_name }} WITH replication = { + 'class': 'SimpleStrategy', + 'replication_factor': '1' +}; + +CREATE KEYSPACE IF NOT EXISTS {{ question_keyspace_name }} WITH replication = { + 'class': 'SimpleStrategy', + 'replication_factor': '1' +}; + +CREATE TABLE IF NOT EXISTS {{ hierarchy_keyspace_name }}.questionset_hierarchy ( + identifier text, + hierarchy text, + instructions text, + outcomeDeclaration text, + PRIMARY KEY (identifier) +); + +CREATE TABLE IF NOT EXISTS {{ question_keyspace_name }}.question_data ( + identifier text, + body blob, + editorState text, + answer blob, + solutions text, + instructions text, + hints text, + media text, + responseDeclaration text, + interactions text, + outcomeDeclaration text, + feedback text, + PRIMARY KEY (identifier) +); + +{% if groups['cassandra-node-2'] is defined %} +ALTER KEYSPACE {{ hierarchy_keyspace_name }} WITH replication = { + 'class': 'NetworkTopologyStrategy', + 'datacenter1' : 2 +}; +ALTER KEYSPACE {{ question_keyspace_name }} WITH replication = { + 'class': 'NetworkTopologyStrategy', + 'datacenter1' : 2 +}; +{% endif %} \ No newline at end of file diff --git a/pipelines/upload/schema/knowledge-platform/schema.Jenkinsfile b/pipelines/upload/schema/knowledge-platform/schema.Jenkinsfile deleted file mode 100644 index eb0bd8ed27..0000000000 --- a/pipelines/upload/schema/knowledge-platform/schema.Jenkinsfile +++ /dev/null @@ -1,55 +0,0 @@ -@Library('deploy-conf') _ -node() { - try { - String ANSI_GREEN = "\u001B[32m" - String ANSI_NORMAL = "\u001B[0m" - String ANSI_BOLD = "\u001B[1m" - String ANSI_RED = "\u001B[31m" - String ANSI_YELLOW = "\u001B[33m" - - stage('checkout public repo') { - folder = new File("$WORKSPACE/.git") - if (folder.exists()) - { - println "Found .git folder. Clearing it.." - sh'git clean -fxd' - } - checkout scm - } - - ansiColor('xterm') { - values = [:] - currentWs = sh(returnStdout: true, script: 'pwd').trim() - envDir = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-3].trim() - module = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-2].trim() - jobName = sh(returnStdout: true, script: "echo $JOB_NAME").split('/')[-1].trim() - stage('deploy artifact'){ - sh """ - rm -rf schema_repo - git clone ${params.schema_repo} -b ${params.schema_repo_branch_or_tag} schema_repo - """ - ansiblePlaybook = "${currentWs}/ansible/inquiry_upload-schema.yml" - ansibleExtraArgs = "--extra-vars \" source_name=${params.source_folder} source_path=${currentWs}/schema_repo/schemas \" --vault-password-file /var/lib/jenkins/secrets/vault-pass" - values.put('currentWs', currentWs) - values.put('env', envDir) - values.put('module', module) - values.put('jobName', jobName) - values.put('ansiblePlaybook', ansiblePlaybook) - values.put('ansibleExtraArgs', ansibleExtraArgs) - println values - ansible_playbook_run(values) - currentBuild.result = 'SUCCESS' - currentBuild.description = "Private: ${params.private_branch}, Public: ${params.branch_or_tag}, schema_repo_branch_or_tag: ${params.schema_repo_branch_or_tag}" - } - } - summary() - } - catch (err) { - currentBuild.result = 'FAILURE' - throw err - } - finally { - slack_notify(currentBuild.result) - email_notify() - } -} From 24dd015bdb2cf30b18d20fc43ec2e665ad415904 Mon Sep 17 00:00:00 2001 From: Jayaprakash8887 Date: Tue, 10 Oct 2023 14:29:44 +0530 Subject: [PATCH 387/434] delete user entry --- ansible/roles/kong-api/defaults/main.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index afeab35fc0..ac144750ea 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9223,6 +9223,27 @@ kong_apis: config.required: true config.enabled: true +- name: deleteUser + uris: "{{ user_service_prefix }}/v1/delete" + upstream_url: "{{ userorg_service_url }}/v1/user/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - userUpdate + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: true + config.enabled: true + - name: createContentV2 uris: "{{ content_prefix }}/v2/create" upstream_url: "{{ content_service_url }}/content/v4/create" From eea5a63657a432e9d05c127c3e10f25e4a6bf22f Mon Sep 17 00:00:00 2001 From: Jayaprakash8887 Date: Tue, 10 Oct 2023 15:06:19 +0530 Subject: [PATCH 388/434] delete user entry --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index ac144750ea..fa4b56ca18 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9225,7 +9225,7 @@ kong_apis: - name: deleteUser uris: "{{ user_service_prefix }}/v1/delete" - upstream_url: "{{ userorg_service_url }}/v1/user/update" + upstream_url: "{{ userorg_service_url }}/v1/user/delete" strip_uri: true plugins: - name: jwt From 9061bd32ecb1cdbb58524bf0ce23087cba428548 Mon Sep 17 00:00:00 2001 From: Jayaprakash8887 Date: Tue, 10 Oct 2023 15:07:07 +0530 Subject: [PATCH 389/434] delete user entry --- ansible/roles/kong-api/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index fa4b56ca18..4dc8e90bc9 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -9233,7 +9233,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - userUpdate + - userUpdate - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" From eb53a8b6ec878575d541c9f660d0d3f12c7a2d22 Mon Sep 17 00:00:00 2001 From: Jayaprakash8887 Date: Mon, 30 Oct 2023 15:39:41 +0530 Subject: [PATCH 390/434] Issue #LR-676 feat: Delete User --- .../roles/stack-sunbird/templates/sunbird_learner-service.env | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index d02bd84ba8..7a898fc0e3 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -131,3 +131,6 @@ sunbird_sso_lb_ip={{keycloak_url}} # Release-5.0.0 sunbird_cloud_service_provider={{cloud_service_provider}} isMultiDCEnabled={{cassandra_multi_dc_enabled}} + +# Release-7.0.0 +user-deletion-roles=public From 35668426f6537988f420d05f9060fdaee2f92b98 Mon Sep 17 00:00:00 2001 From: Vivek M <125434153+Vivek-M-08@users.noreply.github.com> Date: Fri, 3 Nov 2023 09:15:17 +0530 Subject: [PATCH 391/434] IQ-125 API onboarding for Review flow (#3913) * API onboarding for Review flow * Updated ACL for update read comment --------- Co-authored-by: user --- ansible/roles/kong-api/defaults/main.yml | 83 ++++++++++++++++++++++++ 1 file changed, 83 insertions(+) diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index cf51212d15..180ec9828b 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -10646,3 +10646,86 @@ kong_apis: config.required: false config.enabled: false +- name: questionSetUpdateComment + uris: "{{ questionset_prefix }}/v1/comment/update" + upstream_url: "{{ assessment_service_url }}/questionset/v4/comment/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetUpdateCommentV2 + uris: "{{ questionset_prefix }}/v2/comment/update" + upstream_url: "{{ assessment_service_url }}/questionset/v5/comment/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAdmin + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetReadComment + uris: "{{ questionset_prefix }}/v1/comment/read" + upstream_url: "{{ assessment_service_url }}/questionset/v4/comment/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false + +- name: questionSetReadCommentV2 + uris: "{{ questionset_prefix }}/v2/comment/read" + upstream_url: "{{ assessment_service_url }}/questionset/v5/comment/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - contentAccess + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: opa-checks + config.required: false + config.enabled: false From 512d22a45485810f9c1fbc5ae786bd2838c4eb39 Mon Sep 17 00:00:00 2001 From: shashank-nand Date: Tue, 7 Nov 2023 11:00:32 +0530 Subject: [PATCH 392/434] updated k8s API version --- .../helm_charts/core/adminutils/templates/hpa.yaml | 13 ++++++++----- .../helm_charts/core/analytics/templates/hpa.yaml | 10 +++++++--- .../helm_charts/core/apimanager/templates/hpa.yaml | 10 +++++++--- .../core/apimanagerecho/templates/hpa.yaml | 10 +++++++--- .../helm_charts/core/assessment/templates/hpa.yaml | 10 +++++++--- kubernetes/helm_charts/core/cert/templates/hpa.yaml | 10 +++++++--- .../core/certregistry/templates/hpa.yaml | 10 +++++++--- .../helm_charts/core/content/templates/hpa.yaml | 10 +++++++--- kubernetes/helm_charts/core/dial/templates/hpa.yaml | 10 +++++++--- .../core/discussionsmw/templates/hpa.yaml | 12 ++++++++---- kubernetes/helm_charts/core/enc/templates/hpa.yaml | 10 +++++++--- .../helm_charts/core/gotenberg/templates/hpa.yaml | 10 +++++++--- kubernetes/helm_charts/core/gql/templates/hpa.yaml | 12 ++++++++---- .../helm_charts/core/groups/templates/hpa.yaml | 10 +++++++--- .../helm_charts/core/inbound/templates/hpa.yaml | 12 ++++++++---- .../helm_charts/core/knowledgemw/templates/hpa.yaml | 10 +++++++--- .../helm_charts/core/learner/templates/hpa.yaml | 10 +++++++--- kubernetes/helm_charts/core/lms/templates/hpa.yaml | 10 +++++++--- .../core/ml-core-service/templates/hpa.yaml | 10 +++++++--- .../core/ml-projects-service/templates/hpa.yaml | 10 +++++++--- .../core/ml-reports-service/templates/hpa.yaml | 10 +++++++--- .../core/ml-survey-service/templates/hpa.yaml | 10 +++++++--- .../core/nginx-private-ingress/templates/hpa.yaml | 10 +++++++--- .../helm_charts/core/nginx-public-ingress/values.j2 | 2 ++ .../helm_charts/core/nodebb/templates/hpa.yaml | 10 +++++++--- .../core/notification/templates/hpa.yaml | 10 +++++++--- kubernetes/helm_charts/core/odk/templates/hpa.yaml | 12 ++++++++---- .../core/orchestrator/templates/hpa.yaml | 12 ++++++++---- .../helm_charts/core/outbound/templates/hpa.yaml | 12 ++++++++---- .../helm_charts/core/player/templates/hpa.yaml | 10 +++++++--- .../helm_charts/core/print/templates/hpa.yaml | 10 +++++++--- .../helm_charts/core/report/templates/hpa.yaml | 10 +++++++--- .../helm_charts/core/search/templates/hpa.yaml | 10 +++++++--- .../helm_charts/core/taxonomy/templates/hpa.yaml | 10 +++++++--- .../helm_charts/core/telemetry/templates/hpa.yaml | 10 +++++++--- .../helm_charts/core/transformer/templates/hpa.yaml | 12 ++++++++---- kubernetes/helm_charts/core/uci/templates/hpa.yaml | 12 ++++++++---- .../helm_charts/core/userorg/templates/hpa.yaml | 10 +++++++--- .../istio/charts/gateways/templates/autoscale.yaml | 2 +- .../istio/charts/mixer/templates/autoscale.yaml | 2 +- .../istio/charts/pilot/templates/autoscale.yaml | 2 +- .../sunbird-RC/certificateapi/templates/hpa.yaml | 12 ++++++++---- .../sunbird-RC/certificatesign/templates/hpa.yaml | 12 ++++++++---- .../sunbird-RC/registry/templates/hpa.yaml | 12 ++++++++---- 44 files changed, 297 insertions(+), 136 deletions(-) diff --git a/kubernetes/helm_charts/core/adminutils/templates/hpa.yaml b/kubernetes/helm_charts/core/adminutils/templates/hpa.yaml index 39a0140656..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/adminutils/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/adminutils/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,13 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} -{{- end }} - +{{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/analytics/templates/hpa.yaml b/kubernetes/helm_charts/core/analytics/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/analytics/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/analytics/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/apimanager/templates/hpa.yaml b/kubernetes/helm_charts/core/apimanager/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/apimanager/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/apimanager/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/apimanagerecho/templates/hpa.yaml b/kubernetes/helm_charts/core/apimanagerecho/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/apimanagerecho/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/apimanagerecho/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/assessment/templates/hpa.yaml b/kubernetes/helm_charts/core/assessment/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/assessment/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/assessment/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/cert/templates/hpa.yaml b/kubernetes/helm_charts/core/cert/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/cert/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/cert/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/certregistry/templates/hpa.yaml b/kubernetes/helm_charts/core/certregistry/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/certregistry/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/certregistry/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/content/templates/hpa.yaml b/kubernetes/helm_charts/core/content/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/content/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/content/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/dial/templates/hpa.yaml b/kubernetes/helm_charts/core/dial/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/dial/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/dial/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/discussionsmw/templates/hpa.yaml b/kubernetes/helm_charts/core/discussionsmw/templates/hpa.yaml index cb527919ea..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/discussionsmw/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/discussionsmw/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/enc/templates/hpa.yaml b/kubernetes/helm_charts/core/enc/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/enc/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/enc/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/gotenberg/templates/hpa.yaml b/kubernetes/helm_charts/core/gotenberg/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/gotenberg/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/gotenberg/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/gql/templates/hpa.yaml b/kubernetes/helm_charts/core/gql/templates/hpa.yaml index 0fef8ca0e7..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/gql/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/gql/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} - {{- end }} \ No newline at end of file +{{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/groups/templates/hpa.yaml b/kubernetes/helm_charts/core/groups/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/groups/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/groups/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/inbound/templates/hpa.yaml b/kubernetes/helm_charts/core/inbound/templates/hpa.yaml index 0fef8ca0e7..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/inbound/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/inbound/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} - {{- end }} \ No newline at end of file +{{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/knowledgemw/templates/hpa.yaml b/kubernetes/helm_charts/core/knowledgemw/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/knowledgemw/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/knowledgemw/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/learner/templates/hpa.yaml b/kubernetes/helm_charts/core/learner/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/learner/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/learner/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/lms/templates/hpa.yaml b/kubernetes/helm_charts/core/lms/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/lms/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/lms/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/ml-core-service/templates/hpa.yaml b/kubernetes/helm_charts/core/ml-core-service/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/ml-core-service/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/ml-core-service/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/ml-projects-service/templates/hpa.yaml b/kubernetes/helm_charts/core/ml-projects-service/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/ml-projects-service/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/ml-projects-service/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/ml-reports-service/templates/hpa.yaml b/kubernetes/helm_charts/core/ml-reports-service/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/ml-reports-service/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/ml-reports-service/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/ml-survey-service/templates/hpa.yaml b/kubernetes/helm_charts/core/ml-survey-service/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/ml-survey-service/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/ml-survey-service/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/nginx-private-ingress/templates/hpa.yaml b/kubernetes/helm_charts/core/nginx-private-ingress/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/nginx-private-ingress/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/nginx-private-ingress/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index e325f5d339..70281491af 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -756,6 +756,7 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://player; } + {# location ~* ^/.well-known/assetlinks.json { # Enabling cache for Response code 200 expires 1M; @@ -793,6 +794,7 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass $bucket; } + #} location ~* ^/desktop/(.*) { # Enabling cache for Response code 200 expires 1M; diff --git a/kubernetes/helm_charts/core/nodebb/templates/hpa.yaml b/kubernetes/helm_charts/core/nodebb/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/nodebb/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/nodebb/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/notification/templates/hpa.yaml b/kubernetes/helm_charts/core/notification/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/notification/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/notification/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/odk/templates/hpa.yaml b/kubernetes/helm_charts/core/odk/templates/hpa.yaml index 0fef8ca0e7..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/odk/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/odk/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} - {{- end }} \ No newline at end of file +{{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/orchestrator/templates/hpa.yaml b/kubernetes/helm_charts/core/orchestrator/templates/hpa.yaml index 0fef8ca0e7..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/orchestrator/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/orchestrator/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} - {{- end }} \ No newline at end of file +{{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/outbound/templates/hpa.yaml b/kubernetes/helm_charts/core/outbound/templates/hpa.yaml index 0fef8ca0e7..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/outbound/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/outbound/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} - {{- end }} \ No newline at end of file +{{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/player/templates/hpa.yaml b/kubernetes/helm_charts/core/player/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/player/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/player/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/print/templates/hpa.yaml b/kubernetes/helm_charts/core/print/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/print/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/print/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/report/templates/hpa.yaml b/kubernetes/helm_charts/core/report/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/report/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/report/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/search/templates/hpa.yaml b/kubernetes/helm_charts/core/search/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/search/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/search/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/taxonomy/templates/hpa.yaml b/kubernetes/helm_charts/core/taxonomy/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/taxonomy/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/taxonomy/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/telemetry/templates/hpa.yaml b/kubernetes/helm_charts/core/telemetry/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/telemetry/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/telemetry/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/transformer/templates/hpa.yaml b/kubernetes/helm_charts/core/transformer/templates/hpa.yaml index 0fef8ca0e7..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/transformer/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/transformer/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} - {{- end }} \ No newline at end of file +{{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/uci/templates/hpa.yaml b/kubernetes/helm_charts/core/uci/templates/hpa.yaml index 0fef8ca0e7..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/uci/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/uci/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} - {{- end }} \ No newline at end of file +{{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/core/userorg/templates/hpa.yaml b/kubernetes/helm_charts/core/userorg/templates/hpa.yaml index 1ba4f89a8b..fd75ba3280 100644 --- a/kubernetes/helm_charts/core/userorg/templates/hpa.yaml +++ b/kubernetes/helm_charts/core/userorg/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/istio-system/istio/charts/gateways/templates/autoscale.yaml b/kubernetes/helm_charts/istio-system/istio/charts/gateways/templates/autoscale.yaml index 2455ac3450..80f8b03711 100755 --- a/kubernetes/helm_charts/istio-system/istio/charts/gateways/templates/autoscale.yaml +++ b/kubernetes/helm_charts/istio-system/istio/charts/gateways/templates/autoscale.yaml @@ -1,7 +1,7 @@ {{- range $key, $spec := .Values }} {{- if ne $key "enabled" }} {{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ $key }} diff --git a/kubernetes/helm_charts/istio-system/istio/charts/mixer/templates/autoscale.yaml b/kubernetes/helm_charts/istio-system/istio/charts/mixer/templates/autoscale.yaml index 377b47d033..bf000b678d 100755 --- a/kubernetes/helm_charts/istio-system/istio/charts/mixer/templates/autoscale.yaml +++ b/kubernetes/helm_charts/istio-system/istio/charts/mixer/templates/autoscale.yaml @@ -1,7 +1,7 @@ {{- range $key, $spec := .Values }} {{- if or (eq $key "policy") (eq $key "telemetry") }} {{- if and $spec.enabled $spec.autoscaleEnabled $spec.autoscaleMin $spec.autoscaleMax }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: istio-{{ $key }} diff --git a/kubernetes/helm_charts/istio-system/istio/charts/pilot/templates/autoscale.yaml b/kubernetes/helm_charts/istio-system/istio/charts/pilot/templates/autoscale.yaml index 1a9945136a..8d1c109380 100755 --- a/kubernetes/helm_charts/istio-system/istio/charts/pilot/templates/autoscale.yaml +++ b/kubernetes/helm_charts/istio-system/istio/charts/pilot/templates/autoscale.yaml @@ -1,5 +1,5 @@ {{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: istio-pilot diff --git a/kubernetes/helm_charts/sunbird-RC/certificateapi/templates/hpa.yaml b/kubernetes/helm_charts/sunbird-RC/certificateapi/templates/hpa.yaml index cb527919ea..fd75ba3280 100644 --- a/kubernetes/helm_charts/sunbird-RC/certificateapi/templates/hpa.yaml +++ b/kubernetes/helm_charts/sunbird-RC/certificateapi/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/sunbird-RC/certificatesign/templates/hpa.yaml b/kubernetes/helm_charts/sunbird-RC/certificatesign/templates/hpa.yaml index cb527919ea..fd75ba3280 100644 --- a/kubernetes/helm_charts/sunbird-RC/certificatesign/templates/hpa.yaml +++ b/kubernetes/helm_charts/sunbird-RC/certificatesign/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/kubernetes/helm_charts/sunbird-RC/registry/templates/hpa.yaml b/kubernetes/helm_charts/sunbird-RC/registry/templates/hpa.yaml index cb527919ea..fd75ba3280 100644 --- a/kubernetes/helm_charts/sunbird-RC/registry/templates/hpa.yaml +++ b/kubernetes/helm_charts/sunbird-RC/registry/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ .Chart.Name }} @@ -16,12 +16,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} -{{- end }} +{{- end }} \ No newline at end of file From 41bbacbe24a14a56296b87875dce8f2fe599b21f Mon Sep 17 00:00:00 2001 From: Shashank Nandennnavar <52485027+shashank-nand@users.noreply.github.com> Date: Wed, 8 Nov 2023 12:59:26 +0530 Subject: [PATCH 393/434] Update values.j2 --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 70281491af..7e14957435 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -756,7 +756,7 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://player; } - {# + { location ~* ^/.well-known/assetlinks.json { # Enabling cache for Response code 200 expires 1M; @@ -794,7 +794,7 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass $bucket; } - #} + } location ~* ^/desktop/(.*) { # Enabling cache for Response code 200 expires 1M; From 09a85c0a248e2d4a6f8ac1efa8ac914e25a0af0d Mon Sep 17 00:00:00 2001 From: Shashank Nandennnavar <52485027+shashank-nand@users.noreply.github.com> Date: Wed, 8 Nov 2023 13:11:35 +0530 Subject: [PATCH 394/434] Update values.j2 --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index 7e14957435..e422d24bce 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -756,7 +756,6 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass http://player; } - { location ~* ^/.well-known/assetlinks.json { # Enabling cache for Response code 200 expires 1M; From 0857f75ad7306d691aba72b282fad772dba5fb81 Mon Sep 17 00:00:00 2001 From: Shashank Nandennnavar <52485027+shashank-nand@users.noreply.github.com> Date: Wed, 8 Nov 2023 13:17:38 +0530 Subject: [PATCH 395/434] Update values.j2 --- kubernetes/helm_charts/core/nginx-public-ingress/values.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 index e422d24bce..e325f5d339 100644 --- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 +++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 @@ -793,7 +793,6 @@ proxyconfig: |- proxy_set_header X-Request-ID $sb_request_id; proxy_pass $bucket; } - } location ~* ^/desktop/(.*) { # Enabling cache for Response code 200 expires 1M; From 18a3b918cf2e1d58ec27393c12fb580a83d739af Mon Sep 17 00:00:00 2001 From: anilgupta Date: Fri, 10 Nov 2023 10:55:18 +0530 Subject: [PATCH 396/434] Issue #LR-122 chore: renamed from sunbird_keyspace to sunbird_userorg_keyspace --- ansible/roles/stack-sunbird/templates/sunbird_lms-service.env | 2 +- ansible/roles/stack-sunbird/templates/userorg-service.env | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 17245019c6..a30288d309 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -167,7 +167,7 @@ exhaust_api_list_endpoint=/request/list/ content_read_url=/content/v3/read/ # Release-5.4.0 - LR-511 -sunbird_keyspace=sunbird +sunbird_userorg_keyspace=sunbird sunbird_course_keyspace=sunbird_courses sunbird_redis_db_index={{sunbird_redis_db_index|default(0)}} es_course_index=cbatch diff --git a/ansible/roles/stack-sunbird/templates/userorg-service.env b/ansible/roles/stack-sunbird/templates/userorg-service.env index 2c07df56e9..e79586ffa2 100644 --- a/ansible/roles/stack-sunbird/templates/userorg-service.env +++ b/ansible/roles/stack-sunbird/templates/userorg-service.env @@ -133,4 +133,4 @@ isMultiDCEnabled={{cassandra_multi_dc_enabled}} es_user_notes_index=usernotes es_location_index=location es_user_feed_index=userfeed -sunbird_keyspace=sunbird \ No newline at end of file +sunbird_userorg_keyspace=sunbird \ No newline at end of file From 948172807e18bd0b998cbb0659586856493c6e88 Mon Sep 17 00:00:00 2001 From: anilgupta Date: Mon, 13 Nov 2023 13:00:45 +0530 Subject: [PATCH 397/434] Issue #LR-122 chore: reverted userorg_user to learner_user based on review comment. --- ansible/logstash-provision.yml | 16 ++++++++-------- .../roles/lms-logstash-deploy/defaults/main.yml | 4 ++-- ansible/roles/lms-logstash-deploy/tasks/main.yml | 6 +++--- ansible/roles/logstash/defaults/main.yml | 4 ++-- ansible/roles/logstash/tasks/main.yml | 12 ++++++------ ansible/roles/logstash/templates/logstash.j2 | 2 +- .../roles/logstash/templates/logstash.service.j2 | 4 ++-- ansible/roles/redis-backup/defaults/main.yml | 2 +- 8 files changed, 25 insertions(+), 25 deletions(-) diff --git a/ansible/logstash-provision.yml b/ansible/logstash-provision.yml index c4eb7945b0..c765252c9c 100644 --- a/ansible/logstash-provision.yml +++ b/ansible/logstash-provision.yml @@ -1,24 +1,24 @@ - hosts: cassandra vars: - userorg_group: userorg - userorg_name: userorg + learner_group: learner + learner_name: learner vars_files: - "{{inventory_dir}}/secrets.yml" pre_tasks: - - name: Create userorg group + - name: Create learner group become: yes group: state: present - name: "{{ userorg_group }}" + name: "{{ learner_group }}" system: yes - - name: Create userorg user + - name: Create learner user become: yes user: state: present - name: "{{ userorg_user }}" - comment: userorg user + name: "{{ learner_user }}" + comment: learner user system: yes createhome: yes - group: "{{ userorg_group }}" + group: "{{ learner_group }}" roles: - logstash diff --git a/ansible/roles/lms-logstash-deploy/defaults/main.yml b/ansible/roles/lms-logstash-deploy/defaults/main.yml index 725abaf7ea..470b6b496d 100644 --- a/ansible/roles/lms-logstash-deploy/defaults/main.yml +++ b/ansible/roles/lms-logstash-deploy/defaults/main.yml @@ -1,5 +1,5 @@ -userorg_user: userorg -learner_user_home: /home/{{userorg_user}} +learner_user: learner +learner_user_home: /home/{{learner_user}} logstash_version: 6.3.1 logstash_home: "{{learner_user_home}}/logstash-{{logstash_version}}" kafka_topic_prefix: "{{env}}" diff --git a/ansible/roles/lms-logstash-deploy/tasks/main.yml b/ansible/roles/lms-logstash-deploy/tasks/main.yml index ae9aa92558..9069343afa 100644 --- a/ansible/roles/lms-logstash-deploy/tasks/main.yml +++ b/ansible/roles/lms-logstash-deploy/tasks/main.yml @@ -1,10 +1,10 @@ - name: permissions become: yes - file: path={{ logstash_home }} mode=775 owner={{ userorg_user }} group={{ userorg_user }} recurse=yes + file: path={{ logstash_home }} mode=775 owner={{ learner_user }} group={{ learner_user }} recurse=yes - name: Copy logstash configuration files for platform become: yes - become_user: "{{userorg_user}}" + become_user: "{{learner_user}}" template: src={{item}}.j2 dest={{ logstash_home }}/{{item}}.conf with_items: "{{ platform.logstash_config }}" @@ -15,7 +15,7 @@ - name: create folder for logs become: yes - become_user: "{{userorg_user}}" + become_user: "{{learner_user}}" file: path={{logstash_home}}/logs state=directory mode=0755 - name: Start logstash processes related to platform diff --git a/ansible/roles/logstash/defaults/main.yml b/ansible/roles/logstash/defaults/main.yml index eac428d0cc..ed37b53a6f 100644 --- a/ansible/roles/logstash/defaults/main.yml +++ b/ansible/roles/logstash/defaults/main.yml @@ -1,7 +1,7 @@ --- # vars file for logstash -userorg_user: userorg -learner_user_home: /home/{{userorg_user}} +learner_user: learner +learner_user_home: /home/{{learner_user}} logstash_home: "{{learner_user_home}}/logstash-{{logstash_version}}" ip: localhost port: 9092 diff --git a/ansible/roles/logstash/tasks/main.yml b/ansible/roles/logstash/tasks/main.yml index 2d2840e8eb..506c3fa43c 100644 --- a/ansible/roles/logstash/tasks/main.yml +++ b/ansible/roles/logstash/tasks/main.yml @@ -2,25 +2,25 @@ # tasks file for logstash - name: add permissions become: yes - file: path={{learner_user_home}} mode=0755 recurse=yes owner={{userorg_user}} group={{userorg_user}} + file: path={{learner_user_home}} mode=0755 recurse=yes owner={{learner_user}} group={{learner_user}} - name: Download the zip become: yes - become_user: "{{userorg_user}}" + become_user: "{{learner_user}}" get_url: url=https://artifacts.elastic.co/downloads/logstash/logstash-{{logstash_version}}.tar.gz dest={{learner_user_home}} timeout=1000 force=yes - name: unzip become: yes - become_user: "{{userorg_user}}" - unarchive: src={{learner_user_home}}/logstash-{{logstash_version}}.tar.gz dest={{learner_user_home}} copy=no group={{userorg_user}} owner={{userorg_user}} creates={{learner_user_home}}/logstash-{{logstash_version}} + become_user: "{{learner_user}}" + unarchive: src={{learner_user_home}}/logstash-{{logstash_version}}.tar.gz dest={{learner_user_home}} copy=no group={{learner_user}} owner={{learner_user}} creates={{learner_user_home}}/logstash-{{logstash_version}} - name: set permissions become: yes - file: path={{learner_user_home}}/logstash-{{logstash_version}} owner={{userorg_user}} group={{userorg_user}} mode=0755 recurse=yes + file: path={{learner_user_home}}/logstash-{{logstash_version}} owner={{learner_user}} group={{learner_user}} mode=0755 recurse=yes - name: Delete the logstash zip file become: yes - become_user: "{{ userorg_user }}" + become_user: "{{ learner_user }}" file: path={{learner_user_home}}/logstash-{{logstash_version}}.tar.gz state=absent - name: Detect if this is a systemd based system diff --git a/ansible/roles/logstash/templates/logstash.j2 b/ansible/roles/logstash/templates/logstash.j2 index 9e49c3d72b..847f0223f5 100644 --- a/ansible/roles/logstash/templates/logstash.j2 +++ b/ansible/roles/logstash/templates/logstash.j2 @@ -9,7 +9,7 @@ ### END INIT INFO SCRIPT='{{learner_user_home}}/logstash-{{logstash_version}}/bin/logstash -f {{learner_user_home}}/logstash-{{logstash_version}}/logstash-lms.conf --verbose' -RUNAS="{{ userorg_user }}" +RUNAS="{{ learner_user }}" PROCESS_NUM='ps -ef | grep "$SCRIPT" | grep -v "grep" | wc -l' PIDFILE=/var/run/logstash.pid diff --git a/ansible/roles/logstash/templates/logstash.service.j2 b/ansible/roles/logstash/templates/logstash.service.j2 index 1a6f2f0d2a..fa46eddc16 100644 --- a/ansible/roles/logstash/templates/logstash.service.j2 +++ b/ansible/roles/logstash/templates/logstash.service.j2 @@ -4,8 +4,8 @@ Description=logstash Daemon [Service] Environment="_JAVA_OPTIONS='-Dlog4j2.formatMsgNoLookups=true'" Type=simple -User={{userorg_user}} -Group={{userorg_user}} +User={{learner_user}} +Group={{learner_user}} LimitNOFILE=32768 Restart=on-failure #Environment="{{ logstash_jvm_opts }}" diff --git a/ansible/roles/redis-backup/defaults/main.yml b/ansible/roles/redis-backup/defaults/main.yml index e05d691e74..54b7c60a89 100644 --- a/ansible/roles/redis-backup/defaults/main.yml +++ b/ansible/roles/redis-backup/defaults/main.yml @@ -1,5 +1,5 @@ redis_backup_dir: /tmp/redis-backup -userorg_user: learning +learner_user: learning cloud_storage_redisbackup_bucketname: "{{ cloud_storage_management_bucketname }}" cloud_storage_redisbackup_foldername: nodebb-redis-backup From 4a0425ac3d48b77b688997ec29a9ff2d5e19cac7 Mon Sep 17 00:00:00 2001 From: Jayaprakash8887 Date: Mon, 13 Nov 2023 16:52:17 +0530 Subject: [PATCH 398/434] Issue #LR-676 feat: Delete User --- .../roles/stack-sunbird/templates/sunbird_learner-service.env | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env index 7a898fc0e3..0d90b86cb7 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_learner-service.env @@ -134,3 +134,4 @@ isMultiDCEnabled={{cassandra_multi_dc_enabled}} # Release-7.0.0 user-deletion-roles=public +user-deletion-broadcast-topic={{env_name}}.delete.user From cb7eed5acaece2f69d228583a5ecb1c980198a45 Mon Sep 17 00:00:00 2001 From: Ankit Shahu Date: Wed, 29 Nov 2023 10:55:51 +0530 Subject: [PATCH 399/434] added env variable for user delete flow for ml services (#3921) * added env variable for user delete flow * Updating PR * Added Manage learn in on and off --------- Co-authored-by: ankitshahu --- .../stack-sunbird/templates/ml-core-service.env | 17 ++++++++++++++++- .../templates/ml-projects-service.env | 15 +++++++++++++++ .../templates/ml-survey-service.env | 15 +++++++++++++++ 3 files changed, 46 insertions(+), 1 deletion(-) diff --git a/ansible/roles/stack-sunbird/templates/ml-core-service.env b/ansible/roles/stack-sunbird/templates/ml-core-service.env index 9f08caa028..fad182d7da 100755 --- a/ansible/roles/stack-sunbird/templates/ml-core-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-core-service.env @@ -69,4 +69,19 @@ KAFKA_GROUP_ID={{ml_core_kafka_group_id | default("ml-core-service")}} PROGRAM_USERS_JOINED_TOPIC={{ml_core_program_users_joined_topic | default (env_name+".programuser.info")}} #TimeOffset with respect to UTC -TIMEZONE_DIFFRENECE_BETWEEN_LOCAL_TIME_AND_UTC={{ml_core_timezone_diffrenece_between_local_time_and_utc | default ("+05:30")}} \ No newline at end of file +TIMEZONE_DIFFRENECE_BETWEEN_LOCAL_TIME_AND_UTC={{ml_core_timezone_diffrenece_between_local_time_and_utc | default ("+05:30")}} + +#User Delete on and off flow +USER_DELETE_ON_OFF={{manage_learn_ user_delete_on_off | default("ON")}} + +#Topic name for user delete event consumer Topic Name +USER_DELETE_TOPIC={{user_delete_topic_name | default(env_name+".delete.user")}} + +#ml core service id +ID={{ml_core_service_id | default(env_name+"."