From 727d74720c76810f8a1d87933e9ce2dfee94e21d Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Fri, 24 Jan 2025 09:21:05 +0100 Subject: [PATCH 01/26] remove kb marker --- config/rbac/common/role.yaml | 105 ------------------------- internal/controller/kyma/controller.go | 15 ---- 2 files changed, 120 deletions(-) diff --git a/config/rbac/common/role.yaml b/config/rbac/common/role.yaml index f56a3db68c..25893ccf17 100644 --- a/config/rbac/common/role.yaml +++ b/config/rbac/common/role.yaml @@ -16,16 +16,6 @@ rules: - patch - update - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - list - - patch - - watch - apiGroups: - "" resources: @@ -37,48 +27,6 @@ rules: - list - update - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - update -- apiGroups: - - cert-manager.io - resources: - - certificates - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - cert-manager.io - resources: - - issuers - verbs: - - get - - list - - watch - apiGroups: - networking.istio.io resources: @@ -96,33 +44,6 @@ rules: - get - list - update -- apiGroups: - - operator.kyma-project.io - resources: - - kymas - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - operator.kyma-project.io - resources: - - kymas/finalizers - verbs: - - update -- apiGroups: - - operator.kyma-project.io - resources: - - kymas/status - verbs: - - get - - patch - - update - - watch - apiGroups: - operator.kyma-project.io resources: @@ -149,32 +70,6 @@ rules: - get - patch - update -- apiGroups: - - operator.kyma-project.io - resources: - - modulereleasemetas - verbs: - - get - - list - - watch -- apiGroups: - - operator.kyma-project.io - resources: - - moduletemplates - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - operator.kyma-project.io - resources: - - moduletemplates/finalizers - verbs: - - update - apiGroups: - operator.kyma-project.io resources: diff --git a/internal/controller/kyma/controller.go b/internal/controller/kyma/controller.go index 1b70afcc2b..f71889c94b 100644 --- a/internal/controller/kyma/controller.go +++ b/internal/controller/kyma/controller.go @@ -75,21 +75,6 @@ type Reconciler struct { TemplateLookup *templatelookup.TemplateLookup } -// +kubebuilder:rbac:groups=operator.kyma-project.io,resources=kymas,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=operator.kyma-project.io,resources=kymas/status,verbs=get;update;patch;watch -// +kubebuilder:rbac:groups=operator.kyma-project.io,resources=kymas/finalizers,verbs=update -// +kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch -// +kubebuilder:rbac:groups="",resources=events,verbs=create;patch;get;list;watch -// +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch -// +kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=operator.kyma-project.io,resources=moduletemplates,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=operator.kyma-project.io,resources=modulereleasemetas,verbs=get;list;watch -// +kubebuilder:rbac:groups=operator.kyma-project.io,resources=moduletemplates/finalizers,verbs=update -// +kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get;list;watch -// +kubebuilder:rbac:groups=cert-manager.io,resources=issuers,verbs=get;list;watch -// +kubebuilder:rbac:groups=cert-manager.io,resources=certificates,verbs=get;list;create;update;delete;patch;watch -// +kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions/status,verbs=update - func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { logger := logf.FromContext(ctx) logger.V(log.DebugLevel).Info("Kyma reconciliation started") From 4a2ebd3e3c5e4f4dccd705d0ca2082f521909196 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Thu, 13 Feb 2025 07:25:16 +0100 Subject: [PATCH 02/26] clean-up rbac --- PROJECT | 9 - cmd/main.go | 5 +- config/control-plane/kustomization.yaml | 118 +++++----- config/default/kustomization.yaml | 23 +- config/istio/ap.yaml | 14 +- config/manager/kustomization.yaml | 7 +- config/manager/manager.yaml | 2 - .../cluster_bindings/clusterrole_binding.yaml | 11 - .../rbac/cluster_bindings/kustomization.yaml | 14 -- .../metrics_clusterrole_binding.yaml | 11 - config/rbac/common/crd_clusterrole.yaml | 19 -- config/rbac/common/kustomization.yaml | 15 -- config/rbac/common/role.yaml | 98 --------- config/rbac/crd_cluster_role.yaml | 19 ++ ...ing.yaml => crd_cluster_role_binding.yaml} | 0 config/rbac/kustomization.yaml | 12 ++ .../{common => }/leader_election_role.yaml | 0 .../leader_election_role_binding.yaml | 0 config/rbac/manager_role.yaml | 204 ++++++++++++++++++ ...binding.yaml => manager_role_binding.yaml} | 2 +- .../istio_namespace_role.yaml | 34 --- .../istio_namespace_role_binding.yaml | 12 -- .../namespace_bindings/kustomization.yaml | 16 -- .../remote_namespace_role.yaml | 42 ---- .../remote_namespace_role_binding.yaml | 12 -- config/rbac/{common => }/service_account.yaml | 0 .../watcher_certmanager_role.yaml | 0 .../watcher_certmanager_role_binding.yaml | 0 config/watcher/certificate_setup.yaml | 1 - config/watcher/gateway.yaml | 2 +- config/watcher/kustomization.yaml | 16 +- ...v1beta2_watcher.yaml => kyma_watcher.yaml} | 0 config/watcher_local_test/kustomization.yaml | 162 +++++++------- .../namespace_create.yaml => namespaces.yaml} | 2 +- ...l_setup.yaml => deployment_resources.yaml} | 2 +- 35 files changed, 389 insertions(+), 495 deletions(-) delete mode 100644 config/rbac/cluster_bindings/clusterrole_binding.yaml delete mode 100644 config/rbac/cluster_bindings/kustomization.yaml delete mode 100644 config/rbac/cluster_bindings/metrics_clusterrole_binding.yaml delete mode 100644 config/rbac/common/crd_clusterrole.yaml delete mode 100644 config/rbac/common/kustomization.yaml delete mode 100644 config/rbac/common/role.yaml create mode 100644 config/rbac/crd_cluster_role.yaml rename config/rbac/{common/crd_clusterrole_binding.yaml => crd_cluster_role_binding.yaml} (100%) create mode 100644 config/rbac/kustomization.yaml rename config/rbac/{common => }/leader_election_role.yaml (100%) rename config/rbac/{common => }/leader_election_role_binding.yaml (100%) create mode 100644 config/rbac/manager_role.yaml rename config/rbac/{namespace_bindings/role_binding.yaml => manager_role_binding.yaml} (92%) delete mode 100644 config/rbac/namespace_bindings/istio_namespace_role.yaml delete mode 100644 config/rbac/namespace_bindings/istio_namespace_role_binding.yaml delete mode 100644 config/rbac/namespace_bindings/kustomization.yaml delete mode 100644 config/rbac/namespace_bindings/remote_namespace_role.yaml delete mode 100644 config/rbac/namespace_bindings/remote_namespace_role_binding.yaml rename config/rbac/{common => }/service_account.yaml (100%) rename config/rbac/{namespace_bindings => }/watcher_certmanager_role.yaml (100%) rename config/rbac/{namespace_bindings => }/watcher_certmanager_role_binding.yaml (100%) rename config/watcher/{operator_v1beta2_watcher.yaml => kyma_watcher.yaml} (100%) rename config/watcher_local_test/{patches/namespace_create.yaml => namespaces.yaml} (84%) rename config/watcher_local_test/patches/{adjust_resources_for_local_setup.yaml => deployment_resources.yaml} (90%) diff --git a/PROJECT b/PROJECT index 5f67eae77c..4b3755f680 100644 --- a/PROJECT +++ b/PROJECT @@ -107,13 +107,4 @@ resources: webhooks: conversion: true webhookVersion: v1 -- api: - crdVersion: v1 - namespaced: true - controller: true - domain: kyma-project.io - group: operator - kind: SyncResource - path: github.com/kyma-project/lifecycle-manager/api/v1alpha1 - version: v1alpha1 version: "3" diff --git a/cmd/main.go b/cmd/main.go index 44a14f9cbd..01b9e2508f 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -142,7 +142,10 @@ func pprofStartServer(addr string, timeout time.Duration, setupLog logr.Logger) } } -func setupManager(flagVar *flags.FlagVar, cacheOptions cache.Options, scheme *machineryruntime.Scheme, +func setupManager( + flagVar *flags.FlagVar, + cacheOptions cache.Options, + scheme *machineryruntime.Scheme, logger logr.Logger, ) { mgr, err := configManager(flagVar, cacheOptions, scheme) diff --git a/config/control-plane/kustomization.yaml b/config/control-plane/kustomization.yaml index 40d61a3756..7a7ee3ab81 100644 --- a/config/control-plane/kustomization.yaml +++ b/config/control-plane/kustomization.yaml @@ -1,42 +1,28 @@ -# WARNING: This is a Kustomization that CANNOT run standalone -# It is meant to be used in conjunction with a control-plane deployment only and has prerequisites that -# need to be explicitly created externally in a centrally managed place (e.g. the kcp-system). -# In fact, in order to avoid conflicts, it even explicitly patches out certain configuration elements. apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - -namePrefix: klm- #kyma-lifecycle-manager - -# Labels to add to all resources and selectors. +namePrefix: klm- commonLabels: app.kubernetes.io/instance: kcp-lifecycle-manager app.kubernetes.io/name: lifecycle-manager app.kubernetes.io/created-by: argo-cd app.kubernetes.io/part-of: kcp app.kubernetes.io/managed-by: kustomize - images: -- name: europe-docker.pkg.dev/kyma-project/prod/lifecycle-manager - + - name: europe-docker.pkg.dev/kyma-project/prod/lifecycle-manager resources: - ../manager - # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. - ../certmanager - components: - ../crd - - ../rbac/namespace_bindings - # [ISTIO] To enable istio, uncomment all sections with 'ISTIO'. + - ../rbac - ../istio - # [WATCHER] To enable the watcher, uncomment all the sections with [WATCHER] - ../watcher - # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix - ../webhook - # [GRAFANA] To enable grafana, uncomment all sections with 'GRAFANA'. - ../grafana - patches: - - patch: |- + - target: + kind: Deployment + patch: |- - op: add path: /spec/template/spec/containers/0/args/- value: --in-kcp-mode @@ -64,19 +50,17 @@ patches: - op: add path: /spec/template/spec/containers/0/args/- value: --is-kyma-managed - target: - kind: Deployment - - patch: |- + - target: + kind: ConfigMap + name: dashboard-(overview|status|watcher|mandatory-modules) + version: v1 + patch: |- - op: add path: /metadata/labels value: {} - op: add path: /metadata/labels/grafana_dashboard value: "1" - target: - kind: ConfigMap - name: dashboard-(overview|status|watcher|mandatory-modules) - version: v1 - path: patches/unique_manager_webhook_patch.yaml - path: patches/adjust_resources_in_deployment.yaml # We override the certificate name to ensure that Cert-Manager uses a unique cert in conjunction with other @@ -85,43 +69,43 @@ patches: # Note: Now as the 'patchesJson6902' is deprecated, the direct use of the 'PatchTransformer' is the only way to change a resource namespace to something different from the value configured by the global namespace transformer. transformers: -- |- - apiVersion: builtin - kind: PrefixSuffixTransformer - metadata: - name: add-klm-prefix-to-resources - prefix: klm- - fieldSpecs: - - path: subjects/name - kind: RoleBinding - - path: subjects/name - kind: ClusterRoleBinding -- |- - apiVersion: builtin - kind: NamespaceTransformer - metadata: - name: add-resources-to-kcp-system - namespace: kcp-system - unsetOnly: true - setRoleBindingSubjects: allServiceAccounts -- |- - apiVersion: builtin - kind: AnnotationsTransformer - metadata: - name: add-ca-inject-annotation - annotations: - cert-manager.io/inject-ca-from: kcp-system/klm-controller-manager-webhook-serving - fieldSpecs: - - kind: CustomResourceDefinition - path: metadata/annotations -- |- - apiVersion: builtin - kind: PatchTransformer - metadata: - name: fix-cert-dns-names - patch: '[{"op": "replace", "path": "/spec/dnsNames/0", "value": "klm-webhook-service.kcp-system.svc"}, {"op": "replace", "path": "/spec/dnsNames/1", "value": "klm-webhook-service.kcp-system.svc.cluster.local"}]' - target: - kind: Certificate - name: klm-controller-manager-webhook-serving - version: v1 - group: cert-manager.io + - |- + apiVersion: builtin + kind: PrefixSuffixTransformer + metadata: + name: add-klm-prefix-to-resources + prefix: klm- + fieldSpecs: + - path: subjects/name + kind: RoleBinding + - path: subjects/name + kind: ClusterRoleBinding + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: add-resources-to-kcp-system + namespace: kcp-system + unsetOnly: true + setRoleBindingSubjects: allServiceAccounts + - |- + apiVersion: builtin + kind: AnnotationsTransformer + metadata: + name: add-ca-inject-annotation + annotations: + cert-manager.io/inject-ca-from: kcp-system/klm-controller-manager-webhook-serving + fieldSpecs: + - kind: CustomResourceDefinition + path: metadata/annotations + - |- + apiVersion: builtin + kind: PatchTransformer + metadata: + name: fix-cert-dns-names + patch: '[{"op": "replace", "path": "/spec/dnsNames/0", "value": "klm-webhook-service.kcp-system.svc"}, {"op": "replace", "path": "/spec/dnsNames/1", "value": "klm-webhook-service.kcp-system.svc.cluster.local"}]' + target: + kind: Certificate + name: klm-controller-manager-webhook-serving + version: v1 + group: cert-manager.io diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 1dd1cb0bae..034a065e51 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,10 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - -# Value of this field is prepended to the names of all resources namePrefix: klm- - -# Labels to add to all resources and selectors. commonLabels: app.kubernetes.io/component: lifecycle-manager.kyma-project.io app.kubernetes.io/instance: kcp-lifecycle-manager-main @@ -12,29 +8,16 @@ commonLabels: app.kubernetes.io/created-by: kustomize app.kubernetes.io/managed-by: kustomize app.kubernetes.io/part-of: manual-deployment - - patches: - path: manager_webhook_patch.yaml - resources: - ../manager - ../certmanager - namespace_create.yaml - components: - - ../crd - - ../rbac/cluster_bindings - # [ISTIO] To enable istio, uncomment all sections with 'ISTIO'. - #- ../istio - # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in - # crd/kustomization.yaml - - ../webhook - # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. - #- ../prometheus - # [GRAFANA] To generate configmap for provision grafana dashboard - #- ../grafana - +- ../crd +- ../rbac +- ../webhook transformers: - |- apiVersion: builtin diff --git a/config/istio/ap.yaml b/config/istio/ap.yaml index 961eb76d99..2642097ac8 100644 --- a/config/istio/ap.yaml +++ b/config/istio/ap.yaml @@ -5,13 +5,13 @@ metadata: spec: action: ALLOW rules: - - to: - - operation: - paths: - - /metrics - - /v1* - - /convert* - - /mutate* + - to: + - operation: + paths: + - /metrics + - /v1* + - /convert* + - /mutate* selector: matchLabels: app.kubernetes.io/component: lifecycle-manager.kyma-project.io diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 00ae86ff75..edf8de4d82 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,13 +1,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - +generatorOptions: + disableNameSuffixHash: true resources: - manager.yaml - metrics_service.yaml - -generatorOptions: - disableNameSuffixHash: true - images: - name: controller newName: europe-docker.pkg.dev/kyma-project/prod/lifecycle-manager diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 5ee4ac62a8..65943d24dd 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -44,8 +44,6 @@ spec: port: 8081 initialDelaySeconds: 5 periodSeconds: 10 - # TODO(user): Configure the resources accordingly based on the project requirements. - # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: limits: memory: 1024Mi diff --git a/config/rbac/cluster_bindings/clusterrole_binding.yaml b/config/rbac/cluster_bindings/clusterrole_binding.yaml deleted file mode 100644 index bb7720d18e..0000000000 --- a/config/rbac/cluster_bindings/clusterrole_binding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: controller-manager -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: controller-manager -subjects: -- kind: ServiceAccount - name: controller-manager diff --git a/config/rbac/cluster_bindings/kustomization.yaml b/config/rbac/cluster_bindings/kustomization.yaml deleted file mode 100644 index 70e3bb3228..0000000000 --- a/config/rbac/cluster_bindings/kustomization.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component - -components: - - ../common - -resources: - # All RBAC will be applied under this service account in - # the deployment namespace. You may comment out this resource - # if your manager will use a service account that exists at - # runtime. Be sure to update RoleBinding and ClusterRoleBinding - # subjects if changing service account names. - - clusterrole_binding.yaml - - metrics_clusterrole_binding.yaml diff --git a/config/rbac/cluster_bindings/metrics_clusterrole_binding.yaml b/config/rbac/cluster_bindings/metrics_clusterrole_binding.yaml deleted file mode 100644 index 89fdcd6dc8..0000000000 --- a/config/rbac/cluster_bindings/metrics_clusterrole_binding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: controller-manager-metrics -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: controller-manager-metrics -subjects: - - kind: ServiceAccount - name: controller-manager diff --git a/config/rbac/common/crd_clusterrole.yaml b/config/rbac/common/crd_clusterrole.yaml deleted file mode 100644 index e483d9702c..0000000000 --- a/config/rbac/common/crd_clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: controller-manager-crds -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - update diff --git a/config/rbac/common/kustomization.yaml b/config/rbac/common/kustomization.yaml deleted file mode 100644 index e6453c1ea1..0000000000 --- a/config/rbac/common/kustomization.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component - -resources: - # All RBAC will be applied under this service account in - # the deployment namespace. You may comment out this resource - # if your manager will use a service account that exists at - # runtime. Be sure to update RoleBinding and ClusterRoleBinding - # subjects if changing service account names. - - service_account.yaml - - role.yaml - - leader_election_role.yaml - - leader_election_role_binding.yaml - - crd_clusterrole.yaml - - crd_clusterrole_binding.yaml \ No newline at end of file diff --git a/config/rbac/common/role.yaml b/config/rbac/common/role.yaml deleted file mode 100644 index 25893ccf17..0000000000 --- a/config/rbac/common/role.yaml +++ /dev/null @@ -1,98 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: controller-manager -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - networking.istio.io - resources: - - gateways - verbs: - - get - - list -- apiGroups: - - networking.istio.io - resources: - - virtualservices - verbs: - - create - - delete - - get - - list - - update -- apiGroups: - - operator.kyma-project.io - resources: - - manifests - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - operator.kyma-project.io - resources: - - manifests/finalizers - verbs: - - update -- apiGroups: - - operator.kyma-project.io - resources: - - manifests/status - verbs: - - get - - patch - - update -- apiGroups: - - operator.kyma-project.io - resources: - - watchers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - operator.kyma-project.io - resources: - - watchers/finalizers - verbs: - - update -- apiGroups: - - operator.kyma-project.io - resources: - - watchers/status - verbs: - - get - - patch - - update diff --git a/config/rbac/crd_cluster_role.yaml b/config/rbac/crd_cluster_role.yaml new file mode 100644 index 0000000000..fca7d63863 --- /dev/null +++ b/config/rbac/crd_cluster_role.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: controller-manager-crds +rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - update diff --git a/config/rbac/common/crd_clusterrole_binding.yaml b/config/rbac/crd_cluster_role_binding.yaml similarity index 100% rename from config/rbac/common/crd_clusterrole_binding.yaml rename to config/rbac/crd_cluster_role_binding.yaml diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml new file mode 100644 index 0000000000..046952e321 --- /dev/null +++ b/config/rbac/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +resources: + - service_account.yaml + - manager_role.yaml + - leader_election_role.yaml + - leader_election_role_binding.yaml + - crd_cluster_role.yaml + - crd_cluster_role_binding.yaml + - manager_role_binding.yaml + - watcher_certmanager_role.yaml + - watcher_certmanager_role_binding.yaml diff --git a/config/rbac/common/leader_election_role.yaml b/config/rbac/leader_election_role.yaml similarity index 100% rename from config/rbac/common/leader_election_role.yaml rename to config/rbac/leader_election_role.yaml diff --git a/config/rbac/common/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml similarity index 100% rename from config/rbac/common/leader_election_role_binding.yaml rename to config/rbac/leader_election_role_binding.yaml diff --git a/config/rbac/manager_role.yaml b/config/rbac/manager_role.yaml new file mode 100644 index 0000000000..867408b965 --- /dev/null +++ b/config/rbac/manager_role.yaml @@ -0,0 +1,204 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: controller-manager + namespace: istio-system +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - update + - apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cert-manager.io + resources: + - issuers + verbs: + - get + - list + - watch + - apiGroups: + - networking.istio.io + resources: + - gateways + verbs: + - get + - list + - apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - create + - delete + - get + - list + - update + - apiGroups: + - operator.kyma-project.io + resources: + - kymas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - operator.kyma-project.io + resources: + - kymas/finalizers + verbs: + - update + - apiGroups: + - operator.kyma-project.io + resources: + - kymas/status + verbs: + - get + - patch + - update + - watch + - apiGroups: + - operator.kyma-project.io + resources: + - manifests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - operator.kyma-project.io + resources: + - manifests/finalizers + verbs: + - update + - apiGroups: + - operator.kyma-project.io + resources: + - manifests/status + verbs: + - get + - patch + - update + - apiGroups: + - operator.kyma-project.io + resources: + - modulereleasemetas + verbs: + - get + - list + - watch + - apiGroups: + - operator.kyma-project.io + resources: + - moduletemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - operator.kyma-project.io + resources: + - moduletemplates/finalizers + verbs: + - update + - apiGroups: + - operator.kyma-project.io + resources: + - watchers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - operator.kyma-project.io + resources: + - watchers/finalizers + verbs: + - update + - apiGroups: + - operator.kyma-project.io + resources: + - watchers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/namespace_bindings/role_binding.yaml b/config/rbac/manager_role_binding.yaml similarity index 92% rename from config/rbac/namespace_bindings/role_binding.yaml rename to config/rbac/manager_role_binding.yaml index ca76ff8d92..705eb370e2 100644 --- a/config/rbac/namespace_bindings/role_binding.yaml +++ b/config/rbac/manager_role_binding.yaml @@ -5,7 +5,7 @@ metadata: namespace: kcp-system roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: controller-manager subjects: - kind: ServiceAccount diff --git a/config/rbac/namespace_bindings/istio_namespace_role.yaml b/config/rbac/namespace_bindings/istio_namespace_role.yaml deleted file mode 100644 index 88a81257d1..0000000000 --- a/config/rbac/namespace_bindings/istio_namespace_role.yaml +++ /dev/null @@ -1,34 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: manager-role-istio-namespace - namespace: istio-system -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch - - create - - delete -- apiGroups: - - cert-manager.io - resources: - - certificates - verbs: - - patch - - list - - watch - - get - - create - - delete -- apiGroups: - - cert-manager.io - resources: - - issuers - verbs: - - list - - watch diff --git a/config/rbac/namespace_bindings/istio_namespace_role_binding.yaml b/config/rbac/namespace_bindings/istio_namespace_role_binding.yaml deleted file mode 100644 index 0f5dd49c78..0000000000 --- a/config/rbac/namespace_bindings/istio_namespace_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: manager-rolebinding-istio-namespace - namespace: istio-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: manager-role-istio-namespace -subjects: - - kind: ServiceAccount - name: controller-manager \ No newline at end of file diff --git a/config/rbac/namespace_bindings/kustomization.yaml b/config/rbac/namespace_bindings/kustomization.yaml deleted file mode 100644 index 8e9a9d4f54..0000000000 --- a/config/rbac/namespace_bindings/kustomization.