feat: add kserve to core

src/openapi/app.yaml

@@ -21,6 +21,7 @@ AppList:
     - keycloak
     - kiali
     - knative
+    - kserve
     - kubeflow-pipelines
     - kured
     - kyverno

test/apps.yaml

@@ -12,7 +12,7 @@ appsInfo:
     integration: Alertmanager can be activated to send alerts to configured receivers. It is configured by APL to use the global values found under settings/alerts. A team can override global settings to send alerts to their own endpoints.
   argocd:
     title: Argo CD
-    appVersion: 3.0.3
+    appVersion: 3.1.0
     repo: https://github.com/argoproj/argo-helm
     maintainers: Argo Project
     relatedLinks:
@@ -22,8 +22,8 @@ appsInfo:
     about: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
     integration: Argo CD is configured by APL to use the SSO provided by keycloak, and maps APL groups to Argo CD roles. The otomi-admin role is made super admin within Argo CD. The team-admin role has access to Argo CD and is admin of all team projects. Members of team roles are only allowed to administer their own projects. All Teams will automatically get access to a Git repo, and Argo CD is configured to listen to this repo. All a team has to do is to fill their repo with intended state, commit, and automation takes care of the rest.
   cert-manager:
-    title: Certificate Manager
-    appVersion: 1.17.1
+    title: Cert-manager
+    appVersion: 1.18.2
     repo: https://github.com/cert-manager/cert-manager
     maintainers: The Linux Foundation
     relatedLinks:
@@ -33,7 +33,7 @@ appsInfo:
     integration: Cert-manager is used by APL to automatically create and rotate TLS certificates for service endpoints. You may bring your own CA, or let APL create one for you (default). It is recommended to use Let's Encrypt for production certificates. Setting cert-manager to use Let's Encrypt requires DNS availability of the requesting domains, and forces APL to install external-dns. Because a lot of DNS settings are used by other APL contexts, most DNS configuration is found under settings/dns.
   cnpg:
     title: CloudNative PostgreSQL Operator
-    appVersion: 1.26.0
+    appVersion: 1.27.0
     repo: https://github.com/cloudnative-pg/cloudnative-pg
     maintainers: EDB
     relatedLinks:
@@ -45,7 +45,7 @@ appsInfo:
     chartName: cloudnative-pg
   external-dns:
     title: External DNS
-    appVersion: 0.13.4
+    appVersion: 0.18.0
     repo: https://github.com/kubernetes-sigs/external-dns
     maintainers: Kubernetes SIGs
     relatedLinks:
@@ -73,7 +73,7 @@ appsInfo:
         - Click 'I understand' to continue using Falco dashboard
   gitea:
     title: Gitea Self-hosted GIT
-    appVersion: 1.23.8
+    appVersion: 1.24.5
     repo: https://github.com/go-gitea/gitea
     maintainers: Gitea
     relatedLinks:
@@ -94,7 +94,7 @@ appsInfo:
     integration: APL uses Grafana to visualize Prometheus metrics and Loki logs. Team members are automatically given the Editor role, while admins are also given the Admin role. It is possible to make configuration changes directly in Grafana, but only to non-conflicting settings. Data sources are preconfigured and must not be edited as changes will be gone when Grafana is redeployed.
   harbor:
     title: Harbor
-    appVersion: 2.13.1
+    appVersion: 2.13.2
     repo: https://github.com/goharbor/harbor
     maintainers: Project Harbor
     relatedLinks:
@@ -122,7 +122,7 @@ appsInfo:
         - Click 'I understand' to continue using Httpbin service
   ingress-nginx:
     title: Ingress-NGINX
-    appVersion: 1.11.6
+    appVersion: 1.13.1
     repo: https://github.com/kubernetes/ingress-nginx
     maintainers: NGINX
     relatedLinks:
@@ -132,7 +132,7 @@ appsInfo:
     integration: APL integrated ingress-nginx into an advanced ingress architecture.
   istio:
     title: Istio
-    appVersion: 1.26.1
+    appVersion: 1.26.3
     repo: https://github.com/istio/istio
     maintainers: Istio
     relatedLinks:
@@ -160,8 +160,8 @@ appsInfo:
       options:
         - Click 'I understand' to continue using Jaeger dashboard
   keycloak:
-    title: Keycloak Operator
-    appVersion: 26.2.4
+    title: Keycloak
+    appVersion: 26.3.3
     repo: https://github.com/keycloak/keycloak
     maintainers: Keycloak
     relatedLinks:
@@ -200,9 +200,20 @@ appsInfo:
     about: Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. Serving is easy to get started with and scales to support advanced scenarios.
     integration: Knative serving can be activated to deliver Container-as-a-Service (CaaS) functionality with a scale-to-zero option. It can be compared to Functions-as-a-service (FaaS) but is container oriented, and takes only one manifest to configure an auto scaling service based on a container image of choice. APL offers an on-the-fly Knative service deployment, making it very easy to deploy containerized services without the hassle of providing all the supporting resources involved with Helm charts. Istio Virtual Services are used to route traffic coming in for a public domain to its backing Knative Service, allowing it to set a custom domain.
     chartName: knative-operator
+  kserve:
+    title: Kserve
+    appVersion: 0.15.2
+    repo: http://github.com/kserve/kserve
+    maintainers: Kserve
+    relatedLinks:
+      - https://knative.dev/docs/serving/
+    license: Apache 2.0
+    about: Standardized Distributed Generative and Predictive AI Inference Platform for Scalable, Multi-Framework Deployment on Kubernetes.
+    chartName: kserve
+    isAlpha: true
   kyverno:
     title: Kyverno
-    appVersion: 1.11.4
+    appVersion: 1.15.1
     repo: https://github.com/kyverno/kyverno
     maintainers: Nirmata
     relatedLinks:
@@ -232,7 +243,7 @@ appsInfo:
     integration: Kured can be activated to perform safe automatic node reboots. Only activate Kured if cluster autoscaling is enabled and make sure the cloud resource quota is sufficent.
   tekton:
     title: Tekton Pipelines
-    appVersion: 0.53.0
+    appVersion: 1.3.1
     repo: https://github.com/tektoncd/pipeline
     maintainers: Tekton
     relatedLinks:
@@ -292,7 +303,7 @@ appsInfo:
     isBeta: true
   sealed-secrets:
     title: Sealed Secrets
-    appVersion: 0.28.0
+    appVersion: 0.31.0
     repo: https://github.com/bitnami-labs/sealed-secrets
     maintainers: Bitnami Labs
     relatedLinks:
@@ -324,7 +335,7 @@ appsInfo:
     integration: APL installs and configures Thanos using sidecars ans leverages the central object storage configuration.
   trivy:
     title: Trivy Operator
-    appVersion: 0.57.1
+    appVersion: 0.28.0
     repo: https://github.com/aquasecurity/trivy-operator
     maintainers: Aqua Security
     relatedLinks:
@@ -360,9 +371,16 @@ appsInfo:
     integration: When enabled, Velero can be used to automatically create backups of APL platform services. Based on the selected provider, APL installs required plug-ins. APL also installs the Restic integration for Velero to back up and restore almost any type of Kubernetes volume.
   policy-reporter:
     title: policy-reporter
-    appVersion: 3.3.3
+    appVersion: 3.4.2
     repo: https://github.com/kyverno/policy-reporter
     maintainers: Frank Jogeleit
     license: Apache 2.0
     dependencies: Kyverno
     about: 'Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord '
+  valkey:
+    title: Valkey
+    appVersion: 8.1.3
+    repo: https://github.com/valkey-io/valkey
+    maintainers: Valkey Project
+    license: BSD-3-
+    about: 'Valkey is a high-performance data structure server that primarily serves key/value workloads. It supports a wide range of native structures and an extensible plugin system for adding new data structures and access patterns.'