+sunbird_instance+".ml.core.service")}} + +#Telemetry enable/disbale service +TELEMETRY_ON_OFF={{manage_learn_telemetry_on_off | default("ON")}} + +#Topic name for telemetry +TELEMETRY_TOPIC={{telemetry_raw_topic_name | default(env_name+".telemetry.raw")}} \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/ml-projects-service.env b/ansible/roles/stack-sunbird/templates/ml-projects-service.env index 5cb7856ba5..d26226da9c 100644 --- a/ansible/roles/stack-sunbird/templates/ml-projects-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-projects-service.env @@ -42,3 +42,18 @@ USER_SERVICE_URL={{ml_project_user_service_URL | default("http://userorg-service # certificate issuer KID value CERTIFICATE_ISSUER_KID={{certificate_issuer_kid | default("")}} + +#User Delete on and off flow +USER_DELETE_ON_OFF={{manage_learn_ user_delete_on_off | default("ON")}} + +#Topic name for user delete event consumer Topic Name +USER_DELETE_TOPIC={{user_delete_topic_name | default(env_name+".delete.user")}} + +#ml core service id +ID={{ml_core_service_id | default(env_name+"."+sunbird_instance+".ml.project.service")}} + +#Telemetry enable/disbale service +TELEMETRY_ON_OFF={{manage_learn_telemetry_on_off | default("ON")}} + +#Topic name for telemetry +TELEMETRY_TOPIC={{telemetry_raw_topic_name | default(env_name+".telemetry.raw")}} \ No newline at end of file diff --git a/ansible/roles/stack-sunbird/templates/ml-survey-service.env b/ansible/roles/stack-sunbird/templates/ml-survey-service.env index 187a5b1120..85ac5d57dc 100644 --- a/ansible/roles/stack-sunbird/templates/ml-survey-service.env +++ b/ansible/roles/stack-sunbird/templates/ml-survey-service.env @@ -65,3 +65,18 @@ KEYCLOAK_PUBLIC_KEY_PATH={{ml_survey_keycloak_public_key_path|default("keycloak- ## portal url of env APP_PORTAL_BASE_URL={{ proto }}://{{ domain_name }} + +#User Delete on and off flow +USER_DELETE_ON_OFF={{manage_learn_ user_delete_on_off | default("ON")}} + +#Topic name for user delete event consumer Topic Name +USER_DELETE_TOPIC={{user_delete_topic_name | default(env_name+".delete.user")}} + +#ml core service id +ID={{ml_core_service_id | default(env_name+"."+sunbird_instance+".ml.survey.service")}} + +#Telemetry enable/disbale service +TELEMETRY_ON_OFF={{manage_learn_telemetry_on_off | default("ON")}} + +#Topic name for telemetry +TELEMETRY_TOPIC={{telemetry_raw_topic_name | default(env_name+".telemetry.raw")}} From 4e4ea14fd0e91b25e11696fa3eaa14a232fe2f8b Mon Sep 17 00:00:00 2001 From: sanketnagdive <31030038+sanketnagdive@users.noreply.github.com> Date: Fri, 1 Dec 2023 10:27:33 +0530 Subject: [PATCH 400/434] Monitoring fix (#3926) * Fix syntax (#3894) * Updated vars for cron schedule (#3895) * Updated vars for cron schedule * Update main.yml * [ED-2793] Fix: release-6.0.0 installation issues (#3900) * Update Jenkins version * Fix job parameter * Fix error: You need to install jmespath prior to running json_query filter * Update main.yml with cassandra (#3845) (#3901) Co-authored-by: gohilamariappan <41056032+gohilamariappan@users.noreply.github.com> * ED-2838: ##Release-6.0.0 new variables (#3899) * ED-2838 Release-6.0.0 new variables * Added with comments * ED-2838 jenkins josb update and new variables * added storage endpoint detials * [ED-2793] Fix installation issues (#3905) * Update maven repo url * Add missing jobs * Fix docker creds secrets issue when having specialcharacters * release-6 * updated api version * updated api version * updated api version * disabled PSP * disabled psp * updated * updated * updated * updated fix * updated fix * updated * updated * Update prometheus-operator.yaml * updated fix * updated fix * updated servicemonitor * updated servicemonitor --------- Co-authored-by: santhosh-tg <93243580+santhosh-tg@users.noreply.github.com> Co-authored-by: Raghupathi Guduri Co-authored-by: gohilamariappan <41056032+gohilamariappan@users.noreply.github.com> Co-authored-by: Prasath Sivasubramaniyan Co-authored-by: Shashank Nandennnavar <52485027+shashank-nand@users.noreply.github.com> Co-authored-by: shashank-nand --- .../templates/prometheus-operator.yaml | 4 + .../templates/poddisruptionbudget.yaml | 2 +- .../dashboards/dashboards/values.yaml | 2 +- .../monitoring/dashboards/values.yaml | 4 +- .../templates/podsecuritypolicies.yaml | 2 +- .../charts/redis/templates/_helpers.tpl | 6 +- .../templates/poddisruptionbudget.yaml | 2 +- .../monitoring/prometheus-operator/.gitignore | 9 + .../prometheus-operator/.helmignore | 4 +- .../prometheus-operator/CONTRIBUTING.md | 6 +- .../monitoring/prometheus-operator/Chart.yaml | 72 +- .../monitoring/prometheus-operator/README.md | 1273 ++- .../charts/crds/Chart.yaml | 3 + .../prometheus-operator/charts/crds/README.md | 3 + .../crds/crds/crd-alertmanagerconfigs.yaml | 5270 +++++++++ .../charts/crds/crds/crd-alertmanagers.yaml | 7411 +++++++++++++ .../charts/crds/crds/crd-podmonitors.yaml | 691 ++ .../charts/crds/crds/crd-probes.yaml | 733 ++ .../crds/crds/crd-prometheusagents.yaml | 8405 ++++++++++++++ .../charts/crds/crds/crd-prometheuses.yaml | 9741 +++++++++++++++++ .../charts/crds/crds/crd-prometheusrules.yaml | 131 + .../charts/crds/crds/crd-scrapeconfigs.yaml | 1185 ++ .../charts/crds/crds/crd-servicemonitors.yaml | 721 ++ .../charts/crds/crds/crd-thanosrulers.yaml | 6910 ++++++++++++ .../charts/grafana/.helmignore | 0 .../charts/grafana/Chart.yaml | 44 +- .../charts/grafana/README.md | 472 +- .../charts/grafana/ci/default-values.yaml | 0 .../grafana/ci/with-affinity-values.yaml | 16 + .../ci/with-dashboard-json-values.yaml | 0 .../grafana/ci/with-dashboard-values.yaml | 0 .../ci/with-extraconfigmapmounts-values.yaml | 7 + .../ci/with-image-renderer-values.yaml | 19 + .../charts/grafana/ci/with-persistence.yaml | 3 + .../grafana/dashboards/custom-dashboard.json | 0 .../charts/grafana/templates/NOTES.txt | 32 +- .../charts/grafana/templates/_helpers.tpl | 215 +- .../charts/grafana/templates/_pod.tpl | 1120 +- .../charts/grafana/templates/clusterrole.yaml | 28 +- .../grafana/templates/clusterrolebinding.yaml | 22 +- .../grafana/templates/configSecret.yaml | 43 + .../configmap-dashboard-provider.yaml | 34 +- .../charts/grafana/templates/configmap.yaml | 129 +- .../templates/dashboards-json-configmap.yaml | 21 +- .../charts/grafana/templates/deployment.yaml | 47 +- .../grafana/templates/extra-manifests.yaml | 4 + .../grafana/templates/headless-service.yaml | 16 +- .../charts/grafana/templates/hpa.yaml | 52 + .../templates/image-renderer-deployment.yaml | 131 + .../grafana/templates/image-renderer-hpa.yaml | 47 + .../image-renderer-network-policy.yaml | 79 + .../templates/image-renderer-service.yaml | 31 + .../image-renderer-servicemonitor.yaml | 48 + .../charts/grafana/templates/ingress.yaml | 70 +- .../grafana/templates/networkpolicy.yaml | 52 + .../templates/poddisruptionbudget.yaml | 24 +- .../grafana/templates/podsecuritypolicy.yaml | 35 +- .../charts/grafana/templates/pvc.yaml | 24 +- .../charts/grafana/templates/role.yaml | 42 +- .../charts/grafana/templates/rolebinding.yaml | 28 +- .../charts/grafana/templates/secret-env.yaml | 8 +- .../charts/grafana/templates/secret.yaml | 16 +- .../charts/grafana/templates/service.yaml | 68 +- .../grafana/templates/serviceaccount.yaml | 14 +- .../grafana/templates/servicemonitor.yaml | 52 + .../charts/grafana/templates/statefulset.yaml | 38 +- .../templates/tests/test-configmap.yaml | 11 +- .../tests/test-podsecuritypolicy.yaml | 19 +- .../grafana/templates/tests/test-role.yaml | 17 +- .../templates/tests/test-rolebinding.yaml | 17 +- .../templates/tests/test-serviceaccount.yaml | 7 +- .../charts/grafana/templates/tests/test.yaml | 33 +- .../charts/grafana/values.yaml | 820 +- .../charts/kube-state-metrics/.helmignore | 0 .../charts/kube-state-metrics/Chart.yaml | 30 +- .../charts/kube-state-metrics/OWNERS | 8 - .../charts/kube-state-metrics/README.md | 142 +- .../kube-state-metrics/templates/NOTES.txt | 13 + .../kube-state-metrics/templates/_helpers.tpl | 109 + .../templates/ciliumnetworkpolicy.yaml | 33 + .../templates/clusterrolebinding.yaml | 13 +- .../templates/crs-configmap.yaml | 16 + .../templates/deployment.yaml | 350 +- .../templates/extra-manifests.yaml | 4 + .../templates/kubeconfig-secret.yaml | 12 + .../templates/networkpolicy.yaml | 43 + .../kube-state-metrics/templates/pdb.yaml | 11 +- .../templates/podsecuritypolicy.yaml | 10 +- .../templates/psp-clusterrole.yaml | 7 +- .../templates/psp-clusterrolebinding.yaml | 9 +- .../templates/rbac-configmap.yaml | 22 + .../templates/{clusterrole.yaml => role.yaml} | 106 +- .../templates/rolebinding.yaml | 24 + .../kube-state-metrics/templates/service.yaml | 35 +- .../templates/serviceaccount.yaml | 13 +- .../templates/servicemonitor.yaml | 111 +- .../templates/stsdiscovery-role.yaml | 9 +- .../templates/stsdiscovery-rolebinding.yaml | 7 +- .../templates/verticalpodautoscaler.yaml | 44 + .../charts/kube-state-metrics/values.yaml | 395 +- .../prometheus-node-exporter/.helmignore | 0 .../prometheus-node-exporter/Chart.yaml | 35 +- .../charts/prometheus-node-exporter/OWNERS | 6 - .../charts/prometheus-node-exporter/README.md | 131 +- .../ci/port-values.yaml | 3 + .../templates/NOTES.txt | 16 +- .../templates/_helpers.tpl | 189 +- .../templates/clusterrole.yaml | 19 + .../templates/clusterrolebinding.yaml | 20 + .../templates/daemonset.yaml | 262 +- .../templates/endpoints.yaml | 8 +- .../templates/extra-manifests.yaml | 4 + .../templates/monitor.yaml | 21 - .../templates/networkpolicy.yaml | 23 + .../templates/podmonitor.yaml | 91 + .../templates/psp-clusterrole.yaml | 11 +- .../templates/psp-clusterrolebinding.yaml | 15 +- .../templates/psp.yaml | 25 +- .../templates/rbac-configmap.yaml | 16 + .../templates/service.yaml | 28 +- .../templates/serviceaccount.yaml | 23 +- .../templates/servicemonitor.yaml | 61 + .../templates/verticalpodautoscaler.yaml | 40 + .../prometheus-node-exporter/values.yaml | 358 +- .../ci/01-provision-crds-values.yaml | 41 + .../ci/02-test-without-crds-values.yaml | 13 + .../ci/03-non-defaults-values.yaml | 8 + .../crds/crd-alertmanager.yaml | 4499 -------- .../crds/crd-podmonitor.yaml | 260 - .../crds/crd-prometheus.yaml | 6001 ---------- .../crds/crd-prometheusrules.yaml | 91 - .../crds/crd-servicemonitor.yaml | 459 - .../crds/crd-thanosrulers.yaml | 4725 -------- .../prometheus-operator/hack/README.md | 58 + .../hack/minikube/README.md | 5 + .../prometheus-operator/hack/minikube/cmd.sh | 82 + .../hack/minikube/values.yaml | 9 + .../prometheus-operator/hack/requirements.txt | 2 + .../hack/sync_grafana_dashboards.py | 252 + .../hack/sync_prometheus_rules.py | 513 + .../prometheus-operator/hack/update_crds.sh | 38 + .../prometheus-operator/requirements.lock | 12 - .../prometheus-operator/requirements.yaml | 16 - .../prometheus-operator/templates/NOTES.txt | 7 +- .../templates/_helpers.tpl | 237 +- .../templates/alertmanager/alertmanager.yaml | 113 +- .../templates/alertmanager/extrasecret.yaml | 20 + .../templates/alertmanager/ingress.yaml | 53 +- .../alertmanager/ingressperreplica.yaml | 40 +- .../alertmanager/podDisruptionBudget.yaml | 14 +- .../alertmanager/psp-clusterrole.yaml | 15 - .../alertmanager/psp-clusterrolebinding.yaml | 17 - .../templates/alertmanager/psp-role.yaml | 12 +- .../alertmanager/psp-rolebinding.yaml | 16 +- .../templates/alertmanager/psp.yaml | 20 +- .../templates/alertmanager/secret.yaml | 16 +- .../templates/alertmanager/service.yaml | 40 +- .../alertmanager/serviceaccount.yaml | 19 +- .../alertmanager/servicemonitor.yaml | 91 +- .../alertmanager/serviceperreplica.yaml | 21 +- .../templates/exporters/core-dns/service.yaml | 8 +- .../exporters/core-dns/servicemonitor.yaml | 21 +- .../kube-api-server/servicemonitor.yaml | 21 +- .../kube-controller-manager/endpoints.yaml | 14 +- .../kube-controller-manager/service.yaml | 14 +- .../servicemonitor.yaml | 27 +- .../templates/exporters/kube-dns/service.yaml | 8 +- .../exporters/kube-dns/servicemonitor.yaml | 21 +- .../exporters/kube-etcd/endpoints.yaml | 8 +- .../exporters/kube-etcd/service.yaml | 8 +- .../exporters/kube-etcd/servicemonitor.yaml | 21 +- .../exporters/kube-proxy/endpoints.yaml | 8 +- .../exporters/kube-proxy/service.yaml | 8 +- .../exporters/kube-proxy/servicemonitor.yaml | 23 +- .../exporters/kube-scheduler/endpoints.yaml | 12 +- .../exporters/kube-scheduler/service.yaml | 14 +- .../kube-scheduler/servicemonitor.yaml | 29 +- .../kube-state-metrics/serviceMonitor.yaml | 30 - .../exporters/kubelet/servicemonitor.yaml | 149 +- .../node-exporter/servicemonitor.yaml | 32 - .../templates/extra-objects.yaml | 4 + .../grafana/configmap-dashboards.yaml | 14 +- .../grafana/configmaps-datasources.yaml | 65 +- .../alertmanager-overview.yaml | 24 + .../grafana/dashboards-1.14/apiserver.yaml | 2260 +--- .../dashboards-1.14/cluster-total.yaml | 1825 +-- .../dashboards-1.14/controller-manager.yaml | 1129 +- .../grafana/dashboards-1.14/etcd.yaml | 1112 +- .../dashboards-1.14/grafana-overview.yaml | 24 + .../grafana/dashboards-1.14/k8s-coredns.yaml | 1338 +-- .../k8s-resources-cluster.yaml | 2580 +---- .../k8s-resources-multicluster.yaml | 24 + .../k8s-resources-namespace.yaml | 2259 +--- .../dashboards-1.14/k8s-resources-node.yaml | 959 +- .../dashboards-1.14/k8s-resources-pod.yaml | 1747 +-- .../k8s-resources-windows-cluster.yaml | 24 + .../k8s-resources-windows-namespace.yaml | 24 + .../k8s-resources-windows-pod.yaml | 24 + .../k8s-resources-workload.yaml | 2010 +--- .../k8s-resources-workloads-namespace.yaml | 2166 +--- .../k8s-windows-cluster-rsrc-use.yaml | 24 + .../k8s-windows-node-rsrc-use.yaml | 24 + .../grafana/dashboards-1.14/kubelet.yaml | 2493 +---- .../dashboards-1.14/namespace-by-pod.yaml | 1419 +-- .../namespace-by-workload.yaml | 1683 +-- .../node-cluster-rsrc-use.yaml | 960 +- .../dashboards-1.14/node-rsrc-use.yaml | 987 +- .../grafana/dashboards-1.14/nodes-darwin.yaml | 24 + .../grafana/dashboards-1.14/nodes.yaml | 983 +- .../persistentvolumesusage.yaml | 569 +- .../grafana/dashboards-1.14/pod-total.yaml | 1186 +- .../grafana/dashboards-1.14/pods.yaml | 675 -- .../prometheus-remote-write.yaml | 1636 +-- .../grafana/dashboards-1.14/prometheus.yaml | 1218 +-- .../grafana/dashboards-1.14/proxy.yaml | 1207 +- .../grafana/dashboards-1.14/scheduler.yaml | 1054 +- .../grafana/dashboards-1.14/statefulset.yaml | 924 -- .../dashboards-1.14/workload-total.yaml | 1388 +-- .../templates/grafana/dashboards/etcd.yaml | 1114 -- .../dashboards/k8s-cluster-rsrc-use.yaml | 957 -- .../grafana/dashboards/k8s-node-rsrc-use.yaml | 984 -- .../dashboards/k8s-resources-cluster.yaml | 1477 --- .../dashboards/k8s-resources-namespace.yaml | 961 -- .../grafana/dashboards/k8s-resources-pod.yaml | 1004 -- .../dashboards/k8s-resources-workload.yaml | 934 -- .../k8s-resources-workloads-namespace.yaml | 970 -- .../templates/grafana/dashboards/nodes.yaml | 1381 --- .../dashboards/persistentvolumesusage.yaml | 571 - .../templates/grafana/dashboards/pods.yaml | 678 -- .../grafana/dashboards/statefulset.yaml | 924 -- .../templates/grafana/servicemonitor.yaml | 32 - .../ciliumnetworkpolicy-createSecret.yaml | 36 + .../ciliumnetworkpolicy-patchWebhook.yaml | 37 + .../job-patch/clusterrole.yaml | 12 +- .../job-patch/clusterrolebinding.yaml | 15 +- .../job-patch/job-createSecret.yaml | 45 +- .../job-patch/job-patchWebhook.yaml | 47 +- .../job-patch/networkpolicy-createSecret.yaml | 33 + .../job-patch/networkpolicy-patchWebhook.yaml | 33 + .../admission-webhooks/job-patch/psp.yaml | 22 +- .../admission-webhooks/job-patch/role.yaml | 10 +- .../job-patch/rolebinding.yaml | 16 +- .../job-patch/serviceaccount.yaml | 14 +- .../mutatingWebhookConfiguration.yaml | 54 +- .../validatingWebhookConfiguration.yaml | 56 +- .../aggregate-clusterroles.yaml | 31 + .../prometheus-operator/certmanager.yaml | 57 + .../ciliumnetworkpolicy.yaml | 41 + .../prometheus-operator/cleanup-crds.yaml | 45 - .../prometheus-operator/clusterrole.yaml | 46 +- .../clusterrolebinding.yaml | 12 +- .../prometheus-operator/deployment.yaml | 190 +- .../prometheus-operator/networkpolicy.yaml | 30 + .../prometheus-operator/psp-clusterrole.yaml | 10 +- .../psp-clusterrolebinding.yaml | 14 +- .../templates/prometheus-operator/psp.yaml | 21 +- .../prometheus-operator/service.yaml | 17 +- .../prometheus-operator/serviceaccount.yaml | 14 +- .../prometheus-operator/servicemonitor.yaml | 28 +- .../verticalpodautoscaler.yaml | 41 + .../templates/prometheus/_rules.tpl | 36 + .../additionalAlertRelabelConfigs.yaml | 8 +- .../additionalAlertmanagerConfigs.yaml | 10 +- .../prometheus/additionalPrometheusRules.yaml | 19 +- .../prometheus/additionalScrapeConfigs.yaml | 14 +- .../prometheus/ciliumnetworkpolicy.yaml | 27 + .../templates/prometheus/clusterrole.yaml | 24 +- .../prometheus/clusterrolebinding.yaml | 12 +- .../templates/prometheus/csi-secret.yaml | 12 + .../templates/prometheus/extrasecret.yaml | 20 + .../templates/prometheus/ingress.yaml | 54 +- .../prometheus/ingressThanosSidecar.yaml | 77 + .../prometheus/ingressperreplica.yaml | 40 +- .../templates/prometheus/networkpolicy.yaml | 34 + .../prometheus/podDisruptionBudget.yaml | 18 +- .../templates/prometheus/podmonitors.yaml | 7 +- .../templates/prometheus/prometheus.yaml | 293 +- .../templates/prometheus/psp-clusterrole.yaml | 10 +- .../prometheus/psp-clusterrolebinding.yaml | 15 +- .../templates/prometheus/psp.yaml | 26 +- .../rules-1.14/alertmanager.rules.yaml | 291 +- .../rules-1.14/config-reloaders.yaml | 57 + .../templates/prometheus/rules-1.14/etcd.yaml | 401 +- .../prometheus/rules-1.14/general.rules.yaml | 93 +- .../prometheus/rules-1.14/k8s.rules.yaml | 277 +- .../kube-apiserver-availability.rules.yaml | 273 + .../kube-apiserver-burnrate.rules.yaml | 440 + .../rules-1.14/kube-apiserver-error.yaml | 173 - .../kube-apiserver-histogram.rules.yaml | 53 + .../rules-1.14/kube-apiserver-slos.yaml | 118 +- .../rules-1.14/kube-apiserver.rules.yaml | 393 - .../kube-prometheus-general.rules.yaml | 32 +- .../kube-prometheus-node-recording.rules.yaml | 76 +- .../rules-1.14/kube-scheduler.rules.yaml | 86 +- .../rules-1.14/kube-state-metrics.yaml | 130 +- .../prometheus/rules-1.14/kubelet.rules.yaml | 44 +- .../rules-1.14/kubernetes-absent.yaml | 127 - .../rules-1.14/kubernetes-apps.yaml | 520 +- .../rules-1.14/kubernetes-resources.yaml | 254 +- .../rules-1.14/kubernetes-storage.yaml | 185 +- .../kubernetes-system-apiserver.yaml | 201 +- .../kubernetes-system-controller-manager.yaml | 38 +- .../kubernetes-system-kube-proxy.yaml | 57 + .../rules-1.14/kubernetes-system-kubelet.yaml | 351 +- .../kubernetes-system-scheduler.yaml | 38 +- .../rules-1.14/kubernetes-system.yaml | 66 +- .../rules-1.14/node-exporter.rules.yaml | 167 +- .../prometheus/rules-1.14/node-exporter.yaml | 695 +- .../prometheus/rules-1.14/node-network.yaml | 35 +- .../prometheus/rules-1.14/node-time.yaml | 32 - .../prometheus/rules-1.14/node.rules.yaml | 89 +- .../rules-1.14/prometheus-operator.yaml | 204 +- .../prometheus/rules-1.14/prometheus.yaml | 561 +- .../rules-1.14/windows.node.rules.yaml | 301 + .../rules-1.14/windows.pod.rules.yaml | 157 + .../prometheus/rules/alertmanager.rules.yaml | 54 - .../templates/prometheus/rules/etcd.yaml | 140 - .../prometheus/rules/general.rules.yaml | 50 - .../templates/prometheus/rules/k8s.rules.yaml | 83 - .../rules/kube-apiserver.rules.yaml | 39 - .../kube-prometheus-node-alerting.rules.yaml | 41 - .../kube-prometheus-node-recording.rules.yaml | 41 - .../rules/kube-scheduler.rules.yaml | 63 - .../prometheus/rules/kubernetes-absent.yaml | 129 - .../prometheus/rules/kubernetes-apps.yaml | 161 - .../rules/kubernetes-resources.yaml | 103 - .../prometheus/rules/kubernetes-storage.yaml | 63 - .../prometheus/rules/kubernetes-system.yaml | 145 - .../prometheus/rules/node-network.yaml | 48 - .../templates/prometheus/rules/node-time.yaml | 34 - .../prometheus/rules/node.rules.yaml | 202 - .../prometheus/rules/prometheus-operator.yaml | 43 - .../prometheus/rules/prometheus.rules.yaml | 109 - .../templates/prometheus/service.yaml | 35 +- .../prometheus/serviceThanosSidecar.yaml | 39 + .../serviceThanosSidecarExternal.yaml | 46 + .../templates/prometheus/serviceaccount.yaml | 14 +- .../templates/prometheus/servicemonitor.yaml | 77 +- .../servicemonitorThanosSidecar.yaml | 45 + .../templates/prometheus/servicemonitors.yaml | 19 +- .../prometheus/serviceperreplica.yaml | 28 +- .../templates/thanos-ruler/extrasecret.yaml | 20 + .../templates/thanos-ruler/ingress.yaml | 77 + .../thanos-ruler/podDisruptionBudget.yaml | 21 + .../templates/thanos-ruler/ruler.yaml | 174 + .../templates/thanos-ruler/secret.yaml | 14 + .../templates/thanos-ruler/service.yaml | 53 + .../thanos-ruler/serviceaccount.yaml | 20 + .../thanos-ruler/servicemonitor.yaml | 72 + .../alertmanager/alertmanager_test.yaml | 26 + .../unittests/alertmanager/ingress_test.yaml | 67 + .../prometheus-operator/values.yaml | 2657 ++++- .../templates/podsecuritypolicy.yaml | 2 +- .../prometheus-redis-exporter/values.yaml | 4 +- 354 files changed, 60566 insertions(+), 71280 deletions(-) create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/.gitignore mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/.helmignore mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/CONTRIBUTING.md mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/Chart.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/README.md create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/Chart.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/README.md create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-alertmanagerconfigs.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-alertmanagers.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-podmonitors.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-probes.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-prometheusagents.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-prometheuses.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-prometheusrules.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-scrapeconfigs.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-servicemonitors.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-thanosrulers.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/.helmignore mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/Chart.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/README.md mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/ci/default-values.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/ci/with-affinity-values.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/ci/with-dashboard-json-values.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/ci/with-dashboard-values.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/ci/with-extraconfigmapmounts-values.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/ci/with-image-renderer-values.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/ci/with-persistence.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/dashboards/custom-dashboard.json mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/NOTES.txt mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/_helpers.tpl mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/_pod.tpl mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/clusterrole.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/clusterrolebinding.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/configSecret.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/configmap-dashboard-provider.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/configmap.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/dashboards-json-configmap.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/deployment.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/extra-manifests.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/headless-service.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/hpa.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/image-renderer-deployment.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/image-renderer-hpa.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/image-renderer-network-policy.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/image-renderer-service.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/image-renderer-servicemonitor.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/ingress.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/networkpolicy.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/poddisruptionbudget.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/podsecuritypolicy.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/pvc.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/role.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/rolebinding.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/secret-env.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/secret.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/service.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/serviceaccount.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/servicemonitor.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/statefulset.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/tests/test-configmap.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/tests/test-podsecuritypolicy.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/tests/test-role.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/tests/test-rolebinding.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/tests/test-serviceaccount.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/templates/tests/test.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/grafana/values.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/.helmignore mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/Chart.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/OWNERS mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/README.md mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/NOTES.txt mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/_helpers.tpl create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/ciliumnetworkpolicy.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/clusterrolebinding.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/crs-configmap.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/deployment.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/extra-manifests.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/kubeconfig-secret.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/networkpolicy.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/pdb.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/podsecuritypolicy.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/psp-clusterrole.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/rbac-configmap.yaml rename kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/{clusterrole.yaml => role.yaml} (51%) mode change 100755 => 100644 create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/rolebinding.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/service.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/serviceaccount.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/servicemonitor.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/stsdiscovery-role.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/templates/verticalpodautoscaler.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/kube-state-metrics/values.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/.helmignore mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/Chart.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/OWNERS mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/README.md create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/ci/port-values.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/templates/NOTES.txt mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/templates/_helpers.tpl create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/templates/clusterrole.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/templates/clusterrolebinding.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/templates/daemonset.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/templates/endpoints.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/templates/extra-manifests.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/templates/monitor.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/templates/networkpolicy.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/templates/podmonitor.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/templates/psp.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/templates/rbac-configmap.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/templates/service.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/templates/serviceaccount.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/templates/servicemonitor.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/templates/verticalpodautoscaler.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/charts/prometheus-node-exporter/values.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/ci/01-provision-crds-values.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/ci/02-test-without-crds-values.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/ci/03-non-defaults-values.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-alertmanager.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-podmonitor.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-prometheus.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-prometheusrules.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-servicemonitor.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/crds/crd-thanosrulers.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/hack/README.md create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/hack/minikube/README.md create mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/hack/minikube/cmd.sh create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/hack/minikube/values.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/hack/requirements.txt create mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/hack/sync_grafana_dashboards.py create mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/hack/sync_prometheus_rules.py create mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/hack/update_crds.sh delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/requirements.lock delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/requirements.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/NOTES.txt mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/_helpers.tpl mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/alertmanager/alertmanager.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/alertmanager/extrasecret.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/alertmanager/ingress.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/alertmanager/ingressperreplica.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/alertmanager/podDisruptionBudget.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/alertmanager/psp-clusterrole.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/alertmanager/psp-clusterrolebinding.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/alertmanager/psp-role.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/alertmanager/psp-rolebinding.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/alertmanager/psp.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/alertmanager/secret.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/alertmanager/service.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/alertmanager/serviceaccount.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/alertmanager/servicemonitor.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/alertmanager/serviceperreplica.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/core-dns/service.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/core-dns/servicemonitor.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/kube-api-server/servicemonitor.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/kube-controller-manager/endpoints.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/kube-controller-manager/service.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/kube-controller-manager/servicemonitor.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/kube-dns/service.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/kube-dns/servicemonitor.