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component - -components: - - ../common - -resources: - # All RBAC will be applied under this service account in - # the deployment namespace. You may comment out this resource - # if your manager will use a service account that exists at - # runtime. Be sure to update RoleBinding and ClusterRoleBinding - # subjects if changing service account names. - - role_binding.yaml - # Comment the following to disable manifest integration - - watcher_certmanager_role.yaml - - watcher_certmanager_role_binding.yaml diff --git a/config/rbac/namespace_bindings/remote_namespace_role.yaml b/config/rbac/namespace_bindings/remote_namespace_role.yaml deleted file mode 100644 index 4c8e2cc1fc..0000000000 --- a/config/rbac/namespace_bindings/remote_namespace_role.yaml +++ /dev/null @@ -1,42 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: manager-role-remote-namespace - namespace: kyma-system -rules: -- apiGroups: - - operator.kyma-project.io - resources: - - kymas - verbs: - - list - - watch - - delete - - get - - create - - patch - - update -- apiGroups: - - operator.kyma-project.io - resources: - - kymas/finalizers - verbs: - - update -- apiGroups: - - operator.kyma-project.io - resources: - - kymas/status - verbs: - - get - - patch - - update - - watch -- apiGroups: - - operator.kyma-project.io - resources: - - moduletemplates - verbs: - - list - - watch - - delete \ No newline at end of file diff --git a/config/rbac/namespace_bindings/remote_namespace_role_binding.yaml b/config/rbac/namespace_bindings/remote_namespace_role_binding.yaml deleted file mode 100644 index 23c42d6610..0000000000 --- a/config/rbac/namespace_bindings/remote_namespace_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: manager-rolebinding-remote-namespace - namespace: kyma-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: manager-role-remote-namespace -subjects: - - kind: ServiceAccount - name: controller-manager \ No newline at end of file diff --git a/config/rbac/common/service_account.yaml b/config/rbac/service_account.yaml similarity index 100% rename from config/rbac/common/service_account.yaml rename to config/rbac/service_account.yaml diff --git a/config/rbac/namespace_bindings/watcher_certmanager_role.yaml b/config/rbac/watcher_certmanager_role.yaml similarity index 100% rename from config/rbac/namespace_bindings/watcher_certmanager_role.yaml rename to config/rbac/watcher_certmanager_role.yaml diff --git a/config/rbac/namespace_bindings/watcher_certmanager_role_binding.yaml b/config/rbac/watcher_certmanager_role_binding.yaml similarity index 100% rename from config/rbac/namespace_bindings/watcher_certmanager_role_binding.yaml rename to config/rbac/watcher_certmanager_role_binding.yaml diff --git a/config/watcher/certificate_setup.yaml b/config/watcher/certificate_setup.yaml index 256ee49e66..679c73f78b 100644 --- a/config/watcher/certificate_setup.yaml +++ b/config/watcher/certificate_setup.yaml @@ -1,7 +1,6 @@ # The following manifests contain a self-signed issuer CR and a certificate CR. # More document can be found at https://docs.cert-manager.io # WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes. - apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: diff --git a/config/watcher/gateway.yaml b/config/watcher/gateway.yaml index 5eb8034307..ca12fba606 100644 --- a/config/watcher/gateway.yaml +++ b/config/watcher/gateway.yaml @@ -1,4 +1,4 @@ -# Use this Gateway for setup with watcher enabled if there is no istio gateway configured +# Use this Gateway for setup with enabled watcher if there is no istio gateway configured apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: diff --git a/config/watcher/kustomization.yaml b/config/watcher/kustomization.yaml index dc72ac98d9..49f038a2ad 100644 --- a/config/watcher/kustomization.yaml +++ b/config/watcher/kustomization.yaml @@ -1,15 +1,15 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component - -resources: -- operator_v1beta2_watcher.yaml -- gateway.yaml -- certificate_setup.yaml generatorOptions: disableNameSuffixHash: true - +resources: + - certificate_setup.yaml + - gateway.yaml + - kyma_watcher.yaml patches: - - patch: |- + - target: + kind: Deployment + patch: |- - op: add path: /spec/template/spec/containers/0/args/- value: --enable-kcp-watcher @@ -25,5 +25,3 @@ patches: - op: add path: /spec/template/spec/containers/0/args/- value: --enable-domain-name-pinning=true - target: - kind: Deployment diff --git a/config/watcher/operator_v1beta2_watcher.yaml b/config/watcher/kyma_watcher.yaml similarity index 100% rename from config/watcher/operator_v1beta2_watcher.yaml rename to config/watcher/kyma_watcher.yaml diff --git a/config/watcher_local_test/kustomization.yaml b/config/watcher_local_test/kustomization.yaml index 8e704dab19..ab2fd26e0e 100644 --- a/config/watcher_local_test/kustomization.yaml +++ b/config/watcher_local_test/kustomization.yaml @@ -1,90 +1,80 @@ -# The main purpose of this dedicated kustomization is to have different configuration for testing the watcher locally. -# Unlike the default setup, it enables the ability to configure additional components -# that we do not want in the default configuration (e.g. vendor-specific gateway implementation) +# Configuration for testing the watcher locally. +# Enables the ability to configure additional components, +# that we do not want in the default configuration (e.g. vendor-specific gateway implementation), # but are necessary for testing the watcher on locally provisioned clusters using k3d. -resources: -- ../control-plane -# In control-plane we expect a kcp-system and kyma-system namespace to be already present, thus for testing we need to create it -- patches/namespace_create.yaml - -# [WATCHER] To enable the watcher, uncomment all the sections with [WATCHER] -# [ISTIO] To enable istio, uncomment all sections with 'ISTIO'. -components: -- ../istio -- ../maintenance_windows - - +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization generatorOptions: disableNameSuffixHash: true - -# Patches enable the local testing mode for the KLM -# and sets the namespace for the watcher resources to `kcp-system`. -# When deployed on KCP it will be set by the default kustomize. +resources: + - # The control-plane config does not include namespaces creation, therefore we need to include their creation here + - namespaces.yaml + - ../control-plane +components: + - ../istio + - ../maintenance_windows patches: -- path: patches/adjust_resources_for_local_setup.yaml -- patch: |- - - op: add - path: /spec/template/spec/containers/0/args/- - value: --kyma-requeue-success-interval=20s - - op: add - path: /spec/template/spec/containers/0/args/- - value: --manifest-requeue-success-interval=5s - - op: add - path: /spec/template/spec/containers/0/args/- - value: --log-level=9 - - op: add - path: /spec/template/spec/containers/0/args/- - value: --additional-dns-names=localhost,127.0.0.1,host.k3d.internal - - op: add - path: /spec/template/spec/containers/0/args/- - value: --listener-port-overwrite=9443 - - op: add - path: /spec/template/spec/containers/0/args/- - value: --leader-election-lease-duration=20s - - op: add - path: /spec/template/spec/containers/0/args/- - value: --leader-election-renew-deadline=15s - - op: add - path: /spec/template/spec/containers/0/args/- - value: --leader-election-retry-period=3s - - op: replace - path: /spec/template/spec/containers/0/imagePullPolicy - value: Always - target: - kind: Deployment -- patch: |- - - op: replace - path: /metadata/namespace - value: kcp-system - target: - group: security.istio.io - version: v1beta1 - kind: AuthorizationPolicy - name: controller-manager -- patch: |- - - op: replace - path: /spec/servers/0/hosts/0 - value: "host.k3d.internal" - target: - group: networking.istio.io - version: v1beta1 - kind: Gateway - name: watcher -- patch: |- - - op: replace - path: /spec/dnsNames/0 - value: "localhost" - - op: add - path: /spec/dnsNames/1 - value: "host.k3d.internal" - - op: add - path: /spec/dnsNames/2 - value: "skr.cluster.local" - target: - group: cert-manager.io - version: v1 - kind: Certificate - name: watcher-serving - -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization + - path: patches/deployment_resources.yaml + - target: + kind: Deployment + patch: |- + - op: add + path: /spec/template/spec/containers/0/args/- + value: --kyma-requeue-success-interval=20s + - op: add + path: /spec/template/spec/containers/0/args/- + value: --manifest-requeue-success-interval=5s + - op: add + path: /spec/template/spec/containers/0/args/- + value: --log-level=9 + - op: add + path: /spec/template/spec/containers/0/args/- + value: --additional-dns-names=localhost,127.0.0.1,host.k3d.internal + - op: add + path: /spec/template/spec/containers/0/args/- + value: --listener-port-overwrite=9443 + - op: add + path: /spec/template/spec/containers/0/args/- + value: --leader-election-lease-duration=20s + - op: add + path: /spec/template/spec/containers/0/args/- + value: --leader-election-renew-deadline=15s + - op: add + path: /spec/template/spec/containers/0/args/- + value: --leader-election-retry-period=3s + - op: replace + path: /spec/template/spec/containers/0/imagePullPolicy + value: Always + - target: + group: security.istio.io + version: v1beta1 + kind: AuthorizationPolicy + name: controller-manager + patch: |- + - op: replace + path: /metadata/namespace + value: kcp-system + - target: + group: networking.istio.io + version: v1beta1 + kind: Gateway + name: watcher + patch: |- + - op: replace + path: /spec/servers/0/hosts/0 + value: "host.k3d.internal" + - target: + group: cert-manager.io + version: v1 + kind: Certificate + name: watcher-serving + patch: |- + - op: replace + path: /spec/dnsNames/0 + value: "localhost" + - op: add + path: /spec/dnsNames/1 + value: "host.k3d.internal" + - op: add + path: /spec/dnsNames/2 + value: "skr.cluster.local" diff --git a/config/watcher_local_test/patches/namespace_create.yaml b/config/watcher_local_test/namespaces.yaml similarity index 84% rename from config/watcher_local_test/patches/namespace_create.yaml rename to config/watcher_local_test/namespaces.yaml index 45a073e162..d9da46d578 100644 --- a/config/watcher_local_test/patches/namespace_create.yaml +++ b/config/watcher_local_test/namespaces.yaml @@ -6,4 +6,4 @@ metadata: apiVersion: v1 kind: Namespace metadata: - name: kyma-system \ No newline at end of file + name: kyma-system diff --git a/config/watcher_local_test/patches/adjust_resources_for_local_setup.yaml b/config/watcher_local_test/patches/deployment_resources.yaml similarity index 90% rename from config/watcher_local_test/patches/adjust_resources_for_local_setup.yaml rename to config/watcher_local_test/patches/deployment_resources.yaml index 013818ff9b..0b2431abec 100644 --- a/config/watcher_local_test/patches/adjust_resources_for_local_setup.yaml +++ b/config/watcher_local_test/patches/deployment_resources.yaml @@ -13,4 +13,4 @@ spec: memory: 400Mi requests: cpu: 100m - memory: 100Mi \ No newline at end of file + memory: 100Mi From 8a34f185f8817f01785c9aab64f505f21242e97e Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Thu, 13 Feb 2025 07:28:32 +0100 Subject: [PATCH 03/26] remove remaining kubebuilder marker for rbac creation --- internal/controller/manifest/controller.go | 4 ---- internal/controller/watcher/controller.go | 8 -------- 2 files changed, 12 deletions(-) diff --git a/internal/controller/manifest/controller.go b/internal/controller/manifest/controller.go index afa47768ed..d1346b3475 100644 --- a/internal/controller/manifest/controller.go +++ b/internal/controller/manifest/controller.go @@ -11,10 +11,6 @@ import ( "github.com/kyma-project/lifecycle-manager/pkg/queue" ) -// +kubebuilder:rbac:groups=operator.kyma-project.io,resources=manifests,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=operator.kyma-project.io,resources=manifests/status,verbs=get;update;patch -// +kubebuilder:rbac:groups=operator.kyma-project.io,resources=manifests/finalizers,verbs=update - func NewReconciler(mgr manager.Manager, requeueIntervals queue.RequeueIntervals, manifestMetrics *metrics.ManifestMetrics, mandatoryModulesMetrics *metrics.MandatoryModulesMetrics, manifestClient declarativev2.ManifestAPIClient, diff --git a/internal/controller/watcher/controller.go b/internal/controller/watcher/controller.go index 2695f85ea0..88b72c35e6 100644 --- a/internal/controller/watcher/controller.go +++ b/internal/controller/watcher/controller.go @@ -63,14 +63,6 @@ type Reconciler struct { queue.RequeueIntervals } -// +kubebuilder:rbac:groups=operator.kyma-project.io,resources=watchers,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=operator.kyma-project.io,resources=watchers/status,verbs=get;update;patch -// +kubebuilder:rbac:groups=operator.kyma-project.io,resources=watchers/finalizers,verbs=update -// +kubebuilder:rbac:groups=networking.istio.io,resources=virtualservices,verbs=get;list;create;update;delete -// +kubebuilder:rbac:groups=networking.istio.io,resources=gateways,verbs=list;get; -// +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;update;delete -// +kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete - func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { logger := logf.FromContext(ctx).WithName(req.NamespacedName.String()) logger.V(log.DebugLevel).Info("Reconciliation loop starting") From d3b071218fc6177c58677bf7ab59abe4010ce465 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Thu, 13 Feb 2025 07:32:29 +0100 Subject: [PATCH 04/26] rename --- config/control-plane/kustomization.yaml | 2 +- ...resources_in_deployment.yaml => deployment_resources.yaml} | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) rename config/control-plane/patches/{adjust_resources_in_deployment.yaml => deployment_resources.yaml} (55%) diff --git a/config/control-plane/kustomization.yaml b/config/control-plane/kustomization.yaml index 7a7ee3ab81..c0ada7a2b6 100644 --- a/config/control-plane/kustomization.yaml +++ b/config/control-plane/kustomization.yaml @@ -61,8 +61,8 @@ patches: - op: add path: /metadata/labels/grafana_dashboard value: "1" + - path: patches/deployment_resources.yaml - path: patches/unique_manager_webhook_patch.yaml - - path: patches/adjust_resources_in_deployment.yaml # We override the certificate name to ensure that Cert-Manager uses a unique cert in conjunction with other # kubebuilder operators. - path: patches/unique_certificate_name.yaml diff --git a/config/control-plane/patches/adjust_resources_in_deployment.yaml b/config/control-plane/patches/deployment_resources.yaml similarity index 55% rename from config/control-plane/patches/adjust_resources_in_deployment.yaml rename to config/control-plane/patches/deployment_resources.yaml index bc1694d98f..a2d67f9f90 100644 --- a/config/control-plane/patches/adjust_resources_in_deployment.yaml +++ b/config/control-plane/patches/deployment_resources.yaml @@ -1,5 +1,3 @@ -# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. apiVersion: apps/v1 kind: Deployment metadata: @@ -14,4 +12,4 @@ spec: memory: 4000Mi requests: cpu: 1000m - memory: 1000Mi \ No newline at end of file + memory: 1000Mi From b18ed224e6b6a4d83aaea38cf384a25dfe92113f Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Thu, 13 Feb 2025 07:33:15 +0100 Subject: [PATCH 05/26] delete unused patch --- .../patches/secured_manager_auth_proxy.yaml | 36 ------------------- 1 file changed, 36 deletions(-) delete mode 100644 config/control-plane/patches/secured_manager_auth_proxy.yaml diff --git a/config/control-plane/patches/secured_manager_auth_proxy.yaml b/config/control-plane/patches/secured_manager_auth_proxy.yaml deleted file mode 100644 index b1dd3ca9bb..0000000000 --- a/config/control-plane/patches/secured_manager_auth_proxy.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager -spec: - template: - spec: - containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - args: - - "--insecure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=0" - ports: - - containerPort: 8443 - protocol: TCP - name: https - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 5m - memory: 64Mi - - name: manager - args: - - "--health-probe-bind-address=:8081" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" - - "--k8s-client-qps=150" - - "--k8s-client-burst=150" - - "--max-concurrent-reconciles=20" From 52adae46fdc6a8bc9c92ab61629b7f663a015057 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Thu, 13 Feb 2025 07:35:51 +0100 Subject: [PATCH 06/26] rename --- config/control-plane/kustomization.yaml | 2 +- ..._webhook_patch.yaml => unique_deployment_webhook_patch.yaml} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename config/control-plane/patches/{unique_manager_webhook_patch.yaml => unique_deployment_webhook_patch.yaml} (100%) diff --git a/config/control-plane/kustomization.yaml b/config/control-plane/kustomization.yaml index c0ada7a2b6..775ab4292d 100644 --- a/config/control-plane/kustomization.yaml +++ b/config/control-plane/kustomization.yaml @@ -62,7 +62,7 @@ patches: path: /metadata/labels/grafana_dashboard value: "1" - path: patches/deployment_resources.yaml - - path: patches/unique_manager_webhook_patch.yaml + - path: patches/unique_deployment_webhook_patch.yaml # We override the certificate name to ensure that Cert-Manager uses a unique cert in conjunction with other # kubebuilder operators. - path: patches/unique_certificate_name.yaml diff --git a/config/control-plane/patches/unique_manager_webhook_patch.yaml b/config/control-plane/patches/unique_deployment_webhook_patch.yaml similarity index 100% rename from config/control-plane/patches/unique_manager_webhook_patch.yaml rename to config/control-plane/patches/unique_deployment_webhook_patch.yaml From b02e32c33064de710e3addf693efbf23b3df4376 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Thu, 13 Feb 2025 07:38:52 +0100 Subject: [PATCH 07/26] revert change in main --- cmd/main.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index 01b9e2508f..44a14f9cbd 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -142,10 +142,7 @@ func pprofStartServer(addr string, timeout time.Duration, setupLog logr.Logger) } } -func setupManager( - flagVar *flags.FlagVar, - cacheOptions cache.Options, - scheme *machineryruntime.Scheme, +func setupManager(flagVar *flags.FlagVar, cacheOptions cache.Options, scheme *machineryruntime.Scheme, logger logr.Logger, ) { mgr, err := configManager(flagVar, cacheOptions, scheme) From f54037ecee49f02fe3a993fb8b45a72647d2338c Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Thu, 13 Feb 2025 07:42:56 +0100 Subject: [PATCH 08/26] cleanup --- config/crd/kustomizeconfig.yaml | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/config/crd/kustomizeconfig.yaml b/config/crd/kustomizeconfig.yaml index ec5c150a9d..b7b511d07d 100644 --- a/config/crd/kustomizeconfig.yaml +++ b/config/crd/kustomizeconfig.yaml @@ -1,19 +1,17 @@ -# This file is for teaching kustomize how to substitute name and namespace reference in CRD +# Configure name and namespace reference substitution in CRDs nameReference: -- kind: Service - version: v1 - fieldSpecs: + - kind: Service + version: v1 + fieldSpecs: + - kind: CustomResourceDefinition + version: v1 + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/name +namespace: - kind: CustomResourceDefinition version: v1 group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/name - -namespace: -- kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/namespace - create: false - + path: spec/conversion/webhook/clientConfig/service/namespace + create: false varReference: -- path: metadata/annotations + - path: metadata/annotations From 8a1c86184dd989fa52e9623dad45c3a5b9e1bec0 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Thu, 13 Feb 2025 07:50:59 +0100 Subject: [PATCH 09/26] rename --- .../patches/unique_certificate_name.yaml | 2 +- config/istio/commonlabels_override.yaml | 3 +-- ....yaml => endpoints_authorization_policy.yaml} | 0 config/istio/kustomization.yaml | 16 ++++++---------- ...yaml => deployment_exclude_webhook_port.yaml} | 0 ..._labels.yaml => deployment_istio_inject.yaml} | 0 6 files changed, 8 insertions(+), 13 deletions(-) rename config/istio/{ap.yaml => endpoints_authorization_policy.yaml} (100%) rename config/istio/patches/{exclude_webhook_port.yaml => deployment_exclude_webhook_port.yaml} (100%) rename config/istio/patches/{istio_deployment_labels.yaml => deployment_istio_inject.yaml} (100%) diff --git a/config/control-plane/patches/unique_certificate_name.yaml b/config/control-plane/patches/unique_certificate_name.yaml index bf53cdf233..c9eb096306 100644 --- a/config/control-plane/patches/unique_certificate_name.yaml +++ b/config/control-plane/patches/unique_certificate_name.yaml @@ -3,4 +3,4 @@ kind: Certificate metadata: name: controller-manager-webhook-serving # this name should match the one appeared in kustomizeconfig.yaml spec: - secretName: klm-controller-manager-webhook # this secret will not be prefixed, since it's not managed by kustomize \ No newline at end of file + secretName: klm-controller-manager-webhook # secretName will not be prefixed, since it's not managed by kustomize \ No newline at end of file diff --git a/config/istio/commonlabels_override.yaml b/config/istio/commonlabels_override.yaml index f11a704f31..754834e22f 100644 --- a/config/istio/commonlabels_override.yaml +++ b/config/istio/commonlabels_override.yaml @@ -1,8 +1,7 @@ # This is an extension to builtin commonLabels, # reference https://github.com/kubernetes-sigs/kustomize/blob/master/api/konfig/builtinpluginconsts/commonlabels.go - commonLabels: - path: spec/selector/matchLabels create: true version: v1beta1 - kind: AuthorizationPolicy \ No newline at end of file + kind: AuthorizationPolicy diff --git a/config/istio/ap.yaml b/config/istio/endpoints_authorization_policy.yaml similarity index 100% rename from config/istio/ap.yaml rename to config/istio/endpoints_authorization_policy.yaml diff --git a/config/istio/kustomization.yaml b/config/istio/kustomization.yaml index 5ef5308a6f..e793b3f558 100644 --- a/config/istio/kustomization.yaml +++ b/config/istio/kustomization.yaml @@ -1,15 +1,11 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component - -configurations: -- commonlabels_override.yaml - -resources: -- ap.yaml - generatorOptions: disableNameSuffixHash: true - +configurations: + - commonlabels_override.yaml +resources: + - endpoints_authorization_policy.yaml patches: - - path: patches/istio_deployment_labels.yaml - - path: patches/exclude_webhook_port.yaml + - path: patches/deployment_istio_inject.yaml + - path: patches/deployment_exclude_webhook_port.yaml diff --git a/config/istio/patches/exclude_webhook_port.yaml b/config/istio/patches/deployment_exclude_webhook_port.yaml similarity index 100% rename from config/istio/patches/exclude_webhook_port.yaml rename to config/istio/patches/deployment_exclude_webhook_port.yaml diff --git a/config/istio/patches/istio_deployment_labels.yaml b/config/istio/patches/deployment_istio_inject.yaml similarity index 100% rename from config/istio/patches/istio_deployment_labels.yaml rename to config/istio/patches/deployment_istio_inject.yaml From 39603c2e6f356d9485b88c1d2b9da5e5e30ed9ec Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Thu, 13 Feb 2025 08:42:04 +0100 Subject: [PATCH 10/26] fix list --- config/certmanager/kustomization.yaml | 5 +- config/default/kustomization.yaml | 72 +- config/maintenance_windows/kustomization.yaml | 8 +- config/manager/kustomization.yaml | 10 +- config/watcher_local_test/kustomization.yaml | 1 - config/watcher_local_test/namespaces.yaml | 1 + config/webhook/kustomization.yaml | 9 +- watcher-local.yaml | 7453 +++++++++++++++++ 8 files changed, 7502 insertions(+), 57 deletions(-) create mode 100644 watcher-local.yaml diff --git a/config/certmanager/kustomization.yaml b/config/certmanager/kustomization.yaml index bebea5a595..34e7e5b126 100644 --- a/config/certmanager/kustomization.yaml +++ b/config/certmanager/kustomization.yaml @@ -1,5 +1,4 @@ resources: -- certificate.yaml - + - certificate.yaml configurations: -- kustomizeconfig.yaml + - kustomizeconfig.yaml diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 034a065e51..13a236e04b 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -9,42 +9,42 @@ commonLabels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/part-of: manual-deployment patches: -- path: manager_webhook_patch.yaml + - path: manager_webhook_patch.yaml resources: -- ../manager -- ../certmanager -- namespace_create.yaml + - ../manager + - ../certmanager + - namespace_create.yaml components: -- ../crd -- ../rbac -- ../webhook + - ../crd + - ../rbac + - ../webhook transformers: -- |- - apiVersion: builtin - kind: NamespaceTransformer - metadata: - name: adds-resources-to-kcp-system - namespace: kcp-system - unsetOnly: true - setRoleBindingSubjects: allServiceAccounts -- |- - apiVersion: builtin - kind: AnnotationsTransformer - metadata: - name: add-ca-inject-annotation - annotations: - cert-manager.io/inject-ca-from: kcp-system/klm-controller-manager-webhook-serving - fieldSpecs: - - kind: CustomResourceDefinition - path: metadata/annotations -- |- - apiVersion: builtin - kind: PatchTransformer - metadata: - name: fix-cert-dns-names - patch: '[{"op": "replace", "path": "/spec/dnsNames/0", "value": "klm-webhook-service.kcp-system.svc"}, {"op": "replace", "path": "/spec/dnsNames/1", "value": "klm-webhook-service.kcp-system.svc.cluster.local"}]' - target: - kind: Certificate - name: klm-controller-manager-webhook-serving - version: v1 - group: cert-manager.io + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: adds-resources-to-kcp-system + namespace: kcp-system + unsetOnly: true + setRoleBindingSubjects: allServiceAccounts + - |- + apiVersion: builtin + kind: AnnotationsTransformer + metadata: + name: add-ca-inject-annotation + annotations: + cert-manager.io/inject-ca-from: kcp-system/klm-controller-manager-webhook-serving + fieldSpecs: + - kind: CustomResourceDefinition + path: metadata/annotations + - |- + apiVersion: builtin + kind: PatchTransformer + metadata: + name: fix-cert-dns-names + patch: '[{"op": "replace", "path": "/spec/dnsNames/0", "value": "klm-webhook-service.kcp-system.svc"}, {"op": "replace", "path": "/spec/dnsNames/1", "value": "klm-webhook-service.kcp-system.svc.cluster.local"}]' + target: + kind: Certificate + name: klm-controller-manager-webhook-serving + version: v1 + group: cert-manager.io diff --git a/config/maintenance_windows/kustomization.yaml b/config/maintenance_windows/kustomization.yaml index 1312778007..d8bd295964 100644 --- a/config/maintenance_windows/kustomization.yaml +++ b/config/maintenance_windows/kustomization.yaml @@ -1,21 +1,17 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component - +generatorOptions: + disableNameSuffixHash: true configMapGenerator: - name: maintenance-config files: - policy.json - -generatorOptions: - disableNameSuffixHash: true - patches: - path: patches/volume_mount.yaml target: kind: Deployment name: klm-controller-manager namespace: kcp-system - transformers: - |- apiVersion: builtin diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index edf8de4d82..1bfbb27603 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -3,9 +3,9 @@ kind: Kustomization generatorOptions: disableNameSuffixHash: true resources: -- manager.yaml -- metrics_service.yaml + - manager.yaml + - metrics_service.yaml images: -- name: controller - newName: europe-docker.pkg.dev/kyma-project/prod/lifecycle-manager - newTag: latest + - name: controller + newName: europe-docker.pkg.dev/kyma-project/prod/lifecycle-manager + newTag: latest diff --git a/config/watcher_local_test/kustomization.yaml b/config/watcher_local_test/kustomization.yaml index ab2fd26e0e..459a69ca57 100644 --- a/config/watcher_local_test/kustomization.yaml +++ b/config/watcher_local_test/kustomization.yaml @@ -7,7 +7,6 @@ kind: Kustomization generatorOptions: disableNameSuffixHash: true resources: - - # The control-plane config does not include namespaces creation, therefore we need to include their creation here - namespaces.yaml - ../control-plane components: diff --git a/config/watcher_local_test/namespaces.yaml b/config/watcher_local_test/namespaces.yaml index d9da46d578..e9b6051e69 100644 --- a/config/watcher_local_test/namespaces.yaml +++ b/config/watcher_local_test/namespaces.