test/core.yaml

@@ -29,16 +29,22 @@ k8s:
     - name: gitea
     - name: apl-gitea-operator
       disableIstioInjection: true
+    - name: apl-operator
+      disableIstioInjection: true
     - name: grafana
       app: grafana
     - name: istio-system
       disableIstioInjection: true
+      labels:
+        "apl.io/ingress-controller-scope": "true"
     - name: httpbin
       app: httpbin
     - name: ingress
       # disabling istio sidecar as it does not preserve client ip (yet)
       # TODO: enable once it does
       disableIstioInjection: true
+      labels:
+        "apl.io/ingress-controller-scope": "true"
     - name: jaeger
       app: jaeger
     - name: jaeger-operator
@@ -56,6 +62,10 @@ k8s:
       app: knative
       disablePolicyChecks: true
       disableIstioInjection: true
+    - name: kserve
+      app: kserve
+      disablePolicyChecks: true
+      disableIstioInjection: true
     - name: knative-operator
       app: knative
       disablePolicyChecks: true
@@ -75,11 +85,9 @@ k8s:
       disableIstioInjection: true
       disablePolicyChecks: true
     - name: tekton-pipelines
-      app: tekton
       disableIstioInjection: true
       disablePolicyChecks: true
     - name: tekton-triggers
-      app: tekton
       disableIstioInjection: true
       disablePolicyChecks: true
     - name: otel
@@ -116,10 +124,10 @@ k8s:
       app: velero
       disablePolicyChecks: true
       disableIstioInjection: true
-    - name: otomi-pipelines
-      app: tekton
-      disableIstioInjection: true
+    - name: policy-reporter
+      app: policy-reporter
       disablePolicyChecks: true
+      disableIstioInjection: true
 
 adminApps:
   - name: alertmanager
@@ -254,7 +262,7 @@ adminApps:
     ownHost: true
     ingress:
       - namespace: keycloak
-        svc: keycloak
+        svc: keycloak-keycloakx-http
         type: public
         port: 8080
   - name: kiali
@@ -282,12 +290,14 @@ adminApps:
         port: 80
         type: public
         auth: true
+  - name: kserve
+    tags: [ai]
   - name: kured
     tags: [security]
   - name: tekton
     tags: [buildpacks, ci, pipelines]
     ownHost: true
-    path: /#/namespaces/otomi-pipelines/pipelineruns
+    path: /#/namespaces/team-admin/pipelineruns
     ingress:
       - svc: tekton-dashboard
         namespace: tekton-pipelines
@@ -409,4 +419,4 @@ teamApps:
         type: public
         auth: true
         removeRequestHeaders:
-          - authorization
+          - authorization