-
Notifications
You must be signed in to change notification settings - Fork 1
/
turbo_kubeturbo_operator_least_admin_full.yaml
254 lines (242 loc) · 6.8 KB
/
turbo_kubeturbo_operator_least_admin_full.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
apiVersion: v1
kind: Namespace
metadata:
# use this yaml to create a namespace where you will deploy kubeturbo.
# Provide a value for name:
# turbo is default value used in the samples provided
name: turbo
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubeturbo-operator
namespace: turbo
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubeturbo-operator
rules:
- verbs:
- '*'
apiGroups:
- ''
- apps
- extensions
resources:
- nodes
- pods
- configmaps
- endpoints
- events
- deployments
- persistentvolumeclaims
- replicasets
- replicationcontrollers
- services
- secrets
- serviceaccounts
- verbs:
- get
- list
- watch
apiGroups:
- ''
- apps
- extensions
- policy
resources:
- daemonsets
- endpoints
- limitranges
- namespaces
- persistentvolumes
- persistentvolumeclaims
- poddisruptionbudget
- resourcequotas
- services
- statefulsets
- verbs:
- get
apiGroups:
- ''
resources:
- nodes/spec
- nodes/stats
- verbs:
- '*'
apiGroups:
- charts.helm.k8s.io
resources:
- '*'
- verbs:
- '*'
apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
- clusterrolebindings
- verbs:
- create
- get
- list
- update
apiGroups:
- coordination.k8s.io
resources:
- leases
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubeturbo-operator
subjects:
- kind: ServiceAccount
name: kubeturbo-operator
# Make sure that it matches your namespace
namespace: turbo
roleRef:
kind: ClusterRole
name: kubeturbo-operator
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kubeturbo-operator
namespace: turbo
spec:
replicas: 1
selector:
matchLabels:
name: kubeturbo-operator
template:
metadata:
labels:
name: kubeturbo-operator
spec:
serviceAccountName: kubeturbo-operator
containers:
- name: kubeturbo-operator
# Replace this with the same version:8.11.3 as Turbonomic server
image: icr.io/cpopen/kubeturbo-operator:8.11.3
imagePullPolicy: Always
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: "kubeturbo-operator"
volumeMounts:
- mountPath: /tmp
name: operator-tmpfs0
volumes:
- name: operator-tmpfs0
emptyDir: {}
---
apiVersion: charts.helm.k8s.io/v1
kind: Kubeturbo
metadata:
name: kubeturbo-release
namespace: turbo
spec:
# Default values copied from <project_dir>/helm-charts/kubeturbo/values.yaml
# Default values for kubeturbo.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# Turbo server version and address
serverMeta:
version: "8.11.3"
turboServer: https://Turbo_server_URL_or_IP_Address
# URL format for Authenticated and Non-Authenticated
# proxy: "http://username:password@proxyserver:proxyport or http://proxyserver:proxyport"
# Turbo server user and password can be provided via an opaque type secret created separately
# or optionally specify username and password below
# The opsManagerUserName requires Turbo administrator or site administrator role
restAPIConfig:
# turbonomicCredentialsSecretName: "turbonomic-credentials"
opsManagerUserName: Turbo_username
opsManagerPassword: Turbo_password
# Configurations to register probe with Turbo Server
#sdkProtocolConfig:
# registrationTimeoutSec: 300
# restartOnRegistrationTimeout: false
# Uncomment out lines to configure HA Node to ESX policies by node role. Default is master
# Add more roles using format "\"foo\"\,\"bar\""
#HANodeConfig:
# nodeRoles: "\"master\""
# Supply a targetName for user friendly identification of the k8s cluster
targetConfig:
targetName: Your_Cluster_name
# Uncomment next lines to use dynamic logging level
# Changing this value does not require restart of Kubeturbo but takes about 1 minute to take effect
# logging:
# level: 2
# nodePoolSize:
# min: 1
# max: 1000
# Uncomment next lines to specify a repository and image tag for kubeturbo
#image:
# repository: icr.io/cpopen/turbonomic/kubeturbo
# tag: 8.10.3
# Uncomment to use an image from RHCC for cpu-frequency getter job - predefined in OCP Operator Hub version
# busyboxRepository: registry.access.redhat.com/ubi8/ubi-minimal
# Uncomment out to allow execution in OCP environments
#args:
# sccsupport: "*"
# Uncomment out to specify kubeturbo container specifications when needed (quotas set on ns)
#resources:
# limits:
# memory: 4Gi
# cpu: "2"
# requests:
# memory: 512Mi
# cpu: "1"
# Specify custom turbo-cluster-reader or turbo-cluster-admin role instead of the default cluster-admin role
roleName: turbo-cluster-admin
# Cluster Role rules for ORM owners.
# It's required when using ORM with ClusterRole 'turbo-cluster-admin'.
# It's recommended to use ORM with ClusterRole 'cluster-admin'.
ormOwners:
apiGroup:
# - redis.redis.opstreelabs.in
# - charts.helm.k8s.io
resources:
# - redis
# - xls
# Flag system workloads such as those defined in kube-system, openshift-system, etc.
# Kubeturbo will not generate actions for workloads that match the supplied patterns.
systemWorkloadDetectors:
# A list of regular expressions that match the namespace names for system workloads.
namespacePatterns:
- kube-.*
- openshift-.*
- cattle.*
# List operator-controlled workloads by name or namespace (using regular expressions)
# that should be excluded from the operator-controlled WorkloadController resize policy.
# By default, matching workloads will generate actions that are not in Recommend mode.
# exclusionDetectors:
# A list of regular expressions representing operator-controlled Workload Controllers.
# operatorControlledNamespacePatterns:
# - example-.*
# - .*-example
# A list of regular expressions representing namespaces containing operator-controlled
# Workload Controllers.
# operatorControlledWorkloadsPatterns:
# - .*-example.*
---
apiVersion: v1
kind: Secret
metadata:
name: turbonomic-credentials
namespace: turbo
type: Opaque
data:
username: #####<replace with base64 encoded value>
password: #####<replace with base64 encoded value>
---