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Namespace metadata: diff --git a/config/webhook/kustomization.yaml b/config/webhook/kustomization.yaml index 4372090bfa..930b03ca77 100644 --- a/config/webhook/kustomization.yaml +++ b/config/webhook/kustomization.yaml @@ -1,16 +1,13 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component - resources: - service.yaml - configurations: - kustomizeconfig.yaml - patches: - - patch: |- + - target: + kind: Deployment + patch: |- - op: add path: /spec/template/spec/containers/0/args/- value: --enable-webhooks=true - target: - kind: Deployment \ No newline at end of file diff --git a/watcher-local.yaml b/watcher-local.yaml new file mode 100644 index 0000000000..7e85b8bbc4 --- /dev/null +++ b/watcher-local.yaml @@ -0,0 +1,7453 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kcp-system +--- +apiVersion: v1 +kind: Namespace +metadata: + name: kyma-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: kcp-system/klm-controller-manager-webhook-serving + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: kymas.operator.kyma-project.io +spec: + group: operator.kyma-project.io + names: + kind: Kyma + listKind: KymaList + plural: kymas + singular: kyma + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.state + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + deprecationWarning: kyma-project.io/v1beta1 Kyma is deprecated. Use v1beta2 instead. + name: v1beta1 + schema: + openAPIV3Schema: + description: Kyma is the Schema for the kymas API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KymaSpec defines the desired state of Kyma. + properties: + channel: + description: Channel specifies the desired Channel of the Installation, + usually targeting different module versions. + maxLength: 32 + minLength: 3 + pattern: ^[a-z]+$ + type: string + modules: + description: Modules specifies the list of modules to be installed + items: + description: Module defines the components to be installed. + properties: + channel: + description: |- + Channel is the desired channel of the Module. If this changes or is set, it will be used to resolve a new + ModuleTemplate based on the new resolved resources. + maxLength: 32 + minLength: 3 + pattern: ^[a-z]+$ + type: string + controller: + description: |- + ControllerName is able to set the controller used for reconciliation of the module. It can be used + together with Cache Configuration on the Operator responsible for the templated Modules to split + workload. + type: string + customResourcePolicy: + default: CreateAndDelete + description: |- + CustomResourcePolicy determines how a ModuleTemplate should be parsed. When CustomResourcePolicy is set to + CustomResourcePolicyCreateAndDelete, the Manifest will receive instructions to create it on installation with + the default values provided in ModuleTemplate, and to remove it when the module or Kyma is deleted. + enum: + - CreateAndDelete + - Ignore + type: string + managed: + default: true + description: |- + Managed is determining whether the module is managed or not. If the module is unmanaged, the user is responsible + for the lifecycle of the module. + type: boolean + name: + description: |- + Name is a unique identifier of the module. + It is used to resolve a ModuleTemplate for creating a set of resources on the cluster. + + + Name can only be the ModuleName label value of the module-template, e.g. operator.kyma-project.io/module-name=my-module + type: string + remoteModuleTemplateRef: + description: |- + RemoteModuleTemplateRef is deprecated and will no longer have any functionality. + It will be removed in the upcoming API version. + type: string + required: + - managed + - name + type: object + type: array + skipMaintenanceWindows: + description: |- + SkipMaintenanceWindows indicates whether module upgrades that require downtime + should bypass the defined Maintenance Windows and be applied immediately. + type: boolean + sync: + description: Active Synchronization Settings + properties: + enabled: + default: false + description: |- + Enabled set to true will look up a kubeconfig for the remote cluster based on the strategy + and synchronize its state there. + type: boolean + moduleCatalog: + default: true + description: |- + ModuleCatalog set to true will cause a copy of all ModuleTemplate in the cluster + to be synchronized for discovery purposes + type: boolean + namespace: + description: |- + The target namespace, if empty the namespace is reflected from the control plane + Note that cleanup is currently not supported if you are switching the namespace, so you will + manually need to clean up old synchronized Kymas + type: string + noModuleCopy: + default: true + description: |- + NoModuleCopy set to true will cause the remote Kyma to be initialized without copying over the + module spec of the control plane into the SKR + type: boolean + strategy: + default: secret + description: Strategy determines the way to look up the remotely + synced kubeconfig, by default it is fetched from a secret + type: string + type: object + required: + - channel + type: object + status: + description: KymaStatus defines the observed state of Kyma. + properties: + activeChannel: + description: Active Channel + type: string + conditions: + description: List of status conditions to indicate the status of a + ServiceInstance. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + lastOperation: + description: LastOperation defines the last operation from the control-loop. + properties: + lastUpdateTime: + format: date-time + type: string + operation: + type: string + required: + - operation + type: object + modules: + description: Contains essential information about the current deployed + module + items: + properties: + channel: + description: |- + Channel tracks the active Channel of the Module. In Case it changes, the new Channel will have caused + a new lookup to be necessary that maybe picks a different ModuleTemplate, which is why we need to reconcile. + type: string + fqdn: + description: |- + FQDN is the fully qualified domain name of the module. + In the ModuleTemplate it is located in .spec.descriptor.component.name of the ModuleTemplate + FQDN is used to calculate Namespace and Name of the Manifest for tracking. + type: string + manifest: + description: Manifest contains the Information of a related + Manifest + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + PartialMeta is a subset of ObjectMeta that contains relevant information to track an Object. + see https://github.com/kubernetes/apimachinery/blob/v0.26.1/pkg/apis/meta/v1/types.go#L111 + properties: + generation: + description: |- + A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + format: int64 + type: integer + name: + description: |- + Name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names + type: string + namespace: + description: |- + Namespace defines the space within which each name must be unique. An empty namespace is + equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this field for + those objects will be empty. + + + Must be a DNS_LABEL. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + type: object + type: object + message: + description: Message is a human-readable message indicating + details about the State. + type: string + name: + description: |- + Name defines the name of the Module in the Spec that the status is used for. + It can be any kind of Reference format supported by Module.Name. + type: string + resource: + description: Resource contains information about the created + module CR. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + PartialMeta is a subset of ObjectMeta that contains relevant information to track an Object. + see https://github.com/kubernetes/apimachinery/blob/v0.26.1/pkg/apis/meta/v1/types.go#L111 + properties: + generation: + description: |- + A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + format: int64 + type: integer + name: + description: |- + Name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names + type: string + namespace: + description: |- + Namespace defines the space within which each name must be unique. An empty namespace is + equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this field for + those objects will be empty. + + + Must be a DNS_LABEL. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + type: object + type: object + state: + description: State of the Module in the currently tracked Generation + enum: + - Processing + - Deleting + - Ready + - Error + - "" + - Warning + - Unmanaged + type: string + template: + description: |- + It contains information about the last parsed ModuleTemplate in Context of the Installation. + This will update when Channel or the ModuleTemplate is changed. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + PartialMeta is a subset of ObjectMeta that contains relevant information to track an Object. + see https://github.com/kubernetes/apimachinery/blob/v0.26.1/pkg/apis/meta/v1/types.go#L111 + properties: + generation: + description: |- + A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + format: int64 + type: integer + name: + description: |- + Name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names + type: string + namespace: + description: |- + Namespace defines the space within which each name must be unique. An empty namespace is + equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this field for + those objects will be empty. + + + Must be a DNS_LABEL. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + type: object + type: object + version: + description: Channel tracks the active Version of the Module. + type: string + required: + - name + - state + type: object + type: array + state: + description: |- + State signifies current state of Kyma. + Value can be one of ("Ready", "Processing", "Error", "Deleting"). + enum: + - Processing + - Deleting + - Ready + - Error + - "" + - Warning + - Unmanaged + type: string + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.state + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: Kyma is the Schema for the kymas API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KymaSpec defines the desired state of Kyma. + properties: + channel: + description: Channel specifies the desired Channel of the Installation, + usually targeting different module versions. + maxLength: 32 + minLength: 3 + pattern: ^[a-z]+$ + type: string + modules: + description: Modules specifies the list of modules to be installed + items: + description: Module defines the components to be installed. + properties: + channel: + description: |- + Channel is the desired channel of the Module. If this changes or is set, it will be used to resolve a new + ModuleTemplate based on the new resolved resources. + maxLength: 32 + minLength: 3 + pattern: ^[a-z]+$ + type: string + controller: + description: |- + ControllerName is able to set the controller used for reconciliation of the module. It can be used + together with Cache Configuration on the Operator responsible for the templated Modules to split + workload. + type: string + customResourcePolicy: + default: CreateAndDelete + description: |- + CustomResourcePolicy determines how a ModuleTemplate should be parsed. When CustomResourcePolicy is set to + CustomResourcePolicyCreateAndDelete, the Manifest will receive instructions to create it on installation with + the default values provided in ModuleTemplate, and to remove it when the module or Kyma is deleted. + enum: + - CreateAndDelete + - Ignore + type: string + managed: + default: true + description: |- + Managed is determining whether the module is managed or not. If the module is unmanaged, the user is responsible + for the lifecycle of the module. + type: boolean + name: + description: |- + Name is a unique identifier of the module. + It is used to resolve a ModuleTemplate for creating a set of resources on the cluster. + + + Name can only be the ModuleName label value of the module-template, e.g. operator.kyma-project.io/module-name=my-module + type: string + remoteModuleTemplateRef: + description: |- + RemoteModuleTemplateRef is deprecated and will no longer have any functionality. + It will be removed in the upcoming API version. + type: string + required: + - managed + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + skipMaintenanceWindows: + description: |- + SkipMaintenanceWindows indicates whether module upgrades that require downtime + should bypass the defined Maintenance Windows and be applied immediately. + type: boolean + required: + - channel + type: object + status: + description: KymaStatus defines the observed state of Kyma. + properties: + activeChannel: + description: Active Channel + type: string + conditions: + description: List of status conditions to indicate the status of a + ServiceInstance. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + lastOperation: + description: LastOperation defines the last operation from the control-loop. + properties: + lastUpdateTime: + format: date-time + type: string + operation: + type: string + required: + - operation + type: object + modules: + description: Contains essential information about the current deployed + module + items: + properties: + channel: + description: |- + Channel tracks the active Channel of the Module. In Case it changes, the new Channel will have caused + a new lookup to be necessary that maybe picks a different ModuleTemplate, which is why we need to reconcile. + type: string + fqdn: + description: |- + FQDN is the fully qualified domain name of the module. + In the ModuleTemplate it is located in .spec.descriptor.component.name of the ModuleTemplate + FQDN is used to calculate Namespace and Name of the Manifest for tracking. + type: string + manifest: + description: Manifest contains the Information of a related + Manifest + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + PartialMeta is a subset of ObjectMeta that contains relevant information to track an Object. + see https://github.com/kubernetes/apimachinery/blob/v0.26.1/pkg/apis/meta/v1/types.go#L111 + properties: + generation: + description: |- + A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + format: int64 + type: integer + name: + description: |- + Name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names + type: string + namespace: + description: |- + Namespace defines the space within which each name must be unique. An empty namespace is + equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this field for + those objects will be empty. + + + Must be a DNS_LABEL. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + type: object + type: object + message: + description: Message is a human-readable message indicating + details about the State. + type: string + name: + description: |- + Name defines the name of the Module in the Spec that the status is used for. + It can be any kind of Reference format supported by Module.Name. + type: string + resource: + description: Resource contains information about the created + module CR. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + PartialMeta is a subset of ObjectMeta that contains relevant information to track an Object. + see https://github.com/kubernetes/apimachinery/blob/v0.26.1/pkg/apis/meta/v1/types.go#L111 + properties: + generation: + description: |- + A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + format: int64 + type: integer + name: + description: |- + Name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names + type: string + namespace: + description: |- + Namespace defines the space within which each name must be unique. An empty namespace is + equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this field for + those objects will be empty. + + + Must be a DNS_LABEL. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + type: object + type: object + state: + description: State of the Module in the currently tracked Generation + enum: + - Processing + - Deleting + - Ready + - Error + - "" + - Warning + - Unmanaged + type: string + template: + description: |- + It contains information about the last parsed ModuleTemplate in Context of the Installation. + This will update when Channel or the ModuleTemplate is changed. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + PartialMeta is a subset of ObjectMeta that contains relevant information to track an Object. + see https://github.com/kubernetes/apimachinery/blob/v0.26.1/pkg/apis/meta/v1/types.go#L111 + properties: + generation: + description: |- + A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + format: int64 + type: integer + name: + description: |- + Name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names + type: string + namespace: + description: |- + Namespace defines the space within which each name must be unique. An empty namespace is + equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this field for + those objects will be empty. + + + Must be a DNS_LABEL. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + type: object + type: object + version: + description: Channel tracks the active Version of the Module. + type: string + required: + - name + - state + type: object + type: array + state: + description: |- + State signifies current state of Kyma. + Value can be one of ("Ready", "Processing", "Error", "Deleting"). + enum: + - Processing + - Deleting + - Ready + - Error + - "" + - Warning + - Unmanaged + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: kcp-system/klm-controller-manager-webhook-serving + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: manifests.operator.kyma-project.io +spec: + group: operator.kyma-project.io + names: + kind: Manifest + listKind: ManifestList + plural: manifests + singular: manifest + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.state + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + deprecationWarning: kyma-project.io/v1beta1 Manifest is deprecated. Use v1beta2 + instead. + name: v1beta1 + schema: + openAPIV3Schema: + description: Manifest is the Schema for the manifests API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ManifestSpec defines the desired state of Manifest. + properties: + config: + description: Config specifies OCI image configuration for Manifest + properties: + credSecretSelector: + description: |- + CredSecretSelector is an optional field, for OCI image saved in private registry, + use it to indicate the secret which contains registry credentials, + must exist in the namespace same as manifest + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Name defines the Image name + type: string + ref: + description: Ref is either a sha value, tag or version + type: string + repo: + description: Repo defines the Image repo + type: string + type: + description: |- + Type specifies the type of installation specification + that could be provided as part of a custom resource. + This time is used in codec to successfully decode from raw extensions. + enum: + - helm-chart + - oci-ref + - kustomize + - "" + type: string + type: object + install: + description: Install specifies a list of installations for Manifest + properties: + name: + description: Name specifies a unique install name for Manifest + type: string + source: + description: Source in the ImageSpec format + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - name + - source + type: object + remote: + description: Remote indicates if Manifest should be installed on a + remote cluster + type: boolean + resource: + description: Resource specifies a resource to be watched for state + updates + nullable: true + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + version: + description: Version specifies current Resource version + type: string + required: + - install + - remote + type: object + status: + description: Status defines the observed state of CustomObject. + properties: + conditions: + description: |- + Conditions contain a set of conditionals to determine the State of Status. + If all Conditions are met, the State is expected to be in StateReady. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + lastOperation: + description: LastOperation defines the last operation from the control-loop. + properties: + lastUpdateTime: + format: date-time + type: string + operation: + type: string + required: + - operation + type: object + state: + description: |- + State signifies current state of CustomObject. + Value can be one of ("Ready", "Processing", "Error", "Deleting", "Warning"). + enum: + - Processing + - Deleting + - Ready + - Error + - "" + - Warning + - Unmanaged + type: string + synced: + description: |- + Synced determine a list of Resources that are currently actively synced. + All resources that are synced are considered for orphan removal on configuration changes, + and it is used to determine effective differences from one state to the next. + items: + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + version: + type: string + required: + - group + - kind + - name + - namespace + - version + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.state + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: Manifest is the Schema for the manifests API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ManifestSpec defines the desired state of Manifest. + properties: + config: + description: Config specifies OCI image configuration for Manifest + properties: + credSecretSelector: + description: |- + CredSecretSelector is an optional field, for OCI image saved in private registry, + use it to indicate the secret which contains registry credentials, + must exist in the namespace same as manifest + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Name defines the Image name + type: string + ref: + description: Ref is either a sha value, tag or version + type: string + repo: + description: Repo defines the Image repo + type: string + type: + description: |- + Type specifies the type of installation specification + that could be provided as part of a custom resource. + This time is used in codec to successfully decode from raw extensions. + enum: + - helm-chart + - oci-ref + - kustomize + - "" + type: string + type: object + install: + description: Install specifies a list of installations for Manifest + properties: + name: + description: Name specifies a unique install name for Manifest + type: string + source: + description: Source in the ImageSpec format + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - name + - source + type: object + remote: + description: Remote indicates if Manifest should be installed on a + remote cluster + type: boolean + resource: + description: Resource specifies a resource to be watched for state + updates + nullable: true + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + version: + description: Version specifies current Resource version + type: string + required: + - install + - remote + type: object + status: + description: Status defines the observed state of CustomObject. + properties: + conditions: + description: |- + Conditions contain a set of conditionals to determine the State of Status. + If all Conditions are met, the State is expected to be in StateReady. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + lastOperation: + description: LastOperation defines the last operation from the control-loop. + properties: + lastUpdateTime: + format: date-time + type: string + operation: + type: string + required: + - operation + type: object + state: + description: |- + State signifies current state of CustomObject. + Value can be one of ("Ready", "Processing", "Error", "Deleting", "Warning"). + enum: + - Processing + - Deleting + - Ready + - Error + - "" + - Warning + - Unmanaged + type: string + synced: + description: |- + Synced determine a list of Resources that are currently actively synced. + All resources that are synced are considered for orphan removal on configuration changes, + and it is used to determine effective differences from one state to the next. + items: + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + version: + type: string + required: + - group + - kind + - name + - namespace + - version + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: kcp-system/klm-controller-manager-webhook-serving + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: modulereleasemetas.operator.kyma-project.io +spec: + group: operator.kyma-project.io + names: + kind: ModuleReleaseMeta + listKind: ModuleReleaseMetaList + plural: modulereleasemetas + shortNames: + - mrm + singular: modulereleasemeta + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ModuleReleaseMetaSpec defines the channel-version assignments + for a module. + properties: + beta: + default: false + description: Beta indicates if the module is in beta state. Beta modules + are only available for beta Kymas. + type: boolean + channels: + description: Channels is the list of module channels with their corresponding + versions. + items: + properties: + channel: + description: Channel is the module channel. + maxLength: 32 + minLength: 3 + pattern: ^[a-z]+$ + type: string + version: + description: Version is the module version of the corresponding + module channel. + maxLength: 32 + pattern: ^((0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-[a-zA-Z-][0-9a-zA-Z-]*)?)?$ + type: string + required: + - channel + - version + type: object + type: array + x-kubernetes-list-map-keys: + - channel + x-kubernetes-list-type: map + internal: + default: false + description: Internal indicates if the module is internal. Internal + modules are only available for internal Kymas. + type: boolean + moduleName: + description: ModuleName is the name of the Module. + maxLength: 64 + pattern: ^([a-z]{3,}(-[a-z]{3,})*)?$ + type: string + required: + - channels + - moduleName + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: kcp-system/klm-controller-manager-webhook-serving + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: moduletemplates.operator.kyma-project.io +spec: + group: operator.kyma-project.io + names: + kind: ModuleTemplate + listKind: ModuleTemplateList + plural: moduletemplates + singular: moduletemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + deprecationWarning: kyma-project.io/v1beta1 ModuleTemplate is deprecated. Use + v1beta2 instead. + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ModuleTemplateSpec defines the desired state of ModuleTemplate. + properties: + channel: + description: |- + Channel is the targeted channel of the ModuleTemplate. It will be used to directly assign a Template + to a target channel. It has to be provided at any given time. + Deprecated: This field is deprecated and will be removed in a future release. + maxLength: 32 + pattern: ^$|^[a-z]{3,}$ + type: string + customStateCheck: + items: + properties: + jsonPath: + description: JSONPath specifies the JSON path to the state variable + in the Module CR + type: string + mappedState: + description: MappedState is the Kyma CR State + enum: + - Processing + - Deleting + - Ready + - Error + - "" + - Warning + - Unmanaged + type: string + value: + description: Value is the value at the JSONPath for which the + Module CR state should map with MappedState + type: string + required: + - jsonPath + - mappedState + - value + type: object + type: array + data: + description: |- + Data is the default set of attributes that are used to generate the Module. It contains a default set of values + for a given channel, and is thus different from default values allocated during struct parsing of the Module. + While Data can change after the initial creation of ModuleTemplate, it is not expected to be propagated to + downstream modules as it is considered a set of default values. This means that an update of the data block + will only propagate to new Modules created form ModuleTemplate, not any existing Module. + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + descriptor: + description: |- + The Descriptor is the Open Component Model Descriptor of a Module, containing all relevant information + to correctly initialize a module (e.g. Charts, Manifests, References to Binaries and/or configuration) + Name more information on Component Descriptors, see + https://github.com/open-component-model/ocm + + + It is translated inside the Lifecycle of the Cluster and will be used by downstream controllers + to bootstrap and manage the module. This part is also propagated for every change of the template. + This means for upgrades of the Descriptor, downstream controllers will also update the dependant modules + (e.g. by updating the controller binary linked in a chart referenced in the descriptor) + type: object + x-kubernetes-preserve-unknown-fields: true + mandatory: + description: |- + Mandatory indicates whether the module is mandatory. It is used to enforce the installation of the module with + its configuration in all runtime clusters. + type: boolean + requiresDowntime: + description: RequiresDowntime indicates whether the module requires + downtime in support of maintenance windows during module upgrades. + type: boolean + target: + description: |- + Target describes where the Module should later on be installed if parsed correctly. It is used as installation + hint by downstream controllers to determine which client implementation to use for working with the Module + enum: + - control-plane + - remote + type: string + required: + - descriptor + - target + type: object + type: object + served: false + storage: false + subresources: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ModuleTemplateSpec defines the desired state of ModuleTemplate. + properties: + associatedResources: + description: AssociatedResources is a list of module related resources + that usually must be cleaned when uninstalling a module. Informational + purpose only. + items: + description: |- + GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion + to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling + properties: + group: + type: string + kind: + type: string + version: + type: string + required: + - group + - kind + - version + type: object + type: array + channel: + description: |- + Channel is the targeted channel of the ModuleTemplate. It will be used to directly assign a Template + to a target channel. It has to be provided at any given time. + Deprecated: This field is deprecated and will be removed in a future release. + maxLength: 32 + pattern: ^$|^[a-z]{3,}$ + type: string + customStateCheck: + description: CustomStateCheck is deprecated. + items: + properties: + jsonPath: + description: JSONPath specifies the JSON path to the state variable + in the Module CR + type: string + mappedState: + description: MappedState is the Kyma CR State + enum: + - Processing + - Deleting + - Ready + - Error + - "" + - Warning + - Unmanaged + type: string + value: + description: Value is the value at the JSONPath for which the + Module CR state should map with MappedState + type: string + required: + - jsonPath + - mappedState + - value + type: object + type: array + data: + description: |- + Data is the default set of attributes that are used to generate the Module. It contains a default set of values + for a given channel, and is thus different from default values allocated during struct parsing of the Module. + While Data can change after the initial creation of ModuleTemplate, it is not expected to be propagated to + downstream modules as it is considered a set of default values. This means that an update of the data block + will only propagate to new Modules created form ModuleTemplate, not any existing Module. + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + descriptor: + description: |- + The Descriptor is the Open Component Model Descriptor of a Module, containing all relevant information + to correctly initialize a module (e.g. Manifests, References to Binaries and/or configuration) + Name more information on Component Descriptors, see + https://github.com/open-component-model/ocm + + + It is translated inside the Lifecycle of the Cluster and will be used by downstream controllers + to bootstrap and manage the module. This part is also propagated for every change of the template. + This means for upgrades of the Descriptor, downstream controllers will also update the dependant modules + (e.g. by updating the controller binary linked in a chart referenced in the descriptor) + + + NOTE: Only Raw Rendering is Supported for the layers. So previously used "config" layers for the helm + charts and kustomize renderers are deprecated and ignored. + type: object + x-kubernetes-preserve-unknown-fields: true + info: + description: Info contains metadata about the module. + properties: + documentation: + description: Documentation is the link to the documentation of + the module. + type: string + icons: + description: Icons is a list of icons of the module. + items: + properties: + link: + description: Link is the link to the icon. + type: string + name: + description: Name is the name of the icon. + type: string + required: + - link + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + repository: + description: Repository is the link to the repository of the module. + type: string + required: + - documentation + - repository + type: object + manager: + description: Manager contains information for identifying a module's + resource that can be used as indicator for the installation readiness + of the module. Typically, this is the manager Deployment of the + module. In exceptional cases, it may also be another resource. + properties: + group: + type: string + kind: + type: string + name: + description: Name is the name of the manager. + type: string + namespace: + description: Namespace is the namespace of the manager. It is + optional. + type: string + version: + type: string + required: + - group + - kind + - name + - version + type: object + mandatory: + description: |- + Mandatory indicates whether the module is mandatory. It is used to enforce the installation of the module with + its configuration in all runtime clusters. + type: boolean + moduleName: + description: ModuleName is the name of the Module. Can be empty. + maxLength: 64 + pattern: ^([a-z]{3,}(-[a-z]{3,})*)?