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/kube-etcd/endpoints.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/kube-etcd/service.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/kube-etcd/servicemonitor.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/kube-proxy/endpoints.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/kube-proxy/service.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/kube-proxy/servicemonitor.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/kube-scheduler/endpoints.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/kube-scheduler/service.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/kube-scheduler/servicemonitor.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/kube-state-metrics/serviceMonitor.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/kubelet/servicemonitor.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/exporters/node-exporter/servicemonitor.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/extra-objects.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/configmap-dashboards.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/configmaps-datasources.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/alertmanager-overview.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/apiserver.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/cluster-total.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/controller-manager.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/etcd.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/grafana-overview.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/k8s-coredns.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/k8s-resources-multicluster.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/k8s-resources-node.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/k8s-resources-windows-cluster.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/k8s-resources-windows-namespace.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/k8s-resources-windows-pod.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/k8s-windows-cluster-rsrc-use.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/k8s-windows-node-rsrc-use.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/kubelet.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/namespace-by-pod.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/namespace-by-workload.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/node-rsrc-use.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/nodes-darwin.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/nodes.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/pod-total.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/pods.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/prometheus.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/proxy.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/scheduler.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/statefulset.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards-1.14/workload-total.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards/etcd.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards/k8s-node-rsrc-use.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards/k8s-resources-cluster.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards/k8s-resources-namespace.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards/k8s-resources-pod.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards/k8s-resources-workload.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards/nodes.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards/persistentvolumesusage.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards/pods.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/dashboards/statefulset.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/grafana/servicemonitor.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-createSecret.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/ciliumnetworkpolicy-patchWebhook.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-createSecret.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/networkpolicy-patchWebhook.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/aggregate-clusterroles.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/certmanager.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/ciliumnetworkpolicy.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/cleanup-crds.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/clusterrole.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/clusterrolebinding.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/deployment.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/networkpolicy.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/psp-clusterrole.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/psp-clusterrolebinding.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/psp.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/service.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/serviceaccount.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/servicemonitor.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus-operator/verticalpodautoscaler.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/_rules.tpl mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/additionalAlertRelabelConfigs.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/additionalAlertmanagerConfigs.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/additionalPrometheusRules.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/additionalScrapeConfigs.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/ciliumnetworkpolicy.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/clusterrole.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/clusterrolebinding.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/csi-secret.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/extrasecret.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/ingress.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/ingressThanosSidecar.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/ingressperreplica.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/networkpolicy.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/podDisruptionBudget.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/podmonitors.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/prometheus.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/psp-clusterrole.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/psp-clusterrolebinding.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/psp.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/alertmanager.rules.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/config-reloaders.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/etcd.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/general.rules.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/k8s.rules.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kube-apiserver-burnrate.rules.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kube-apiserver-error.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kube-apiserver-histogram.rules.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kube-state-metrics.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kubelet.rules.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kubernetes-absent.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kubernetes-apps.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kubernetes-resources.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kubernetes-storage.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kubernetes-system-kube-proxy.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/kubernetes-system.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/node-exporter.rules.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/node-exporter.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/node-network.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/node-time.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/node.rules.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/prometheus-operator.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/prometheus.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/windows.node.rules.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules-1.14/windows.pod.rules.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules/alertmanager.rules.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules/etcd.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules/general.rules.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules/k8s.rules.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules/kube-apiserver.rules.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules/kube-scheduler.rules.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules/kubernetes-absent.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules/kubernetes-apps.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules/kubernetes-resources.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules/kubernetes-storage.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules/kubernetes-system.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules/node-network.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules/node-time.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules/node.rules.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules/prometheus-operator.yaml delete mode 100755 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/rules/prometheus.rules.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/service.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/serviceThanosSidecar.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/serviceThanosSidecarExternal.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/serviceaccount.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/servicemonitor.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/servicemonitorThanosSidecar.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/servicemonitors.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/prometheus/serviceperreplica.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/thanos-ruler/extrasecret.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/thanos-ruler/ingress.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/thanos-ruler/podDisruptionBudget.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/thanos-ruler/ruler.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/thanos-ruler/secret.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/thanos-ruler/service.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/thanos-ruler/serviceaccount.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/templates/thanos-ruler/servicemonitor.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/unittests/alertmanager/alertmanager_test.yaml create mode 100644 kubernetes/helm_charts/monitoring/prometheus-operator/unittests/alertmanager/ingress_test.yaml mode change 100755 => 100644 kubernetes/helm_charts/monitoring/prometheus-operator/values.yaml diff --git a/kubernetes/ansible/roles/sunbird-monitoring/templates/prometheus-operator.yaml b/kubernetes/ansible/roles/sunbird-monitoring/templates/prometheus-operator.yaml index 9092bcbacb..04fcec6666 100644 --- a/kubernetes/ansible/roles/sunbird-monitoring/templates/prometheus-operator.yaml +++ b/kubernetes/ansible/roles/sunbird-monitoring/templates/prometheus-operator.yaml @@ -49,6 +49,10 @@ alertmanager_spec_overrides: &alertmanager_spec_overrides # Enabling external prometheus scrape config prometheus: prometheusSpec: + additionalScrapeConfigsSecret: + enabled: true + name: {{ fullnameOverride }}-prometheus-scrape-confg + key: additional-scrape-configs.yaml thanos: version: {{ thanos_sidecar_version | d('v0.11.0') }} additionalScrapeConfigsExternal: true diff --git a/kubernetes/helm_charts/monitoring/blackbox-exporter/templates/poddisruptionbudget.yaml b/kubernetes/helm_charts/monitoring/blackbox-exporter/templates/poddisruptionbudget.yaml index 8d54718ed0..1d9644fd6b 100755 --- a/kubernetes/helm_charts/monitoring/blackbox-exporter/templates/poddisruptionbudget.yaml +++ b/kubernetes/helm_charts/monitoring/blackbox-exporter/templates/poddisruptionbudget.yaml @@ -1,4 +1,4 @@ -apiVersion: policy/v1beta1 +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "prometheus-blackbox-exporter.fullname" . }} diff --git a/kubernetes/helm_charts/monitoring/dashboards/dashboards/values.yaml b/kubernetes/helm_charts/monitoring/dashboards/dashboards/values.yaml index b3c41a72f0..8e198d3da9 100644 --- a/kubernetes/helm_charts/monitoring/dashboards/dashboards/values.yaml +++ b/kubernetes/helm_charts/monitoring/dashboards/dashboards/values.yaml @@ -1,6 +1,6 @@ rbac: create: true - pspEnabled: true + pspEnabled: false pspUseAppArmor: true namespaced: false extraRoleRules: [] diff --git a/kubernetes/helm_charts/monitoring/dashboards/values.yaml b/kubernetes/helm_charts/monitoring/dashboards/values.yaml index 7e7f42d74e..0717102dd5 100644 --- a/kubernetes/helm_charts/monitoring/dashboards/values.yaml +++ b/kubernetes/helm_charts/monitoring/dashboards/values.yaml @@ -1,6 +1,6 @@ rbac: - create: true - pspEnabled: true + create: false + pspEnabled: false pspUseAppArmor: true namespaced: false extraRoleRules: [] diff --git a/kubernetes/helm_charts/monitoring/elasticsearch-exporter/templates/podsecuritypolicies.yaml b/kubernetes/helm_charts/monitoring/elasticsearch-exporter/templates/podsecuritypolicies.yaml index fc7c2b6325..f08dd64343 100755 --- a/kubernetes/helm_charts/monitoring/elasticsearch-exporter/templates/podsecuritypolicies.yaml +++ b/kubernetes/helm_charts/monitoring/elasticsearch-exporter/templates/podsecuritypolicies.yaml @@ -1,5 +1,5 @@ {{- if .Values.podSecurityPolicies.enabled -}} -apiVersion: policy/v1beta1 +apiVersion: policy/v1 kind: PodSecurityPolicy metadata: name: {{ template "elasticsearch-exporter.fullname" . }} diff --git a/kubernetes/helm_charts/monitoring/oauth2-proxy/charts/redis/templates/_helpers.tpl b/kubernetes/helm_charts/monitoring/oauth2-proxy/charts/redis/templates/_helpers.tpl index 47f52a3345..53e2d8c7ad 100644 --- a/kubernetes/helm_charts/monitoring/oauth2-proxy/charts/redis/templates/_helpers.tpl +++ b/kubernetes/helm_charts/monitoring/oauth2-proxy/charts/redis/templates/_helpers.tpl @@ -36,7 +36,7 @@ Return the appropriate apiVersion for networkpolicy. */}} {{- define "networkPolicy.apiVersion" -}} {{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} +{{- print "extensions/v1" -}} {{- else -}} {{- print "networking.k8s.io/v1" -}} {{- end -}} @@ -58,9 +58,9 @@ Return the appropriate apiVersion for PodSecurityPolicy. */}} {{- define "podSecurityPolicy.apiVersion" -}} {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy/v1beta1" -}} +{{- print "policy/v1" -}} {{- else -}} -{{- print "extensions/v1beta1" -}} +{{- print "extensions/v1" -}} {{- end -}} {{- end -}} diff --git a/kubernetes/helm_charts/monitoring/oauth2-proxy/templates/poddisruptionbudget.yaml b/kubernetes/helm_charts/monitoring/oauth2-proxy/templates/poddisruptionbudget.yaml index a837fb31ab..902b90819f 100644 --- a/kubernetes/helm_charts/monitoring/oauth2-proxy/templates/poddisruptionbudget.yaml +++ b/kubernetes/helm_charts/monitoring/oauth2-proxy/templates/poddisruptionbudget.yaml @@ -1,5 +1,5 @@ {{- if and .Values.podDisruptionBudget.enabled (gt (.Values.replicaCount | int) 1) }} -apiVersion: policy/v1beta1 +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: labels: diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/.gitignore b/kubernetes/helm_charts/monitoring/prometheus-operator/.gitignore new file mode 100644 index 0000000000..d4230e6f3f --- /dev/null +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/.gitignore @@ -0,0 +1,9 @@ +# Python development for hack +venv +pyvenv.cfg +!** +charts/* +!charts/crds/ +!charts/crds/** +Chart.lock +hack/*.git diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/.helmignore b/kubernetes/helm_charts/monitoring/prometheus-operator/.helmignore old mode 100755 new mode 100644 index aba2fa8ce4..1937f42c7f --- a/kubernetes/helm_charts/monitoring/prometheus-operator/.helmignore +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/.helmignore @@ -23,4 +23,6 @@ OWNERS hack/ ci/ -prometheus-operator-*.tgz +kube-prometheus-*.tgz + +unittests/ diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/CONTRIBUTING.md b/kubernetes/helm_charts/monitoring/prometheus-operator/CONTRIBUTING.md old mode 100755 new mode 100644 index 44533af6e5..f6ce2a3235 --- a/kubernetes/helm_charts/monitoring/prometheus-operator/CONTRIBUTING.md +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/CONTRIBUTING.md @@ -1,10 +1,12 @@ # Contributing Guidelines + ## How to contribute to this chart + 1. Fork this repository, develop and test your Chart. 1. Bump the chart version for every change. -1. Ensure PR title has the prefix `[stable/prometheus-operator]` +1. Ensure PR title has the prefix `[kube-prometheus-stack]` 1. When making changes to rules or dashboards, see the README.md section on how to sync data from upstream repositories 1. Check the `hack/minikube` folder has scripts to set up minikube and components of this chart that will allow all components to be scraped. You can use this configuration when validating your changes. 1. Check for changes of RBAC rules. 1. Check for changes in CRD specs. -1. PR must pass the linter (`helm lint`) \ No newline at end of file +1. PR must pass the linter (`helm lint`) diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/Chart.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/Chart.yaml old mode 100755 new mode 100644 index e4079a2c58..9039aeb3e0 --- a/kubernetes/helm_charts/monitoring/prometheus-operator/Chart.yaml +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/Chart.yaml @@ -1,22 +1,56 @@ -apiVersion: v1 -appVersion: 0.38.1 -description: Provides easy monitoring definitions for Kubernetes services, and deployment - and management of Prometheus instances. -engine: gotpl -home: https://github.com/coreos/prometheus-operator +apiVersion: v2 +description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png -keywords: -- operator -- prometheus +type: application maintainers: -- name: vsliouniaev -- name: bismarck -- email: gianrubio@gmail.com - name: gianrubio -name: prometheus-operator + - name: andrewgkew + email: andrew@quadcorps.co.uk + - name: gianrubio + email: gianrubio@gmail.com + - name: gkarthiks + email: github.gkarthiks@gmail.com + - name: GMartinez-Sisti + email: kube-prometheus-stack@sisti.pt + - name: scottrigby + email: scott@r6by.com + - name: Xtigyro + email: miroslav.hadzhiev@gmail.com + - name: QuentinBisson + email: quentin.bisson@gmail.com +name: kube-prometheus-stack sources: -- https://github.com/coreos/kube-prometheus -- https://github.com/coreos/prometheus-operator -- https://coreos.com/operators/prometheus -tillerVersion: '>=2.12.0' -version: 8.13.7 + - https://github.com/prometheus-community/helm-charts + - https://github.com/prometheus-operator/kube-prometheus +version: 51.9.0 +appVersion: v0.68.0 +kubeVersion: ">=1.19.0-0" +home: https://github.com/prometheus-operator/kube-prometheus +keywords: + - operator + - prometheus + - kube-prometheus +annotations: + "artifacthub.io/license": Apache-2.0 + "artifacthub.io/operator": "true" + "artifacthub.io/links": | + - name: Chart Source + url: https://github.com/prometheus-community/helm-charts + - name: Upstream Project + url: https://github.com/prometheus-operator/kube-prometheus + +dependencies: + - name: crds + version: "0.0.0" + condition: crds.enabled + - name: kube-state-metrics + version: "5.14.*" + repository: https://prometheus-community.github.io/helm-charts + condition: kubeStateMetrics.enabled + - name: prometheus-node-exporter + version: "4.23.*" + repository: https://prometheus-community.github.io/helm-charts + condition: nodeExporter.enabled + - name: grafana + version: "6.60.*" + repository: https://grafana.github.io/helm-charts + condition: grafana.enabled diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/README.md b/kubernetes/helm_charts/monitoring/prometheus-operator/README.md old mode 100755 new mode 100644 index f2a1914bbd..2888b976f3 --- a/kubernetes/helm_charts/monitoring/prometheus-operator/README.md +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/README.md @@ -1,614 +1,801 @@ -# prometheus-operator +# kube-prometheus-stack -Installs [prometheus-operator](https://github.com/coreos/prometheus-operator) to create/configure/manage Prometheus clusters atop Kubernetes. This chart includes multiple components and is suitable for a variety of use-cases. +Installs the [kube-prometheus stack](https://github.com/prometheus-operator/kube-prometheus), a collection of Kubernetes manifests, [Grafana](http://grafana.com/) dashboards, and [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with [Prometheus](https://prometheus.io/) using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator). -The default installation is intended to suit monitoring a kubernetes cluster the chart is deployed onto. It closely matches the kube-prometheus project. -- [prometheus-operator](https://github.com/coreos/prometheus-operator) -- [prometheus](https://prometheus.io/) -- [alertmanager](https://prometheus.io/) -- [node-exporter](https://github.com/helm/charts/tree/master/stable/prometheus-node-exporter) -- [kube-state-metrics](https://github.com/helm/charts/tree/master/stable/kube-state-metrics) -- [grafana](https://github.com/helm/charts/tree/master/stable/grafana) -- service monitors to scrape internal kubernetes components - - kube-apiserver - - kube-scheduler - - kube-controller-manager - - etcd - - kube-dns/coredns - - kube-proxy +See the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) README for details about components, dashboards, and alerts. -With the installation, the chart also includes dashboards and alerts. +_Note: This chart was formerly named `prometheus-operator` chart, now renamed to more clearly reflect that it installs the `kube-prometheus` project stack, within which Prometheus Operator is only one component._ -The same chart can be used to run multiple prometheus instances in the same cluster if required. To achieve this, the other components need to be disabled - it is necessary to run only one instance of prometheus-operator and a pair of alertmanager pods for an HA configuration. +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3+ -## TL;DR; +## Get Helm Repository Info ```console -$ helm install stable/prometheus-operator +helm repo add prometheus-community https://prometheus-community.github.io/helm-charts +helm repo update ``` -## Introduction +_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._ -This chart bootstraps a [prometheus-operator](https://github.com/coreos/prometheus-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. The chart can be installed multiple times to create separate Prometheus instances managed by Prometheus Operator. +## Install Helm Chart -## Prerequisites - - Kubernetes 1.10+ with Beta APIs - - Helm 2.12+ (If using Helm < 2.14, [see below for CRD workaround](#Helm-fails-to-create-CRDs)) +```console +helm install [RELEASE_NAME] prometheus-community/kube-prometheus-stack +``` -## Installing the Chart +_See [configuration](#configuration) below._ -To install the chart with the release name `my-release`: +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ -```console -$ helm install --name my-release stable/prometheus-operator -``` +## Dependencies + +By default this chart installs additional, dependent charts: -The command deploys prometheus-operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. +- [prometheus-community/kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) +- [prometheus-community/prometheus-node-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter) +- [grafana/grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana) -The default installation includes Prometheus Operator, Alertmanager, Grafana, and configuration for scraping Kubernetes infrastructure. +To disable dependencies during installation, see [multiple releases](#multiple-releases) below. -## Uninstalling the Chart +_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._ -To uninstall/delete the `my-release` deployment: +## Uninstall Helm Chart ```console -$ helm delete my-release +helm uninstall [RELEASE_NAME] ``` -The command removes all the Kubernetes components associated with the chart and deletes the release. +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ CRDs created by this chart are not removed by default and should be manually cleaned up: ```console +kubectl delete crd alertmanagerconfigs.monitoring.coreos.com +kubectl delete crd alertmanagers.monitoring.coreos.com +kubectl delete crd podmonitors.monitoring.coreos.com +kubectl delete crd probes.monitoring.coreos.com +kubectl delete crd prometheusagents.monitoring.coreos.com kubectl delete crd prometheuses.monitoring.coreos.com kubectl delete crd prometheusrules.monitoring.coreos.com +kubectl delete crd scrapeconfigs.monitoring.coreos.com kubectl delete crd servicemonitors.monitoring.coreos.com -kubectl delete crd podmonitors.monitoring.coreos.com -kubectl delete crd alertmanagers.monitoring.coreos.com kubectl delete crd thanosrulers.monitoring.coreos.com ``` -## Work-Arounds for Known Issues +## Upgrading Chart -### Running on private GKE clusters -When Google configure the control plane for private clusters, they automatically configure VPC peering between your Kubernetes cluster’s network and a separate Google managed project. In order to restrict what Google are able to access within your cluster, the firewall rules configured restrict access to your Kubernetes pods. This means that in order to use the webhook component with a GKE private cluster, you must configure an additional firewall rule to allow the GKE control plane access to your webhook pod. +```console +helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack +``` -You can read more information on how to add firewall rules for the GKE control plane nodes in the [GKE docs](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules) +With Helm v3, CRDs created by this chart are not updated by default and should be manually updated. +Consult also the [Helm Documentation on CRDs](https://helm.sh/docs/chart_best_practices/custom_resource_definitions). -Alternatively, you can disable the hooks by setting `prometheusOperator.admissionWebhooks.enabled=false`. +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### Upgrading an existing Release to a new major version + +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. + +### From 50.x to 51.x + +This version upgrades Prometheus-Operator to v0.68.0, Prometheus to 2.47.0 and Thanos to v0.32.2 + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 49.x to 50.x + +This version requires Kubernetes 1.19+. + +We do not expect any breaking changes in this version. + +### From 48.x to 49.x + +This version upgrades Prometheus-Operator to v0.67.1, 0, Alertmanager to v0.26.0, Prometheus to 2.46.0 and Thanos to v0.32.0 + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.67.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 47.x to 48.x + +This version moved all CRDs into a dedicated sub-chart. No new CRDs are introduced in this version. +See [#3548](https://github.com/prometheus-community/helm-charts/issues/3548) for more context. + +We do not expect any breaking changes in this version. + +### From 46.x to 47.x + +This version upgrades Prometheus-Operator to v0.66.0 with new CRDs (PrometheusAgent and ScrapeConfig). + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 45.x to 46.x + +This version upgrades Prometheus-Operator to v0.65.1 with new CRDs (PrometheusAgent and ScrapeConfig), Prometheus to v2.44.0 and Thanos to v0.31.0. + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 44.x to 45.x + +This version upgrades Prometheus-Operator to v0.63.0, Prometheus to v2.42.0 and Thanos to v0.30.2. + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.63.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.63.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.63.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.63.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.63.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.63.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.63.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.63.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 43.x to 44.x + +This version upgrades Prometheus-Operator to v0.62.0, Prometheus to v2.41.0 and Thanos to v0.30.1. + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.62.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.62.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.62.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.62.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.62.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.62.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.62.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.62.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +If you have explicitly set `prometheusOperator.admissionWebhooks.failurePolicy`, this value is now always used even when `.prometheusOperator.admissionWebhooks.patch.enabled` is `true` (the default). + +The values for `prometheusOperator.image.tag` & `prometheusOperator.prometheusConfigReloader.image.tag` are now empty by default and the Chart.yaml `appVersion` field is used instead. + +### From 42.x to 43.x + +This version upgrades Prometheus-Operator to v0.61.1, Prometheus to v2.40.5 and Thanos to v0.29.0. + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 41.x to 42.x + +This includes the overridability of container registry for all containers at the global level using `global.imageRegistry` or per container image. The defaults have not changed but if you were using a custom image, you will have to override the registry of said custom container image before you upgrade. + +For instance, the prometheus-config-reloader used to be configured as follow: + +```yaml + image: + repository: quay.io/prometheus-operator/prometheus-config-reloader + tag: v0.60.1 + sha: "" +``` + +But it now moved to: + +```yaml + image: + registry: quay.io + repository: prometheus-operator/prometheus-config-reloader + tag: v0.60.1 + sha: "" +``` + +### From 40.x to 41.x + +This version upgrades Prometheus-Operator to v0.60.1, Prometheus to v2.39.1 and Thanos to v0.28.1. +This version also upgrades the Helm charts of kube-state-metrics to 4.20.2, prometheus-node-exporter to 4.3.0 and Grafana to 6.40.4. + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +This version splits kubeScheduler recording and altering rules in separate config values. +Instead of `defaultRules.rules.kubeScheduler` the 2 new variables `defaultRules.rules.kubeSchedulerAlerting` and `defaultRules.rules.kubeSchedulerRecording` are used. + +### From 39.x to 40.x + +This version upgrades Prometheus-Operator to v0.59.1, Prometheus to v2.38.0, kube-state-metrics to v2.6.0 and Thanos to v0.28.0. +This version also upgrades the Helm charts of kube-state-metrics to 4.18.0 and prometheus-node-exporter to 4.2.0. + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +Starting from prometheus-node-exporter version 4.0.0, the `node exporter` chart is using the [Kubernetes recommended labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/). Therefore you have to delete the daemonset before you upgrade. + +```console +kubectl delete daemonset -l app=prometheus-node-exporter +helm upgrade -i kube-prometheus-stack prometheus-community/kube-prometheus-stack +``` + +If you use your own custom [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor) or [PodMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#podmonitor), please ensure to upgrade their `selector` fields accordingly to the new labels. + +### From 38.x to 39.x + +This upgraded prometheus-operator to v0.58.0 and prometheus to v2.37.0 + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 37.x to 38.x + +Reverted one of the default metrics relabelings for cAdvisor added in 36.x, due to it breaking container_network_* and various other statistics. If you do not want this change, you will need to override the `kubelet.cAdvisorMetricRelabelings`. + +### From 36.x to 37.x + +This includes some default metric relabelings for cAdvisor and apiserver metrics to reduce cardinality. If you do not want these defaults, you will need to override the `kubeApiServer.metricRelabelings` and or `kubelet.cAdvisorMetricRelabelings`. + +### From 35.x to 36.x + +This upgraded prometheus-operator to v0.57.0 and prometheus to v2.36.1 + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 34.x to 35.x + +This upgraded prometheus-operator to v0.56.0 and prometheus to v2.35.0 + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 33.x to 34.x + +This upgrades to prometheus-operator to v0.55.0 and prometheus to v2.33.5. + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 32.x to 33.x + +This upgrades the prometheus-node-exporter Chart to v3.0.0. Please review the changes to this subchart if you make customizations to hostMountPropagation. + +### From 31.x to 32.x + +This upgrades to prometheus-operator to v0.54.0 and prometheus to v2.33.1. It also changes the default for `grafana.serviceMonitor.enabled` to `true. + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 30.x to 31.x + +This version removes the built-in grafana ServiceMonitor and instead relies on the ServiceMonitor of the sub-chart. +`grafana.serviceMonitor.enabled` must be set instead of `grafana.serviceMonitor.selfMonitor` and the old ServiceMonitor may +need to be manually cleaned up after deploying the new release. + +### From 29.x to 30.x + +This version updates kube-state-metrics to 4.3.0 and uses the new option `kube-state-metrics.releaseLabel=true` which adds the "release" label to kube-state-metrics labels, making scraping of the metrics by kube-prometheus-stack work out of the box again, independent of the used kube-prometheus-stack release name. If you already set the "release" label via `kube-state-metrics.customLabels` you might have to remove that and use it via the new option. + +### From 28.x to 29.x + +This version makes scraping port for kube-controller-manager and kube-scheduler dynamic to reflect changes to default serving ports +for those components in Kubernetes versions v1.22 and v1.23 respectively. + +If you deploy on clusters using version v1.22+, kube-controller-manager will be scraped over HTTPS on port 10257. + +If you deploy on clusters running version v1.23+, kube-scheduler will be scraped over HTTPS on port 10259. + +### From 27.x to 28.x + +This version disables PodSecurityPolicies by default because they are deprecated in Kubernetes 1.21 and will be removed in Kubernetes 1.25. + +If you are using PodSecurityPolicies you can enable the previous behaviour by setting `kube-state-metrics.podSecurityPolicy.enabled`, `prometheus-node-exporter.rbac.pspEnabled`, `grafana.rbac.pspEnabled` and `global.rbac.pspEnabled` to `true`. + +### From 26.x to 27.x + +This version splits prometheus-node-exporter chart recording and altering rules in separate config values. +Instead of `defaultRules.rules.node` the 2 new variables `defaultRules.rules.nodeExporterAlerting` and `defaultRules.rules.nodeExporterRecording` are used. + +Also the following defaultRules.rules has been removed as they had no effect: `kubeApiserverError`, `kubePrometheusNodeAlerting`, `kubernetesAbsent`, `time`. + +The ability to set a rubookUrl via `defaultRules.rules.rubookUrl` was reintroduced. + +### From 25.x to 26.x + +This version enables the prometheus-node-exporter subchart servicemonitor by default again, by setting `prometheus-node-exporter.prometheus.monitor.enabled` to `true`. -### Helm fails to create CRDs -You should upgrade to Helm 2.14 + in order to avoid this issue. However, if you are stuck with an earlier Helm release you should instead use the following approach: Due to a bug in helm, it is possible for the 5 CRDs that are created by this chart to fail to get fully deployed before Helm attempts to create resources that require them. This affects all versions of Helm with a [potential fix pending](https://github.com/helm/helm/pull/5112). In order to work around this issue when installing the chart you will need to make sure all 5 CRDs exist in the cluster first and disable their previsioning by the chart: +### From 24.x to 25.x + +This version upgrade to prometheus-operator v0.53.1. It removes support for setting a runbookUrl, since the upstream format for runbooks changed. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 23.x to 24.x + +The custom `ServiceMonitor` for the _kube-state-metrics_ & _prometheus-node-exporter_ charts have been removed in favour of the built-in sub-chart `ServiceMonitor`; for both sub-charts this means that `ServiceMonitor` customisations happen via the values passed to the chart. If you haven't directly customised this behaviour then there are no changes required to upgrade, but if you have please read the following. + +For _kube-state-metrics_ the `ServiceMonitor` customisation is now set via `kube-state-metrics.prometheus.monitor` and the `kubeStateMetrics.serviceMonitor.selfMonitor.enabled` value has moved to `kube-state-metrics.selfMonitor.enabled`. + +For _prometheus-node-exporter_ the `ServiceMonitor` customisation is now set via `prometheus-node-exporter.prometheus.monitor` and the `nodeExporter.jobLabel` values has moved to `prometheus-node-exporter.prometheus.monitor.jobLabel`. + +### From 22.x to 23.x + +Port names have been renamed for Istio's +[explicit protocol selection](https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/#explicit-protocol-selection). + +| | old value | new value | +|-|-----------|-----------| +| `alertmanager.alertmanagerSpec.portName` | `web` | `http-web` | +| `grafana.service.portName` | `service` | `http-web` | +| `prometheus-node-exporter.service.portName` | `metrics` (hardcoded) | `http-metrics` | +| `prometheus.prometheusSpec.portName` | `web` | `http-web` | + +### From 21.x to 22.x + +Due to the upgrade of the `kube-state-metrics` chart, removal of its deployment/stateful needs to done manually prior to upgrading: + +```console +kubectl delete deployments.apps -l app.kubernetes.io/instance=prometheus-operator,app.kubernetes.io/name=kube-state-metrics --cascade=orphan +``` + +or if you use autosharding: + +```console +kubectl delete statefulsets.apps -l app.kubernetes.io/instance=prometheus-operator,app.kubernetes.io/name=kube-state-metrics --cascade=orphan +``` + +### From 20.x to 21.x + +The config reloader values have been refactored. All the values have been moved to the key `prometheusConfigReloader` and the limits and requests can now be set separately. + +### From 19.x to 20.x + +Version 20 upgrades prometheus-operator from 0.50.x to 0.52.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 18.x to 19.x + +`kubeStateMetrics.serviceMonitor.namespaceOverride` was removed. +Please use `kube-state-metrics.namespaceOverride` instead. + +### From 17.x to 18.x + +Version 18 upgrades prometheus-operator from 0.49.x to 0.50.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 16.x to 17.x + +Version 17 upgrades prometheus-operator from 0.48.x to 0.49.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 15.x to 16.x + +Version 16 upgrades kube-state-metrics to v2.0.0. This includes changed command-line arguments and removed metrics, see this [blog post](https://kubernetes.io/blog/2021/04/13/kube-state-metrics-v-2-0/). This version also removes Grafana dashboards that supported Kubernetes 1.14 or earlier. + +### From 14.x to 15.x + +Version 15 upgrades prometheus-operator from 0.46.x to 0.47.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 13.x to 14.x + +Version 14 upgrades prometheus-operator from 0.45.x to 0.46.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 12.x to 13.x + +Version 13 upgrades prometheus-operator from 0.44.x to 0.45.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +``` + +### From 11.x to 12.x + +Version 12 upgrades prometheus-operator from 0.43.x to 0.44.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: -1. Create CRDs ```console -kubectl apply -f https://raw.githubusercontent.com/coreos/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply -f https://raw.githubusercontent.com/coreos/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/coreos/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply -f https://raw.githubusercontent.com/coreos/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply -f https://raw.githubusercontent.com/coreos/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/coreos/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.44/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +``` + +The chart was migrated to support only helm v3 and later. + +### From 10.x to 11.x + +Version 11 upgrades prometheus-operator from 0.42.x to 0.43.x. Starting with 0.43.x an additional `AlertmanagerConfigs` CRD is introduced. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.43/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml ``` -2. Wait for CRDs to be created, which should only take a few seconds +Version 11 removes the deprecated tlsProxy via ghostunnel in favor of native TLS support the prometheus-operator gained with v0.39.0. + +### From 9.x to 10.x + +Version 10 upgrades prometheus-operator from 0.38.x to 0.42.x. Starting with 0.40.x an additional `Probes` CRD is introduced. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: -3. Install the chart, but disable the CRD provisioning by setting `prometheusOperator.createCustomResource=false` ```console -$ helm install --name my-release stable/prometheus-operator --set prometheusOperator.createCustomResource=false +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.42/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml ``` -## Upgrading an existing Release to a new major version +### From 8.x to 9.x + +Version 9 of the helm chart removes the existing `additionalScrapeConfigsExternal` in favour of `additionalScrapeConfigsSecret`. This change lets users specify the secret name and secret key to use for the additional scrape configuration of prometheus. This is useful for users that have prometheus-operator as a subchart and also have a template that creates the additional scrape configuration. + +### From 7.x to 8.x -A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an -incompatible breaking change needing manual actions. +Due to new template functions being used in the rules in version 8.x.x of the chart, an upgrade to Prometheus Operator and Prometheus is necessary in order to support them. First, upgrade to the latest version of 7.x.x -### Upgrading from 7.x.x to 8.x.x -Due to new template functions being used in the rules in version 8.x.x of the chart, an upgrade to Prometheus Operator and Prometheus is necessary in order to support them. -First, upgrade to the latest version of 7.x.x -```sh -helm upgrade stable/prometheus-operator --version 7.4.0 +```console +helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack --version 7.5.0 ``` + Then upgrade to 8.x.x -```sh -helm upgrade stable/prometheus-operator + +```console +helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack --version [8.x.x] ``` + Minimal recommended Prometheus version for this chart release is `2.12.x` -### Upgrading from 6.x.x to 7.x.x +### From 6.x to 7.x + Due to a change in grafana subchart, version 7.x.x now requires Helm >= 2.12.0. -### Upgrading from 5.x.x to 6.x.x +### From 5.x to 6.x + Due to a change in deployment labels of kube-state-metrics, the upgrade requires `helm upgrade --force` in order to re-create the deployment. If this is not done an error will occur indicating that the deployment cannot be modified: -``` +```console invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/name":"kube-state-metrics"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable ``` + If this error has already been encountered, a `helm history` command can be used to determine which release has worked, then `helm rollback` to the release, then `helm upgrade --force` to this new one -## prometheus.io/scrape -The prometheus operator does not support annotation-based discovery of services, using the `serviceMonitor` CRD in its place as it provides far more configuration options. For information on how to use servicemonitors, please see the documentation on the coreos/prometheus-operator documentation here: [Running Exporters](https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/running-exporters.md) +## Configuration -By default, Prometheus discovers ServiceMonitors within its namespace, that are labeled with the same release tag as the prometheus-operator release. -Sometimes, you may need to discover custom ServiceMonitors, for example used to scrape data from third-party applications. An easy way of doing this, without compromising the default ServiceMonitors discovery, is allowing Prometheus to discover all ServiceMonitors within its namespace, without applying label filtering. To do so, you can set `prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues` to `false`. +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: -## Configuration +```console +helm show values prometheus-community/kube-prometheus-stack +``` + +You may also `helm show values` on this chart's [dependencies](#dependencies) for additional options. -The following tables list the configurable parameters of the prometheus-operator chart and their default values. - -### General -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `additionalPrometheusRulesMap` | Map of `prometheusRule` objects to create with the key used as the name of the rule spec. If defined, this will take precedence over `additionalPrometheusRules`. See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusrulespec. | `nil` | -| `additionalPrometheusRules` | *DEPRECATED* Will be removed in a future release. Please use **additionalPrometheusRulesMap** instead. List of `prometheusRule` objects to create. See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusrulespec. | `[]` | -| `commonLabels` | Labels to apply to all resources | `[]` | -| `defaultRules.annotations` | Annotations for default rules for monitoring the cluster | `{}` | -| `defaultRules.appNamespacesTarget` | Specify target Namespaces for app alerts | `".*"` | -| `defaultRules.create` | Create default rules for monitoring the cluster | `true` | -| `defaultRules.labels` | Labels for default rules for monitoring the cluster | `{}` | -| `defaultRules.runbookUrl` | URL prefix for default rule runbook_url annotations | `https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#` | -| `defaultRules.rules.PrometheusOperator` | Create Prometheus Operator default rules| `true` | -| `defaultRules.rules.alertmanager` | Create default rules for Alert Manager | `true` | -| `defaultRules.rules.etcd` | Create default rules for ETCD | `true` | -| `defaultRules.rules.general` | Create General default rules| `true` | -| `defaultRules.rules.k8s` | Create K8S default rules| `true` | -| `defaultRules.rules.kubeApiserver` | Create Api Server default rules| `true` | -| `defaultRules.rules.kubeApiserverError` | Create Api Server Error default rules| `true` | -| `defaultRules.rules.kubePrometheusNodeAlerting` | Create Node Alerting default rules| `true` | -| `defaultRules.rules.kubePrometheusNodeRecording` | Create Node Recording default rules| `true` | -| `defaultRules.rules.kubeScheduler` | Create Kubernetes Scheduler default rules| `true` | -| `defaultRules.rules.kubernetesAbsent` | Create Kubernetes Absent (example API Server down) default rules| `true` | -| `defaultRules.rules.kubernetesApps` | Create Kubernetes Apps default rules| `true` | -| `defaultRules.rules.kubernetesResources` | Create Kubernetes Resources default rules| `true` | -| `defaultRules.rules.kubernetesStorage` | Create Kubernetes Storage default rules| `true` | -| `defaultRules.rules.kubernetesSystem` | Create Kubernetes System default rules| `true` | -| `defaultRules.rules.network` | Create networking default rules | `true` | -| `defaultRules.rules.node` | Create Node default rules | `true` | -| `defaultRules.rules.prometheus` | Create Prometheus default rules| `true` | -| `defaultRules.rules.time` | Create time default rules | `true` | -| `fullnameOverride` | Provide a name to substitute for the full names of resources |`""`| -| `global.imagePullSecrets` | Reference to one or more secrets to be used when pulling images | `[]` | -| `global.rbac.create` | Create RBAC resources | `true` | -| `global.rbac.pspEnabled` | Create pod security policy resources | `true` | -| `global.rbac.pspAnnotations` | Add annotations to the PSP configurations | `{}` | -| `kubeTargetVersionOverride` | Provide a target gitVersion of K8S, in case .Capabilites.KubeVersion is not available (e.g. `helm template`) |`""`| -| `nameOverride` | Provide a name in place of `prometheus-operator` |`""`| -| `kubeTargetVersionOverride` | Provide a k8s version |`""`| - -### Prometheus Operator -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `prometheusOperator.admissionWebhooks.enabled` | Create PrometheusRules admission webhooks. Mutating webhook will patch PrometheusRules objects indicating they were validated. Validating webhook will check the rules syntax. | `true` | -| `prometheusOperator.admissionWebhooks.failurePolicy` | Failure policy for admission webhooks | `Fail` | -| `prometheusOperator.admissionWebhooks.patch.enabled` | If true, will use a pre and post install hooks to generate a CA and certificate to use for the prometheus operator tls proxy, and patch the created webhooks with the CA. | `true` | -| `prometheusOperator.admissionWebhooks.patch.image.pullPolicy` | Image pull policy for the webhook integration jobs | `IfNotPresent` | -| `prometheusOperator.admissionWebhooks.patch.image.repository` | Repository to use for the webhook integration jobs | `jettech/kube-webhook-certgen` | -| `prometheusOperator.admissionWebhooks.patch.image.tag` | Tag to use for the webhook integration jobs | `v1.2.0` | -| `prometheusOperator.admissionWebhooks.patch.resources` | Resource limits for admission webhook | `{}` | -| `prometheusOperator.admissionWebhooks.patch.nodeSelector` | Node selector for running admission hook patch jobs | `nil` | -| `prometheusOperator.admissionWebhooks.patch.podAnnotations` | Annotations for the webhook job pods | `nil` | -| `prometheusOperator.admissionWebhooks.patch.priorityClassName` | Priority class for the webhook integration jobs | `nil` | -| `prometheusOperator.affinity` | Assign custom affinity rules to the prometheus operator https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` | -| `prometheusOperator.cleanupCustomResource` | Attempt to delete CRDs when the release is removed. This option may be useful while testing but is not recommended, as deleting the CRD definition will delete resources and prevent the operator from being able to clean up resources that it manages | `false` | -| `prometheusOperator.configReloaderCpu` | Set the prometheus config reloader side-car CPU limit. If unset, uses the prometheus-operator project default | `nil` | -| `prometheusOperator.configReloaderMemory` | Set the prometheus config reloader side-car memory limit. If unset, uses the prometheus-operator project default | `nil` | -| `prometheusOperator.configmapReloadImage.repository` | Repository for configmapReload image | `quay.io/coreos/configmap-reload` | -| `prometheusOperator.configmapReloadImage.tag` | Tag for configmapReload image | `v0.0.1` | -| `prometheusOperator.createCustomResource` | Create CRDs. Required if deploying anything besides the operator itself as part of the release. The operator will create / update these on startup. If your Helm version < 2.10 you will have to either create the CRDs first or deploy the operator first, then the rest of the resources. Regardless of value of this, Helm v3+ will install the CRDs if those are not present already. Use `--skip-crds` with `helm install` if you want to skip CRD creation | `true` | -| `prometheusOperator.namespaces` | Namespaces to scope the interaction of the Prometheus Operator and the apiserver (allow list). This is mutually exclusive with `denyNamespaces`. Setting this to an empty object will disable the configuration | `{}` | -| `prometheusOperator.namespaces.releaseNamespace` | Include the release namespace | `false` | -| `prometheusOperator.namespaces.additional` | Include additional namespaces besides the release namespace | `[]` | -| `prometheusOperator.manageCrds` |If true prometheus operator will create and update its CRDs on startup | `true` | -| `prometheusOperator.denyNamespaces` | Namespaces not to scope the interaction of the Prometheus Operator (deny list). This is mutually exclusive with `namespaces` | `[]` | -| `prometheusOperator.enabled` | Deploy Prometheus Operator. Only one of these should be deployed into the cluster | `true` | -| `prometheusOperator.hyperkubeImage.pullPolicy` | Image pull policy for hyperkube image used to perform maintenance tasks | `IfNotPresent` | -| `prometheusOperator.hyperkubeImage.repository` | Repository for hyperkube image used to perform maintenance tasks | `k8s.gcr.io/hyperkube` | -| `prometheusOperator.hyperkubeImage.tag` | Tag for hyperkube image used to perform maintenance tasks | `v1.12.1` | -| `prometheusOperator.image.pullPolicy` | Pull policy for prometheus operator image | `IfNotPresent` | -| `prometheusOperator.image.repository` | Repository for prometheus operator image | `quay.io/coreos/prometheus-operator` | -| `prometheusOperator.image.tag` | Tag for prometheus operator image | `v0.38.1` | -| `prometheusOperator.kubeletService.enabled` | If true, the operator will create and maintain a service for scraping kubelets | `true` | -| `prometheusOperator.kubeletService.namespace` | Namespace to deploy kubelet service | `kube-system` | -| `prometheusOperator.logFormat` | Operator log output formatting | `"logfmt"` | -| `prometheusOperator.logLevel` | Operator log level. Possible values: "all", "debug", "info", "warn", "error", "none" | `"info"` | -| `prometheusOperator.nodeSelector` | Prometheus operator node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` | -| `prometheusOperator.podAnnotations` | Annotations to add to the operator pod | `{}` | -| `prometheusOperator.podLabels` | Labels to add to the operator pod | `{}` | -| `prometheusOperator.priorityClassName` | Name of Priority Class to assign pods | `nil` | -| `prometheusOperator.prometheusConfigReloaderImage.repository` | Repository for config-reloader image | `quay.io/coreos/prometheus-config-reloader` | -| `prometheusOperator.prometheusConfigReloaderImage.tag` | Tag for config-reloader image | `v0.38.1` | -| `prometheusOperator.resources` | Resource limits for prometheus operator | `{}` | -| `prometheusOperator.securityContext` | SecurityContext for prometheus operator | `{"runAsNonRoot": true, "runAsUser": 65534}` | -| `prometheusOperator.service.annotations` | Annotations to be added to the prometheus operator service | `{}` | -| `prometheusOperator.service.clusterIP` | Prometheus operator service clusterIP IP | `""` | -| `prometheusOperator.service.externalIPs` | List of IP addresses at which the Prometheus Operator server service is available | `[]` | -| `prometheusOperator.service.labels` | Prometheus Operator Service Labels | `{}` | -| `prometheusOperator.service.loadBalancerIP` | Prometheus Operator Loadbalancer IP | `""` | -| `prometheusOperator.service.loadBalancerSourceRanges` | Prometheus Operator Load Balancer Source Ranges | `[]` | -| `prometheusOperator.service.nodePortTls` | TLS port to expose prometheus operator service on each node | `30443` | -| `prometheusOperator.service.nodePort` | Port to expose prometheus operator service on each node | `30080` | -| `prometheusOperator.service.type` | Prometheus operator service type | `ClusterIP` | -| `prometheusOperator.serviceAccount.create` | Create a serviceaccount for the operator | `true` | -| `prometheusOperator.serviceAccount.name` | Operator serviceAccount name | `""` | -| `prometheusOperator.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `prometheusOperator.serviceMonitor.metricRelabelings` | The `metric_relabel_configs` for scraping the operator instance. | `` | -| `prometheusOperator.serviceMonitor.relabelings` | The `relabel_configs` for scraping the operator instance. | `` | -| `prometheusOperator.serviceMonitor.selfMonitor` | Enable monitoring of prometheus operator | `true` | -| `prometheusOperator.tlsProxy.enabled` | Enable a TLS proxy container. Only the `squareup/ghostunnel` command line arguments are currently supported and the secret where the cert is loaded from is expected to be provided by the admission webhook | `true` | -| `prometheusOperator.tlsProxy.image.repository` | Repository for the TLS proxy container | `squareup/ghostunnel` | -| `prometheusOperator.tlsProxy.image.tag` | Repository for the TLS proxy container | `v1.5.2` | -| `prometheusOperator.tlsProxy.image.pullPolicy` | Image pull policy for the TLS proxy container | `IfNotPresent` | -| `prometheusOperator.tlsProxy.resources` | Resource requests and limits for the TLS proxy container | `{}` | -| `prometheusOperator.tolerations` | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` | - - -### Prometheus -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `prometheus.additionalServiceMonitors` | List of `ServiceMonitor` objects to create. See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitorspec | `[]` | -| `prometheus.enabled` | Deploy prometheus | `true` | -| `prometheus.annotations` | Prometheus annotations | `{}` | -| `prometheus.ingress.annotations` | Prometheus Ingress annotations | `{}` | -| `prometheus.ingress.enabled` | If true, Prometheus Ingress will be created | `false` | -| `prometheus.ingress.hosts` | Prometheus Ingress hostnames | `[]` | -| `prometheus.ingress.labels` | Prometheus Ingress additional labels | `{}` | -| `prometheus.ingress.paths` | Prometheus Ingress paths | `[]` | -| `prometheus.ingress.tls` | Prometheus Ingress TLS configuration (YAML) | `[]` | -| `prometheus.ingressPerReplica.annotations` | Prometheus pre replica Ingress annotations | `{}` | -| `prometheus.ingressPerReplica.enabled` | If true, create an Ingress for each Prometheus server replica in the StatefulSet | `false` | -| `prometheus.ingressPerReplica.hostPrefix` | | `""` | -| `prometheus.ingressPerReplica.hostDomain` | | `""` | -| `prometheus.ingressPerReplica.labels` | Prometheus per replica Ingress additional labels | `{}` | -| `prometheus.ingressPerReplica.paths` | Prometheus per replica Ingress paths | `[]` | -| `prometheus.ingressPerReplica.tlsSecretName` | Secret name containing the TLS certificate for Prometheus per replica ingress | `[]` | -| `prometheus.ingressPerReplica.tlsSecretPerReplica.enabled` | If true, create an secret for TLS certificate for each Ingress | `false` | -| `prometheus.ingressPerReplica.tlsSecretPerReplica.prefix` | Secret name prefix | `""` | -| `prometheus.podDisruptionBudget.enabled` | If true, create a pod disruption budget for prometheus pods. The created resource cannot be modified once created - it must be deleted to perform a change | `false` | -| `prometheus.podDisruptionBudget.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `""` | -| `prometheus.podDisruptionBudget.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` | -| `prometheus.podSecurityPolicy.allowedCapabilities` | Prometheus Pod Security Policy allowed capabilities | `""` | -| `prometheus.prometheusSpec.additionalAlertManagerConfigs` | AdditionalAlertManagerConfigs allows for manual configuration of alertmanager jobs in the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#. AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade. | `{}` | -| `prometheus.prometheusSpec.additionalAlertRelabelConfigs` | AdditionalAlertRelabelConfigs allows specifying additional Prometheus alert relabel configurations. Alert relabel configurations specified are appended to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade. | `[]` | -| `prometheus.prometheusSpec.additionalScrapeConfigsExternal` | Enable additional scrape configs that are managed externally to this chart. This option requires a secret in the same namespace as Prometheus with the name, `prometheus-operator-prometheus-scrape-confg` and a key of `additional-scrape-configs.yaml`. Note that the prometheus will fail to provision if the correct secret does not exist. | `false` | -| `prometheus.prometheusSpec.additionalScrapeConfigs` | AdditionalScrapeConfigs allows specifying additional Prometheus scrape configurations. Scrape configurations are appended to the configurations generated by the Prometheus Operator. Job configurations must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade. | `[]` | -| `prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations` | additionalPrometheusSecretsAnnotations allows to add annotations to the kubernetes secret. This can be useful when deploying via spinnaker to disable versioning on the secret, strategy.spinnaker.io/versioned: 'false' | `{}` | -| `prometheus.prometheusSpec.affinity` | Assign custom affinity rules to the prometheus instance https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` | -| `prometheus.prometheusSpec.alertingEndpoints` | Alertmanagers to which alerts will be sent https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#alertmanagerendpoints Default configuration will connect to the alertmanager deployed as part of this release | `[]` | -| `prometheus.prometheusSpec.apiserverConfig` | Custom `kubernetes_sd_config` https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#apiserverconfig Default configuration will connect to current Kubernetes cluster | `{}` | -| `prometheus.prometheusSpec.configMaps` | ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/ | `[]` | -| `prometheus.prometheusSpec.containers` | Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod. |`[]`| -| `prometheus.prometheusSpec.initContainers` | InitContainers allows injecting specialized containers that run before app containers. This is meant to pre-configure and tune mounted volume permissions. |`[]`| -| `prometheus.prometheusSpec.disableCompaction` | If true, pass --storage.tsdb.max-block-duration=2h to prometheus. This is already done if using Thanos |`false`| -| `prometheus.prometheusSpec.enableAdminAPI` | EnableAdminAPI enables Prometheus the administrative HTTP API which includes functionality such as deleting time series. | `false` | -| `prometheus.prometheusSpec.enforcedNamespaceLabel` | enforces adding a namespace label of origin for each alert and metric that is user created. | `""` | -| `prometheus.prometheusSpec.evaluationInterval` | Interval between consecutive evaluations. | `""` | -| `prometheus.prometheusSpec.externalLabels` | The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). | `{}` | -| `prometheus.prometheusSpec.externalUrl` | The external URL the Prometheus instances will be available under. This is necessary to generate correct URLs. This is necessary if Prometheus is not served from root of a DNS name. | `""` | -| `prometheus.prometheusSpec.image.repository` | Base image to use for a Prometheus deployment. | `quay.io/prometheus/prometheus` | -| `prometheus.prometheusSpec.image.tag` | Tag of Prometheus container image to be deployed. | `v2.17.2` | -| `prometheus.prometheusSpec.listenLocal` | ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP. | `false` | -| `prometheus.prometheusSpec.logFormat` | Log format for Prometheus to be configured with. | `logfmt` | -| `prometheus.prometheusSpec.logLevel` | Log level for Prometheus to be configured with. | `info` | -| `prometheus.prometheusSpec.nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | -| `prometheus.prometheusSpec.paused` | When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects. | `false` | -| `prometheus.prometheusSpec.podAntiAffinityTopologyKey` | If anti-affinity is enabled sets the topologyKey to use for anti-affinity. This can be changed to, for example `failure-domain.beta.kubernetes.io/zone`| `kubernetes.io/hostname` | -| `prometheus.prometheusSpec.podAntiAffinity` | Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured. | `""` | -| `prometheus.prometheusSpec.podMetadata` | Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#metadata Metadata Labels and Annotations gets propagated to the prometheus pods. | `{}` | -| `prometheus.prometheusSpec.priorityClassName` | Priority class assigned to the Pods | `""` | -| `prometheus.prometheusSpec.prometheusExternalLabelNameClear` | If true, the Operator won't add the external label used to denote Prometheus instance name. | `false` | -| `prometheus.prometheusSpec.prometheusExternalLabelName` | Name of the external label used to denote Prometheus instance name. | `""` | -| `prometheus.prometheusSpec.query` | QuerySpec defines the query command line flags when starting Prometheus. Not all parameters are supported by the operator - [see coreos documentation](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#queryspec) | `{}` | -| `prometheus.prometheusSpec.remoteRead` | If specified, the remote_read spec. This is an experimental feature, it may change in any upcoming release in a breaking way. | `[]` | -| `prometheus.prometheusSpec.remoteWrite` | If specified, the remote_write spec. This is an experimental feature, it may change in any upcoming release in a breaking way. | `[]` | -| `prometheus.prometheusSpec.remoteWriteDashboards` | Enable/Disable Grafana dashboards provisioning for prometheus remote write feature | `false` | -| `prometheus.prometheusSpec.replicaExternalLabelNameClear` | If true, the Operator won't add the external label used to denote replica name. | `false` | -| `prometheus.prometheusSpec.replicaExternalLabelName` | Name of the external label used to denote replica name. | `""` | -| `prometheus.prometheusSpec.replicas` | Number of instances to deploy for a Prometheus deployment. | `1` | -| `prometheus.prometheusSpec.resources` | Define resources requests and limits for single Pods. | `{}` | -| `prometheus.prometheusSpec.retentionSize` | Used Storage Prometheus shall retain data for. Example 50GiB (50 Gigabyte). Can be combined with prometheus.prometheusSpec.retention | `""` | -| `prometheus.prometheusSpec.walCompression` | Enable compression of the write-ahead log using Snappy. This flag is only available in versions of Prometheus >= 2.11.0. | `false` | -| `prometheus.prometheusSpec.retention` | Time duration Prometheus shall retain data for. Must match the regular expression `[0-9]+(ms\|s\|m\|h\|d\|w\|y)` (milliseconds seconds minutes hours days weeks years). | `10d` | -| `prometheus.prometheusSpec.routePrefix` | The route prefix Prometheus registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. | `/` | -| `prometheus.prometheusSpec.ruleNamespaceSelector` | Namespaces to be selected for PrometheusRules discovery. If nil, select own namespace. See [namespaceSelector](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#namespaceselector) for usage | `{}` | -| `prometheus.prometheusSpec.ruleSelectorNilUsesHelmValues` | If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the prometheus resource to be created with selectors based on values in the helm deployment, which will also match the PrometheusRule resources created. | `true` | -| `prometheus.prometheusSpec.ruleSelector` | A selector to select which PrometheusRules to mount for loading alerting rules from. Until (excluding) Prometheus Operator v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps to PrometheusRule custom resources selected by RuleSelector. Make sure it does not match any config maps that you do not want to be migrated. If {}, select all PrometheusRules | `{}` | -| `prometheus.prometheusSpec.scrapeInterval` | Interval between consecutive scrapes. | `""` | -| `prometheus.prometheusSpec.secrets` | Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The Secrets are mounted into /etc/prometheus/secrets/. Secrets changes after initial creation of a Prometheus object are not reflected in the running Pods. To change the secrets mounted into the Prometheus Pods, the object must be deleted and recreated with the new list of secrets. | `[]` | -| `prometheus.prometheusSpec.securityContext` | SecurityContext holds pod-level security attributes and common container settings. This defaults to non root user with uid 1000 and gid 2000 in order to support migration from operator version <0.26. | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | -| `prometheus.prometheusSpec.serviceMonitorNamespaceSelector` | Namespaces to be selected for ServiceMonitor discovery. See [metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#labelselector-v1-meta) for usage | `{}` | -| `prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues` | If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the prometheus resource to be created with selectors based on values in the helm deployment, which will also match the servicemonitors created | `true` | -| `prometheus.prometheusSpec.serviceMonitorSelector` | ServiceMonitors to be selected for target discovery. If {}, select all ServiceMonitors | `{}` | -| `prometheus.additionalPodMonitors` | List of `PodMonitor` objects to create. See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#podmonitorspec | `[]` | -| `prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues` | If true, a nil or {} value for prometheus.prometheusSpec.podMonitorSelector will cause the prometheus resource to be created with selectors based on values in the helm deployment, which will also match the podmonitors created | `true` | -| `prometheus.prometheusSpec.podMonitorSelector` | PodMonitors to be selected for target discovery. If {}, select all PodMonitors | `{}` | -| `prometheus.prometheusSpec.podMonitorNamespaceSelector` | Namespaces to be selected for PodMonitor discovery. See [metav1.LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#labelselector-v1-meta) for usage | `{}` | -| `prometheus.prometheusSpec.storageSpec` | Storage spec to specify how storage shall be used. | `{}` | -| `prometheus.prometheusSpec.thanos` | Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. This section is experimental, it may change significantly without deprecation notice in any release.This is experimental and may change significantly without backward compatibility in any release. See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#thanosspec | `{}` | -| `prometheus.prometheusSpec.tolerations` | If specified, the pod's tolerations. | `[]` | -| `prometheus.service.additionalPorts` | Additional Prometheus Service ports to add for NodePort service type | `[]` | -| `prometheus.service.annotations` | Prometheus Service Annotations | `{}` | -| `prometheus.service.clusterIP` | Prometheus service clusterIP IP | `""` | -| `prometheus.service.externalIPs` | List of IP addresses at which the Prometheus server service is available | `[]` | -| `prometheus.service.labels` | Prometheus Service Labels | `{}` | -| `prometheus.service.loadBalancerIP` | Prometheus Loadbalancer IP | `""` | -| `prometheus.service.loadBalancerSourceRanges` | Prometheus Load Balancer Source Ranges | `[]` | -| `prometheus.service.nodePort` | Prometheus Service port for NodePort service type | `30090` | -| `prometheus.service.port` | Port for Prometheus Service to listen on | `9090` | -| `prometheus.service.sessionAffinity` | Prometheus Service Session Affinity | `""` | -| `prometheus.service.targetPort` | Prometheus Service internal port | `9090` | -| `prometheus.service.type` | Prometheus Service type | `ClusterIP` | -| `prometheus.serviceAccount.create` | Create a default serviceaccount for prometheus to use | `true` | -| `prometheus.serviceAccount.name` | Name for prometheus serviceaccount | `""` | -| `prometheus.serviceAccount.annotations` | Annotations to add to the serviceaccount | `""` | -| `prometheus.