-
Notifications
You must be signed in to change notification settings - Fork 1
/
turbo_kubeturbo_full.yaml
205 lines (205 loc) · 8.03 KB
/
turbo_kubeturbo_full.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
apiVersion: v1
kind: Namespace
metadata:
# turbo is default value used in the samples provided
name: turbo
---
apiVersion: v1
kind: ServiceAccount
metadata:
# Update the namespace value if required
name: turbo-user
namespace: turbo
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
# use this yaml to create a binding that will assign cluster-admin to your turbo ServiceAccount
# Provide a value for the binding name: and update namespace if needed
# The name should be unique for Kubeturbo instance
name: turbo-all-binding-kubeturbo-turbo
namespace: turbo
subjects:
- kind: ServiceAccount
# Provide the correct value for service account name: and namespace if needed
name: turbo-user
namespace: turbo
roleRef:
# User creating this resource must have permissions to add this policy to the SA
kind: ClusterRole
# for other limited cluster admin roles, see samples provided
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ConfigMap
metadata:
# use this yaml to provide details kubeturbo will use to connect to the Turbo Server
# requires Turbo Server and kubeturbo pod 6.4.3 and higher
# Provide a value for the config name: and update namespace if needed
name: turbo-config
namespace: turbo
data:
# Update the values for version, turboServer, opsManagerUserName, opsManagerPassword
# For version, use Turbo Server Version, even when running CWOM
# The opsManagerUserName requires Turbo administrator role
#
# For targetConfig, targetName provides better group naming to identify k8s clusters in UI
# - If no targetConfig is specified, a default targetName will be created from the apiserver URL in
# the kubeconfig.
# - Specify a targetName only will register a probe with type Kubernetes-<targetName>, as well as
# adding your cluster as a target with the name Kubernetes-<targetName>.
# - Specify a targetType only will register a probe without adding your cluster as a target.
# The probe will appear as a Cloud Native probe in the UI with a type Kubernetes-<targetType>.
#
# Define node groups by node role, and automatically enable placement policies to limit to 1 per host
# DaemonSets are identified by default. Use daemonPodDetectors to identify by name patterns using regex or by namespace.
#
# serverMeta.proxy format for authenticated and non-authenticated "http://username:password@proxyserver:proxyport or http://proxyserver:proxyport"
turbo-autoreload.config: |-
{
"logging": {
"level": 2
},
"nodePoolSize": {
"min": 1,
"max": 1000
},
"systemWorkloadDetectors": {
"namespacePatterns": ["kube-.*","openshift-.*","cattle.*"]
},
"exclusionDetectors": {
"operatorControlledWorkloadsPatterns": [],
"operatorControlledNamespacePatterns": []
}
}
turbo.config: |-
{
"communicationConfig": {
"serverMeta": {
"version": "8.13",
"turboServer": "<https://Turbo_Server_URL_or_IP_address>"
},
"restAPIConfig": {
"opsManagerUserName": "<Turbo_username>",
"opsManagerPassword": "<Turbo_password>"
}
},
"targetConfig": {
"targetName":"<Your_Cluster_Name>"
},
"HANodeConfig": {
"nodeRoles": [ "master"]
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
# use this yaml to deploy the kubeturbo pod
# Provide a value for the deploy/pod name: and update namespace if needed
name: kubeturbo
namespace: turbo
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: kubeturbo
template:
metadata:
annotations:
kubeturbo.io/monitored: "false"
labels:
app.kubernetes.io/name: kubeturbo
spec:
# Update serviceAccount if needed
serviceAccount: turbo-user
containers:
- name: kubeturbo
# Replace the image version with matching Turbo Server version such as 8.11.1
image: icr.io/cpopen/turbonomic/kubeturbo:8.11.2
env:
- name: KUBETURBO_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
args:
- --turboconfig=/etc/kubeturbo/turbo.config
- --v=2
# Comment out the following two args if running in k8s 1.10 or older, or
# change to https=false and port=10255 if unsecure kubelet read only is configured
- --kubelet-https=true
- --kubelet-port=10250
# Uncomment for pod moves in OpenShift
#- --scc-support=*
# Uncomment for pod moves with pvs
#- --fail-volume-pod-moves=false
# Uncomment to override default, and specify your own location
#- --busybox-image=docker.io/busybox
# or uncomment below to pull from RHCC
#- --busybox-image=registry.access.redhat.com/ubi8/ubi-minimal
# Uncomment to specify the secret name which holds the credentials to busybox image
#- --busybox-image-pull-secret=<secret-name>
# Specify nodes to exclude from cpu frequency getter job.
# Note kubernetes.io/os=windows and/or beta.kubernetes.io/os=windows labels will be automatically excluded by default.
# If specified all the labels will be used to select the node ignoring the default.
#- --cpufreq-job-exclude-node-labels=kubernetes.io/key=value
# The complete cpufreqgetter image uri used for fallback node cpu frequency getter job.
#- --cpufreqgetter-image=icr.io/cpopen/turbonomic/cpufreqgetter
# The name of the secret that stores the image pull credentials for cpufreqgetter image.
#- --cpufreqgetter-image-pull-secret=<secret-name>
# Uncomment to stitch using IP, or if using Openstack, Hyper-V/VMM
#- --stitch-uuid=false
# Uncomment to customize readiness retry threshold. Kubeturbo will try readiness-retry-threshold times before giving up. Default is 60. The retry interval is 10s.
#- --readiness-retry-threshold=60
# Uncomment to disable the cleanup of the resources which are created by kubeturbo for the scc impersonation.
#- --cleanup-scc-impersonation-resources=false
# Uncomment to skip creating the resources the scc impersonation
#- --skip-creating-scc-impersonation-resources=true
# [ArgoCD integration] The email to be used to push changes to git
#- --git-email=""
# [ArgoCD integration] The username to be used to push changes to git
#- --git-username=""
# [ArgoCD integration] The name of the secret which holds the git credentials
#- --git-secret-name""
# [ArgoCD integration] The namespace of the secret which holds the git credentials
#- --git-secret-namespace=""
# [ArgoCD integration] The commit mode that should be used for git action executions. One of {request|direct}. Defaults to direct
#- --git-commit-mode=""
volumeMounts:
# volume will be created, any name will work and must match below
- name: turbo-volume
mountPath: /etc/kubeturbo
readOnly: true
- name: turbonomic-credentials-volume
# This mount path cannot be changed
mountPath: /etc/turbonomic-credentials
readOnly: true
- name: varlog
mountPath: /var/log
volumes:
- name: turbo-volume
configMap:
# Update configMap name if needed
name: turbo-config
- name: turbonomic-credentials-volume
secret:
defaultMode: 420
optional: true
# Update secret name if needed
secretName: turbonomic-credentials
- name: varlog
emptyDir: {}
restartPolicy: Always
---
#option to use secret for Turbo credentials
apiVersion: v1
kind: Secret
metadata:
name: turbonomic-credentials
namespace: turbo
type: Opaque
data:
username: BASE64encodedValue
password: BASE64encodedValue
---