$ + type: string + requiresDowntime: + description: RequiresDowntime indicates whether the module requires + downtime in support of maintenance windows during module upgrades. + type: boolean + resources: + description: Resources is a list of additional resources of the module + that can be fetched, e.g., the raw manifest. + items: + properties: + link: + description: Link is the URL to the resource. + format: uri + type: string + name: + description: Name is the name of the resource. + type: string + required: + - link + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + version: + description: Version identifies the version of the Module. Can be + empty, or a semantic version. + maxLength: 32 + pattern: ^((0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-[a-zA-Z-][0-9a-zA-Z-]*)?)?$ + type: string + required: + - descriptor + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: kcp-system/klm-controller-manager-webhook-serving + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: watchers.operator.kyma-project.io +spec: + group: operator.kyma-project.io + names: + kind: Watcher + listKind: WatcherList + plural: watchers + singular: watcher + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + deprecationWarning: kyma-project.io/v1beta1 Watcher is deprecated. Use v1beta2 + instead. + name: v1beta1 + schema: + openAPIV3Schema: + description: Watcher is the Schema for the watchers API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: WatcherSpec defines the desired state of Watcher. + properties: + field: + description: |- + Field describes the subresource that should be watched + Value can be one of ("spec", "status") + enum: + - spec + - status + type: string + gateway: + description: |- + Gateway configures the Istio Gateway for the VirtualService that is created/updated during processing + of the Watcher CR. + properties: + selector: + description: LabelSelector allows to select the Gateway using + label selectors as defined in the K8s LIST API. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - selector + type: object + labelsToWatch: + additionalProperties: + type: string + description: LabelsToWatch describes the labels that should be watched + type: object + resourceToWatch: + description: ResourceToWatch is the GroupVersionResource of the resource + that should be watched. + properties: + group: + type: string + resource: + type: string + version: + type: string + required: + - group + - resource + - version + type: object + serviceInfo: + description: ServiceInfo describes the service information of the + listener + properties: + name: + description: Name describes the service name. + type: string + namespace: + description: Namespace describes the service namespace. + type: string + port: + description: Port describes the service port. + format: int64 + type: integer + required: + - name + - namespace + - port + type: object + required: + - field + - gateway + - labelsToWatch + - resourceToWatch + - serviceInfo + type: object + status: + description: WatcherStatus defines the observed state of Watcher. + properties: + conditions: + description: List of status conditions to indicate the status of a + Watcher. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: ObservedGeneration + format: int64 + type: integer + state: + description: |- + State signifies current state of a Watcher. + Value can be one of ("Ready", "Processing", "Error", "Deleting", "Warning") + enum: + - Processing + - Deleting + - Ready + - Error + - "" + - Warning + - Unmanaged + type: string + required: + - state + type: object + type: object + served: false + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: Watcher is the Schema for the watchers API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: WatcherSpec defines the desired state of Watcher. + properties: + field: + description: |- + Field describes the subresource that should be watched + Value can be one of ("spec", "status") + enum: + - spec + - status + type: string + gateway: + description: |- + Gateway configures the Istio Gateway for the VirtualService that is created/updated during processing + of the Watcher CR. + properties: + selector: + description: LabelSelector allows to select the Gateway using + label selectors as defined in the K8s LIST API. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - selector + type: object + labelsToWatch: + additionalProperties: + type: string + description: LabelsToWatch describes the labels that should be watched + type: object + resourceToWatch: + description: ResourceToWatch is the GroupVersionResource of the resource + that should be watched. + properties: + group: + type: string + resource: + type: string + version: + type: string + required: + - group + - resource + - version + type: object + serviceInfo: + description: ServiceInfo describes the service information of the + listener + properties: + name: + description: Name describes the service name. + type: string + namespace: + description: Namespace describes the service namespace. + type: string + port: + description: Port describes the service port. + format: int64 + type: integer + required: + - name + - namespace + - port + type: object + required: + - field + - gateway + - labelsToWatch + - resourceToWatch + - serviceInfo + type: object + status: + description: WatcherStatus defines the observed state of Watcher. + properties: + conditions: + description: List of status conditions to indicate the status of a + Watcher. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: ObservedGeneration + format: int64 + type: integer + state: + description: |- + State signifies current state of a Watcher. + Value can be one of ("Ready", "Processing", "Error", "Deleting", "Warning") + enum: + - Processing + - Deleting + - Ready + - Error + - "" + - Warning + - Unmanaged + type: string + required: + - state + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: klm-controller-manager + namespace: kcp-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: klm-controller-manager + namespace: istio-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - update +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cert-manager.io + resources: + - issuers + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + resources: + - gateways + verbs: + - get + - list +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - create + - delete + - get + - list + - update +- apiGroups: + - operator.kyma-project.io + resources: + - kymas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operator.kyma-project.io + resources: + - kymas/finalizers + verbs: + - update +- apiGroups: + - operator.kyma-project.io + resources: + - kymas/status + verbs: + - get + - patch + - update + - watch +- apiGroups: + - operator.kyma-project.io + resources: + - manifests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operator.kyma-project.io + resources: + - manifests/finalizers + verbs: + - update +- apiGroups: + - operator.kyma-project.io + resources: + - manifests/status + verbs: + - get + - patch + - update +- apiGroups: + - operator.kyma-project.io + resources: + - modulereleasemetas + verbs: + - get + - list + - watch +- apiGroups: + - operator.kyma-project.io + resources: + - moduletemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operator.kyma-project.io + resources: + - moduletemplates/finalizers + verbs: + - update +- apiGroups: + - operator.kyma-project.io + resources: + - watchers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operator.kyma-project.io + resources: + - watchers/finalizers + verbs: + - update +- apiGroups: + - operator.kyma-project.io + resources: + - watchers/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: klm-controller-manager-watcher-certmanager + namespace: istio-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - get + - create + - delete + - update +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - patch + - list + - watch + - get + - create + - delete +- apiGroups: + - cert-manager.io + resources: + - issuers + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: klm-controller-manager-leader-election + namespace: kcp-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: klm-controller-manager-crds +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: klm-controller-manager-watcher-certmanager + namespace: istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: klm-controller-manager-watcher-certmanager +subjects: +- kind: ServiceAccount + name: klm-controller-manager + namespace: kcp-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: klm-controller-manager + namespace: kcp-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: controller-manager +subjects: +- kind: ServiceAccount + name: klm-controller-manager + namespace: kcp-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: klm-controller-manager-leader-election + namespace: kcp-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: klm-controller-manager-leader-election +subjects: +- kind: ServiceAccount + name: klm-controller-manager + namespace: kcp-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: klm-controller-manager-crds +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: klm-controller-manager-crds +subjects: +- kind: ServiceAccount + name: klm-controller-manager + namespace: kcp-system +--- +apiVersion: v1 +data: + mandatory-modules.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "This dashboard shows an overview of all the mandatory modules on the SKR.", + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 68, + "links": [], + "panels": [ + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 8, + "panels": [], + "title": "Warden", + "type": "row" + }, + { + "datasource": "VictoriaMetrics", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 1 + }, + "id": 6, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.31", + "targets": [ + { + "exemplar": true, + "expr": "count(group by (shoot) (runtime:apiserver:available))", + "format": "time_series", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "SKR Count", + "refId": "SKR Count" + }, + { + "exemplar": true, + "expr": "count(group by (shoot) (kube_deployment_spec_replicas{deployment=~\"warden-.*\"})) / count(group by (shoot) (runtime:apiserver:available)) * 100", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "SKR(s) with Warden Deployment", + "refId": "SKR(s) with Warden Deployment" + }, + { + "exemplar": true, + "expr": "count(group by (shoot) (kube_deployment_spec_replicas{deployment=~\"warden-.*\"}))", + "format": "time_series", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "SKR Warden Deployment Count", + "refId": "SKR Warden Deployment Count" + } + ], + "title": "Warden Usage", + "type": "stat" + }, + { + "datasource": "VictoriaMetrics", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": null, + "filterable": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 8 + }, + "id": 2, + "options": { + "showHeader": true + }, + "pluginVersion": "7.5.31", + "targets": [ + { + "exemplar": true, + "expr": "count by (image) (group by (image, shoot) (kube_pod_container_info{namespace=\"kyma-system\", pod=~\"warden-.*\", container=~\"(admission)|(operator)\"}))", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "{{image}}", + "refId": "Warden Images on Shoots" + } + ], + "title": "Warden Images on Shoots", + "type": "table" + }, + { + "datasource": "VictoriaMetrics", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 8 + }, + "id": 4, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.31", + "targets": [ + { + "exemplar": true, + "expr": "count(group by (shoot) (kube_deployment_status_replicas_unavailable{deployment=~\"warden-.*\"})) OR on() vector(0)", + "format": "table", + "interval": "", + "legendFormat": "Unready Warden Deployments", + "refId": "Unready Warden Deployments" + } + ], + "title": "Unready Warden Deployments", + "type": "stat" + } + ], + "schemaVersion": 27, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-7d", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Lifecycle Manager Mandatory Modules", + "uid": "c02Agu8Sz", + "version": 21 + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + grafana_dashboard: "1" + name: klm-dashboard-mandatory-modules + namespace: kcp-system +--- +apiVersion: v1 +data: + overview.json: | + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "links": [], + "panels": [ + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 60, + "panels": [], + "title": "General", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 1 + }, + "hiddenSeries": false, + "id": 34, + "interval": "1m", + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.29", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "sum(rate(rest_client_requests_total{job=\"klm-controller-manager-metrics\", code=~\"2..\"}[$__rate_interval]))", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "2xx", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "sum(rate(rest_client_requests_total{job=\"klm-controller-manager-metrics\", code=~\"3..\"}[$__rate_interval]))", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "3xx", + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "sum(rate(rest_client_requests_total{job=\"klm-controller-manager-metrics\", code=~\"4..\"}[$__rate_interval]))", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "4xx", + "refId": "C" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "sum(rate(rest_client_requests_total{job=\"klm-controller-manager-metrics\", code=~\"5..\"}[$__rate_interval]))", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "5xx", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Lifecycle Manager Kube API Request Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:133", + "format": "ops", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:134", + "format": "ops", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 1 + }, + "hiddenSeries": false, + "id": 39, + "interval": "1m", + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.29", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "process_resident_memory_bytes{job=\"klm-controller-manager-metrics\"}", + "hide": false, + "interval": "", + "legendFormat": "Lifecycle Manager", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Lifecycle Manager Memory", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:339", + "format": "bytes", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:340", + "format": "bytes", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "unit": "short" + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 1 + }, + "hiddenSeries": false, + "id": 41, + "interval": "1m", + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.29", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "rate(process_cpu_seconds_total{job=\"klm-controller-manager-metrics\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{job}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Lifecycle Manager CPU usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:392", + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "$$hashKey": "object:393", + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 9, + "panels": [], + "title": "Reconcile", + "type": "row" + }, + { + "datasource": null, + "description": "Total number of successfully reconciliations per controller.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "graph": false, + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 9 + }, + "id": 42, + "interval": "15s", + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + }, + "tooltipOptions": { + "mode": "single" + } + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "rate(controller_runtime_reconcile_total{controller=~\"kyma|watcher|purge|manifest|mandatory-module-installation|mandatory-module-deletion\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{controller }} - {{result}}", + "refId": "A" + } + ], + "title": "Lifecycle Manager Controller Runtime Reconcile Success", + "type": "timeseries" + }, + { + "datasource": null, + "description": "Total number of reconciliation errors per controller.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "graph": false, + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 9 + }, + "id": 13, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + }, + "tooltipOptions": { + "mode": "single" + } + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "rate(controller_runtime_reconcile_errors_total{controller=~\"kyma|watcher|purge|manifest|mandatory-module-installation|mandatory-module-deletion\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{controller}}", + "refId": "A" + } + ], + "title": "Operator Controller Runtime Reconcile Errors", + "type": "timeseries" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "decimals": null, + "description": "How many times Kyma was requeued due to specific reasons", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 13, + "w": 24, + "x": 0, + "y": 17 + }, + "hiddenSeries": false, + "id": 82, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.29", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "rate(lifecycle_mgr_requeue_reason_total)[$__rate_interval]", + "format": "time_series", + "instant": false, + "interval": "", + "legendFormat": "{{requeue_reason}} - {{requeue_type}}", + "refId": "kyma_under_deletion_with_no_access_secret" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Kyma Requeue Reason", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:152", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:153", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "description": "How long in seconds processing an item from workqueue takes.", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 30 + }, + "hiddenSeries": false, + "id": 43, + "interval": "1m", + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.29", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "rate(controller_runtime_reconcile_time_seconds_sum{controller=\"manifest\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])\n/\nrate(controller_runtime_reconcile_time_seconds_count{controller=\"manifest\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{controller}}", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "rate(controller_runtime_reconcile_time_seconds_sum{controller=\"kyma\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])\n/\nrate(controller_runtime_reconcile_time_seconds_count{controller=\"kyma\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])", + "hide": false, + "interval": "", + "legendFormat": "{{controller}}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Reconcile Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:101", + "format": "s", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:102", + "format": "s", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "datasource": null, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 37 + }, + "id": 44, + "options": { + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "text": {} + }, + "pluginVersion": "7.5.29", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "sum by (controller) (controller_runtime_max_concurrent_reconciles{container=\"manager\",controller=\"kyma\"})", + "interval": "", + "legendFormat": "{{controller}}", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "sum by (controller) (controller_runtime_max_concurrent_reconciles{container=\"manager\",controller=\"manifest\"})", + "hide": false, + "interval": "", + "legendFormat": "{{controller}}", + "refId": "B" + } + ], + "title": "Max Workers", + "type": "gauge" + }, + { + "datasource": null, + "description": "Number of currently used workers per controller", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "graph": false, + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 37 + }, + "id": 45, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + }, + "tooltipOptions": { + "mode": "single" + } + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "controller_runtime_active_workers{controller=\"kyma\",job=\"klm-controller-manager-metrics\"}", + "interval": "", + "legendFormat": "{{controller}}", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "controller_runtime_active_workers{controller=\"manifest\",job=\"klm-controller-manager-metrics\"}", + "hide": false, + "interval": "", + "legendFormat": "{{controller}}", + "refId": "B" + } + ], + "title": "Active Workers", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 45 + }, + "id": 7, + "panels": [], + "title": "Workqueue", + "type": "row" + }, + { + "datasource": null, + "description": "How many seconds has the longest running processor for workqueue been running.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "graph": false, + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 46 + }, + "id": 5, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + }, + "tooltipOptions": { + "mode": "single" + } + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "workqueue_longest_running_processor_seconds{job=\"klm-controller-manager-metrics\"}", + "interval": "", + "legendFormat": "{{job}}", + "refId": "A" + } + ], + "title": "Workqueue Longest running processor seconds", + "type": "timeseries" + }, + { + "datasource": null, + "description": "How many seconds of work has been done that is in progress and hasn’t been observed by work_duration. Large values indicate stuck threads. One can deduce the number of stuck threads by observing the rate at which this increases.