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `""` | -| `prometheus.serviceMonitor.scheme` | HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. | `""` | -| `prometheus.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the endpoint. For example if using istio mTLS. Of type: [*TLSConfig](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig). | `{}` | -| `prometheus.serviceMonitor.bearerTokenFile` | Bearer token used to scrape the Prometheus server | `nil` | -| `prometheus.serviceMonitor.metricRelabelings` | The `metric_relabel_configs` for scraping the prometheus instance. | `` | -| `prometheus.serviceMonitor.relabelings` | The `relabel_configs` for scraping the prometheus instance. | `` | -| `prometheus.serviceMonitor.selfMonitor` | Create a `serviceMonitor` to automatically monitor the prometheus instance | `true` | -| `prometheus.servicePerReplica.annotations` | Prometheus per replica Service Annotations | `{}` | -| `prometheus.servicePerReplica.enabled` | If true, create a Service for each Prometheus server replica in the StatefulSet | `false` | -| `prometheus.servicePerReplica.labels` | Prometheus per replica Service Labels | `{}` | -| `prometheus.servicePerReplica.loadBalancerSourceRanges` | Prometheus per replica Service Loadbalancer Source Ranges | `[]` | -| `prometheus.servicePerReplica.nodePort` | Prometheus per replica Service port for NodePort Service type | `30091` | -| `prometheus.servicePerReplica.port` | Port for Prometheus per replica Service to listen on | `9090` | -| `prometheus.servicePerReplica.targetPort` | Prometheus per replica Service internal port | `9090` | -| `prometheus.servicePerReplica.type` | Prometheus per replica Service type | `ClusterIP` | - -### Alertmanager -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `alertmanager.alertmanagerSpec.additionalPeers` | AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. | `[]` | -| `alertmanager.alertmanagerSpec.affinity` | Assign custom affinity rules to the alertmanager instance https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` | -| `alertmanager.alertmanagerSpec.configMaps` | ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/ | `[]` | -| `alertmanager.alertmanagerSpec.`configSecret | ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config. | `""` | -| `alertmanager.alertmanagerSpec.containers` | Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. | `[]` | -| `alertmanager.alertmanagerSpec.externalUrl` | The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. | `""` | -| `alertmanager.alertmanagerSpec.image.repository` | Base image that is used to deploy pods, without tag. | `quay.io/prometheus/alertmanager` | -| `alertmanager.alertmanagerSpec.image.tag` | Tag of Alertmanager container image to be deployed. | `v0.20.0` | -| `alertmanager.alertmanagerSpec.listenLocal` | ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the Alertmanager UI, not the gossip communication. | `false` | -| `alertmanager.alertmanagerSpec.logFormat` | Log format for Alertmanager to be configured with. | `logfmt` | -| `alertmanager.alertmanagerSpec.logLevel` | Log level for Alertmanager to be configured with. | `info` | -| `alertmanager.alertmanagerSpec.nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | -| `alertmanager.alertmanagerSpec.paused` | If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions. | `false` | -| `alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey` | If anti-affinity is enabled sets the topologyKey to use for anti-affinity. This can be changed to, for example `failure-domain.beta.kubernetes.io/zone`| `kubernetes.io/hostname` | -| `alertmanager.alertmanagerSpec.podAntiAffinity` | Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured. | `""` | -| `alertmanager.alertmanagerSpec.podMetadata` | Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#metadata Metadata Labels and Annotations gets propagated to the prometheus pods. | `{}` | -| `alertmanager.alertmanagerSpec.priorityClassName` | Priority class assigned to the Pods | `""` | -| `alertmanager.alertmanagerSpec.replicas` | Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected size. | `1` | -| `alertmanager.alertmanagerSpec.resources` | Define resources requests and limits for single Pods. | `{}` | -| `alertmanager.alertmanagerSpec.retention` | Time duration Alertmanager shall retain data for. Value must match the regular expression `[0-9]+(ms\|s\|m\|h)` (milliseconds seconds minutes hours). | `120h` | -| `alertmanager.alertmanagerSpec.routePrefix` | The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. | `/` | -| `alertmanager.alertmanagerSpec.secrets` | Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/. | `[]` | -| `alertmanager.alertmanagerSpec.securityContext` | SecurityContext holds pod-level security attributes and common container settings. This defaults to non root user with uid 1000 and gid 2000 in order to support migration from operator version < 0.26 | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | -| `alertmanager.alertmanagerSpec.storage` | Storage is the definition of how storage will be used by the Alertmanager instances. | `{}` | -| `alertmanager.alertmanagerSpec.tolerations` | If specified, the pod's tolerations. | `[]` | -| `alertmanager.alertmanagerSpec.useExistingSecret` | Use an existing secret for configuration (all defined config from values.yaml will be ignored) | `false` | -| `alertmanager.apiVersion` | Api that prometheus will use to communicate with alertmanager. Possible values are v1, v2 | `v2` | -| `alertmanager.config` | Provide YAML to configure Alertmanager. See https://prometheus.io/docs/alerting/configuration/#configuration-file. The default provided works to suppress the Watchdog alert from `defaultRules.create` | `{"global":{"resolve_timeout":"5m"},"route":{"group_by":["job"],"group_wait":"30s","group_interval":"5m","repeat_interval":"12h","receiver":"null","routes":[{"match":{"alertname":"Watchdog"},"receiver":"null"}]},"receivers":[{"name":"null"}]}` | -| `alertmanager.enabled` | Deploy alertmanager | `true` | -| `alertmanager.ingress.annotations` | Alertmanager Ingress annotations | `{}` | -| `alertmanager.ingress.enabled` | If true, Alertmanager Ingress will be created | `false` | -| `alertmanager.ingress.hosts` | Alertmanager Ingress hostnames | `[]` | -| `alertmanager.ingress.labels` | Alertmanager Ingress additional labels | `{}` | -| `alertmanager.ingress.paths` | Alertmanager Ingress paths | `[]` | -| `alertmanager.ingress.tls` | Alertmanager Ingress TLS configuration (YAML) | `[]` | -| `alertmanager.ingressPerReplica.annotations` | Alertmanager pre replica Ingress annotations | `{}` | -| `alertmanager.ingressPerReplica.enabled` | If true, create an Ingress for each Alertmanager replica in the StatefulSet | `false` | -| `alertmanager.ingressPerReplica.hostPrefix` | | `""` | -| `alertmanager.ingressPerReplica.hostDomain` | | `""` | -| `alertmanager.ingressPerReplica.labels` | Alertmanager per replica Ingress additional labels | `{}` | -| `alertmanager.ingressPerReplica.paths` | Alertmanager per replica Ingress paths | `[]` | -| `alertmanager.ingressPerReplica.tlsSecretName` | Secret name containing the TLS certificate for Alertmanager per replica ingress | `[]` | -| `alertmanager.ingressPerReplica.tlsSecretPerReplica.enabled` | If true, create an secret for TLS certificate for each Ingress | `false` | -| `alertmanager.ingressPerReplica.tlsSecretPerReplica.prefix` | Secret name prefix | `""` | -| `alertmanager.podDisruptionBudget.enabled` | If true, create a pod disruption budget for Alertmanager pods. The created resource cannot be modified once created - it must be deleted to perform a change | `false` | -| `alertmanager.podDisruptionBudget.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `""` | -| `alertmanager.podDisruptionBudget.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` | -| `alertmanager.secret.annotations` | Alertmanager Secret annotations | `{}` | -| `alertmanager.service.annotations` | Alertmanager Service annotations | `{}` | -| `alertmanager.service.clusterIP` | Alertmanager service clusterIP IP | `""` | -| `alertmanager.service.externalIPs` | List of IP addresses at which the Alertmanager server service is available | `[]` | -| `alertmanager.service.labels` | Alertmanager Service Labels | `{}` | -| `alertmanager.service.loadBalancerIP` | Alertmanager Loadbalancer IP | `""` | -| `alertmanager.service.loadBalancerSourceRanges` | Alertmanager Load Balancer Source Ranges | `[]` | -| `alertmanager.service.nodePort` | Alertmanager Service port for NodePort service type | `30903` | -| `alertmanager.service.port` | Port for Alertmanager Service to listen on | `9093` | -| `alertmanager.service.targetPort` | AlertManager Service internal port | `9093` | -| `alertmanager.service.type` | Alertmanager Service type | `ClusterIP` | -| `alertmanager.servicePerReplica.annotations` | Alertmanager per replica Service Annotations | `{}` | -| `alertmanager.servicePerReplica.enabled` | If true, create a Service for each Alertmanager replica in the StatefulSet | `false` | -| `alertmanager.servicePerReplica.labels` | Alertmanager per replica Service Labels | `{}` | -| `alertmanager.servicePerReplica.loadBalancerSourceRanges` | Alertmanager per replica Service Loadbalancer Source Ranges | `[]` | -| `alertmanager.servicePerReplica.nodePort` | Alertmanager per replica Service port for NodePort Service type | `30904` | -| `alertmanager.servicePerReplica.port` | Port for Alertmanager per replica Service to listen on | `9093` | -| `alertmanager.servicePerReplica.targetPort` | Alertmanager per replica Service internal port | `9093` | -| `alertmanager.servicePerReplica.type` | Alertmanager per replica Service type | `ClusterIP` | -| `alertmanager.serviceAccount.create` | Create a `serviceAccount` for alertmanager | `true` | -| `alertmanager.serviceAccount.name` | Name for Alertmanager service account | `""` | -| `alertmanager.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `alertmanager.serviceMonitor.metricRelabelings` | The `metric_relabel_configs` for scraping the alertmanager instance. | `` | -| `alertmanager.serviceMonitor.relabelings` | The `relabel_configs` for scraping the alertmanager instance. | `` | -| `alertmanager.serviceMonitor.selfMonitor` | Create a `serviceMonitor` to automatically monitor the alartmanager instance | `true` | -| `alertmanager.tplConfig` | Pass the Alertmanager configuration directives through Helm's templating engine. If the Alertmanager configuration contains Alertmanager templates, they'll need to be properly escaped so that they are not interpreted by Helm | `false` | - -### Grafana -This is not a full list of the possible values. - -For a full list of configurable values please refer to the [Grafana chart](https://github.com/helm/charts/tree/master/stable/grafana#configuration). - -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `grafana.additionalDataSources` | Configure additional grafana datasources | `[]` | -| `grafana.adminPassword` | Admin password to log into the grafana UI | "prom-operator" | -| `grafana.defaultDashboardsEnabled` | Deploy default dashboards. These are loaded using the sidecar | `true` | -| `grafana.enabled` | If true, deploy the grafana sub-chart | `true` | -| `grafana.extraConfigmapMounts` | Additional grafana server configMap volume mounts | `[]` | -| `grafana.grafana.ini` | Grafana's primary configuration | `{}` -| `grafana.image.tag` | Image tag. (`Must be >= 5.0.0`) | `6.2.5` | -| `grafana.ingress.annotations` | Ingress annotations for Grafana | `{}` | -| `grafana.ingress.enabled` | Enables Ingress for Grafana | `false` | -| `grafana.ingress.hosts` | Ingress accepted hostnames for Grafana| `[]` | -| `grafana.ingress.labels` | Custom labels for Grafana Ingress | `{}` | -| `grafana.ingress.tls` | Ingress TLS configuration for Grafana | `[]` | -| `grafana.rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires rbac.pspEnabled) | `true` | -| `grafana.service.portName` | Allow to customize Grafana service portname. Will be used by servicemonitor as well | `service` | -| `grafana.serviceMonitor.metricRelabelings` | The `metric_relabel_configs` for scraping the grafana instance. | `` | -| `grafana.serviceMonitor.relabelings` | The `relabel_configs` for scraping the grafana instance. | `` | -| `grafana.serviceMonitor.selfMonitor` | Create a `serviceMonitor` to automatically monitor the grafana instance | `true` | -| `grafana.sidecar.dashboards.enabled` | Enable the Grafana sidecar to automatically load dashboards with a label `{{ grafana.sidecar.dashboards.label }}=1` | `true` | -| `grafana.sidecar.dashboards.label` | If the sidecar is enabled, configmaps with this label will be loaded into Grafana as dashboards | `grafana_dashboard` | -| `grafana.sidecar.datasources.annotations` | Create annotations on datasource configmaps | `{}` | -| `grafana.sidecar.datasources.createPrometheusReplicasDatasources` | Create datasource for each Pod of Prometheus StatefulSet i.e. `Prometheus-0`, `Prometheus-1` | `false` | -| `grafana.sidecar.datasources.defaultDatasourceEnabled` | Enable Grafana `Prometheus` default datasource | `true` | -| `grafana.sidecar.datasources.enabled` | Enable the Grafana sidecar to automatically load datasources with a label `{{ grafana.sidecar.datasources.label }}=1` | `true` | -| `grafana.sidecar.datasources.label` | If the sidecar is enabled, configmaps with this label will be loaded into Grafana as datasources configurations | `grafana_datasource` | - -### Exporters -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `coreDns.enabled` | Deploy coreDns scraping components. Use either this or kubeDns | true | -| `coreDns.service.port` | CoreDns port | `9153` | -| `coreDns.service.selector` | CoreDns service selector | `{"k8s-app" : "kube-dns" }` | -| `coreDns.service.targetPort` | CoreDns targetPort | `9153` | -| `coreDns.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `coreDns.serviceMonitor.metricRelabelings` | The `metric_relabel_configs` for scraping CoreDns. | `` | -| `coreDns.serviceMonitor.relabelings` | The `relabel_configs` for scraping CoreDNS. | `` | -| `kube-state-metrics.podSecurityPolicy.enabled` | Create pod security policy resource for kube-state-metrics. | `true` | -| `kube-state-metrics.rbac.create` | Create RBAC components in kube-state-metrics. See `global.rbac.create` | `true` | -| `kubeApiServer.enabled` | Deploy `serviceMonitor` to scrape the Kubernetes API server | `true` | -| `kubeApiServer.relabelings` | Relablings for the API Server ServiceMonitor | `[]` | -| `kubeApiServer.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `kubeApiServer.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus | `component` | -| `kubeApiServer.serviceMonitor.metricRelabelings` | The `metric_relabel_configs` for scraping the Kubernetes API server. | `` | -| `kubeApiServer.serviceMonitor.relabelings` | The `relabel_configs` for scraping the Kubernetes API server. | `` | -| `kubeApiServer.serviceMonitor.selector` | The service selector | `{"matchLabels":{"component":"apiserver","provider":"kubernetes"}}` | -| `kubeApiServer.tlsConfig.insecureSkipVerify` | Skip TLS certificate validation when scraping | `false` | -| `kubeApiServer.tlsConfig.serverName` | Name of the server to use when validating TLS certificate | `kubernetes` | -| `kubeControllerManager.enabled` | Deploy a `service` and `serviceMonitor` to scrape the Kubernetes controller-manager | `true` | -| `kubeControllerManager.endpoints` | Endpoints where Controller-manager runs. Provide this if running Controller-manager outside the cluster | `[]` | -| `kubeControllerManager.service.port` | Controller-manager port for the service runs on | `10252` | -| `kubeControllerManager.service.selector` | Controller-manager service selector | `{"component" : "kube-controller-manager" }` | -| `kubeControllerManager.service.targetPort` | Controller-manager targetPort for the service runs on | `10252` | -| `kubeControllerManager.serviceMonitor.https` | Controller-manager service scrape over https | `false` | -| `kubeControllerManager.serviceMonitor.insecureSkipVerify` | Skip TLS certificate validation when scraping | `null` | -| `kubeControllerManager.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `kubeControllerManager.serviceMonitor.metricRelabelings` | The `metric_relabel_configs` for scraping the scheduler. | `` | -| `kubeControllerManager.serviceMonitor.relabelings` | The `relabel_configs` for scraping the scheduler. | `` | -| `kubeControllerManager.serviceMonitor.serverName` | Name of the server to use when validating TLS certificate | `null` | -| `kubeDns.enabled` | Deploy kubeDns scraping components. Use either this or coreDns| `false` | -| `kubeDns.service.dnsmasq.port` | Dnsmasq service port | `10054` | -| `kubeDns.service.dnsmasq.targetPort` | Dnsmasq service targetPort | `10054` | -| `kubeDns.service.skydns.port` | Skydns service port | `10055` | -| `kubeDns.service.skydns.targetPort` | Skydns service targetPort | `10055` | -| `kubeDns.service.selector` | kubeDns service selector | `{"k8s-app" : "kube-dns" }` | -| `kubeDns.serviceMonitor.dnsmasqMetricRelabelings` | The `metric_relabel_configs` for scraping dnsmasq kubeDns. | `` | -| `kubeDns.serviceMonitor.dnsmasqRelabelings` | The `relabel_configs` for scraping dnsmasq kubeDns. | `` | -| `kubeDns.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `kubeDns.serviceMonitor.metricRelabelings` | The `metric_relabel_configs` for scraping kubeDns. | `` | -| `kubeDns.serviceMonitor.relabelings` | The `relabel_configs` for scraping kubeDns. | `` | -| `kubeEtcd.enabled` | Deploy components to scrape etcd | `true` | -| `kubeEtcd.endpoints` | Endpoints where etcd runs. Provide this if running etcd outside the cluster | `[]` | -| `kubeEtcd.service.port` | Etcd port | `4001` | -| `kubeEtcd.service.selector` | Selector for etcd if running inside the cluster | `{"component":"etcd"}` | -| `kubeEtcd.service.targetPort` | Etcd targetPort | `4001` | -| `kubeEtcd.serviceMonitor.caFile` | Certificate authority file to use when connecting to etcd. See `prometheus.prometheusSpec.secrets` | `""` | -| `kubeEtcd.serviceMonitor.certFile` | Client certificate file to use when connecting to etcd. See `prometheus.prometheusSpec.secrets` | `""` | -| `kubeEtcd.serviceMonitor.insecureSkipVerify` | Skip validating etcd TLS certificate when scraping | `false` | -| `kubeEtcd.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `kubeEtcd.serviceMonitor.keyFile` | Client key file to use when connecting to etcd. See `prometheus.prometheusSpec.secrets` | `""` | -| `kubeEtcd.serviceMonitor.metricRelabelings` | The `metric_relabel_configs` for scraping Etcd. | `` | -| `kubeEtcd.serviceMonitor.relabelings` | The `relabel_configs` for scraping Etcd. | `` | -| `kubeEtcd.serviceMonitor.scheme` | Etcd servicemonitor scheme | `http` | -| `kubeEtcd.serviceMonitor.serverName` | Etcd server name to validate certificate against when scraping | `""` | -| `kubeProxy.enabled` | Deploy a `service` and `serviceMonitor` to scrape the Kubernetes proxy | `true` | -| `kubeProxy.endpoints` | Endpoints where proxy runs. Provide this if running proxy outside the cluster | `[]` | -| `kubeProxy.service.port` | Kubernetes proxy port for the service runs on | `10249` | -| `kubeProxy.service.selector` | Kubernetes proxy service selector | `{"k8s-app" : "kube-proxy" }` | -| `kubeProxy.service.targetPort` | Kubernetes proxy targetPort for the service runs on | `10249` | -| `kubeProxy.serviceMonitor.https` | Kubernetes proxy service scrape over https | `false` | -| `kubeProxy.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `kubeProxy.serviceMonitor.metricRelabelings` | The `metric_relabel_configs` for scraping the Kubernetes proxy. | `` | -| `kubeProxy.serviceMonitor.relabelings` | The `relabel_configs` for scraping the Kubernetes proxy. | `` | -| `kubeScheduler.enabled` | Deploy a `service` and `serviceMonitor` to scrape the Kubernetes scheduler | `true` | -| `kubeScheduler.endpoints` | Endpoints where scheduler runs. Provide this if running scheduler outside the cluster | `[]` | -| `kubeScheduler.service.port` | Scheduler port for the service runs on | `10251` | -| `kubeScheduler.service.selector` | Scheduler service selector | `{"component" : "kube-scheduler" }` | -| `kubeScheduler.service.targetPort` | Scheduler targetPort for the service runs on | `10251` | -| `kubeScheduler.serviceMonitor.https` | Scheduler service scrape over https | `false` | -| `kubeScheduler.serviceMonitor.insecureSkipVerify` | Skip TLS certificate validation when scraping | `null` | -| `kubeScheduler.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `kubeScheduler.serviceMonitor.metricRelabelings` | The `metric_relabel_configs` for scraping the Kubernetes scheduler. | `` | -| `kubeScheduler.serviceMonitor.relabelings` | The `relabel_configs` for scraping the Kubernetes scheduler. | `` | -| `kubeScheduler.serviceMonitor.serverName` | Name of the server to use when validating TLS certificate | `null` | -| `kubeStateMetrics.enabled` | Deploy the `kube-state-metrics` chart and configure a servicemonitor to scrape | `true` | -| `kubeStateMetrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `kubeStateMetrics.serviceMonitor.metricRelabelings` | Metric relablings for the `kube-state-metrics` ServiceMonitor | `[]` | -| `kubeStateMetrics.serviceMonitor.relabelings` | The `relabel_configs` for scraping `kube-state-metrics`. | `` | -| `kubelet.enabled` | Deploy servicemonitor to scrape the kubelet service. See also `prometheusOperator.kubeletService` | `true` | -| `kubelet.namespace` | Namespace where the kubelet is deployed. See also `prometheusOperator.kubeletService.namespace` | `kube-system` | -| `kubelet.serviceMonitor.cAdvisor` | Enable scraping `/metrics/cadvisor` from kubelet's service | `true` | -| `kubelet.serviceMonitor.cAdvisorMetricRelabelings` | The `metric_relabel_configs` for scraping cAdvisor. | `` | -| `kubelet.serviceMonitor.cAdvisorRelabelings` | The `relabel_configs` for scraping cAdvisor. | `[{"sourceLabels":["__metrics_path__"], "targetLabel":"metrics_path"}]` | -| `kubelet.serviceMonitor.https` | Enable scraping of the kubelet over HTTPS. For more information, see https://github.com/coreos/prometheus-operator/issues/926 | `true` | -| `kubelet.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `kubelet.serviceMonitor.metricRelabelings` | The `metric_relabel_configs` for scraping kubelet. | `` | -| `kubelet.serviceMonitor.relabelings` | The `relabel_configs` for scraping kubelet. | `[{"sourceLabels":["__metrics_path__"], "targetLabel":"metrics_path"}]` | -| `nodeExporter.enabled` | Deploy the `prometheus-node-exporter` and scrape it | `true` | -| `nodeExporter.jobLabel` | The name of the label on the target service to use as the job name in prometheus. See `prometheus-node-exporter.podLabels.jobLabel=node-exporter` default | `jobLabel` | -| `nodeExporter.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `nodeExporter.serviceMonitor.scrapeTimeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` | -| `nodeExporter.serviceMonitor.metricRelabelings` | Metric relablings for the `prometheus-node-exporter` ServiceMonitor | `[]` | -| `nodeExporter.serviceMonitor.relabelings` | The `relabel_configs` for scraping the `prometheus-node-exporter`. | `` | -| `prometheus-node-exporter.extraArgs` | Additional arguments for the node exporter container | `["--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+)($|/)", "--collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$"]` | -| `prometheus-node-exporter.podLabels` | Additional labels for pods in the DaemonSet | `{"jobLabel":"node-exporter"}` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install --name my-release stable/prometheus-operator --set prometheusOperator.enabled=true -``` - -Alternatively, one or more YAML files that specify the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install --name my-release stable/prometheus-operator -f values1.yaml,values2.yaml -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) +### Multiple releases +The same chart can be used to run multiple Prometheus instances in the same cluster if required. To achieve this, it is necessary to run only one instance of prometheus-operator and a pair of alertmanager pods for an HA configuration, while all other components need to be disabled. To disable a dependency during installation, set `kubeStateMetrics.enabled`, `nodeExporter.enabled` and `grafana.enabled` to `false`. + +## Work-Arounds for Known Issues + +### Running on private GKE clusters + +When Google configure the control plane for private clusters, they automatically configure VPC peering between your Kubernetes cluster’s network and a separate Google managed project. In order to restrict what Google are able to access within your cluster, the firewall rules configured restrict access to your Kubernetes pods. This means that in order to use the webhook component with a GKE private cluster, you must configure an additional firewall rule to allow the GKE control plane access to your webhook pod. + +You can read more information on how to add firewall rules for the GKE control plane nodes in the [GKE docs](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules) + +Alternatively, you can disable the hooks by setting `prometheusOperator.admissionWebhooks.enabled=false`. ## PrometheusRules Admission Webhooks With Prometheus Operator version 0.30+, the core Prometheus Operator pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent malformed rules from being added to the cluster. ### How the Chart Configures the Hooks + A validating and mutating webhook configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks. -1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end-user certificates. If the certificate already exists, the hook exits. + +1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits. 2. The prometheus operator pod is configured to use a TLS proxy container, which will load that certificate. 3. Validating and Mutating webhook configurations are created in the cluster, with their failure mode set to Ignore. This allows rules to be created by the same chart at the same time, even though the webhook has not yet been fully set up - it does not have the correct CA field set. 4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations ### Alternatives + It should be possible to use [jetstack/cert-manager](https://github.com/jetstack/cert-manager) if a more complete solution is required, but it has not been tested. +You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `prometheusOperator.admissionWebhooks.certManager.enabled` value to true. + ### Limitations + Because the operator can only run as a single pod, there is potential for this component failure to cause rule deployment failure. Because this risk is outweighed by the benefit of having validation, the feature is enabled by default. ## Developing Prometheus Rules and Grafana Dashboards -This chart Grafana Dashboards and Prometheus Rules are just a copy from coreos/prometheus-operator and other sources, synced (with alterations) by scripts in [hack](hack) folder. In order to introduce any changes you need to first [add them to the original repo](https://github.com/coreos/kube-prometheus/blob/master/docs/developing-prometheus-rules-and-grafana-dashboards.md) and then sync there by scripts. +This chart Grafana Dashboards and Prometheus Rules are just a copy from [prometheus-operator/prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) and other sources, synced (with alterations) by scripts in [hack](hack) folder. In order to introduce any changes you need to first [add them to the original repository](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/customizations/developing-prometheus-rules-and-grafana-dashboards.md) and then sync there by scripts. ## Further Information For more in-depth documentation of configuration options meanings, please see -- [Prometheus Operator](https://github.com/coreos/prometheus-operator) + +- [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) - [Prometheus](https://prometheus.io/docs/introduction/overview/) -- [Grafana](https://github.com/helm/charts/tree/master/stable/grafana#grafana-helm-chart) +- [Grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana#grafana-helm-chart) + +## prometheus.io/scrape + +The prometheus operator does not support annotation-based discovery of services, using the `PodMonitor` or `ServiceMonitor` CRD in its place as they provide far more configuration options. +For information on how to use PodMonitors/ServiceMonitors, please see the documentation on the `prometheus-operator/prometheus-operator` documentation here: + +- [ServiceMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md#include-servicemonitors) +- [PodMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md#include-podmonitors) +- [Running Exporters](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/running-exporters.md) + +By default, Prometheus discovers PodMonitors and ServiceMonitors within its namespace, that are labeled with the same release tag as the prometheus-operator release. +Sometimes, you may need to discover custom PodMonitors/ServiceMonitors, for example used to scrape data from third-party applications. +An easy way of doing this, without compromising the default PodMonitors/ServiceMonitors discovery, is allowing Prometheus to discover all PodMonitors/ServiceMonitors within its namespace, without applying label filtering. +To do so, you can set `prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues` and `prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues` to `false`. + +## Migrating from stable/prometheus-operator chart + +## Zero downtime + +Since `kube-prometheus-stack` is fully compatible with the `stable/prometheus-operator` chart, a migration without downtime can be achieved. +However, the old name prefix needs to be kept. If you want the new name please follow the step by step guide below (with downtime). + +You can override the name to achieve this: + +```console +helm upgrade prometheus-operator prometheus-community/kube-prometheus-stack -n monitoring --reuse-values --set nameOverride=prometheus-operator +``` + +**Note**: It is recommended to run this first with `--dry-run --debug`. + +## Redeploy with new name (downtime) + +If the **prometheus-operator** values are compatible with the new **kube-prometheus-stack** chart, please follow the below steps for migration: -# Migrating from coreos/prometheus-operator chart +> The guide presumes that chart is deployed in `monitoring` namespace and the deployments are running there. If in other namespace, please replace the `monitoring` to the deployed namespace. + +1. Patch the PersistenceVolume created/used by the prometheus-operator chart to `Retain` claim policy: + + ```console + kubectl patch pv/ -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}' + ``` + + **Note:** To execute the above command, the user must have a cluster wide permission. Please refer [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) + +2. Uninstall the **prometheus-operator** release and delete the existing PersistentVolumeClaim, and verify PV become Released. + + ```console + helm uninstall prometheus-operator -n monitoring + kubectl delete pvc/ -n monitoring + ``` + + Additionally, you have to manually remove the remaining `prometheus-operator-kubelet` service. + + ```console + kubectl delete service/prometheus-operator-kubelet -n kube-system + ``` + + You can choose to remove all your existing CRDs (ServiceMonitors, Podmonitors, etc.) if