Skip to content

Commit

Permalink
flowschema for openshift traffic
Browse files Browse the repository at this point in the history
  • Loading branch information
@tkashem
tkashem committed Oct 5, 2020
1 parent e3ce55a commit 8dfa337
Showing 1 changed file with 184 additions and 0 deletions.
184 changes: 184 additions & 0 deletions manifests/0000_20_kube-apiserver-operator_08_flowschema.yaml
View file
@@ -0,0 +1,184 @@
apiVersion: flowcontrol.apiserver.k8s.io/v1alpha1
kind: PriorityLevelConfiguration
metadata:
name: openshift-aggregated-api-delegated-auth
spec:
limited:
assuredConcurrencyShares: 20
limitResponse:
queuing:
handSize: 6
queueLengthLimit: 50
queues: 16
type: Queue
type: Limited
---
apiVersion: flowcontrol.apiserver.k8s.io/v1alpha1
kind: PriorityLevelConfiguration
metadata:
name: openshift-control-plane-operators
spec:
limited:
assuredConcurrencyShares: 10
limitResponse:
queuing:
handSize: 6
queueLengthLimit: 50
queues: 128
type: Queue
type: Limited
---
apiVersion: flowcontrol.apiserver.k8s.io/v1alpha1
kind: FlowSchema
metadata:
name: openshift-apiserver-sar
spec:
distinguisherMethod:
type: ByUser
matchingPrecedence: 600
priorityLevelConfiguration:
name: openshift-aggregated-api-delegated-auth
rules:
- resourceRules:
- apiGroups:
- authorization.k8s.io
clusterScope: true
namespaces:
- '*'
resources:
- subjectaccessreviews
verbs:
- '*'
- apiGroups:
- authentication.k8s.io
clusterScope: true
namespaces:
- '*'
resources:
- tokenreviews
verbs:
- '*'
subjects:
- kind: ServiceAccount
serviceAccount:
name: openshift-apiserver-sa
namespace: openshift-apiserver
- kind: ServiceAccount
serviceAccount:
name: oauth-apiserver-sa
namespace: openshift-oauth-apiserver
---
apiVersion: flowcontrol.apiserver.k8s.io/v1alpha1
kind: FlowSchema
metadata:
name: openshift-apiserver-other-requests
spec:
distinguisherMethod:
type: ByUser
matchingPrecedence: 1000
priorityLevelConfiguration:
name: workload-high
rules:
- resourceRules:
- apiGroups:
- '*'
clusterScope: true
namespaces:
- '*'
resources:
- '*'
verbs:
- '*'
subjects:
- kind: ServiceAccount
serviceAccount:
name: openshift-apiserver-sa
namespace: openshift-apiserver
---
apiVersion: flowcontrol.apiserver.k8s.io/v1alpha1
kind: FlowSchema
metadata:
name: openshift-controller-manager
spec:
distinguisherMethod:
type: ByUser
matchingPrecedence: 1000
priorityLevelConfiguration:
name: workload-high
rules:
- resourceRules:
- apiGroups:
- '*'
clusterScope: true
namespaces:
- '*'
resources:
- '*'
verbs:
- '*'
subjects:
- kind: ServiceAccount
serviceAccount:
name: openshift-controller-manager-sa
namespace: openshift-controller-manager
---
apiVersion: flowcontrol.apiserver.k8s.io/v1alpha1
kind: FlowSchema
metadata:
name: openshift-monitoring-metrics
spec:
distinguisherMethod:
type: ByUser
matchingPrecedence: 2000
priorityLevelConfiguration:
name: workload-high
rules:
- nonResourceRules:
- verbs:
- '*'
nonResourceURLs:
- "/metrics"
subjects:
- kind: ServiceAccount
serviceAccount:
name: prometheus-k8s
namespace: openshift-monitoring
---
apiVersion: flowcontrol.apiserver.k8s.io/v1alpha1
kind: FlowSchema
metadata:
name: openshift-control-plane-operators
spec:
distinguisherMethod:
type: ByUser
matchingPrecedence: 2000
priorityLevelConfiguration:
name: openshift-control-plane-operators
rules:
- resourceRules:
- apiGroups:
- '*'
clusterScope: true
namespaces:
- '*'
resources:
- '*'
verbs:
- '*'
subjects:
- kind: ServiceAccount
serviceAccount:
name: kube-apiserver-operator
namespace: openshift-kube-apiserver-operator
- kind: ServiceAccount
serviceAccount:
name: openshift-apiserver-operator
namespace: openshift-apiserver-operator
- kind: ServiceAccount
serviceAccount:
name: authentication-operator
namespace: openshift-authentication-operator
- kind: ServiceAccount
serviceAccount:
name: etcd-operator
namespace: openshift-etcd-operator

0 comments on commit 8dfa337

Please sign in to comment.