\nworkqueue_longest_running_processor_seconds\tGauge\t", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "graph": false, + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 46 + }, + "id": 20, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + }, + "tooltipOptions": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "workqueue_unfinished_work_seconds{job=\"klm-controller-manager-metrics\"}", + "hide": false, + "interval": "", + "legendFormat": "{{job}}", + "refId": "D" + } + ], + "title": "Workqueue Unfinished Work Seconds", + "type": "timeseries" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "description": "How long in seconds an item stays in workqueue before being requested.", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 54 + }, + "hiddenSeries": false, + "id": 31, + "interval": "10s", + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.29", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": " rate(workqueue_queue_duration_seconds_sum{name=\"manifest\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])\n/\n rate(workqueue_queue_duration_seconds_count{name=\"manifest\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{name}}", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": " rate(workqueue_queue_duration_seconds_sum{name=\"kyma\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])\n/\n rate(workqueue_queue_duration_seconds_count{name=\"kyma\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])", + "hide": false, + "interval": "", + "legendFormat": "{{name}}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Work Queue Processing Latency", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:365", + "format": "s", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:366", + "format": "s", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "description": "How long in seconds processing an item from workqueue takes.", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 61 + }, + "hiddenSeries": false, + "id": 46, + "interval": "10s", + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.29", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "rate(workqueue_work_duration_seconds_sum{name=\"manifest\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])\n/\nrate(workqueue_work_duration_seconds_count{name=\"manifest\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{name}}", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "rate(workqueue_work_duration_seconds_sum{name=\"kyma\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])\n/\nrate(workqueue_work_duration_seconds_count{name=\"kyma\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])", + "hide": false, + "interval": "", + "legendFormat": "{{name}}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Work Queue Processing Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:275", + "format": "s", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:276", + "format": "s", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "description": "The number of actions waiting in the queue to be performed.", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 68 + }, + "hiddenSeries": false, + "id": 29, + "interval": "10s", + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.29", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "workqueue_depth{name=\"manifest\",job=\"klm-controller-manager-metrics\"}", + "interval": "", + "legendFormat": "{{name}}", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "workqueue_depth{name=\"kyma\",job=\"klm-controller-manager-metrics\"}", + "hide": false, + "interval": "", + "legendFormat": "{{name}}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Work Queue Depth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:567", + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "$$hashKey": "object:568", + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "unit": "ops" + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 75 + }, + "hiddenSeries": false, + "id": 27, + "interval": "10s", + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.29", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "sum(rate(workqueue_adds_total{name=\"manifest\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])) by (name)", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{name}}", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" + }, + "exemplar": true, + "expr": "sum(rate(workqueue_adds_total{name=\"kyma\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])) by (name)", + "hide": false, + "interval": "", + "legendFormat": "{{name}}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Work Queue Add Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:186", + "format": "ops", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:187", + "format": "ops", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 82 + }, + "id": 78, + "panels": [], + "title": "Certificate", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "description": "Indicates the self-signed Certificate of related Kyma is not renewed yet", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 83 + }, + "hiddenSeries": false, + "id": 80, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.29", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "lifecycle_mgr_self_signed_cert_not_renew{service=\"klm-controller-manager-metrics\"}", + "interval": "", + "legendFormat": "{{kyma_name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Self-signed Certificate Not Renew", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 90 + }, + "id": 62, + "panels": [], + "title": "Purge Controller", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 91 + }, + "hiddenSeries": false, + "id": 58, + "legend": { + "avg": true, + "current": false, + "max": true, + "min": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.29", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "lifecycle_mgr_purgectrl_time", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Purge Duration Seconds", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:103", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:104", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 91 + }, + "hiddenSeries": false, + "id": 64, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.29", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "rate(lifecycle_mgr_purgectrl_requests_total{service=\"klm-controller-manager-metrics\"}[$__rate_interval])", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Purge Count", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 11, + "w": 24, + "x": 0, + "y": 99 + }, + "hiddenSeries": false, + "id": 66, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.29", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "lifecycle_mgr_purgectrl_error{err_reason=\"CleanupError\"}", + "interval": "", + "legendFormat": "{{err_reason}} Kyma: {{kyma_name}} ShootID: {{shoot}} InstanceID: {{instance_id}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Purge Errors", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "", + "schemaVersion": 27, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-7d", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Lifecycle Manager Overview", + "uid": "O3DH7uunk", + "version": 1 + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + grafana_dashboard: "1" + name: klm-dashboard-overview + namespace: kcp-system +--- +apiVersion: v1 +data: + status.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "", + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "links": [], + "panels": [ + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 4, + "panels": [], + "title": "Kyma State Overview", + "type": "row" + }, + { + "datasource": null, + "description": "This panel provides information on which modules are enabled on the KCP and their respective instance counts.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 24, + "x": 0, + "y": 1 + }, + "id": 10, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.34", + "targets": [ + { + "exemplar": true, + "expr": "sum by (module_name) (lifecycle_mgr_module_state)", + "interval": "", + "legendFormat": "{{module_name}}", + "refId": "A" + } + ], + "title": "Enabled Modules", + "type": "stat" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": null, + "filterable": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 11 + }, + "id": 12, + "options": { + "showHeader": true + }, + "pluginVersion": "7.5.34", + "targets": [ + { + "exemplar": true, + "expr": "lifecycle_mgr_module_state{state=\"Error\"} > 0", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Kyma Manifest in Error state", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": false, + "Value": true, + "__name__": true, + "container": true, + "endpoint": true, + "instance": true, + "instance_id": true, + "job": true, + "kyma_name": false, + "module_name": false, + "namespace": true, + "pod": true, + "prometheus": true, + "service": true + }, + "indexByName": {}, + "renameByName": {} + } + } + ], + "type": "table" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 24, + "x": 0, + "y": 18 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.34", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "sum(lifecycle_mgr_kyma_state{state=\"Ready\"})", + "interval": "", + "legendFormat": "Ready", + "refId": "A" + }, + { + "exemplar": true, + "expr": "sum(lifecycle_mgr_kyma_state{state=\"Deleting\"})", + "hide": false, + "interval": "", + "legendFormat": "Deleting", + "refId": "B" + }, + { + "exemplar": true, + "expr": "sum(lifecycle_mgr_kyma_state{state=\"Processing\"})", + "hide": false, + "interval": "", + "legendFormat": "Processing", + "refId": "C" + }, + { + "exemplar": true, + "expr": "sum(lifecycle_mgr_kyma_state{state=\"Error\"})", + "hide": false, + "interval": "", + "legendFormat": "Error", + "refId": "D" + }, + { + "exemplar": true, + "expr": "sum(lifecycle_mgr_kyma_state{state=\"Warning\"})", + "hide": false, + "interval": "", + "legendFormat": "Warning", + "refId": "E" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Kyma State Total", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:1055", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:1056", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 24, + "x": 0, + "y": 28 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.34", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "sum(lifecycle_mgr_module_state{state=\"Ready\"})", + "interval": "", + "legendFormat": "Ready", + "refId": "A" + }, + { + "exemplar": true, + "expr": "sum(lifecycle_mgr_module_state{state=\"Deleting\"})", + "hide": false, + "interval": "", + "legendFormat": "Deleting", + "refId": "B" + }, + { + "exemplar": true, + "expr": "sum(lifecycle_mgr_module_state{state=\"Processing\"})", + "hide": false, + "interval": "", + "legendFormat": "Processing", + "refId": "C" + }, + { + "exemplar": true, + "expr": "sum(lifecycle_mgr_module_state{state=\"Error\"})", + "hide": false, + "interval": "", + "legendFormat": "Error", + "refId": "D" + }, + { + "exemplar": true, + "expr": "sum(lifecycle_mgr_module_state{state=\"Warning\"})", + "hide": false, + "interval": "", + "legendFormat": "Warning", + "refId": "E" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Module State Total", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:1055", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:1056", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 18, + "x": 0, + "y": 38 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.34", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "sum(lifecycle_mgr_mandatory_module_state{state=\"Ready\"})", + "interval": "", + "legendFormat": "Ready", + "refId": "A" + }, + { + "exemplar": true, + "expr": "sum(lifecycle_mgr_mandatory_module_state{state=\"Deleting\"})", + "hide": false, + "interval": "", + "legendFormat": "Deleting", + "refId": "B" + }, + { + "exemplar": true, + "expr": "sum(lifecycle_mgr_mandatory_module_state{state=\"Processing\"})", + "hide": false, + "interval": "", + "legendFormat": "Processing", + "refId": "C" + }, + { + "exemplar": true, + "expr": "sum(lifecycle_mgr_mandatory_module_state{state=\"Error\"})", + "hide": false, + "interval": "", + "legendFormat": "Error", + "refId": "D" + }, + { + "exemplar": true, + "expr": "sum(lifecycle_mgr_mandatory_module_state{state=\"Warning\"})", + "hide": false, + "interval": "", + "legendFormat": "Warning", + "refId": "E" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Mandatory Module State Total", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:1055", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:1056", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 6, + "x": 18, + "y": 38 + }, + "id": 8, + "options": { + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "text": {} + }, + "pluginVersion": "7.5.34", + "targets": [ + { + "exemplar": true, + "expr": "sum(lifecycle_mgr_mandatory_modules)", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Mandatory Modules Count", + "type": "gauge" + } + ], + "schemaVersion": 27, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-24h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Lifecycle Manager Kyma Status", + "uid": "eniERxEVz", + "version": 1 + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + grafana_dashboard: "1" + name: klm-dashboard-status + namespace: kcp-system +--- +apiVersion: v1 +data: + watcher.json: | + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "links": [], + "panels": [ + { + "datasource": "VictoriaMetrics", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "red", + "value": null + }, + { + "color": "green", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 78, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "center", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.33", + "targets": [ + { + "exemplar": true, + "expr": "count(group by (shoot) (runtime:apiserver:available))", + "format": "heatmap", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "SKR Count", + "refId": "SKR Count" + }, + { + "exemplar": true, + "expr": "count(group by (shoot) (kube_deployment_spec_replicas{deployment=\"skr-webhook\"})) / count(group by (shoot) (runtime:apiserver:available)) * 100", + "format": "heatmap", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "SKR's with SKR Watcher Deployment", + "refId": "SKR's with SKR Watcher Deployment" + }, + { + "exemplar": true, + "expr": "count(group by (shoot) (kube_deployment_spec_replicas{deployment=\"skr-webhook\"}))", + "format": "heatmap", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "SKR Watcher Deployment Count", + "refId": "SKR Watcher Deployment Count" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Usage", + "type": "stat" + }, + { + "datasource": "VictoriaMetrics", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "left", + "filterable": false + }, + "mappings": [ + { + "from": "", + "id": 1, + "text": "", + "to": "", + "type": 1, + "value": "" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "image" + }, + "properties": [ + { + "id": "custom.width", + "value": 100 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 13, + "x": 0, + "y": 8 + }, + "id": 80, + "options": { + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "7.5.33", + "targets": [ + { + "exemplar": true, + "expr": "count by (image) (group by (shoot, image) (kube_pod_container_info{namespace=\"kyma-system\",pod=~\"skr-webhook-.*\"}))", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "Shoots", + "refId": "Shoots" + } + ], + "title": "Images on Shoots", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true + }, + "indexByName": {}, + "renameByName": { + "Value": "Count", + "image": "Image" + } + } + } + ], + "type": "table" + }, + { + "datasource": "VictoriaMetrics", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 11, + "x": 13, + "y": 8 + }, + "id": 82, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.33", + "targets": [ + { + "exemplar": true, + "expr": "count(group by (shoot) (kube_deployment_status_replicas_unavailable{deployment=\"skr-webhook\"} == 1)) OR on() vector(0)", + "format": "heatmap", + "instant": true, + "interval": "", + "legendFormat": "Unready SKR Watcher Deployments", + "refId": "Unready SKR Watcher Deployments" + } + ], + "title": "Unready SKR Watcher Deployments", + "type": "stat" + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 16 + }, + "id": 50, + "panels": [], + "title": "Listener", + "type": "row" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "graph": false, + "legend": false, + "tooltip": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": true + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 48, + "options": { + "graph": {}, + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltipOptions": { + "mode": "single" + } + }, + "pluginVersion": "", + "targets": [ + { + "exemplar": true, + "expr": "rate(watcher_listener_requests_total[$__rate_interval])", + "instant": false, + "interval": "", + "legendFormat": "Pod: {{pod}}", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Requests per Minute", + "type": "timeseries" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "unit": "s" + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 26 + }, + "hiddenSeries": false, + "id": 52, + "legend": { + "avg": true, + "current": false, + "max": true, + "min": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null as zero", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.33", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "watcher_listener_request_duration", + "format": "time_series", + "instant": false, + "interval": "", + "legendFormat": "Pod: {{pod}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Request Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "#EAB839", + "value": 5 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 26 + }, + "id": 54, + "options": { + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "text": {} + }, + "pluginVersion": "7.5.33", + "targets": [ + { + "exemplar": true, + "expr": "watcher_listener_inflight_requests", + "interval": "", + "legendFormat": "Pod: {{pod}}", + "refId": "A" + } + ], + "title": "Pending Requests", + "type": "gauge" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "graph": false, + "legend": false, + "tooltip": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": true + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "#EAB839", + "value": 5 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 35 + }, + "id": 56, + "options": { + "graph": {}, + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltipOptions": { + "mode": "single" + } + }, + "pluginVersion": "", + "targets": [ + { + "exemplar": true, + "expr": "rate(watcher_listener_request_errors_total[$__rate_interval])", + "interval": "", + "legendFormat": "Total Failed Requests", + "refId": "A" + }, + { + "exemplar": true, + "expr": "rate(watcher_listener_exceeding_size_limit_requests_total[$__rate_interval])", + "hide": false, + "interval": "", + "legendFormat": "Failed Requests due to Size Limit", + "refId": "B" + }, + { + "exemplar": true, + "expr": "rate(watcher_listener_failed_verification_requests_total[$__rate_interval])", + "hide": false, + "interval": "", + "legendFormat": "Failed Requests due to Verification Error", + "refId": "C" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Failed Requests per Minute", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 43 + }, + "id": 68, + "panels": [], + "title": "SKR-Webhook", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "VictoriaMetrics", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 44 + }, + "hiddenSeries": false, + "id": 70, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.33", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "watcher_request_duration", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "AdmissionRequest Duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "VictoriaMetrics", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 44 + }, + "hiddenSeries": false, + "id": 72, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.33", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "rate(watcher_admission_request_error_total)[5m]", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "AdmissionRequest Error Total", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "VictoriaMetrics", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 52 + }, + "hiddenSeries": false, + "id": 73, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.33", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "rate(watcher_admission_request_total[5m])", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "AdmissionRequests Total", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "VictoriaMetrics", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 52 + }, + "hiddenSeries": false, + "id": 74, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.33", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "rate(watcher_failed_kcp_total[5m])", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Failed KCP Requests Total", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "VictoriaMetrics", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 60 + }, + "hiddenSeries": false, + "id": 75, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.33", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "rate(watcher_kcp_requests_total[5m])", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "KCP Requests Total", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "VictoriaMetrics", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 60 + }, + "hiddenSeries": false, + "id": 76, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.5.33", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "exemplar": true, + "expr": "rate(watcher_admission_request_total[5m]) / rate(watcher_kcp_requests_total[5m])", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests Ratio", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "", + "schemaVersion": 27, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-7d", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Lifecycle Manager Watcher Components", + "uid": "O3DERxEnk", + "version": 1 + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + grafana_dashboard: "1" + name: klm-dashboard-watcher + namespace: kcp-system +--- +apiVersion: v1 +data: + policy.json: | + { + "rules": [ + { + "match": { + "plan": "trial|free" + }, + "windows": [ + { + "days": [ + "Mon", + "Tue", + "Wed", + "Thu", + "Fri", + "Sat", + "Sun" + ], + "begin": "01:00:00+00:00", + "end": "01:00:00+00:00" + } + ] + }, + { + "match": { + "region": "europe|eu-|uksouth" + }, + "windows": [ + { + "days": [ + "Sat" + ], + "begin": "21:00:00+00:00", + "end": "00:00:00+00:00" + } + ] + }, + { + "match": { + "region": "asia|japan|australia|ap-" + }, + "windows": [ + { + "days": [ + "Sat" + ], + "begin": "14:00:00+00:00", + "end": "17:00:00+00:00" + } + ] + }, + { + "match": { + "region": "central│us|eastus|westus|brazilsouth|northamerica|southamerica|us-|ca-|sa-|na-" + }, + "windows": [ + { + "days": [ + "Sun" + ], + "begin": "14:00:00+00:00", + "end": "17:00:00+00:00" + } + ] + }, + { + "match": { + "region": "me" + }, + "windows": [ + { + "days": [ + "Fri" + ], + "begin": "17:00:00+00:00", + "end": "21:00:00+00:00" + } + ] + } + ], + "default": { + "days": [ + "Sat" + ], + "begin": "21:00:00+00:00", + "end": "23:00:00+00:00" + } + } +kind: ConfigMap +metadata: + name: maintenance-config + namespace: kcp-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: klm-controller-manager-events + namespace: kcp-system +spec: + ports: + - name: klm + port: 8082 + protocol: TCP + targetPort: 8082 + - name: kmm + port: 8083 + protocol: TCP + targetPort: 8083 + selector: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: lifecycle-manager.kyma-project.io + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: klm-controller-manager-metrics + namespace: kcp-system +spec: + ports: + - appProtocol: http + name: metrics + port: 8080 + protocol: TCP + targetPort: metrics + selector: + app.kubernetes.io/component: lifecycle-manager.kyma-project.io + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: klm-webhook-service + namespace: kcp-system +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + app.kubernetes.io/component: lifecycle-manager.kyma-project.io + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: lifecycle-manager.kyma-project.io + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: klm-controller-manager + namespace: kcp-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: lifecycle-manager.kyma-project.io + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + traffic.sidecar.istio.io/excludeInboundPorts: "9443" + labels: + app.kubernetes.io/component: lifecycle-manager.kyma-project.io + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + sidecar.istio.io/inject: "true" + spec: + containers: + - args: + - --leader-elect + - --enable-kcp-watcher + - --skr-watcher-path=/skr-webhook + - --skr-watcher-image-tag=1.1.10 + - --skr-watcher-image-registry=europe-docker.pkg.dev/kyma-project/prod + - --enable-domain-name-pinning=true + - --enable-webhooks=true + - --in-kcp-mode + - --rate-limiter-burst=2000 + - --rate-limiter-frequency=1000 + - --k8s-client-qps=1000 + - --k8s-client-burst=2000 + - --cache-sync-timeout=60m + - --failure-max-delay=30s + - --failure-base-delay=5s + - --is-kyma-managed + - --kyma-requeue-success-interval=20s + - --manifest-requeue-success-interval=5s + - --log-level=9 + - --additional-dns-names=localhost,127.0.0.1,host.k3d.internal + - --listener-port-overwrite=9443 + - --leader-election-lease-duration=20s + - --leader-election-renew-deadline=15s + - --leader-election-retry-period=3s + command: + - /manager + image: europe-docker.pkg.dev/kyma-project/prod/lifecycle-manager:latest + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 8082 + name: listener + - containerPort: 8080 + name: metrics + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 400m + memory: 400Mi + requests: + cpu: 100m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /etc/maintenance-policy + name: maintenance-policy + readOnly: true + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + serviceAccountName: klm-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - configMap: + name: maintenance-config + name: maintenance-policy + - name: cert + secret: + defaultMode: 420 + secretName: klm-controller-manager-webhook +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: klm-watcher-serving + namespace: istio-system +spec: + commonName: klm-watcher-selfsigned-ca + dnsNames: + - localhost + - host.k3d.internal + - skr.cluster.local + isCA: true + issuerRef: + group: cert-manager.io + kind: ClusterIssuer + name: klm-watcher-selfsigned + privateKey: + algorithm: RSA + rotationPolicy: Always + size: 4096 + secretName: klm-watcher + secretTemplate: + labels: + operator.kyma-project.io/managed-by: lifecycle-manager +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: klm-controller-manager-webhook-serving + namespace: kcp-system +spec: + dnsNames: + - klm-webhook-service.kcp-system.svc + - klm-webhook-service.kcp-system.svc.cluster.local + issuerRef: + kind: Issuer + name: klm-controller-manager-selfsigned + secretName: klm-controller-manager-webhook +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: klm-watcher-selfsigned + namespace: kcp-system +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + operator.kyma-project.io/managed-by: lifecycle-manager + operator.kyma-project.io/purpose: klm-watcher-cert-manager + name: klm-watcher-selfsigned + namespace: istio-system +spec: + ca: + secretName: klm-watcher +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: klm-controller-manager-selfsigned + namespace: kcp-system +spec: + selfSigned: {} +--- +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + annotations: + proxy.istio.io/config: '{"gatewayTopology" : { "forwardClientCertDetails": "SANITIZE_SET" + } }' + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + operator.kyma-project.io/watcher-gateway: default + name: klm-watcher + namespace: kcp-system +spec: + selector: + istio: ingressgateway + servers: + - hosts: + - host.k3d.internal + port: + name: https + number: 443 + protocol: HTTPS + tls: + credentialName: klm-istio-gateway + mode: MUTUAL +--- +apiVersion: operator.kyma-project.io/v1beta2 +kind: Watcher +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + operator.kyma-project.io/managed-by: lifecycle-manager + name: klm-watcher + namespace: kcp-system +spec: + field: spec + gateway: + selector: + matchLabels: + operator.kyma-project.io/watcher-gateway: default + labelsToWatch: + operator.kyma-project.io/watched-by: kyma + resourceToWatch: + group: operator.kyma-project.io + resource: kymas + version: '*' + serviceInfo: + name: klm-controller-manager-events + namespace: kcp-system + port: 8082 +--- +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: controller-manager + namespace: kcp-system +spec: + action: ALLOW + rules: + - to: + - operation: + paths: + - /metrics + - /v1* + - /convert* + - /mutate* + selector: + matchLabels: + app.kubernetes.io/component: lifecycle-manager.kyma-project.io +--- +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + labels: + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp + name: klm-controller-manager + namespace: kcp-system +spec: + action: ALLOW + rules: + - to: + - operation: + paths: + - /metrics + - /v1* + - /convert* + - /mutate* + selector: + matchLabels: + app.kubernetes.io/component: lifecycle-manager.kyma-project.io + app.kubernetes.io/created-by: argo-cd + app.kubernetes.io/instance: kcp-lifecycle-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: lifecycle-manager + app.kubernetes.io/part-of: kcp From acc120a35a0f15a5bb602e41f141f9a1fa396e94 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Thu, 13 Feb 2025 09:41:41 +0100 Subject: [PATCH 11/26] bump watcher --- .run/Launch KLM locally.run.