you want to. + +3. Remove current `spec.claimRef` values to change the PV's status from Released to Available. + + ```console + kubectl patch pv/ --type json -p='[{"op": "remove", "path": "/spec/claimRef"}]' -n monitoring + ``` + +**Note:** To execute the above command, the user must have a cluster wide permission. Please refer to [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) + +After these steps, proceed to a fresh **kube-prometheus-stack** installation and make sure the current release of **kube-prometheus-stack** matching the `volumeClaimTemplate` values in the `values.yaml`. + +The binding is done via matching a specific amount of storage requested and with certain access modes. + +For example, if you had storage specified as this with **prometheus-operator**: + +```yaml +volumeClaimTemplate: + spec: + storageClassName: gp2 + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 50Gi +``` + +You have to specify matching `volumeClaimTemplate` with 50Gi storage and `ReadWriteOnce` access mode. + +Additionally, you should check the current AZ of your legacy installation's PV, and configure the fresh release to use the same AZ as the old one. If the pods are in a different AZ than the PV, the release will fail to bind the existing one, hence creating a new PV. + +This can be achieved either by specifying the labels through `values.yaml`, e.g. setting `prometheus.prometheusSpec.nodeSelector` to: + +```yaml +nodeSelector: + failure-domain.beta.kubernetes.io/zone: east-west-1a +``` + +or passing these values as `--set` overrides during installation. + +The new release should now re-attach your previously released PV with its content. + +## Migrating from coreos/prometheus-operator chart The multiple charts have been combined into a single chart that installs prometheus operator, prometheus, alertmanager, grafana as well as the multitude of exporters necessary to monitor a cluster. @@ -616,27 +803,26 @@ There is no simple and direct migration path between the charts as the changes a The capabilities of the old chart are all available in the new chart, including the ability to run multiple prometheus instances on a single cluster - you will need to disable the parts of the chart you do not wish to deploy. -You can check out the tickets for this change [here](https://github.com/coreos/prometheus-operator/issues/592) and [here](https://github.com/helm/charts/pull/6765). +You can check out the tickets for this change [here](https://github.com/prometheus-operator/prometheus-operator/issues/592) and [here](https://github.com/helm/charts/pull/6765). -## High-level overview of Changes -The chart has 3 dependencies, that can be seen in the chart's requirements file: -https://github.com/helm/charts/blob/master/stable/prometheus-operator/requirements.yaml +### High-level overview of Changes -### Node-Exporter, Kube-State-Metrics -These components are loaded as dependencies into the chart. The source for both charts is found in the same repository. They are relatively simple components. +#### Added dependencies -### Grafana -The Grafana chart is more feature-rich than this chart - it contains a sidecar that is able to load data sources and dashboards from configmaps deployed into the same cluster. For more information check out the [documentation for the chart](https://github.com/helm/charts/tree/master/stable/grafana) +The chart has added 3 [dependencies](#dependencies). -### Coreos CRDs -The CRDs are provisioned using crd-install hooks, rather than relying on a separate chart installation. If you already have these CRDs provisioned and don't want to remove them, you can disable the CRD creation by these hooks by passing `prometheusOperator.createCustomResource=false` (not required if using Helm v3). +- Node-Exporter, Kube-State-Metrics: These components are loaded as dependencies into the chart, and are relatively simple components +- Grafana: The Grafana chart is more feature-rich than this chart - it contains a sidecar that is able to load data sources and dashboards from configmaps deployed into the same cluster. For more information check out the [documentation for the chart](https://github.com/grafana/helm-charts/blob/main/charts/grafana/README.md) + +#### Kubelet Service -### Kubelet Service Because the kubelet service has a new name in the chart, make sure to clean up the old kubelet service in the `kube-system` namespace to prevent counting container metrics twice. -### Persistent Volumes +#### Persistent Volumes + If you would like to keep the data of the current persistent volumes, it should be possible to attach existing volumes to new PVCs and PVs that are created using the conventions in the new chart. For example, in order to use an existing Azure disk for a helm release called `prometheus-migration` the following resources can be created: -``` + +```yaml apiVersion: v1 kind: PersistentVolume metadata: @@ -657,45 +843,40 @@ spec: storageClassName: prometheus volumeMode: Filesystem ``` -``` + +```yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: - app: prometheus + app.kubernetes.io/name: prometheus prometheus: prometheus-migration-prometheus name: prometheus-prometheus-migration-prometheus-db-prometheus-prometheus-migration-prometheus-0 namespace: monitoring spec: accessModes: - ReadWriteOnce - dataSource: null resources: requests: storage: 1Gi storageClassName: prometheus volumeMode: Filesystem volumeName: pvc-prometheus-migration-prometheus-0 -status: - accessModes: - - ReadWriteOnce - capacity: - storage: 1Gi ``` The PVC will take ownership of the PV and when you create a release using a persistent volume claim template it will use the existing PVCs as they match the naming convention used by the chart. For other cloud providers similar approaches can be used. -### KubeProxy +#### KubeProxy The metrics bind address of kube-proxy is default to `127.0.0.1:10249` that prometheus instances **cannot** access to. You should expose metrics by changing `metricsBindAddress` field value to `0.0.0.0:10249` if you want to collect them. Depending on the cluster, the relevant part `config.conf` will be in ConfigMap `kube-system/kube-proxy` or `kube-system/kube-proxy-config`. For example: -``` +```console kubectl -n kube-system edit cm kube-proxy ``` -``` +```yaml apiVersion: v1 data: config.conf: |- diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/Chart.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/Chart.yaml new file mode 100644 index 0000000000..adb9e4a5d3 --- /dev/null +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: crds +version: 0.0.0 diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/README.md b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/README.md new file mode 100644 index 0000000000..02092b9642 --- /dev/null +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/README.md @@ -0,0 +1,3 @@ +# crds subchart + +See: [https://github.com/prometheus-community/helm-charts/issues/3548](https://github.com/prometheus-community/helm-charts/issues/3548) diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-alertmanagerconfigs.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-alertmanagerconfigs.yaml new file mode 100644 index 0000000000..5081e805d6 --- /dev/null +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-alertmanagerconfigs.yaml @@ -0,0 +1,5270 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: alertmanagerconfigs.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: AlertmanagerConfig + listKind: AlertmanagerConfigList + plural: alertmanagerconfigs + shortNames: + - amcfg + singular: alertmanagerconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AlertmanagerConfig defines a namespaced AlertmanagerConfig to + be aggregated across multiple namespaces configuring one Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AlertmanagerConfigSpec is a specification of the desired + behavior of the Alertmanager configuration. By definition, the Alertmanager + configuration only applies to alerts for which the `namespace` label + is equal to the namespace of the AlertmanagerConfig resource. + properties: + inhibitRules: + description: List of inhibition rules. The rules will only apply to + alerts matching the resource's namespace. + items: + description: InhibitRule defines an inhibition rule that allows + to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule + properties: + equal: + description: Labels that must have an equal value in the source + and target alert for the inhibition to take effect. + items: + type: string + type: array + sourceMatch: + description: Matchers for which one or more alerts have to exist + for the inhibition to take effect. The operator enforces that + the alert matches the resource's namespace. + items: + description: Matcher defines how to match on alert's labels. + properties: + matchType: + description: Match operation available with AlertManager + >= v0.22.0 and takes precedence over Regex (deprecated) + if non-empty. + enum: + - '!=' + - = + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression + (true). Deprecated as of AlertManager >= v0.22.0 where + a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + targetMatch: + description: Matchers that have to be fulfilled in the alerts + to be muted. The operator enforces that the alert matches + the resource's namespace. + items: + description: Matcher defines how to match on alert's labels. + properties: + matchType: + description: Match operation available with AlertManager + >= v0.22.0 and takes precedence over Regex (deprecated) + if non-empty. + enum: + - '!=' + - = + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression + (true). Deprecated as of AlertManager >= v0.22.0 where + a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + type: object + type: array + muteTimeIntervals: + description: List of MuteTimeInterval specifying when the routes should + be muted. + items: + description: MuteTimeInterval specifies the periods in time when + notifications will be muted + properties: + name: + description: Name of the time interval + type: string + timeIntervals: + description: TimeIntervals is a list of TimeInterval + items: + description: TimeInterval describes intervals of time + properties: + daysOfMonth: + description: DaysOfMonth is a list of DayOfMonthRange + items: + description: DayOfMonthRange is an inclusive range of + days of the month beginning at 1 + properties: + end: + description: End of the inclusive range + maximum: 31 + minimum: -31 + type: integer + start: + description: Start of the inclusive range + maximum: 31 + minimum: -31 + type: integer + type: object + type: array + months: + description: Months is a list of MonthRange + items: + description: MonthRange is an inclusive range of months + of the year beginning in January Months can be specified + by name (e.g 'January') by numerical month (e.g '1') + or as an inclusive range (e.g 'January:March', '1:3', + '1:March') + pattern: ^((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12]))$)|$) + type: string + type: array + times: + description: Times is a list of TimeRange + items: + description: TimeRange defines a start and end time + in 24hr format + properties: + endTime: + description: EndTime is the end time in 24hr format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + startTime: + description: StartTime is the start time in 24hr + format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + type: object + type: array + weekdays: + description: Weekdays is a list of WeekdayRange + items: + description: WeekdayRange is an inclusive range of days + of the week beginning on Sunday Days can be specified + by name (e.g 'Sunday') or as an inclusive range (e.g + 'Monday:Friday') + pattern: ^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$) + type: string + type: array + years: + description: Years is a list of YearRange + items: + description: YearRange is an inclusive range of years + pattern: ^2\d{3}(?::2\d{3}|$) + type: string + type: array + type: object + type: array + type: object + type: array + receivers: + description: List of receivers. + items: + description: Receiver defines one or more notification integrations. + properties: + discordConfigs: + description: List of Discord configurations. + items: + description: DiscordConfig configures notifications via Discord. + See https://prometheus.io/docs/alerting/latest/configuration/#discord_config + properties: + apiURL: + description: The secret's key that contains the Discord + webhook URL. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: The template of the message's body. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + title: + description: The template of the message's title. + type: string + required: + - apiURL + type: object + type: array + emailConfigs: + description: List of Email configurations. + items: + description: EmailConfig configures notifications via Email. + properties: + authIdentity: + description: The identity to use for authentication. + type: string + authPassword: + description: The secret's key that contains the password + to use for authentication. The secret needs to be in + the same namespace as the AlertmanagerConfig object + and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + authSecret: + description: The secret's key that contains the CRAM-MD5 + secret. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + authUsername: + description: The username to use for authentication. + type: string + from: + description: The sender address. + type: string + headers: + description: Further headers email header key/value pairs. + Overrides any headers previously set by the notification + implementation. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + hello: + description: The hostname to identify to the SMTP server. + type: string + html: + description: The HTML body of the email notification. + type: string + requireTLS: + description: The SMTP TLS requirement. Note that Go does + not support unencrypted connections to remote SMTP endpoints. + type: boolean + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + smarthost: + description: The SMTP host and port through which emails + are sent. E.g. example.com:25 + type: string + text: + description: The text body of the email notification. + type: string + tlsConfig: + description: TLS configuration + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file + for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + to: + description: The email address to send notifications to. + type: string + type: object + type: array + name: + description: Name of the receiver. Must be unique across all + items from the list. + minLength: 1 + type: string + opsgenieConfigs: + description: List of OpsGenie configurations. + items: + description: OpsGenieConfig configures notifications via OpsGenie. + See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config + properties: + actions: + description: Comma separated list of actions that will + be available for the alert. + type: string + apiKey: + description: The secret's key that contains the OpsGenie + API key. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + apiURL: + description: The URL to send OpsGenie API requests to. + type: string + description: + description: Description of the incident. + type: string + details: + description: A set of arbitrary key/value pairs that provide + further detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entity: + description: Optional field that can be used to specify + which domain alert is related to. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: Alert text limited to 130 characters. + type: string + note: + description: Additional alert note. + type: string + priority: + description: Priority level of alert. Possible values + are P1, P2, P3, P4, and P5. + type: string + responders: + description: List of responders responsible for notifications. + items: + description: OpsGenieConfigResponder defines a responder + to an incident. One of `id`, `name` or `username` + has to be defined. + properties: + id: + description: ID of the responder. + type: string + name: + description: Name of the responder. + type: string + type: + description: Type of responder. + enum: + - team + - teams + - user + - escalation + - schedule + minLength: 1 + type: string + username: + description: Username of the responder. + type: string + required: + - type + type: object + type: array + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + source: + description: Backlink to the sender of the notification. + type: string + tags: + description: Comma separated list of tags attached to + the notifications. + type: string + updateAlerts: + description: Whether to update message and description + of the alert in OpsGenie if it already exists By default, + the alert is never updated in OpsGenie, the new message + only appears in activity log. + type: boolean + type: object + type: array + pagerdutyConfigs: + description: List of PagerDuty configurations. + items: + description: PagerDutyConfig configures notifications via + PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config + properties: + class: + description: The class/type of the event. + type: string + client: + description: Client identification. + type: string + clientURL: + description: Backlink to the sender of notification. + type: string + component: + description: The part or component of the affected system + that is broken. + type: string + description: + description: Description of the incident. + type: string + details: + description: Arbitrary key/value pairs that provide further + detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + group: + description: A cluster or grouping of sources. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + pagerDutyImageConfigs: + description: A list of image details to attach that provide + further detail about an incident. + items: + description: PagerDutyImageConfig attaches images to + an incident + properties: + alt: + description: Alt is the optional alternative text + for the image. + type: string + href: + description: Optional URL; makes the image a clickable + link. + type: string + src: + description: Src of the image being attached to + the incident + type: string + type: object + type: array + pagerDutyLinkConfigs: + description: A list of link details to attach that provide + further detail about an incident. + items: + description: PagerDutyLinkConfig attaches text links + to an incident + properties: + alt: + description: Text that describes the purpose of + the link, and can be used as the link's text. + type: string + href: + description: Href is the URL of the link to be attached + type: string + type: object + type: array + routingKey: + description: The secret's key that contains the PagerDuty + integration key (when using Events API v2). Either this + field or `serviceKey` needs to be defined. The secret + needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + serviceKey: + description: The secret's key that contains the PagerDuty + service key (when using integration type "Prometheus"). + Either this field or `routingKey` needs to be defined. + The secret needs to be in the same namespace as the + AlertmanagerConfig object and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + severity: + description: Severity of the incident. + type: string + url: + description: The URL to send requests to. + type: string + type: object + type: array + pushoverConfigs: + description: List of Pushover configurations. + items: + description: PushoverConfig configures notifications via Pushover. + See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config + properties: + expire: + description: How long your notification will continue + to be retried for, unless the user acknowledges the + notification. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + html: + description: Whether notification message is HTML or plain + text. + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: Notification message. + type: string + priority: + description: Priority, see https://pushover.net/api#priority + type: string + retry: + description: How often the Pushover servers will send + the same notification to the user. Must be at least + 30 seconds. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + sound: + description: The name of one of the sounds supported by + device clients to override the user's default sound + choice + type: string + title: + description: Notification title. + type: string + token: + description: The secret's key that contains the registered + application's API token, see https://pushover.net/apps. + The secret needs to be in the same namespace as the + AlertmanagerConfig object and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + url: + description: A supplementary URL shown alongside the message. + type: string + urlTitle: + description: A title for supplementary URL, otherwise + just the URL is shown + type: string + userKey: + description: The secret's key that contains the recipient + user's user key. The secret needs to be in the same + namespace as the AlertmanagerConfig object and accessible + by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + type: array + slackConfigs: + description: List of Slack configurations. + items: + description: SlackConfig configures notifications via Slack. + See https://prometheus.io/docs/alerting/latest/configuration/#slack_config + properties: + actions: + description: A list of Slack actions that are sent with + each notification. + items: + description: SlackAction configures a single Slack action + that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields + and https://api.slack.com/docs/message-buttons for + more information. + properties: + confirm: + description: SlackConfirmationField protect users + from destructive actions or particularly distinguished + decisions by asking them to confirm their button + click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields + for more information. + properties: + dismissText: + type: string + okText: + type: string + text: + minLength: 1 + type: string + title: + type: string + required: + - text + type: object + name: + type: string + style: + type: string + text: + minLength: 1 + type: string + type: + minLength: 1 + type: string + url: + type: string + value: + type: string + required: + - text + - type + type: object + type: array + apiURL: + description: The secret's key that contains the Slack + webhook URL. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + callbackId: + type: string + channel: + description: The channel or user to send notifications + to. + type: string + color: + type: string + fallback: + type: string + fields: + description: A list of Slack fields that are sent with + each notification. + items: + description: SlackField configures a single Slack field + that is sent with each notification. Each field must + contain a title, value, and optionally, a boolean + value to indicate if the field is short enough to + be displayed next to other fields designated as short. + See https://api.slack.com/docs/message-attachments#fields + for more information. + properties: + short: + type: boolean + title: + minLength: 1 + type: string + value: + minLength: 1 + type: string + required: + - title + - value + type: object + type: array + footer: + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + iconEmoji: + type: string + iconURL: + type: string + imageURL: + type: string + linkNames: + type: boolean + mrkdwnIn: + items: + type: string + type: array + pretext: + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + shortFields: + type: boolean + text: + type: string + thumbURL: + type: string + title: + type: string + titleLink: + type: string + username: + type: string + type: object + type: array + snsConfigs: + description: List of SNS configurations + items: + description: SNSConfig configures notifications via AWS SNS. + See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs + properties: + apiURL: + description: The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. + If not specified, the SNS API URL from the SNS SDK will + be used. + type: string + attributes: + additionalProperties: + type: string + description: SNS message attributes. + type: object + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: The message content of the SNS notification. + type: string + phoneNumber: + description: Phone number if message is delivered via + SMS in E.164 format. If you don't specify this value, + you must specify a value for the TopicARN or TargetARN. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + sigv4: + description: Configures AWS's Signature Verification 4 + signing process to sign requests. + properties: + accessKey: + description: AccessKey is the AWS API key. If not + specified, the environment variable `AWS_ACCESS_KEY_ID` + is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + description: Profile is the named AWS profile used + to authenticate. + type: string + region: + description: Region is the AWS region. If blank, the + region from the default credentials chain used. + type: string + roleArn: + description: RoleArn is the named AWS profile used + to authenticate. + type: string + secretKey: + description: SecretKey is the AWS API secret. If not + specified, the environment variable `AWS_SECRET_ACCESS_KEY` + is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + subject: + description: Subject line when the message is delivered + to email endpoints. + type: string + targetARN: + description: The mobile platform endpoint ARN if message + is delivered via mobile notifications. If you don't + specify this value, you must specify a value for the + topic_arn or PhoneNumber. + type: string + topicARN: + description: SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic + If you don't specify this value, you must specify a + value for the PhoneNumber or TargetARN. + type: string + type: object + type: array + telegramConfigs: + description: List of Telegram configurations. + items: + description: TelegramConfig configures notifications via Telegram. + See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config + properties: + apiURL: + description: The Telegram API URL i.e. https://api.telegram.org. + If not specified, default API URL will be used. + type: string + botToken: + description: "Telegram bot token. It is mutually exclusive + with `botTokenFile`. The secret needs to be in the same + namespace as the AlertmanagerConfig object and accessible + by the Prometheus Operator. \n Either `botToken` or + `botTokenFile` is required." + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + botTokenFile: + description: "File to read the Telegram bot token from. + It is mutually exclusive with `botToken`. Either `botToken` + or `botTokenFile` is required. \n It requires Alertmanager + >= v0.26.0." + type: string + chatID: + description: The Telegram chat ID. + format: int64 + type: integer + disableNotifications: + description: Disable telegram notifications + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: Message template + type: string + parseMode: + description: Parse mode for telegram message + enum: + - MarkdownV2 + - Markdown + - HTML + type: string + sendResolved: + description: Whether to notify about resolved alerts. + type: boolean + type: object + type: array + victoropsConfigs: + description: List of VictorOps configurations. + items: + description: VictorOpsConfig configures notifications via + VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config + properties: + apiKey: + description: The secret's key that contains the API key + to use when talking to the VictorOps API. The secret + needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + apiUrl: + description: The VictorOps API URL. + type: string + customFields: + description: Additional custom fields for notification. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entityDisplayName: + description: Contains summary of the alerted problem. + type: string + httpConfig: + description: The HTTP client's configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + messageType: + description: Describes the behavior of the alert (CRITICAL, + WARNING, INFO). + type: string + monitoringTool: + description: The monitoring tool the state message is + from. + type: string + routingKey: + description: A key used to map the alert to a team. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + stateMessage: + description: Contains long explanation of the alerted + problem. + type: string + type: object + type: array + webexConfigs: + description: List of Webex configurations. + items: + description: WebexConfig configures notification via Cisco + Webex See https://prometheus.io/docs/alerting/latest/configuration/#webex_config + properties: + apiURL: + description: The Webex Teams API URL i.e. https://webexapis.com/v1/messages + Provide if different from the default API URL. + pattern: ^https?://.+$ + type: string + httpConfig: + description: The HTTP client's configuration. You must + supply the bot token via the `httpConfig.authorization` + field. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: Message template + type: string + roomID: + description: ID of the Webex Teams room where to send + the messages. + minLength: 1 + type: string + sendResolved: + description: Whether to notify about resolved alerts. + type: boolean + required: + - roomID + type: object + type: array + webhookConfigs: + description: List of webhook configurations. + items: + description: WebhookConfig configures notifications via a + generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config + properties: + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + maxAlerts: + description: Maximum number of alerts to be sent per webhook + message. When 0, all alerts are included. + format: int32 + minimum: 0 + type: integer + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + url: + description: The URL to send HTTP POST requests to. `urlSecret` + takes precedence over `url`. One of `urlSecret` and + `url` should be defined. + type: string + urlSecret: + description: The secret's key that contains the webhook + URL to send HTTP requests to. `urlSecret` takes precedence + over `url`. One of `urlSecret` and `url` should be defined. + The secret needs to be in the same namespace as the + AlertmanagerConfig object and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + type: array + wechatConfigs: + description: List of WeChat configurations. + items: + description: WeChatConfig configures notifications via WeChat. + See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config + properties: + agentID: + type: string + apiSecret: + description: The secret's key that contains the WeChat + API key. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + apiURL: + description: The WeChat API URL. + type: string + corpID: + description: The corp id for authentication. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: API request data as defined by the WeChat + API. + type: string + messageType: + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + toParty: + type: string + toTag: + type: string + toUser: + type: string + type: object + type: array + required: + - name + type: object + type: array + route: + description: The Alertmanager route definition for alerts matching + the resource's namespace. If present, it will be added to the generated + Alertmanager configuration as a first-level route. + properties: + activeTimeIntervals: + description: ActiveTimeIntervals is a list of MuteTimeInterval + names when this route should be active. + items: + type: string + type: array + continue: + description: Boolean indicating whether an alert should continue + matching subsequent sibling nodes. It will always be overridden + to true for the first-level route by the Prometheus operator. + type: boolean + groupBy: + description: List of labels to group by. Labels must not be repeated + (unique list). Special label "..." (aggregate by all possible + labels), if provided, must be the only element in the list. + items: + type: string + type: array + groupInterval: + description: 'How long to wait before sending an updated notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "5m"' + type: string + groupWait: + description: 'How long to wait before sending the initial notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "30s"' + type: string + matchers: + description: 'List of matchers that the alert''s labels should + match. For the first level route, the operator removes any existing + equality and regexp matcher on the `namespace` label and adds + a `namespace: ` matcher.' + items: + description: Matcher defines how to match on alert's labels. + properties: + matchType: + description: Match operation available with AlertManager + >= v0.22.0 and takes precedence over Regex (deprecated) + if non-empty. + enum: + - '!=' + - = + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression + (true). Deprecated as of AlertManager >= v0.22.0 where + a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + muteTimeIntervals: + description: 'Note: this comment applies to the field definition + above but appears below otherwise it gets included in the generated + manifest. CRD schema doesn''t support self-referential types + for now (see https://github.com/kubernetes/kubernetes/issues/62872). + We have to use an alternative type to circumvent the limitation. + The downside is that the Kube API can''t validate the data beyond + the fact that it is a valid JSON representation. MuteTimeIntervals + is a list of MuteTimeInterval names that will mute this route + when matched,' + items: + type: string + type: array + receiver: + description: Name of the receiver for this route. If not empty, + it should be listed in the `receivers` field. + type: string + repeatInterval: + description: 'How long to wait before repeating the last notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "4h"' + type: string + routes: + description: Child routes. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-alertmanagers.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-alertmanagers.yaml new file mode 100644 index 0000000000..3cc6d45dc5 --- /dev/null +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-alertmanagers.yaml @@ -0,0 +1,7411 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: alertmanagers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Alertmanager + listKind: AlertmanagerList + plural: alertmanagers + shortNames: + - am + singular: alertmanager + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of Alertmanager + jsonPath: .spec.version + name: Version + type: string + - description: The number of desired replicas + jsonPath: .spec.replicas + name: Replicas + type: integer + - description: The number of ready replicas + jsonPath: .status.availableReplicas + name: Ready + type: integer + - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status + name: Reconciled + type: string + - jsonPath: .status.conditions[?(@.type == 'Available')].status + name: Available + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Whether the resource reconciliation is paused or not + jsonPath: .status.paused + name: Paused + priority: 1 + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Alertmanager + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalPeers: + description: AdditionalPeers allows injecting a set of additional + Alertmanagers to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertmanagerConfigMatcherStrategy: + description: The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig + objects match the alerts. In the future more options may be added. + properties: + type: + default: OnNamespace + description: If set to `OnNamespace`, the operator injects a label + matcher matching the namespace of the AlertmanagerConfig object + for all its routes and inhibition rules. `None` will not add + any additional matchers other than the ones specified in the + AlertmanagerConfig. Default is `OnNamespace`. + enum: + - OnNamespace + - None + type: string + type: object + alertmanagerConfigNamespaceSelector: + description: Namespaces to be selected for AlertmanagerConfig discovery. + If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + alertmanagerConfigSelector: + description: AlertmanagerConfigs to be selected for to merge and configure + Alertmanager with. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + alertmanagerConfiguration: + description: 'EXPERIMENTAL: alertmanagerConfiguration specifies the + configuration of Alertmanager. If defined, it takes precedence over + the `configSecret` field. This field may change in future releases.' + properties: + global: + description: Defines the global parameters of the Alertmanager + configuration. + properties: + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for the + client. This is mutually exclusive with BasicAuth and + is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. The + value is case-insensitive. \n \"Basic\" is not a + supported value. \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, BasicAuth + takes precedence. + properties: + password: + description: The secret in the service monitor namespace + that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace + that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. The + secret needs to be in the same namespace as the Alertmanager + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies whether the client + should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch a + token for the targets. + properties: + clientId: + description: The secret or configmap containing the + OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client + secret + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file + for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + opsGenieApiKey: + description: The default OpsGenie API Key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + opsGenieApiUrl: + description: The default OpsGenie API URL. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + pagerdutyUrl: + description: The default Pagerduty URL. + type: string + resolveTimeout: + description: ResolveTimeout is the default value used by alertmanager + if the alert does not include EndsAt, after this time passes + it can declare the alert as resolved if it has not been + updated. This has no impact on alerts from Prometheus, as + they always include EndsAt. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + slackApiUrl: + description: The default Slack API URL. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + smtp: + description: Configures global SMTP parameters. + properties: + authIdentity: + description: SMTP Auth using PLAIN + type: string + authPassword: + description: SMTP Auth using LOGIN and PLAIN. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authSecret: + description: SMTP Auth using CRAM-MD5. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authUsername: + description: SMTP Auth using CRAM-MD5, LOGIN and PLAIN. + If empty, Alertmanager doesn't authenticate to the SMTP + server. + type: string + from: + description: The default SMTP From header field. + type: string + hello: + description: The default hostname to identify to the SMTP + server. + type: string + requireTLS: + description: The default SMTP TLS requirement. Note that + Go does not support unencrypted connections to remote + SMTP endpoints. + type: boolean + smartHost: + description: The default SMTP smarthost used for sending + emails. + properties: + host: + description: Defines the host's address, it can be + a DNS name or a literal IP address. + minLength: 1 + type: string + port: + description: Defines the host's port, it can be a + literal port number or a port name. + minLength: 1 + type: string + required: + - host + - port + type: object + type: object + type: object + name: + description: The name of the AlertmanagerConfig resource which + is used to generate the Alertmanager configuration. It must + be defined in the same namespace as the Alertmanager object. + The operator will not enforce a `namespace` label for routes + and inhibition rules. + minLength: 1 + type: string + templates: + description: Custom notification templates. + items: + description: SecretOrConfigMap allows to specify data as a Secret + or ConfigMap. Fields are mutually exclusive. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + type: object + automountServiceAccountToken: + description: 'AutomountServiceAccountToken indicates whether a service + account token should be automatically mounted in the pod. If the + service account has `automountServiceAccountToken: true`, set the + field to `false` to opt out of automounting API credentials.' + type: boolean + baseImage: + description: 'Base image that is used to deploy pods, without tag. + Deprecated: use ''image'' instead' + type: string + clusterAdvertiseAddress: + description: 'ClusterAdvertiseAddress is the explicit address to advertise + in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. + [1] RFC1918: https://tools.ietf.org/html/rfc1918' + type: string + clusterGossipInterval: + description: Interval between gossip attempts. + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + clusterPeerTimeout: + description: Timeout for cluster peering. + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + clusterPushpullInterval: + description: Interval between pushpull attempts. + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Alertmanager object, which shall be mounted into the Alertmanager + Pods. Each ConfigMap is added to the StatefulSet definition as a + volume named `configmap-`. The ConfigMaps are mounted + into `/etc/alertmanager/configmaps/` in the 'alertmanager' + container. + items: + type: string + type: array + configSecret: + description: "ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains the configuration + for this Alertmanager instance. If empty, it defaults to `alertmanager-`. + \n The Alertmanager configuration should be available under the + `alertmanager.yaml` key. Additional keys from the original secret + are copied to the generated secret and mounted into the `/etc/alertmanager/config` + directory in the `alertmanager` container. \n If either the secret + or the `alertmanager.yaml` key is missing, the operator provisions + a minimal Alertmanager configuration with one empty receiver (effectively + dropping alert notifications)." + type: string + containers: + description: 'Containers allows injecting additional containers. This + is meant to allow adding an authentication proxy to an Alertmanager + pod. Containers described here modify an operator generated container + if they share the same name and modifications are done via a strategic + merge patch. The current container names are: `alertmanager` and + `config-reloader`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you + accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + externalUrl: + description: The external URL the Alertmanager instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Alertmanager is not served from root of a DNS name. + type: string + forceEnableClusterMode: + description: ForceEnableClusterMode ensures Alertmanager does not + deactivate the cluster mode when running with a single replica. + Use case is e.g. spanning an Alertmanager cluster across Kubernetes + clusters with a single replica in each. + type: boolean + hostAliases: + description: Pods' hostAliases configuration + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + required: + - hostnames + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + image: + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Alertmanager + is being configured. + type: string + imagePullPolicy: + description: Image pull policy for the 'alertmanager', 'init-config-reloader' + and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy + for more details. + enum: + - "" + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same + namespace to use for pulling prometheus and alertmanager images + from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Alertmanager configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart + of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + InitContainers described here modify an operator generated init + containers if they share the same name and modifications are done + via a strategic merge patch. The current init container name is: + `init-config-reloader`. Overriding init containers is entirely outside + the scope of what the maintainers will support and by doing so, + you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, + so that it does not bind against the Pod IP. Note this is only for + the Alertmanager UI, not the gossip communication. + type: boolean + logFormat: + description: Log format for Alertmanager to be configured with. + enum: + - "" + - logfmt + - json + type: string + logLevel: + description: Log level for Alertmanager to be configured with. + enum: + - "" + - debug + - info + - warn + - error + type: string + minReadySeconds: + description: Minimum number of seconds for which a newly created pod + should be ready without any of its container crashing for it to + be considered available. Defaults to 0 (pod will be considered available + as soon as it is ready) This is an alpha field from kubernetes 1.22 + until 1.24 which requires enabling the StatefulSetMinReadySeconds + feature gate. + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + paused: + description: If set to true all actions on the underlying managed + objects are not goint to be performed, except for delete actions. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the alertmanager pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required + when creating resources, although some resources may allow a + client to request the generation of an appropriate name automatically. + Name is primarily intended for creation idempotence and configuration + definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + portName: + default: web + description: Port name used for the pods and governing service. Defaults + to `web`. + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + replicas: + description: Size is the expected size of the alertmanager cluster. + The controller will eventually make the size of the running cluster + equal to the expected size. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + retention: + default: 120h + description: Time duration Alertmanager shall retain data for. Default + is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` + (milliseconds seconds minutes hours). + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + routePrefix: + description: The route prefix Alertmanager registers HTTP handlers + for. This is useful, if using ExternalURL and a proxy is rewriting + HTTP routes of a request, and the actual ExternalURL is still true, + but the server serves requests under a different route prefix. For + example for use with `kubectl proxy`. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as + the Alertmanager object, which shall be mounted into the Alertmanager + Pods. Each Secret is added to the StatefulSet definition as a volume + named `secret-`. The Secrets are mounted into `/etc/alertmanager/secrets/` + in the 'alertmanager' container. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit is + set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions of + any volume. Note that this field cannot be set when spec.os.name + is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, configmaps + and emptydir. Valid values are "OnRootMismatch" and "Always". + If not specified, "Always" is used. Note that this field cannot + be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers in this + pod. Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must be + preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must be set if type is "Localhost". Must NOT be + set for any other type. + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a profile + defined in a file on the node should be used. RuntimeDefault + - the container runtime default profile should be used. + Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary GID, + the fsGroup (if specified), and group memberships defined in + the container image for the uid of the container process. If + unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image for + the uid of the container process are still effective, even if + they are not included in this list. Note that this field cannot + be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. Note that this field cannot be set when + spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. All of a Pod's containers + must have the same effective HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to use to run the Prometheus Pods. + type: string + sha: + description: 'SHA of Alertmanager container image to be deployed. + Defaults to the value of `version`. Similar to a tag, but the SHA + explicitly deploys an immutable container image. Version and Tag + are ignored if SHA is set. Deprecated: use ''image'' instead. The + image digest can be specified as part of the image URL.' + type: string + storage: + description: Storage is the definition of how storage will be used + by the Alertmanager instances. + properties: + disableMountSubPath: + description: '*Deprecated: subPath usage will be removed in a + future release.*' + type: boolean + emptyDir: + description: 'EmptyDirVolumeSource to be used by the StatefulSet. + If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all containers + in a pod. The default is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: 'EphemeralVolumeSource to be used by the StatefulSet. + This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, + starting with k8s 1.19, it requires enabling the GenericEphemeralVolume + feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC will + be deleted together with the pod. The name of the PVC will + be `-` where `` is the + name from the `PodSpec.Volumes` array entry. Pod validation + will reject the pod if the concatenated name is not valid + for a PVC (for example, too long). \n An existing PVC with + that name that is not owned by the pod will *not* be used + for the pod to avoid using an unrelated volume by mistake. + Starting the pod is then blocked until the unrelated PVC + is removed. If such a pre-created PVC is meant to be used + by the pod, the PVC has to updated with an owner reference + to the pod once the pod exists. Normally this should not + be necessary, but it may be useful when manually reconstructing + a broken cluster. \n This field is read-only and no changes + will be made by Kubernetes to the PVC after it has been + created. \n Required, must not be nil." + properties: + metadata: + description: May contain labels and annotations that will + be copied into the PVC when creating it. No other fields + are allowed and will be rejected during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified data + source. When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be copied to + dataSourceRef, and dataSourceRef contents will be + copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a + non-empty API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one + of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. + There are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is + specified. * While dataSource only allows local + objects, dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept the + reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It + can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem is + implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + volumeClaimTemplate: + description: Defines the PVC spec to be used by the Prometheus + StatefulSets. The easiest way to use a volume that cannot be + automatically provisioned is to use a label selector alongside + manually created PersistentVolumes. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: EmbeddedMetadata contains metadata relevant to + an EmbeddedResource. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. + Is required when creating resources, although some resources + may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be + updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + spec: + description: 'Defines the desired characteristics of a volume + requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified + data source, it will create a new volume based on the + contents of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, then + dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic provisioner. + This field will replace the functionality of the dataSource + field and as such if both fields are non-empty, they + must have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, both + fields (dataSource and dataSourceRef) will be set to + the same value automatically if one of them is empty + and the other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the same + value and must be empty. There are three important differences + between dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature gate + to be enabled. (Alpha) Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant object + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the + ReferenceGrant documentation for details. (Alpha) + This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify resource + requirements that are lower than previous value but + must still be higher than capacity recorded in the status + field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable. It can only be set for + containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is + required by the claim. Value of Filesystem is implied + when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: '*Deprecated: this field is never set.*' + properties: + accessModes: + description: 'accessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n ClaimResourceStatus can be + in any of following states: - ControllerResizeInProgress: + State set when resize controller starts resizing the + volume in control-plane. - ControllerResizeFailed: State + set when resize has failed in resize controller with + a terminal error. - NodeResizePending: State set when + resize controller has finished resizing the volume but + further resizing of volume is needed on the node. - + NodeResizeInProgress: State set when kubelet starts + resizing the volume. - NodeResizeFailed: State set when + resizing has failed in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. For example: + if expanding a PVC for more capacity - this field can + be one of the following states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field is not set, it + means that no resize operation is in progress for the + given PVC. \n A controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus + should ignore the update for the purpose it was designed. + For example - a controller that only is responsible + for resizing capacity of the volume, should ignore PVC + updates that change other valid resources associated + with PVC. \n This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n Capacity reported here may + be larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume expansion + capacity request is lowered, allocatedResources is only + lowered if there are no expansion operations in progress + and if the actual volume capacity is equal or lower + than the requested capacity. \n A controller that receives + PVC update with previously unknown resourceName should + ignore the update for the purpose it was designed. For + example - a controller that only is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid resources associated with PVC. + \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: conditions is the current Condition of persistent + volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: reason is a unique, this should be + a short, machine understandable string that gives + the reason for condition's last transition. If + it reports "ResizeStarted" that means the underlying + persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: 'Tag of Alertmanager container image to be deployed. + Defaults to the value of `version`. Version is ignored if Tag is + set. Deprecated: use ''image'' instead. The image tag can be specified + as part of the image URL.' + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: If specified, the pod's topology spread constraints. + items: + description: TopologySpreadConstraint specifies how to spread matching + pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. Pods + that match this label selector are counted to determine the + number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select + the pods over which spreading will be calculated. The keys + are used to lookup values from the incoming pod labels, those + key-value labels are ANDed with labelSelector to select the + group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in + both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. Keys that don't exist + in the incoming pod labels will be ignored. A null or empty + list means only match against labelSelector. \n This is a + beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods + in an eligible domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum is 1. | + zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to zone3 to become + 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) + on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that satisfy + it. It''s a required field. Default value is 1 and 0 is not + allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number of eligible + domains. When the number of eligible domains with matching + topology keys is less than minDomains, Pod Topology Spread + treats \"global minimum\" as 0, and then the calculation of + Skew is performed. And when the number of eligible domains + with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. As a result, when + the number of eligible domains is less than minDomains, scheduler + won't schedule more than maxSkew Pods to those domains. If + value is nil, the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than 0. When value + is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For + example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector spread as + 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | + The number of domains is less than 5(MinDomains), so \"global + minimum\" is treated as 0. In this situation, new pod with + the same labelSelector cannot be scheduled, because computed + skew will be 3(3 - 0) if new Pod is scheduled to any of the + three zones, it will violate MaxSkew. \n This is a beta field + and requires the MinDomainsInPodTopologySpread feature gate + to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat + Pod's nodeAffinity/nodeSelector when calculating pod topology + spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. \n + If this value is nil, the behavior is equivalent to the Honor + policy. This is a beta-level feature default enabled by the + NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node + taints when calculating pod topology spread skew. Options + are: - Honor: nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + \n If this value is nil, the behavior is equivalent to the + Ignore policy. This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. Nodes that + have a label with this key and identical values are considered + to be in the same topology. We consider each + as a "bucket", and try to put balanced number of pods into + each bucket. We define a domain as a particular instance of + a topology. Also, we define an eligible domain as a domain + whose nodes meet the requirements of nodeAffinityPolicy and + nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain of + that topology. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a + pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it. - ScheduleAnyway + tells the scheduler to schedule the pod in any location, but + giving higher precedence to topologies that would help reduce + the skew. A constraint is considered "Unsatisfiable" for an + incoming pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some topology. For + example, in a 3-zone cluster, MaxSkew is set to 1, and pods + with the same labelSelector spread as 3/1/1: | zone1 | zone2 + | zone3 | | P P P | P | P | If WhenUnsatisfiable is + set to DoNotSchedule, incoming pod can only be scheduled to + zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on + zone2(zone3) satisfies MaxSkew(1). In other words, the cluster + can still be imbalanced, but scheduler won''t make it *more* + imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + version: + description: Version the cluster should be on. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the alertmanager container, + that are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When + not set, MountPropagationNone is used. This field is beta + in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the + container's volume should be mounted. Behaves similarly to + SubPath but environment variable references $(VAR_NAME) are + expanded using the container's environment. Defaults to "" + (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on + the output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use this + if: a) the volume is only needed while the pod runs, b) features + of normal volumes like restoring from snapshot or capacity + tracking are needed, c) the storage driver is specified through + a storage class, and d) the storage driver supports dynamic + volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this volume + type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n Use + CSI for light-weight local ephemeral volumes if the CSI driver + is meant to be used that way - see the documentation of the + driver for more information. \n A pod can use both types of + ephemeral volumes and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of the + PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. + Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). \n + An existing PVC with that name that is not owned by the + pod will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC + is meant to be used by the pod, the PVC has to updated + with an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may be useful + when manually reconstructing a broken cluster. \n This + field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, must + not be nil." + properties: + metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No other + fields are allowed and will be rejected during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, if + a non-empty volume is desired. This may be any + object from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed + if the type of the specified object matches some + installed volume populator or dynamic provisioner. + This field will replace the functionality of the + dataSource field and as such if both fields are + non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value + automatically if one of them is empty and the + other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the + same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types + of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and + generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the + namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to + be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If Requests + is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to + the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export to + be mounted with read-only permissions. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents a + reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience + of the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, the + kubelet volume plugin will proactively rotate + the service account token. The kubelet will + start trying to rotate the token if the token + is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the + mount point of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default is no + group + type: string + readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. + type: boolean + registry: + description: registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: user to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is + nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within + a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to + override the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + web: + description: Defines the web command line flags when starting Alertmanager. + properties: + getConcurrency: + description: Maximum number of GET requests processed concurrently. + This corresponds to the Alertmanager's `--web.get-concurrency` + flag. + format: int32 + type: integer + httpConfig: + description: Defines HTTP parameters for web server. + properties: + headers: + description: List of headers that can be added to HTTP responses. + properties: + contentSecurityPolicy: + description: Set the Content-Security-Policy header to + HTTP responses. Unset if blank. + type: string + strictTransportSecurity: + description: Set the Strict-Transport-Security header + to HTTP responses. Unset if blank. Please make sure + that you use this with care as this header might force + browsers to load Prometheus and the other applications + hosted on the same domain and subdomains over HTTPS. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security + type: string + xContentTypeOptions: + description: Set the X-Content-Type-Options header to + HTTP responses. Unset if blank. Accepted value is nosniff. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + enum: + - "" + - NoSniff + type: string + xFrameOptions: + description: Set the X-Frame-Options header to HTTP responses. + Unset if blank. Accepted values are deny and sameorigin. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + enum: + - "" + - Deny + - SameOrigin + type: string + xXSSProtection: + description: Set the X-XSS-Protection header to all responses. + Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection + type: string + type: object + http2: + description: Enable HTTP/2 support. Note that HTTP/2 is only + supported with TLS. When TLSConfig is not configured, HTTP/2 + will be disabled. Whenever the value of the field changes, + a rolling update will be triggered. + type: boolean + type: object + timeout: + description: Timeout for HTTP requests. This corresponds to the + Alertmanager's `--web.timeout` flag. + format: int32 + type: integer + tlsConfig: + description: Defines the TLS parameters for HTTPS. + properties: + cert: + description: Contains the TLS certificate for the server. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cipherSuites: + description: 'List of supported cipher suites for TLS versions + up to TLS 1.2. If empty, Go default cipher suites are used. + Available cipher suites are documented in the go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants' + items: + type: string + type: array + client_ca: + description: Contains the CA certificate for client certificate + authentication to the server. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientAuthType: + description: 'Server policy for client authentication. Maps + to ClientAuth Policies. For more detail on clientAuth options: + https://golang.org/pkg/crypto/tls/#ClientAuthType' + type: string + curvePreferences: + description: 'Elliptic curves that will be used in an ECDHE + handshake, in preference order. Available curves are documented + in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID' + items: + type: string + type: array + keySecret: + description: Secret containing the TLS key for the server. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: Maximum TLS version that is acceptable. Defaults + to TLS13. + type: string + minVersion: + description: Minimum TLS version that is acceptable. Defaults + to TLS12. + type: string + preferServerCipherSuites: + description: Controls whether the server selects the client's + most preferred cipher suite, or the server's most preferred + cipher suite. If true then the server's preference, as expressed + in the order of elements in cipherSuites, is used. + type: boolean + required: + - cert + - keySecret + type: object + type: object + type: object + status: + description: 'Most recent observed status of the Alertmanager cluster. + Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Alertmanager cluster. + format: int32 + type: integer + conditions: + description: The current state of the Alertmanager object. + items: + description: Condition represents the state of the resources associated + with the Prometheus, Alertmanager or ThanosRuler resource. + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status property. + format: date-time + type: string + message: + description: Human-readable message indicating details for the + condition's last transition. + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if `.metadata.generation` + is currently 12, but the `.status.conditions[].observedGeneration` + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. + type: string + status: + description: Status of the condition. + type: string + type: + description: Type of the condition being reported. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + paused: + description: Represents whether any actions on the underlying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this + Alertmanager object (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager + object. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this + Alertmanager object that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-podmonitors.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-podmonitors.yaml new file mode 100644 index 0000000000..ceaf19e9e8 --- /dev/null +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-podmonitors.yaml @@ -0,0 +1,691 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + shortNames: + - pmon + singular: podmonitor + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Pod selection for target discovery + by Prometheus. + properties: + attachMetadata: + description: Attaches node metadata to discovered targets. Requires + Prometheus v2.35.0 and above. + properties: + node: + description: When set to true, Prometheus must have permissions + to get Nodes. + type: boolean + type: object + jobLabel: + description: The label to use to retrieve the job name from. + type: string + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer + labelLimit: + description: Per-scrape limit on number of labels that will be accepted + for a sample. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be + accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: Per-scrape limit on length of labels value that will + be accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. + format: int64 + type: integer + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names to select from. + items: + type: string + type: array + type: object + podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. + items: + description: PodMetricsEndpoint defines a scrapeable endpoint of + a Kubernetes Pod serving Prometheus metrics. + properties: + authorization: + description: Authorization section for this endpoint + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. The value + is case-insensitive. \n \"Basic\" is not a supported value. + \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over + basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' + properties: + password: + description: The secret in the service monitor namespace + that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace + that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping + targets. The secret needs to be in the same namespace as the + pod monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: Whether to enable HTTP2. + type: boolean + filterRunning: + description: 'Drop pods that are not running. (Failed, Succeeded). + Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' + type: boolean + followRedirects: + description: FollowRedirects configures whether scrape requests + follow HTTP 3xx redirects. + type: boolean + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped If + not specified Prometheus' global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before + ingestion. + items: + description: "RelabelConfig allows dynamic rewriting of the + label set for targets, alerts, scraped samples and remote + write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + properties: + action: + default: replace + description: "Action to perform based on the regex matching. + \n `Uppercase` and `Lowercase` actions require Prometheus + >= v2.36.0. `DropEqual` and `KeepEqual` actions require + Prometheus >= v2.41.0. \n Default: \"Replace\"" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: "Modulus to take of the hash of the source + label values. \n Only applicable when the action is + `HashMod`." + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: "Replacement value against which a Replace + action is performed if the regular expression matches. + \n Regex capture groups are available." + type: string + separator: + description: Separator is the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + Separator and matched against the configured regular + expression. + items: + description: LabelName is a valid Prometheus label name + which may only contain ASCII letters, numbers, as + well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: "Label to which the resulting string is written + in a replacement. \n It is mandatory for `Replace`, + `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and + `DropEqual` actions. \n Regex capture groups are available." + type: string + type: object + type: array + oauth2: + description: OAuth2 for the URL. Only valid in Prometheus versions + 2.27.0 and newer. + properties: + clientId: + description: The secret or configmap containing the OAuth2 + client id + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. If empty, Prometheus + uses the default value (e.g. `/metrics`). + type: string + port: + description: Name of the pod port this endpoint refers to. Mutually + exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. + Prometheus Operator automatically adds relabelings for a few + standard Kubernetes fields. The original scrape job''s name + is available via the `__tmp_prometheus_job_name` label. More + info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: "RelabelConfig allows dynamic rewriting of the + label set for targets, alerts, scraped samples and remote + write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + properties: + action: + default: replace + description: "Action to perform based on the regex matching. + \n `Uppercase` and `Lowercase` actions require Prometheus + >= v2.36.0. `DropEqual` and `KeepEqual` actions require + Prometheus >= v2.41.0. \n Default: \"Replace\"" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: "Modulus to take of the hash of the source + label values. \n Only applicable when the action is + `HashMod`." + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: "Replacement value against which a Replace + action is performed if the regular expression matches. + \n Regex capture groups are available." + type: string + separator: + description: Separator is the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + Separator and matched against the configured regular + expression. + items: + description: LabelName is a valid Prometheus label name + which may only contain ASCII letters, numbers, as + well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: "Label to which the resulting string is written + in a replacement. \n It is mandatory for `Replace`, + `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and + `DropEqual` actions. \n Regex capture groups are available." + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. `http` and `https` + are the expected values unless you rewrite the `__scheme__` + label via relabeling. If empty, Prometheus uses the default + value `http`. + enum: + - http + - https + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended If not + specified, the Prometheus global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Deprecated: Use ''port'' instead.' + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Pod objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + targetLimit: + description: TargetLimit defines a limit on the number of scraped + targets that will be accepted. + format: int64 + type: integer + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-probes.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-probes.yaml new file mode 100644 index 0000000000..1ebe86f1fa --- /dev/null +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-probes.yaml @@ -0,0 +1,733 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: probes.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Probe + listKind: ProbeList + plural: probes + shortNames: + - prb + singular: probe + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Probe defines monitoring for a set of static targets or ingresses. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Ingress selection for target discovery + by Prometheus. + properties: + authorization: + description: Authorization section for this endpoint + properties: + credentials: + description: Selects a key of a Secret in the namespace that contains + the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. The value is case-insensitive. + \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over basic + authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping targets. + The secret needs to be in the same namespace as the probe and accessible + by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + interval: + description: Interval at which targets are probed using the configured + prober. If not specified Prometheus' global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + jobName: + description: The job name assigned to scraped metrics by default. + type: string + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer + labelLimit: + description: Per-scrape limit on number of labels that will be accepted + for a sample. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be + accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: Per-scrape limit on length of labels value that will + be accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. + format: int64 + type: integer + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: "RelabelConfig allows dynamic rewriting of the label + set for targets, alerts, scraped samples and remote write samples. + \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + properties: + action: + default: replace + description: "Action to perform based on the regex matching. + \n `Uppercase` and `Lowercase` actions require Prometheus + >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus + >= v2.41.0. \n Default: \"Replace\"" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: "Modulus to take of the hash of the source label + values. \n Only applicable when the action is `HashMod`." + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: "Replacement value against which a Replace action + is performed if the regular expression matches. \n Regex capture + groups are available." + type: string + separator: + description: Separator is the string between concatenated SourceLabels. + type: string + sourceLabels: + description: The source labels select values from existing labels. + Their content is concatenated using the configured Separator + and matched against the configured regular expression. + items: + description: LabelName is a valid Prometheus label name which + may only contain ASCII letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: "Label to which the resulting string is written + in a replacement. \n It is mandatory for `Replace`, `HashMod`, + `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. + \n Regex capture groups are available." + type: string + type: object + type: array + module: + description: 'The module to use for probing specifying how to probe + the target. Example module configuring in the blackbox exporter: + https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' + type: string + oauth2: + description: OAuth2 for the URL. Only valid in Prometheus versions + 2.27.0 and newer. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client + id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + prober: + description: Specification for the prober to use for probing targets. + The prober.URL parameter is required. Targets cannot be probed if + left empty. + properties: + path: + default: /probe + description: Path to collect metrics from. Defaults to `/probe`. + type: string + proxyUrl: + description: Optional ProxyURL. + type: string + scheme: + description: HTTP scheme to use for scraping. `http` and `https` + are the expected values unless you rewrite the `__scheme__` + label via relabeling. If empty, Prometheus uses the default + value `http`. + enum: + - http + - https + type: string + url: + description: Mandatory URL of the prober. + type: string + required: + - url + type: object + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + scrapeTimeout: + description: Timeout for scraping metrics from the Prometheus exporter. + If not specified, the Prometheus global scrape timeout is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + targetLimit: + description: TargetLimit defines a limit on the number of scraped + targets that will be accepted. + format: int64 + type: integer + targets: + description: Targets defines a set of static or dynamically discovered + targets to probe. + properties: + ingress: + description: ingress defines the Ingress objects to probe and + the relabeling configuration. If `staticConfig` is also defined, + `staticConfig` takes precedence. + properties: + namespaceSelector: + description: From which namespaces to select Ingress objects. + properties: + any: + description: Boolean describing whether all namespaces + are selected in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names to select from. + items: + type: string + type: array + type: object + relabelingConfigs: + description: 'RelabelConfigs to apply to the label set of + the target before it gets scraped. The original ingress + address is available via the `__tmp_prometheus_ingress_address` + label. It can be used to customize the probed URL. The original + scrape job''s name is available via the `__tmp_prometheus_job_name` + label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: "RelabelConfig allows dynamic rewriting of + the label set for targets, alerts, scraped samples and + remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + properties: + action: + default: replace + description: "Action to perform based on the regex matching. + \n `Uppercase` and `Lowercase` actions require Prometheus + >= v2.36.0. `DropEqual` and `KeepEqual` actions require + Prometheus >= v2.41.0. \n Default: \"Replace\"" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: "Modulus to take of the hash of the source + label values. \n Only applicable when the action is + `HashMod`." + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: "Replacement value against which a Replace + action is performed if the regular expression matches. + \n Regex capture groups are available." + type: string + separator: + description: Separator is the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + Separator and matched against the configured regular + expression. + items: + description: LabelName is a valid Prometheus label + name which may only contain ASCII letters, numbers, + as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: "Label to which the resulting string is + written in a replacement. \n It is mandatory for `Replace`, + `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and + `DropEqual` actions. \n Regex capture groups are available." + type: string + type: object + type: array + selector: + description: Selector to select the Ingress objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + staticConfig: + description: 'staticConfig defines the static list of targets + to probe and the relabeling configuration. If `ingress` is also + defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' + properties: + labels: + additionalProperties: + type: string + description: Labels assigned to all metrics scraped from the + targets. + type: object + relabelingConfigs: + description: 'RelabelConfigs to apply to the label set of + the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: "RelabelConfig allows dynamic rewriting of + the label set for targets, alerts, scraped samples and + remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + properties: + action: + default: replace + description: "Action to perform based on the regex matching. + \n `Uppercase` and `Lowercase` actions require Prometheus + >= v2.36.0. `DropEqual` and `KeepEqual` actions require + Prometheus >= v2.41.0. \n Default: \"Replace\"" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: "Modulus to take of the hash of the source + label values. \n Only applicable when the action is + `HashMod`." + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: "Replacement value against which a Replace + action is performed if the regular expression matches. + \n Regex capture groups are available." + type: string + separator: + description: Separator is the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + Separator and matched against the configured regular + expression. + items: + description: LabelName is a valid Prometheus label + name which may only contain ASCII letters, numbers, + as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: "Label to which the resulting string is + written in a replacement. \n It is mandatory for `Replace`, + `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and + `DropEqual` actions. \n Regex capture groups are available." + type: string + type: object + type: array + static: + description: The list of hosts to probe. + items: + type: string + type: array + type: object + type: object + tlsConfig: + description: TLS configuration to use when scraping the endpoint. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-prometheusagents.yaml b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-prometheusagents.yaml new file mode 100644 index 0000000000..3359beebff --- /dev/null +++ b/kubernetes/helm_charts/monitoring/prometheus-operator/charts/crds/crds/crd-prometheusagents.yaml @@ -0,0 +1,8405 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.68.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: prometheusagents.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: PrometheusAgent + listKind: PrometheusAgentList + plural: prometheusagents + shortNames: + - promagent + singular: prometheusagent + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of Prometheus agent + jsonPath: .spec.version + name: Version + type: string + - description: The number of desired replicas + jsonPath: .spec.replicas + name: Desired + type: integer + - description: The number of ready replicas + jsonPath: .status.availableReplicas + name: Ready + type: integer + - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status + name: Reconciled + type: string + - jsonPath: .status.conditions[?(@.type == 'Available')].status + name: Available + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Whether the resource reconciliation is paused or not + jsonPath: .status.paused + name: Paused + priority: 1 + type: boolean + name: v1alpha1 + schema: + openAPIV3Schema: + description: PrometheusAgent defines a Prometheus agent deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Prometheus + agent. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalArgs: + description: "AdditionalArgs allows setting additional arguments for + the 'prometheus' container. \n It is intended for e.g. activating + hidden flags which are not supported by the dedicated configuration + options yet. The arguments are passed as-is to the Prometheus container + which may cause issues if they are invalid or not supported by the + given Prometheus version. \n In case of an argument conflict (e.g. + an argument which is already set by the operator itself) or when + providing an invalid argument, the reconciliation will fail and + an error will be logged." + items: + description: Argument as part of the AdditionalArgs list. + properties: + name: + description: Name of the argument, e.g. "scrape.discovery-reload-interval". + minLength: 1 + type: string + value: + description: Argument value, e.g. 30s. Can be empty for name-only + arguments (e.g. --storage.tsdb.no-lockfile) + type: string + required: + - name + type: object + type: array + additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a + Secret containing additional Prometheus scrape configurations. Scrape + configurations specified are appended to the configurations generated + by the Prometheus Operator. Job configurations specified must have + the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make + sure it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible scrape configs are + going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + affinity: + description: Defines the Pods' affinity scheduling rules if specified. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + apiserverConfig: + description: 'APIServerConfig allows specifying a host and auth methods + to access the Kuberntees API server. If null, Prometheus is assumed + to run inside of the cluster: it will discover the API servers automatically + and use the Pod''s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.' + properties: + authorization: + description: "Authorization section for the API server. \n Cannot + be set at the same time as `basicAuth`, `bearerToken`, or `bearerTokenFile`." + properties: + credentials: + description: Selects a key of a Secret in the namespace that + contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: File to read a secret from, mutually exclusive + with `credentials`. + type: string + type: + description: "Defines the authentication type. The value is + case-insensitive. \n \"Basic\" is not a supported value. + \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: "BasicAuth configuration for the API server. \n Cannot + be set at the same time as `authorization`, `bearerToken`, or + `bearerTokenFile`." + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerToken: + description: "*Warning: this field shouldn't be used because the + token value appears in clear-text. Prefer using `authorization`.* + \n *Deprecated: this will be removed in a future release.*" + type: string + bearerTokenFile: + description: "File to read bearer token for accessing apiserver. + \n Cannot be set at the same time as `basicAuth`, `authorization`, + or `bearerToken`. \n *Deprecated: this will be removed in a + future release. Prefer using `authorization`.*" + type: string + host: + description: Kubernetes API address consisting of a hostname or + IP address followed by an optional port number. + type: string + tlsConfig: + description: TLS Config to use for the API server. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: When true, ServiceMonitor, PodMonitor and Probe object + are forbidden to reference arbitrary files on the file system of + the 'prometheus' container. When a ServiceMonitor's endpoint specifies + a `bearerTokenFile` value (e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), + a malicious target can get access to the Prometheus service account's + token in the Prometheus' scrape request. Setting `spec.arbitraryFSAccessThroughSM` + to 'true' would prevent the attack. Users should instead provide + the credentials using the `spec.bearerTokenSecret` field. + properties: + deny: + type: boolean + type: object + bodySizeLimit: + description: BodySizeLimit defines per-scrape on response body size. + Only valid in Prometheus versions 2.45.0 and newer. + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Prometheus object, which shall be mounted into the Prometheus + Pods. Each ConfigMap is added to the StatefulSet definition as a + volume named `configmap-`. The ConfigMaps are mounted + into /etc/prometheus/configmaps/ in the 'prometheus' + container. + items: + type: string + type: array + containers: + description: "Containers allows injecting additional containers or + modifying operator generated containers. This can be used to allow + adding an authentication proxy to the Pods or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and + modifications are done via a strategic merge patch. \n The names + of containers managed by the operator are: * `prometheus` * `config-reloader` + * `thanos-sidecar` \n Overriding containers is entirely outside + the scope of what the maintainers will support and by doing so, + you accept that this behaviour may break at any time without notice." + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + enableFeatures: + description: "Enable access to Prometheus feature flags. By default, + no features are enabled. \n Enabling features which are disabled + by default is entirely outside the scope of what the maintainers + will support and by doing so, you accept that this behaviour may + break at any time without notice. \n For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/" + items: + type: string + type: array + enableRemoteWriteReceiver: + description: "Enable Prometheus to be used as a receiver for the Prometheus + remote write protocol. \n WARNING: This is not considered an efficient + way of ingesting samples. Use it with caution for specific low-volume + use cases. It is not suitable for replacing the ingestion via scraping + and turning Prometheus into a push-based metrics collection system. + For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver + \n It requires Prometheus >= v2.33.0." + type: boolean + enforcedBodySizeLimit: + description: "When defined, enforcedBodySizeLimit specifies a global + limit on the size of uncompressed response body that will be accepted + by Prometheus. Targets responding with a body larger than this many + bytes will cause the scrape to fail. \n It requires Prometheus >= + v2.28.0." + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string + enforcedKeepDroppedTargets: + description: "When defined, enforcedKeepDroppedTargets specifies a + global limit on the number of targets dropped by relabeling that + will be kept in memory. The value overrides any `spec.keepDroppedTargets` + set by ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` + is greater than zero and less than `spec.enforcedKeepDroppedTargets`. + \n It requires Prometheus >= v2.47.0." + format: int64 + type: integer + enforcedLabelLimit: + description: "When defined, enforcedLabelLimit specifies a global + limit on the number of labels per sample. The value overrides any + `spec.labelLimit` set by ServiceMonitor, PodMonitor, Probe objects + unless `spec.labelLimit` is greater than zero and less than `spec.enforcedLabelLimit`. + \n It requires Prometheus >= v2.27.0." + format: int64 + type: integer + enforcedLabelNameLengthLimit: + description: "When defined, enforcedLabelNameLengthLimit specifies + a global limit on the length of labels name per sample. The value + overrides any `spec.labelNameLengthLimit` set by ServiceMonitor, + PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is + greater than zero and less than `spec.enforcedLabelNameLengthLimit`. + \n It requires Prometheus >= v2.27.0." + format: int64 + type: integer + enforcedLabelValueLengthLimit: + description: "When not null, enforcedLabelValueLengthLimit defines + a global limit on the length of labels value per sample. The value + overrides any `spec.labelValueLengthLimit` set by ServiceMonitor, + PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is + greater than zero and less than `spec.enforcedLabelValueLengthLimit`. + \n It requires Prometheus >= v2.27.0." + format: int64 + type: integer + enforcedNamespaceLabel: + description: "When not empty, a label will be added to \n 1. All metrics + scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` + objects. 2. All metrics generated from recording rules defined in + `PrometheusRule` objects. 3. All alerts generated from alerting + rules defined in `PrometheusRule` objects. 4. All vector selectors + of PromQL expressions defined in `PrometheusRule` objects. \n The + label will not added for objects referenced in `spec.excludedFromEnforcement`. + \n The label's name is this field's value. The label's value is + the namespace of the `ServiceMonitor`, `PodMonitor`, `Probe` or + `PrometheusRule` object." + type: string + enforcedSampleLimit: + description: "When defined, enforcedSampleLimit specifies a global + limit on the number of scraped samples that will be accepted. This + overrides any `spec.sampleLimit` set by ServiceMonitor, PodMonitor, + Probe objects unless `spec.sampleLimit` is greater than zero and + less than than `spec.enforcedSampleLimit`. \n It is meant to be + used by admins to keep the overall number of samples/series under + a desired limit." + format: int64 + type: integer + enforcedTargetLimit: + description: "When defined, enforcedTargetLimit specifies a global + limit on the number of scraped targets. The value overrides any + `spec.targetLimit` set by ServiceMonitor, PodMonitor, Probe objects + unless `spec.targetLimit` is greater than zero and less than `spec.enforcedTargetLimit`. + \n It is meant to be used by admins to to keep the overall number + of targets under a desired limit." + format: int64 + type: integer + excludedFromEnforcement: + description: "List of references to PodMonitor, ServiceMonitor, Probe + and PrometheusRule objects to be excluded from enforcing a namespace + label of origin. \n It is only applicable if `spec.enforcedNamespaceLabel` + set to true." + items: + description: ObjectReference references a PodMonitor, ServiceMonitor, + Probe or PrometheusRule object. + properties: + group: + default: monitoring.coreos.com + description: Group of the referent. When not specified, it defaults + to `monitoring.coreos.com` + enum: + - monitoring.coreos.com + type: string + name: + description: Name of the referent. When not set, all resources + in the namespace are matched. + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + minLength: 1 + type: string + resource: + description: Resource of the referent. + enum: + - prometheusrules + - servicemonitors + - podmonitors + - probes + - scrapeconfigs + type: string + required: + - namespace + - resource + type: object + type: array + externalLabels: + additionalProperties: + type: string + description: The labels to add to any time series or alerts when communicating + with external systems (federation, remote storage, Alertmanager). + Labels defined by `spec.replicaExternalLabelName` and `spec.prometheusExternalLabelName` + take precedence over this list. + type: object + externalUrl: + description: The external URL under which the Prometheus service is + externally available. This is necessary to generate correct URLs + (for instance if Prometheus is accessible behind an Ingress resource). + type: string + hostAliases: + description: Optional list of hosts and IPs that will be injected + into the Pod's hosts file if specified. + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + required: + - hostnames + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostNetwork: + description: "Use the host's network namespace if true. \n Make sure + to understand the security implications if you want to enable it + (https://kubernetes.io/docs/concepts/configuration/overview/). \n + When hostNetwork is enabled, this will set the DNS policy to `ClusterFirstWithHostNet` + automatically." + type: boolean + ignoreNamespaceSelectors: + description: When true, `spec.namespaceSelector` from all PodMonitor, + ServiceMonitor and Probe objects will be ignored. They will only + discover targets within the namespace of the PodMonitor, ServiceMonitor + and Probe objec. + type: boolean + image: + description: "Container image name for Prometheus. If specified, it + takes precedence over the `spec.baseImage`, `spec.tag` and `spec.sha` + fields. \n Specifying `spec.version` is still necessary to ensure + the Prometheus Operator knows which version of Prometheus is being + configured. \n If neither `spec.image` nor `spec.baseImage` are + defined, the operator will use the latest upstream version of Prometheus + available at the time when the operator was released." + type: string + imagePullPolicy: + description: Image pull policy for the 'prometheus', 'init-config-reloader' + and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy + for more details. + enum: + - "" + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: An optional list of references to Secrets in the same + namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: "InitContainers allows injecting initContainers to the + Pod definition. Those can be used to e.g. fetch secrets for injection + into the Prometheus configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart + of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + InitContainers described here modify an operator generated init + containers if they share the same name and modifications are done + via a strategic merge patch. \n The names of init container name + managed by the operator are: * `init-config-reloader`. \n Overriding + init containers is entirely outside the scope of what the maintainers + will support and by doing so, you accept that this behaviour may + break at any time without notice." + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer + labelLimit: + description: Per-scrape limit on number of labels that will be accepted + for a sample. Only valid in Prometheus versions 2.45.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be + accepted for a sample. Only valid in Prometheus versions 2.45.0 + and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: Per-scrape limit on length of labels value that will + be accepted for a sample. Only valid in Prometheus versions 2.45.0 + and newer. + format: int64 + type: integer + listenLocal: + description: When true, the Prometheus server listens on the loopback + address instead of the Pod IP's address. + type: boolean + logFormat: + description: Log format for Log level for Prometheus and the config-reloader + sidecar. + enum: + - "" + - logfmt + - json + type: string + logLevel: + description: Log level for Prometheus and the config-reloader sidecar. + enum: + - "" + - debug + - info + - warn + - error + type: string + minReadySeconds: + description: "Minimum number of seconds for which a newly created + Pod should be ready without any of its container crashing for it + to be considered available. Defaults to 0 (pod will be considered + available as soon as it is ready) \n This is an alpha field from + kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds + feature gate." + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: Defines on which Nodes the Pods are scheduled. + type: object + overrideHonorLabels: + description: When true, Prometheus resolves label conflicts by renaming + the labels in the scraped data to "exported_