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.run/Launch KLM locally.run.xml b/.run/Launch KLM locally.run.xml index bc93d15202..682d67f8c9 100644 --- a/.run/Launch KLM locally.run.xml +++ b/.run/Launch KLM locally.run.xml @@ -2,7 +2,7 @@ - + From 0e40dc7c94dcee440fbe000755738877ac8a0f69 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Tue, 25 Feb 2025 07:07:31 +0100 Subject: [PATCH 12/26] set role to istio-system. remove crd from manager role since its in cluster role --- config/rbac/manager_role.yaml | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/config/rbac/manager_role.yaml b/config/rbac/manager_role.yaml index 867408b965..d123ab64fe 100644 --- a/config/rbac/manager_role.yaml +++ b/config/rbac/manager_role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: controller-manager - namespace: istio-system + namespace: kcp-system rules: - apiGroups: - "" @@ -46,20 +46,6 @@ rules: - get - list - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - update - apiGroups: - cert-manager.io resources: From bdae20badd5c7a3a5907cc4fef0d96ae3b87381e Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Tue, 25 Feb 2025 07:25:18 +0100 Subject: [PATCH 13/26] format --- config/rbac/leader_election_role.yaml | 62 +++++++++++++-------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index cb31f01120..ffa61e3756 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -4,34 +4,34 @@ kind: Role metadata: name: controller-manager-leader-election rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch From 16284c6735b3947e0cab4b72e89811c1c6d36742 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Tue, 25 Feb 2025 07:30:40 +0100 Subject: [PATCH 14/26] rename certmanager role and binding --- .../{watcher_certmanager_role.yaml => certmanager_role.yaml} | 2 +- ...anager_role_binding.yaml => certmanager_role_binding.yaml} | 4 ++-- config/rbac/kustomization.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) rename config/rbac/{watcher_certmanager_role.yaml => certmanager_role.yaml} (92%) rename config/rbac/{watcher_certmanager_role_binding.yaml => certmanager_role_binding.yaml} (69%) diff --git a/config/rbac/watcher_certmanager_role.yaml b/config/rbac/certmanager_role.yaml similarity index 92% rename from config/rbac/watcher_certmanager_role.yaml rename to config/rbac/certmanager_role.yaml index 05b512e6a5..cbe291686a 100644 --- a/config/rbac/watcher_certmanager_role.yaml +++ b/config/rbac/certmanager_role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: controller-manager-watcher-certmanager + name: controller-manager-certmanager namespace: istio-system rules: - apiGroups: diff --git a/config/rbac/watcher_certmanager_role_binding.yaml b/config/rbac/certmanager_role_binding.yaml similarity index 69% rename from config/rbac/watcher_certmanager_role_binding.yaml rename to config/rbac/certmanager_role_binding.yaml index e587e35a2c..740e088df3 100644 --- a/config/rbac/watcher_certmanager_role_binding.yaml +++ b/config/rbac/certmanager_role_binding.yaml @@ -1,12 +1,12 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: controller-manager-watcher-certmanager + name: controller-manager-certmanager namespace: istio-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: controller-manager-watcher-certmanager + name: controller-manager-certmanager subjects: - kind: ServiceAccount name: controller-manager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 046952e321..1b5d54dc3c 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -8,5 +8,5 @@ resources: - crd_cluster_role.yaml - crd_cluster_role_binding.yaml - manager_role_binding.yaml - - watcher_certmanager_role.yaml - - watcher_certmanager_role_binding.yaml + - certmanager_role.yaml + - certmanager_role_binding.yaml From ec15b630f5ac9377bbe4b6617b0e3ed77c5d9220 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Tue, 25 Feb 2025 08:19:56 +0100 Subject: [PATCH 15/26] remove commited watcher local manifest --- config/control-plane/kustomization.yaml | 10 +- watcher-local.yaml | 7453 ----------------------- 2 files changed, 4 insertions(+), 7459 deletions(-) delete mode 100644 watcher-local.yaml diff --git a/config/control-plane/kustomization.yaml b/config/control-plane/kustomization.yaml index 775ab4292d..f7729af5ea 100644 --- a/config/control-plane/kustomization.yaml +++ b/config/control-plane/kustomization.yaml @@ -20,6 +20,10 @@ components: - ../webhook - ../grafana patches: + - path: patches/deployment_resources.yaml + - path: patches/unique_deployment_webhook_patch.yaml + - # Override certificate name to ensure a unique CM Cert when run with other kubebuilder operators + - path: patches/unique_certificate_name.yaml - target: kind: Deployment patch: |- @@ -61,12 +65,6 @@ patches: - op: add path: /metadata/labels/grafana_dashboard value: "1" - - path: patches/deployment_resources.yaml - - path: patches/unique_deployment_webhook_patch.yaml - # We override the certificate name to ensure that Cert-Manager uses a unique cert in conjunction with other - # kubebuilder operators. - - path: patches/unique_certificate_name.yaml - # Note: Now as the 'patchesJson6902' is deprecated, the direct use of the 'PatchTransformer' is the only way to change a resource namespace to something different from the value configured by the global namespace transformer. transformers: - |- diff --git a/watcher-local.yaml b/watcher-local.yaml deleted file mode 100644 index 7e85b8bbc4..0000000000 --- a/watcher-local.yaml +++ /dev/null @@ -1,7453 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: kcp-system ---- -apiVersion: v1 -kind: Namespace -metadata: - name: kyma-system ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: kcp-system/klm-controller-manager-webhook-serving - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: kymas.operator.kyma-project.io -spec: - group: operator.kyma-project.io - names: - kind: Kyma - listKind: KymaList - plural: kymas - singular: kyma - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.state - name: State - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: kyma-project.io/v1beta1 Kyma is deprecated. Use v1beta2 instead. - name: v1beta1 - schema: - openAPIV3Schema: - description: Kyma is the Schema for the kymas API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KymaSpec defines the desired state of Kyma. - properties: - channel: - description: Channel specifies the desired Channel of the Installation, - usually targeting different module versions. - maxLength: 32 - minLength: 3 - pattern: ^[a-z]+$ - type: string - modules: - description: Modules specifies the list of modules to be installed - items: - description: Module defines the components to be installed. - properties: - channel: - description: |- - Channel is the desired channel of the Module. If this changes or is set, it will be used to resolve a new - ModuleTemplate based on the new resolved resources. - maxLength: 32 - minLength: 3 - pattern: ^[a-z]+$ - type: string - controller: - description: |- - ControllerName is able to set the controller used for reconciliation of the module. It can be used - together with Cache Configuration on the Operator responsible for the templated Modules to split - workload. - type: string - customResourcePolicy: - default: CreateAndDelete - description: |- - CustomResourcePolicy determines how a ModuleTemplate should be parsed. When CustomResourcePolicy is set to - CustomResourcePolicyCreateAndDelete, the Manifest will receive instructions to create it on installation with - the default values provided in ModuleTemplate, and to remove it when the module or Kyma is deleted. - enum: - - CreateAndDelete - - Ignore - type: string - managed: - default: true - description: |- - Managed is determining whether the module is managed or not. If the module is unmanaged, the user is responsible - for the lifecycle of the module. - type: boolean - name: - description: |- - Name is a unique identifier of the module. - It is used to resolve a ModuleTemplate for creating a set of resources on the cluster. - - - Name can only be the ModuleName label value of the module-template, e.g. operator.kyma-project.io/module-name=my-module - type: string - remoteModuleTemplateRef: - description: |- - RemoteModuleTemplateRef is deprecated and will no longer have any functionality. - It will be removed in the upcoming API version. - type: string - required: - - managed - - name - type: object - type: array - skipMaintenanceWindows: - description: |- - SkipMaintenanceWindows indicates whether module upgrades that require downtime - should bypass the defined Maintenance Windows and be applied immediately. - type: boolean - sync: - description: Active Synchronization Settings - properties: - enabled: - default: false - description: |- - Enabled set to true will look up a kubeconfig for the remote cluster based on the strategy - and synchronize its state there. - type: boolean - moduleCatalog: - default: true - description: |- - ModuleCatalog set to true will cause a copy of all ModuleTemplate in the cluster - to be synchronized for discovery purposes - type: boolean - namespace: - description: |- - The target namespace, if empty the namespace is reflected from the control plane - Note that cleanup is currently not supported if you are switching the namespace, so you will - manually need to clean up old synchronized Kymas - type: string - noModuleCopy: - default: true - description: |- - NoModuleCopy set to true will cause the remote Kyma to be initialized without copying over the - module spec of the control plane into the SKR - type: boolean - strategy: - default: secret - description: Strategy determines the way to look up the remotely - synced kubeconfig, by default it is fetched from a secret - type: string - type: object - required: - - channel - type: object - status: - description: KymaStatus defines the observed state of Kyma. - properties: - activeChannel: - description: Active Channel - type: string - conditions: - description: List of status conditions to indicate the status of a - ServiceInstance. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - lastOperation: - description: LastOperation defines the last operation from the control-loop. - properties: - lastUpdateTime: - format: date-time - type: string - operation: - type: string - required: - - operation - type: object - modules: - description: Contains essential information about the current deployed - module - items: - properties: - channel: - description: |- - Channel tracks the active Channel of the Module. In Case it changes, the new Channel will have caused - a new lookup to be necessary that maybe picks a different ModuleTemplate, which is why we need to reconcile. - type: string - fqdn: - description: |- - FQDN is the fully qualified domain name of the module. - In the ModuleTemplate it is located in .spec.descriptor.component.name of the ModuleTemplate - FQDN is used to calculate Namespace and Name of the Manifest for tracking. - type: string - manifest: - description: Manifest contains the Information of a related - Manifest - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - description: |- - PartialMeta is a subset of ObjectMeta that contains relevant information to track an Object. - see https://github.com/kubernetes/apimachinery/blob/v0.26.1/pkg/apis/meta/v1/types.go#L111 - properties: - generation: - description: |- - A sequence number representing a specific generation of the desired state. - Populated by the system. Read-only. - format: int64 - type: integer - name: - description: |- - Name must be unique within a namespace. Is required when creating resources, although - some resources may allow a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence and configuration - definition. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names - type: string - namespace: - description: |- - Namespace defines the space within which each name must be unique. An empty namespace is - equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this field for - those objects will be empty. - - - Must be a DNS_LABEL. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - type: object - type: object - message: - description: Message is a human-readable message indicating - details about the State. - type: string - name: - description: |- - Name defines the name of the Module in the Spec that the status is used for. - It can be any kind of Reference format supported by Module.Name. - type: string - resource: - description: Resource contains information about the created - module CR. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - description: |- - PartialMeta is a subset of ObjectMeta that contains relevant information to track an Object. - see https://github.com/kubernetes/apimachinery/blob/v0.26.1/pkg/apis/meta/v1/types.go#L111 - properties: - generation: - description: |- - A sequence number representing a specific generation of the desired state. - Populated by the system. Read-only. - format: int64 - type: integer - name: - description: |- - Name must be unique within a namespace. Is required when creating resources, although - some resources may allow a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence and configuration - definition. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names - type: string - namespace: - description: |- - Namespace defines the space within which each name must be unique. An empty namespace is - equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this field for - those objects will be empty. - - - Must be a DNS_LABEL. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - type: object - type: object - state: - description: State of the Module in the currently tracked Generation - enum: - - Processing - - Deleting - - Ready - - Error - - "" - - Warning - - Unmanaged - type: string - template: - description: |- - It contains information about the last parsed ModuleTemplate in Context of the Installation. - This will update when Channel or the ModuleTemplate is changed. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - description: |- - PartialMeta is a subset of ObjectMeta that contains relevant information to track an Object. - see https://github.com/kubernetes/apimachinery/blob/v0.26.1/pkg/apis/meta/v1/types.go#L111 - properties: - generation: - description: |- - A sequence number representing a specific generation of the desired state. - Populated by the system. Read-only. - format: int64 - type: integer - name: - description: |- - Name must be unique within a namespace. Is required when creating resources, although - some resources may allow a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence and configuration - definition. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names - type: string - namespace: - description: |- - Namespace defines the space within which each name must be unique. An empty namespace is - equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this field for - those objects will be empty. - - - Must be a DNS_LABEL. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - type: object - type: object - version: - description: Channel tracks the active Version of the Module. - type: string - required: - - name - - state - type: object - type: array - state: - description: |- - State signifies current state of Kyma. - Value can be one of ("Ready", "Processing", "Error", "Deleting"). - enum: - - Processing - - Deleting - - Ready - - Error - - "" - - Warning - - Unmanaged - type: string - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.state - name: State - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: Kyma is the Schema for the kymas API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KymaSpec defines the desired state of Kyma. - properties: - channel: - description: Channel specifies the desired Channel of the Installation, - usually targeting different module versions. - maxLength: 32 - minLength: 3 - pattern: ^[a-z]+$ - type: string - modules: - description: Modules specifies the list of modules to be installed - items: - description: Module defines the components to be installed. - properties: - channel: - description: |- - Channel is the desired channel of the Module. If this changes or is set, it will be used to resolve a new - ModuleTemplate based on the new resolved resources. - maxLength: 32 - minLength: 3 - pattern: ^[a-z]+$ - type: string - controller: - description: |- - ControllerName is able to set the controller used for reconciliation of the module. It can be used - together with Cache Configuration on the Operator responsible for the templated Modules to split - workload. - type: string - customResourcePolicy: - default: CreateAndDelete - description: |- - CustomResourcePolicy determines how a ModuleTemplate should be parsed. When CustomResourcePolicy is set to - CustomResourcePolicyCreateAndDelete, the Manifest will receive instructions to create it on installation with - the default values provided in ModuleTemplate, and to remove it when the module or Kyma is deleted. - enum: - - CreateAndDelete - - Ignore - type: string - managed: - default: true - description: |- - Managed is determining whether the module is managed or not. If the module is unmanaged, the user is responsible - for the lifecycle of the module. - type: boolean - name: - description: |- - Name is a unique identifier of the module. - It is used to resolve a ModuleTemplate for creating a set of resources on the cluster. - - - Name can only be the ModuleName label value of the module-template, e.g. operator.kyma-project.io/module-name=my-module - type: string - remoteModuleTemplateRef: - description: |- - RemoteModuleTemplateRef is deprecated and will no longer have any functionality. - It will be removed in the upcoming API version. - type: string - required: - - managed - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - skipMaintenanceWindows: - description: |- - SkipMaintenanceWindows indicates whether module upgrades that require downtime - should bypass the defined Maintenance Windows and be applied immediately. - type: boolean - required: - - channel - type: object - status: - description: KymaStatus defines the observed state of Kyma. - properties: - activeChannel: - description: Active Channel - type: string - conditions: - description: List of status conditions to indicate the status of a - ServiceInstance. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - lastOperation: - description: LastOperation defines the last operation from the control-loop. - properties: - lastUpdateTime: - format: date-time - type: string - operation: - type: string - required: - - operation - type: object - modules: - description: Contains essential information about the current deployed - module - items: - properties: - channel: - description: |- - Channel tracks the active Channel of the Module. In Case it changes, the new Channel will have caused - a new lookup to be necessary that maybe picks a different ModuleTemplate, which is why we need to reconcile. - type: string - fqdn: - description: |- - FQDN is the fully qualified domain name of the module. - In the ModuleTemplate it is located in .spec.descriptor.component.name of the ModuleTemplate - FQDN is used to calculate Namespace and Name of the Manifest for tracking. - type: string - manifest: - description: Manifest contains the Information of a related - Manifest - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - description: |- - PartialMeta is a subset of ObjectMeta that contains relevant information to track an Object. - see https://github.com/kubernetes/apimachinery/blob/v0.26.1/pkg/apis/meta/v1/types.go#L111 - properties: - generation: - description: |- - A sequence number representing a specific generation of the desired state. - Populated by the system. Read-only. - format: int64 - type: integer - name: - description: |- - Name must be unique within a namespace. Is required when creating resources, although - some resources may allow a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence and configuration - definition. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names - type: string - namespace: - description: |- - Namespace defines the space within which each name must be unique. An empty namespace is - equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this field for - those objects will be empty. - - - Must be a DNS_LABEL. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - type: object - type: object - message: - description: Message is a human-readable message indicating - details about the State. - type: string - name: - description: |- - Name defines the name of the Module in the Spec that the status is used for. - It can be any kind of Reference format supported by Module.Name. - type: string - resource: - description: Resource contains information about the created - module CR. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - description: |- - PartialMeta is a subset of ObjectMeta that contains relevant information to track an Object. - see https://github.com/kubernetes/apimachinery/blob/v0.26.1/pkg/apis/meta/v1/types.go#L111 - properties: - generation: - description: |- - A sequence number representing a specific generation of the desired state. - Populated by the system. Read-only. - format: int64 - type: integer - name: - description: |- - Name must be unique within a namespace. Is required when creating resources, although - some resources may allow a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence and configuration - definition. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names - type: string - namespace: - description: |- - Namespace defines the space within which each name must be unique. An empty namespace is - equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this field for - those objects will be empty. - - - Must be a DNS_LABEL. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - type: object - type: object - state: - description: State of the Module in the currently tracked Generation - enum: - - Processing - - Deleting - - Ready - - Error - - "" - - Warning - - Unmanaged - type: string - template: - description: |- - It contains information about the last parsed ModuleTemplate in Context of the Installation. - This will update when Channel or the ModuleTemplate is changed. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - description: |- - PartialMeta is a subset of ObjectMeta that contains relevant information to track an Object. - see https://github.com/kubernetes/apimachinery/blob/v0.26.1/pkg/apis/meta/v1/types.go#L111 - properties: - generation: - description: |- - A sequence number representing a specific generation of the desired state. - Populated by the system. Read-only. - format: int64 - type: integer - name: - description: |- - Name must be unique within a namespace. Is required when creating resources, although - some resources may allow a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence and configuration - definition. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names - type: string - namespace: - description: |- - Namespace defines the space within which each name must be unique. An empty namespace is - equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this field for - those objects will be empty. - - - Must be a DNS_LABEL. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - type: object - type: object - version: - description: Channel tracks the active Version of the Module. - type: string - required: - - name - - state - type: object - type: array - state: - description: |- - State signifies current state of Kyma. - Value can be one of ("Ready", "Processing", "Error", "Deleting"). - enum: - - Processing - - Deleting - - Ready - - Error - - "" - - Warning - - Unmanaged - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: kcp-system/klm-controller-manager-webhook-serving - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: manifests.operator.kyma-project.io -spec: - group: operator.kyma-project.io - names: - kind: Manifest - listKind: ManifestList - plural: manifests - singular: manifest - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.state - name: State - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: kyma-project.io/v1beta1 Manifest is deprecated. Use v1beta2 - instead. - name: v1beta1 - schema: - openAPIV3Schema: - description: Manifest is the Schema for the manifests API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ManifestSpec defines the desired state of Manifest. - properties: - config: - description: Config specifies OCI image configuration for Manifest - properties: - credSecretSelector: - description: |- - CredSecretSelector is an optional field, for OCI image saved in private registry, - use it to indicate the secret which contains registry credentials, - must exist in the namespace same as manifest - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: Name defines the Image name - type: string - ref: - description: Ref is either a sha value, tag or version - type: string - repo: - description: Repo defines the Image repo - type: string - type: - description: |- - Type specifies the type of installation specification - that could be provided as part of a custom resource. - This time is used in codec to successfully decode from raw extensions. - enum: - - helm-chart - - oci-ref - - kustomize - - "" - type: string - type: object - install: - description: Install specifies a list of installations for Manifest - properties: - name: - description: Name specifies a unique install name for Manifest - type: string - source: - description: Source in the ImageSpec format - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - name - - source - type: object - remote: - description: Remote indicates if Manifest should be installed on a - remote cluster - type: boolean - resource: - description: Resource specifies a resource to be watched for state - updates - nullable: true - type: object - x-kubernetes-embedded-resource: true - x-kubernetes-preserve-unknown-fields: true - version: - description: Version specifies current Resource version - type: string - required: - - install - - remote - type: object - status: - description: Status defines the observed state of CustomObject. - properties: - conditions: - description: |- - Conditions contain a set of conditionals to determine the State of Status. - If all Conditions are met, the State is expected to be in StateReady. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - lastOperation: - description: LastOperation defines the last operation from the control-loop. - properties: - lastUpdateTime: - format: date-time - type: string - operation: - type: string - required: - - operation - type: object - state: - description: |- - State signifies current state of CustomObject. - Value can be one of ("Ready", "Processing", "Error", "Deleting", "Warning"). - enum: - - Processing - - Deleting - - Ready - - Error - - "" - - Warning - - Unmanaged - type: string - synced: - description: |- - Synced determine a list of Resources that are currently actively synced. - All resources that are synced are considered for orphan removal on configuration changes, - and it is used to determine effective differences from one state to the next. - items: - properties: - group: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - version: - type: string - required: - - group - - kind - - name - - namespace - - version - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.state - name: State - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: Manifest is the Schema for the manifests API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ManifestSpec defines the desired state of Manifest. - properties: - config: - description: Config specifies OCI image configuration for Manifest - properties: - credSecretSelector: - description: |- - CredSecretSelector is an optional field, for OCI image saved in private registry, - use it to indicate the secret which contains registry credentials, - must exist in the namespace same as manifest - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: Name defines the Image name - type: string - ref: - description: Ref is either a sha value, tag or version - type: string - repo: - description: Repo defines the Image repo - type: string - type: - description: |- - Type specifies the type of installation specification - that could be provided as part of a custom resource. - This time is used in codec to successfully decode from raw extensions. - enum: - - helm-chart - - oci-ref - - kustomize - - "" - type: string - type: object - install: - description: Install specifies a list of installations for Manifest - properties: - name: - description: Name specifies a unique install name for Manifest - type: string - source: - description: Source in the ImageSpec format - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - name - - source - type: object - remote: - description: Remote indicates if Manifest should be installed on a - remote cluster - type: boolean - resource: - description: Resource specifies a resource to be watched for state - updates - nullable: true - type: object - x-kubernetes-embedded-resource: true - x-kubernetes-preserve-unknown-fields: true - version: - description: Version specifies current Resource version - type: string - required: - - install - - remote - type: object - status: - description: Status defines the observed state of CustomObject. - properties: - conditions: - description: |- - Conditions contain a set of conditionals to determine the State of Status. - If all Conditions are met, the State is expected to be in StateReady. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - lastOperation: - description: LastOperation defines the last operation from the control-loop. - properties: - lastUpdateTime: - format: date-time - type: string - operation: - type: string - required: - - operation - type: object - state: - description: |- - State signifies current state of CustomObject. - Value can be one of ("Ready", "Processing", "Error", "Deleting", "Warning"). - enum: - - Processing - - Deleting - - Ready - - Error - - "" - - Warning - - Unmanaged - type: string - synced: - description: |- - Synced determine a list of Resources that are currently actively synced. - All resources that are synced are considered for orphan removal on configuration changes, - and it is used to determine effective differences from one state to the next. - items: - properties: - group: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - version: - type: string - required: - - group - - kind - - name - - namespace - - version - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: kcp-system/klm-controller-manager-webhook-serving - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: modulereleasemetas.operator.kyma-project.io -spec: - group: operator.kyma-project.io - names: - kind: ModuleReleaseMeta - listKind: ModuleReleaseMetaList - plural: modulereleasemetas - shortNames: - - mrm - singular: modulereleasemeta - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta2 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ModuleReleaseMetaSpec defines the channel-version assignments - for a module. - properties: - beta: - default: false - description: Beta indicates if the module is in beta state. Beta modules - are only available for beta Kymas. - type: boolean - channels: - description: Channels is the list of module channels with their corresponding - versions. - items: - properties: - channel: - description: Channel is the module channel. - maxLength: 32 - minLength: 3 - pattern: ^[a-z]+$ - type: string - version: - description: Version is the module version of the corresponding - module channel. - maxLength: 32 - pattern: ^((0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-[a-zA-Z-][0-9a-zA-Z-]*)?)?$ - type: string - required: - - channel - - version - type: object - type: array - x-kubernetes-list-map-keys: - - channel - x-kubernetes-list-type: map - internal: - default: false - description: Internal indicates if the module is internal. Internal - modules are only available for internal Kymas. - type: boolean - moduleName: - description: ModuleName is the name of the Module. - maxLength: 64 - pattern: ^([a-z]{3,}(-[a-z]{3,})*)?$ - type: string - required: - - channels - - moduleName - type: object - type: object - served: true - storage: true - subresources: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: kcp-system/klm-controller-manager-webhook-serving - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: moduletemplates.operator.kyma-project.io -spec: - group: operator.kyma-project.io - names: - kind: ModuleTemplate - listKind: ModuleTemplateList - plural: moduletemplates - singular: moduletemplate - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: kyma-project.io/v1beta1 ModuleTemplate is deprecated. Use - v1beta2 instead. - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ModuleTemplateSpec defines the desired state of ModuleTemplate. - properties: - channel: - description: |- - Channel is the targeted channel of the ModuleTemplate. It will be used to directly assign a Template - to a target channel. It has to be provided at any given time. - Deprecated: This field is deprecated and will be removed in a future release. - maxLength: 32 - pattern: ^$|^[a-z]{3,}$ - type: string - customStateCheck: - items: - properties: - jsonPath: - description: JSONPath specifies the JSON path to the state variable - in the Module CR - type: string - mappedState: - description: MappedState is the Kyma CR State - enum: - - Processing - - Deleting - - Ready - - Error - - "" - - Warning - - Unmanaged - type: string - value: - description: Value is the value at the JSONPath for which the - Module CR state should map with MappedState - type: string - required: - - jsonPath - - mappedState - - value - type: object - type: array - data: - description: |- - Data is the default set of attributes that are used to generate the Module. It contains a default set of values - for a given channel, and is thus different from default values allocated during struct parsing of the Module. - While Data can change after the initial creation of ModuleTemplate, it is not expected to be propagated to - downstream modules as it is considered a set of default values. This means that an update of the data block - will only propagate to new Modules created form ModuleTemplate, not any existing Module. - type: object - x-kubernetes-embedded-resource: true - x-kubernetes-preserve-unknown-fields: true - descriptor: - description: |- - The Descriptor is the Open Component Model Descriptor of a Module, containing all relevant information - to correctly initialize a module (e.g. Charts, Manifests, References to Binaries and/or configuration) - Name more information on Component Descriptors, see - https://github.com/open-component-model/ocm - - - It is translated inside the Lifecycle of the Cluster and will be used by downstream controllers - to bootstrap and manage the module. This part is also propagated for every change of the template. - This means for upgrades of the Descriptor, downstream controllers will also update the dependant modules - (e.g. by updating the controller binary linked in a chart referenced in the descriptor) - type: object - x-kubernetes-preserve-unknown-fields: true - mandatory: - description: |- - Mandatory indicates whether the module is mandatory. It is used to enforce the installation of the module with - its configuration in all runtime clusters. - type: boolean - requiresDowntime: - description: RequiresDowntime indicates whether the module requires - downtime in support of maintenance windows during module upgrades. - type: boolean - target: - description: |- - Target describes where the Module should later on be installed if parsed correctly. It is used as installation - hint by downstream controllers to determine which client implementation to use for working with the Module - enum: - - control-plane - - remote - type: string - required: - - descriptor - - target - type: object - type: object - served: false - storage: false - subresources: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta2 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ModuleTemplateSpec defines the desired state of ModuleTemplate. - properties: - associatedResources: - description: AssociatedResources is a list of module related resources - that usually must be cleaned when uninstalling a module. Informational - purpose only. - items: - description: |- - GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion - to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling - properties: - group: - type: string - kind: - type: string - version: - type: string - required: - - group - - kind - - version - type: object - type: array - channel: - description: |- - Channel is the targeted channel of the ModuleTemplate. It will be used to directly assign a Template - to a target channel. It has to be provided at any given time. - Deprecated: This field is deprecated and will be removed in a future release. - maxLength: 32 - pattern: ^$|^[a-z]{3,}$ - type: string - customStateCheck: - description: CustomStateCheck is deprecated. - items: - properties: - jsonPath: - description: JSONPath specifies the JSON path to the state variable - in the Module CR - type: string - mappedState: - description: MappedState is the Kyma CR State - enum: - - Processing - - Deleting - - Ready - - Error - - "" - - Warning - - Unmanaged - type: string - value: - description: Value is the value at the JSONPath for which the - Module CR state should map with MappedState - type: string - required: - - jsonPath - - mappedState - - value - type: object - type: array - data: - description: |- - Data is the default set of attributes that are used to generate the Module. It contains a default set of values - for a given channel, and is thus different from default values allocated during struct parsing of the Module. - While Data can change after the initial creation of ModuleTemplate, it is not expected to be propagated to - downstream modules as it is considered a set of default values. This means that an update of the data block - will only propagate to new Modules created form ModuleTemplate, not any existing Module. - type: object - x-kubernetes-embedded-resource: true - x-kubernetes-preserve-unknown-fields: true - descriptor: - description: |- - The Descriptor is the Open Component Model Descriptor of a Module, containing all relevant information - to correctly initialize a module (e.g. Manifests, References to Binaries and/or configuration) - Name more information on Component Descriptors, see - https://github.com/open-component-model/ocm - - - It is translated inside the Lifecycle of the Cluster and will be used by downstream controllers - to bootstrap and manage the module. This part is also propagated for every change of the template. - This means for upgrades of the Descriptor, downstream controllers will also update the dependant modules - (e.g. by updating the controller binary linked in a chart referenced in the descriptor) - - - NOTE: Only Raw Rendering is Supported for the layers. So previously used "config" layers for the helm - charts and kustomize renderers are deprecated and ignored. - type: object - x-kubernetes-preserve-unknown-fields: true - info: - description: Info contains metadata about the module. - properties: - documentation: - description: Documentation is the link to the documentation of - the module. - type: string - icons: - description: Icons is a list of icons of the module. - items: - properties: - link: - description: Link is the link to the icon. - type: string - name: - description: Name is the name of the icon. - type: string - required: - - link - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - repository: - description: Repository is the link to the repository of the module. - type: string - required: - - documentation - - repository - type: object - manager: - description: Manager contains information for identifying a module's - resource that can be used as indicator for the installation readiness - of the module. Typically, this is the manager Deployment of the - module. In exceptional cases, it may also be another resource. - properties: - group: - type: string - kind: - type: string - name: - description: Name is the name of the manager. - type: string - namespace: - description: Namespace is the namespace of the manager. It is - optional. - type: string - version: - type: string - required: - - group - - kind - - name - - version - type: object - mandatory: - description: |- - Mandatory indicates whether the module is mandatory. It is used to enforce the installation of the module with - its configuration in all runtime clusters. - type: boolean - moduleName: - description: ModuleName is the name of the Module. Can be empty. - maxLength: 64 - pattern: ^([a-z]{3,}(-[a-z]{3,})*)?$ - type: string - requiresDowntime: - description: RequiresDowntime indicates whether the module requires - downtime in support of maintenance windows during module upgrades. - type: boolean - resources: - description: Resources is a list of additional resources of the module - that can be fetched, e.g., the raw manifest. - items: - properties: - link: - description: Link is the URL to the resource. - format: uri - type: string - name: - description: Name is the name of the resource. - type: string - required: - - link - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - version: - description: Version identifies the version of the Module. Can be - empty, or a semantic version. - maxLength: 32 - pattern: ^((0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-[a-zA-Z-][0-9a-zA-Z-]*)?)?$ - type: string - required: - - descriptor - type: object - type: object - served: true - storage: true - subresources: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: kcp-system/klm-controller-manager-webhook-serving - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: watchers.operator.kyma-project.io -spec: - group: operator.kyma-project.io - names: - kind: Watcher - listKind: WatcherList - plural: watchers - singular: watcher - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: kyma-project.io/v1beta1 Watcher is deprecated. Use v1beta2 - instead. - name: v1beta1 - schema: - openAPIV3Schema: - description: Watcher is the Schema for the watchers API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: WatcherSpec defines the desired state of Watcher. - properties: - field: - description: |- - Field describes the subresource that should be watched - Value can be one of ("spec", "status") - enum: - - spec - - status - type: string - gateway: - description: |- - Gateway configures the Istio Gateway for the VirtualService that is created/updated during processing - of the Watcher CR. - properties: - selector: - description: LabelSelector allows to select the Gateway using - label selectors as defined in the K8s LIST API. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - selector - type: object - labelsToWatch: - additionalProperties: - type: string - description: LabelsToWatch describes the labels that should be watched - type: object - resourceToWatch: - description: ResourceToWatch is the GroupVersionResource of the resource - that should be watched. - properties: - group: - type: string - resource: - type: string - version: - type: string - required: - - group - - resource - - version - type: object - serviceInfo: - description: ServiceInfo describes the service information of the - listener - properties: - name: - description: Name describes the service name. - type: string - namespace: - description: Namespace describes the service namespace. - type: string - port: - description: Port describes the service port. - format: int64 - type: integer - required: - - name - - namespace - - port - type: object - required: - - field - - gateway - - labelsToWatch - - resourceToWatch - - serviceInfo - type: object - status: - description: WatcherStatus defines the observed state of Watcher. - properties: - conditions: - description: List of status conditions to indicate the status of a - Watcher. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - observedGeneration: - description: ObservedGeneration - format: int64 - type: integer - state: - description: |- - State signifies current state of a Watcher. - Value can be one of ("Ready", "Processing", "Error", "Deleting", "Warning") - enum: - - Processing - - Deleting - - Ready - - Error - - "" - - Warning - - Unmanaged - type: string - required: - - state - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: Watcher is the Schema for the watchers API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: WatcherSpec defines the desired state of Watcher. - properties: - field: - description: |- - Field describes the subresource that should be watched - Value can be one of ("spec", "status") - enum: - - spec - - status - type: string - gateway: - description: |- - Gateway configures the Istio Gateway for the VirtualService that is created/updated during processing - of the Watcher CR. - properties: - selector: - description: LabelSelector allows to select the Gateway using - label selectors as defined in the K8s LIST API. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - selector - type: object - labelsToWatch: - additionalProperties: - type: string - description: LabelsToWatch describes the labels that should be watched - type: object - resourceToWatch: - description: ResourceToWatch is the GroupVersionResource of the resource - that should be watched. - properties: - group: - type: string - resource: - type: string - version: - type: string - required: - - group - - resource - - version - type: object - serviceInfo: - description: ServiceInfo describes the service information of the - listener - properties: - name: - description: Name describes the service name. - type: string - namespace: - description: Namespace describes the service namespace. - type: string - port: - description: Port describes the service port. - format: int64 - type: integer - required: - - name - - namespace - - port - type: object - required: - - field - - gateway - - labelsToWatch - - resourceToWatch - - serviceInfo - type: object - status: - description: WatcherStatus defines the observed state of Watcher. - properties: - conditions: - description: List of status conditions to indicate the status of a - Watcher. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - observedGeneration: - description: ObservedGeneration - format: int64 - type: integer - state: - description: |- - State signifies current state of a Watcher. - Value can be one of ("Ready", "Processing", "Error", "Deleting", "Warning") - enum: - - Processing - - Deleting - - Ready - - Error - - "" - - Warning - - Unmanaged - type: string - required: - - state - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: klm-controller-manager - namespace: kcp-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: klm-controller-manager - namespace: istio-system -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - list - - patch - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - update -- apiGroups: - - cert-manager.io - resources: - - certificates - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - cert-manager.io - resources: - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - networking.istio.io - resources: - - gateways - verbs: - - get - - list -- apiGroups: - - networking.istio.io - resources: - - virtualservices - verbs: - - create - - delete - - get - - list - - update -- apiGroups: - - operator.kyma-project.io - resources: - - kymas - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - operator.kyma-project.io - resources: - - kymas/finalizers - verbs: - - update -- apiGroups: - - operator.kyma-project.io - resources: - - kymas/status - verbs: - - get - - patch - - update - - watch -- apiGroups: - - operator.kyma-project.io - resources: - - manifests - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - operator.kyma-project.io - resources: - - manifests/finalizers - verbs: - - update -- apiGroups: - - operator.kyma-project.io - resources: - - manifests/status - verbs: - - get - - patch - - update -- apiGroups: - - operator.kyma-project.io - resources: - - modulereleasemetas - verbs: - - get - - list - - watch -- apiGroups: - - operator.kyma-project.io - resources: - - moduletemplates - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - operator.kyma-project.io - resources: - - moduletemplates/finalizers - verbs: - - update -- apiGroups: - - operator.kyma-project.io - resources: - - watchers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - operator.kyma-project.io - resources: - - watchers/finalizers - verbs: - - update -- apiGroups: - - operator.kyma-project.io - resources: - - watchers/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: klm-controller-manager-watcher-certmanager - namespace: istio-system -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch - - get - - create - - delete - - update -- apiGroups: - - cert-manager.io - resources: - - certificates - verbs: - - patch - - list - - watch - - get - - create - - delete -- apiGroups: - - cert-manager.io - resources: - - issuers - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: klm-controller-manager-leader-election - namespace: kcp-system -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: klm-controller-manager-crds -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: klm-controller-manager-watcher-certmanager - namespace: istio-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: klm-controller-manager-watcher-certmanager -subjects: -- kind: ServiceAccount - name: klm-controller-manager - namespace: kcp-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: klm-controller-manager - namespace: kcp-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: controller-manager -subjects: -- kind: ServiceAccount - name: klm-controller-manager - namespace: kcp-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: klm-controller-manager-leader-election - namespace: kcp-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: klm-controller-manager-leader-election -subjects: -- kind: ServiceAccount - name: klm-controller-manager - namespace: kcp-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: klm-controller-manager-crds -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: klm-controller-manager-crds -subjects: -- kind: ServiceAccount - name: klm-controller-manager - namespace: kcp-system ---- -apiVersion: v1 -data: - mandatory-modules.json: |- - { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "This dashboard shows an overview of all the mandatory modules on the SKR.", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 68, - "links": [], - "panels": [ - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 8, - "panels": [], - "title": "Warden", - "type": "row" - }, - { - "datasource": "VictoriaMetrics", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 6, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.31", - "targets": [ - { - "exemplar": true, - "expr": "count(group by (shoot) (runtime:apiserver:available))", - "format": "time_series", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "SKR Count", - "refId": "SKR Count" - }, - { - "exemplar": true, - "expr": "count(group by (shoot) (kube_deployment_spec_replicas{deployment=~\"warden-.*\"})) / count(group by (shoot) (runtime:apiserver:available)) * 100", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "SKR(s) with Warden Deployment", - "refId": "SKR(s) with Warden Deployment" - }, - { - "exemplar": true, - "expr": "count(group by (shoot) (kube_deployment_spec_replicas{deployment=~\"warden-.*\"}))", - "format": "time_series", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "SKR Warden Deployment Count", - "refId": "SKR Warden Deployment Count" - } - ], - "title": "Warden Usage", - "type": "stat" - }, - { - "datasource": "VictoriaMetrics", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": null, - "filterable": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 8 - }, - "id": 2, - "options": { - "showHeader": true - }, - "pluginVersion": "7.5.31", - "targets": [ - { - "exemplar": true, - "expr": "count by (image) (group by (image, shoot) (kube_pod_container_info{namespace=\"kyma-system\", pod=~\"warden-.*\", container=~\"(admission)|(operator)\"}))", - "format": "table", - "instant": true, - "interval": "", - "legendFormat": "{{image}}", - "refId": "Warden Images on Shoots" - } - ], - "title": "Warden Images on Shoots", - "type": "table" - }, - { - "datasource": "VictoriaMetrics", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 8 - }, - "id": 4, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.31", - "targets": [ - { - "exemplar": true, - "expr": "count(group by (shoot) (kube_deployment_status_replicas_unavailable{deployment=~\"warden-.*\"})) OR on() vector(0)", - "format": "table", - "interval": "", - "legendFormat": "Unready Warden Deployments", - "refId": "Unready Warden Deployments" - } - ], - "title": "Unready Warden Deployments", - "type": "stat" - } - ], - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-7d", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Lifecycle Manager Mandatory Modules", - "uid": "c02Agu8Sz", - "version": 21 - } -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - grafana_dashboard: "1" - name: klm-dashboard-mandatory-modules - namespace: kcp-system ---- -apiVersion: v1 -data: - overview.json: | - { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 60, - "panels": [], - "title": "General", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 1 - }, - "hiddenSeries": false, - "id": 34, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.29", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "sum(rate(rest_client_requests_total{job=\"klm-controller-manager-metrics\", code=~\"2..\"}[$__rate_interval]))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "2xx", - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "sum(rate(rest_client_requests_total{job=\"klm-controller-manager-metrics\", code=~\"3..\"}[$__rate_interval]))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "3xx", - "refId": "B" - }, - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "sum(rate(rest_client_requests_total{job=\"klm-controller-manager-metrics\", code=~\"4..\"}[$__rate_interval]))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "4xx", - "refId": "C" - }, - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "sum(rate(rest_client_requests_total{job=\"klm-controller-manager-metrics\", code=~\"5..\"}[$__rate_interval]))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "5xx", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Lifecycle Manager Kube API Request Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:133", - "format": "ops", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:134", - "format": "ops", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 1 - }, - "hiddenSeries": false, - "id": 39, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.29", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "process_resident_memory_bytes{job=\"klm-controller-manager-metrics\"}", - "hide": false, - "interval": "", - "legendFormat": "Lifecycle Manager", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Lifecycle Manager Memory", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:339", - "format": "bytes", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:340", - "format": "bytes", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fieldConfig": { - "defaults": { - "unit": "short" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 1 - }, - "hiddenSeries": false, - "id": 41, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.29", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "rate(process_cpu_seconds_total{job=\"klm-controller-manager-metrics\"}[$__rate_interval])", - "interval": "", - "legendFormat": "{{job}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Lifecycle Manager CPU usage", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:392", - "format": "short", - "logBase": 1, - "min": 0, - "show": true - }, - { - "$$hashKey": "object:393", - "format": "short", - "logBase": 1, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 8 - }, - "id": 9, - "panels": [], - "title": "Reconcile", - "type": "row" - }, - { - "datasource": null, - "description": "Total number of successfully reconciliations per controller.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "graph": false, - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 9 - }, - "id": 42, - "interval": "15s", - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single" - }, - "tooltipOptions": { - "mode": "single" - } - }, - "pluginVersion": "8.3.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "rate(controller_runtime_reconcile_total{controller=~\"kyma|watcher|purge|manifest|mandatory-module-installation|mandatory-module-deletion\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{controller }} - {{result}}", - "refId": "A" - } - ], - "title": "Lifecycle Manager Controller Runtime Reconcile Success", - "type": "timeseries" - }, - { - "datasource": null, - "description": "Total number of reconciliation errors per controller.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "graph": false, - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 9 - }, - "id": 13, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single" - }, - "tooltipOptions": { - "mode": "single" - } - }, - "pluginVersion": "8.3.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "rate(controller_runtime_reconcile_errors_total{controller=~\"kyma|watcher|purge|manifest|mandatory-module-installation|mandatory-module-deletion\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])", - "interval": "", - "legendFormat": "{{controller}}", - "refId": "A" - } - ], - "title": "Operator Controller Runtime Reconcile Errors", - "type": "timeseries" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "decimals": null, - "description": "How many times Kyma was requeued due to specific reasons", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 13, - "w": 24, - "x": 0, - "y": 17 - }, - "hiddenSeries": false, - "id": 82, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.29", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "rate(lifecycle_mgr_requeue_reason_total)[$__rate_interval]", - "format": "time_series", - "instant": false, - "interval": "", - "legendFormat": "{{requeue_reason}} - {{requeue_type}}", - "refId": "kyma_under_deletion_with_no_access_secret" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Kyma Requeue Reason", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:152", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:153", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "How long in seconds processing an item from workqueue takes.", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 30 - }, - "hiddenSeries": false, - "id": 43, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.29", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "rate(controller_runtime_reconcile_time_seconds_sum{controller=\"manifest\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])\n/\nrate(controller_runtime_reconcile_time_seconds_count{controller=\"manifest\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])", - "interval": "", - "legendFormat": "{{controller}}", - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "rate(controller_runtime_reconcile_time_seconds_sum{controller=\"kyma\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])\n/\nrate(controller_runtime_reconcile_time_seconds_count{controller=\"kyma\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])", - "hide": false, - "interval": "", - "legendFormat": "{{controller}}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Reconcile Duration", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:101", - "format": "s", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:102", - "format": "s", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "datasource": null, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 37 - }, - "id": 44, - "options": { - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true, - "text": {} - }, - "pluginVersion": "7.5.29", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "sum by (controller) (controller_runtime_max_concurrent_reconciles{container=\"manager\",controller=\"kyma\"})", - "interval": "", - "legendFormat": "{{controller}}", - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "sum by (controller) (controller_runtime_max_concurrent_reconciles{container=\"manager\",controller=\"manifest\"})", - "hide": false, - "interval": "", - "legendFormat": "{{controller}}", - "refId": "B" - } - ], - "title": "Max Workers", - "type": "gauge" - }, - { - "datasource": null, - "description": "Number of currently used workers per controller", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "graph": false, - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineStyle": { - "fill": "solid" - }, - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 37 - }, - "id": 45, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single" - }, - "tooltipOptions": { - "mode": "single" - } - }, - "pluginVersion": "8.3.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "controller_runtime_active_workers{controller=\"kyma\",job=\"klm-controller-manager-metrics\"}", - "interval": "", - "legendFormat": "{{controller}}", - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "controller_runtime_active_workers{controller=\"manifest\",job=\"klm-controller-manager-metrics\"}", - "hide": false, - "interval": "", - "legendFormat": "{{controller}}", - "refId": "B" - } - ], - "title": "Active Workers", - "type": "timeseries" - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 45 - }, - "id": 7, - "panels": [], - "title": "Workqueue", - "type": "row" - }, - { - "datasource": null, - "description": "How many seconds has the longest running processor for workqueue been running.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "graph": false, - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineStyle": { - "fill": "solid" - }, - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 46 - }, - "id": 5, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single" - }, - "tooltipOptions": { - "mode": "single" - } - }, - "pluginVersion": "8.3.3", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "workqueue_longest_running_processor_seconds{job=\"klm-controller-manager-metrics\"}", - "interval": "", - "legendFormat": "{{job}}", - "refId": "A" - } - ], - "title": "Workqueue Longest running processor seconds", - "type": "timeseries" - }, - { - "datasource": null, - "description": "How many seconds of work has been done that is in progress and hasn’t been observed by work_duration. Large values indicate stuck threads. One can deduce the number of stuck threads by observing the rate at which this increases.\nworkqueue_longest_running_processor_seconds\tGauge\t", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "graph": false, - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 46 - }, - "id": 20, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single" - }, - "tooltipOptions": { - "mode": "single" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "workqueue_unfinished_work_seconds{job=\"klm-controller-manager-metrics\"}", - "hide": false, - "interval": "", - "legendFormat": "{{job}}", - "refId": "D" - } - ], - "title": "Workqueue Unfinished Work Seconds", - "type": "timeseries" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "How long in seconds an item stays in workqueue before being requested.", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 54 - }, - "hiddenSeries": false, - "id": 31, - "interval": "10s", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.29", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": " rate(workqueue_queue_duration_seconds_sum{name=\"manifest\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])\n/\n rate(workqueue_queue_duration_seconds_count{name=\"manifest\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])", - "interval": "", - "legendFormat": "{{name}}", - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": " rate(workqueue_queue_duration_seconds_sum{name=\"kyma\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])\n/\n rate(workqueue_queue_duration_seconds_count{name=\"kyma\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])", - "hide": false, - "interval": "", - "legendFormat": "{{name}}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Work Queue Processing Latency", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:365", - "format": "s", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:366", - "format": "s", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "How long in seconds processing an item from workqueue takes.", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 61 - }, - "hiddenSeries": false, - "id": 46, - "interval": "10s", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.29", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "rate(workqueue_work_duration_seconds_sum{name=\"manifest\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])\n/\nrate(workqueue_work_duration_seconds_count{name=\"manifest\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])", - "interval": "", - "legendFormat": "{{name}}", - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "rate(workqueue_work_duration_seconds_sum{name=\"kyma\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])\n/\nrate(workqueue_work_duration_seconds_count{name=\"kyma\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])", - "hide": false, - "interval": "", - "legendFormat": "{{name}}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Work Queue Processing Duration", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:275", - "format": "s", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:276", - "format": "s", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "The number of actions waiting in the queue to be performed.", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 68 - }, - "hiddenSeries": false, - "id": 29, - "interval": "10s", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.29", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "workqueue_depth{name=\"manifest\",job=\"klm-controller-manager-metrics\"}", - "interval": "", - "legendFormat": "{{name}}", - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "workqueue_depth{name=\"kyma\",job=\"klm-controller-manager-metrics\"}", - "hide": false, - "interval": "", - "legendFormat": "{{name}}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Work Queue Depth", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:567", - "format": "short", - "logBase": 1, - "min": 0, - "show": true - }, - { - "$$hashKey": "object:568", - "format": "short", - "logBase": 1, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fieldConfig": { - "defaults": { - "unit": "ops" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 75 - }, - "hiddenSeries": false, - "id": 27, - "interval": "10s", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.29", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "sum(rate(workqueue_adds_total{name=\"manifest\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])) by (name)", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{name}}", - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "P1809F7CD0C75ACF3" - }, - "exemplar": true, - "expr": "sum(rate(workqueue_adds_total{name=\"kyma\",job=\"klm-controller-manager-metrics\"}[$__rate_interval])) by (name)", - "hide": false, - "interval": "", - "legendFormat": "{{name}}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Work Queue Add Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:186", - "format": "ops", - "logBase": 1, - "show": true - }, - { - "$$hashKey": "object:187", - "format": "ops", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 82 - }, - "id": 78, - "panels": [], - "title": "Certificate", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "description": "Indicates the self-signed Certificate of related Kyma is not renewed yet", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 83 - }, - "hiddenSeries": false, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.29", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "lifecycle_mgr_self_signed_cert_not_renew{service=\"klm-controller-manager-metrics\"}", - "interval": "", - "legendFormat": "{{kyma_name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Self-signed Certificate Not Renew", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 90 - }, - "id": 62, - "panels": [], - "title": "Purge Controller", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 91 - }, - "hiddenSeries": false, - "id": 58, - "legend": { - "avg": true, - "current": false, - "max": true, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.29", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "lifecycle_mgr_purgectrl_time", - "interval": "", - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Purge Duration Seconds", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:103", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:104", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 91 - }, - "hiddenSeries": false, - "id": 64, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.29", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "rate(lifecycle_mgr_purgectrl_requests_total{service=\"klm-controller-manager-metrics\"}[$__rate_interval])", - "interval": "", - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Purge Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": null, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 11, - "w": 24, - "x": 0, - "y": 99 - }, - "hiddenSeries": false, - "id": 66, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.29", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "lifecycle_mgr_purgectrl_error{err_reason=\"CleanupError\"}", - "interval": "", - "legendFormat": "{{err_reason}} Kyma: {{kyma_name}} ShootID: {{shoot}} InstanceID: {{instance_id}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Purge Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "", - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-7d", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Lifecycle Manager Overview", - "uid": "O3DH7uunk", - "version": 1 - } -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - grafana_dashboard: "1" - name: klm-dashboard-overview - namespace: kcp-system ---- -apiVersion: v1 -data: - status.json: |- - { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 4, - "panels": [], - "title": "Kyma State Overview", - "type": "row" - }, - { - "datasource": null, - "description": "This panel provides information on which modules are enabled on the KCP and their respective instance counts.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 10, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 10, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.34", - "targets": [ - { - "exemplar": true, - "expr": "sum by (module_name) (lifecycle_mgr_module_state)", - "interval": "", - "legendFormat": "{{module_name}}", - "refId": "A" - } - ], - "title": "Enabled Modules", - "type": "stat" - }, - { - "datasource": null, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": null, - "filterable": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 12, - "options": { - "showHeader": true - }, - "pluginVersion": "7.5.34", - "targets": [ - { - "exemplar": true, - "expr": "lifecycle_mgr_module_state{state=\"Error\"} > 0", - "format": "table", - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "A" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Kyma Manifest in Error state", - "transformations": [ - { - "id": "organize", - "options": { - "excludeByName": { - "Time": false, - "Value": true, - "__name__": true, - "container": true, - "endpoint": true, - "instance": true, - "instance_id": true, - "job": true, - "kyma_name": false, - "module_name": false, - "namespace": true, - "pod": true, - "prometheus": true, - "service": true - }, - "indexByName": {}, - "renameByName": {} - } - } - ], - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 24, - "x": 0, - "y": 18 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.34", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "sum(lifecycle_mgr_kyma_state{state=\"Ready\"})", - "interval": "", - "legendFormat": "Ready", - "refId": "A" - }, - { - "exemplar": true, - "expr": "sum(lifecycle_mgr_kyma_state{state=\"Deleting\"})", - "hide": false, - "interval": "", - "legendFormat": "Deleting", - "refId": "B" - }, - { - "exemplar": true, - "expr": "sum(lifecycle_mgr_kyma_state{state=\"Processing\"})", - "hide": false, - "interval": "", - "legendFormat": "Processing", - "refId": "C" - }, - { - "exemplar": true, - "expr": "sum(lifecycle_mgr_kyma_state{state=\"Error\"})", - "hide": false, - "interval": "", - "legendFormat": "Error", - "refId": "D" - }, - { - "exemplar": true, - "expr": "sum(lifecycle_mgr_kyma_state{state=\"Warning\"})", - "hide": false, - "interval": "", - "legendFormat": "Warning", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Kyma State Total", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1055", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:1056", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 24, - "x": 0, - "y": 28 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.34", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "sum(lifecycle_mgr_module_state{state=\"Ready\"})", - "interval": "", - "legendFormat": "Ready", - "refId": "A" - }, - { - "exemplar": true, - "expr": "sum(lifecycle_mgr_module_state{state=\"Deleting\"})", - "hide": false, - "interval": "", - "legendFormat": "Deleting", - "refId": "B" - }, - { - "exemplar": true, - "expr": "sum(lifecycle_mgr_module_state{state=\"Processing\"})", - "hide": false, - "interval": "", - "legendFormat": "Processing", - "refId": "C" - }, - { - "exemplar": true, - "expr": "sum(lifecycle_mgr_module_state{state=\"Error\"})", - "hide": false, - "interval": "", - "legendFormat": "Error", - "refId": "D" - }, - { - "exemplar": true, - "expr": "sum(lifecycle_mgr_module_state{state=\"Warning\"})", - "hide": false, - "interval": "", - "legendFormat": "Warning", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Module State Total", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1055", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:1056", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 18, - "x": 0, - "y": 38 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.34", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "sum(lifecycle_mgr_mandatory_module_state{state=\"Ready\"})", - "interval": "", - "legendFormat": "Ready", - "refId": "A" - }, - { - "exemplar": true, - "expr": "sum(lifecycle_mgr_mandatory_module_state{state=\"Deleting\"})", - "hide": false, - "interval": "", - "legendFormat": "Deleting", - "refId": "B" - }, - { - "exemplar": true, - "expr": "sum(lifecycle_mgr_mandatory_module_state{state=\"Processing\"})", - "hide": false, - "interval": "", - "legendFormat": "Processing", - "refId": "C" - }, - { - "exemplar": true, - "expr": "sum(lifecycle_mgr_mandatory_module_state{state=\"Error\"})", - "hide": false, - "interval": "", - "legendFormat": "Error", - "refId": "D" - }, - { - "exemplar": true, - "expr": "sum(lifecycle_mgr_mandatory_module_state{state=\"Warning\"})", - "hide": false, - "interval": "", - "legendFormat": "Warning", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Mandatory Module State Total", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1055", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:1056", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": null, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 10, - "w": 6, - "x": 18, - "y": 38 - }, - "id": 8, - "options": { - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true, - "text": {} - }, - "pluginVersion": "7.5.34", - "targets": [ - { - "exemplar": true, - "expr": "sum(lifecycle_mgr_mandatory_modules)", - "interval": "", - "legendFormat": "", - "refId": "A" - } - ], - "title": "Mandatory Modules Count", - "type": "gauge" - } - ], - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-24h", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Lifecycle Manager Kyma Status", - "uid": "eniERxEVz", - "version": 1 - } -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - grafana_dashboard: "1" - name: klm-dashboard-status - namespace: kcp-system ---- -apiVersion: v1 -data: - watcher.json: | - { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "datasource": "VictoriaMetrics", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "red", - "value": null - }, - { - "color": "green", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 78, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "center", - "orientation": "vertical", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.33", - "targets": [ - { - "exemplar": true, - "expr": "count(group by (shoot) (runtime:apiserver:available))", - "format": "heatmap", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "SKR Count", - "refId": "SKR Count" - }, - { - "exemplar": true, - "expr": "count(group by (shoot) (kube_deployment_spec_replicas{deployment=\"skr-webhook\"})) / count(group by (shoot) (runtime:apiserver:available)) * 100", - "format": "heatmap", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "SKR's with SKR Watcher Deployment", - "refId": "SKR's with SKR Watcher Deployment" - }, - { - "exemplar": true, - "expr": "count(group by (shoot) (kube_deployment_spec_replicas{deployment=\"skr-webhook\"}))", - "format": "heatmap", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "SKR Watcher Deployment Count", - "refId": "SKR Watcher Deployment Count" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Usage", - "type": "stat" - }, - { - "datasource": "VictoriaMetrics", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "left", - "filterable": false - }, - "mappings": [ - { - "from": "", - "id": 1, - "text": "", - "to": "", - "type": 1, - "value": "" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "image" - }, - "properties": [ - { - "id": "custom.width", - "value": 100 - } - ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 13, - "x": 0, - "y": 8 - }, - "id": 80, - "options": { - "showHeader": true, - "sortBy": [] - }, - "pluginVersion": "7.5.33", - "targets": [ - { - "exemplar": true, - "expr": "count by (image) (group by (shoot, image) (kube_pod_container_info{namespace=\"kyma-system\",pod=~\"skr-webhook-.*\"}))", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "Shoots", - "refId": "Shoots" - } - ], - "title": "Images on Shoots", - "transformations": [ - { - "id": "organize", - "options": { - "excludeByName": { - "Time": true - }, - "indexByName": {}, - "renameByName": { - "Value": "Count", - "image": "Image" - } - } - } - ], - "type": "table" - }, - { - "datasource": "VictoriaMetrics", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 11, - "x": 13, - "y": 8 - }, - "id": 82, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "7.5.33", - "targets": [ - { - "exemplar": true, - "expr": "count(group by (shoot) (kube_deployment_status_replicas_unavailable{deployment=\"skr-webhook\"} == 1)) OR on() vector(0)", - "format": "heatmap", - "instant": true, - "interval": "", - "legendFormat": "Unready SKR Watcher Deployments", - "refId": "Unready SKR Watcher Deployments" - } - ], - "title": "Unready SKR Watcher Deployments", - "type": "stat" - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 16 - }, - "id": 50, - "panels": [], - "title": "Listener", - "type": "row" - }, - { - "datasource": null, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "bars", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "graph": false, - "legend": false, - "tooltip": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": true - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 17 - }, - "id": 48, - "options": { - "graph": {}, - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltipOptions": { - "mode": "single" - } - }, - "pluginVersion": "", - "targets": [ - { - "exemplar": true, - "expr": "rate(watcher_listener_requests_total[$__rate_interval])", - "instant": false, - "interval": "", - "legendFormat": "Pod: {{pod}}", - "refId": "A" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Requests per Minute", - "type": "timeseries" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "unit": "s" - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 26 - }, - "hiddenSeries": false, - "id": 52, - "legend": { - "avg": true, - "current": false, - "max": true, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null as zero", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.33", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "watcher_listener_request_duration", - "format": "time_series", - "instant": false, - "interval": "", - "legendFormat": "Pod: {{pod}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request Duration", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": null, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "#EAB839", - "value": 5 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 54, - "options": { - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true, - "text": {} - }, - "pluginVersion": "7.5.33", - "targets": [ - { - "exemplar": true, - "expr": "watcher_listener_inflight_requests", - "interval": "", - "legendFormat": "Pod: {{pod}}", - "refId": "A" - } - ], - "title": "Pending Requests", - "type": "gauge" - }, - { - "datasource": null, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "bars", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "graph": false, - "legend": false, - "tooltip": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": true - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "#EAB839", - "value": 5 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 35 - }, - "id": 56, - "options": { - "graph": {}, - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltipOptions": { - "mode": "single" - } - }, - "pluginVersion": "", - "targets": [ - { - "exemplar": true, - "expr": "rate(watcher_listener_request_errors_total[$__rate_interval])", - "interval": "", - "legendFormat": "Total Failed Requests", - "refId": "A" - }, - { - "exemplar": true, - "expr": "rate(watcher_listener_exceeding_size_limit_requests_total[$__rate_interval])", - "hide": false, - "interval": "", - "legendFormat": "Failed Requests due to Size Limit", - "refId": "B" - }, - { - "exemplar": true, - "expr": "rate(watcher_listener_failed_verification_requests_total[$__rate_interval])", - "hide": false, - "interval": "", - "legendFormat": "Failed Requests due to Verification Error", - "refId": "C" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Failed Requests per Minute", - "type": "timeseries" - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 43 - }, - "id": 68, - "panels": [], - "title": "SKR-Webhook", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "VictoriaMetrics", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 44 - }, - "hiddenSeries": false, - "id": 70, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.33", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "watcher_request_duration", - "interval": "", - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "AdmissionRequest Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "VictoriaMetrics", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 44 - }, - "hiddenSeries": false, - "id": 72, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.33", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "rate(watcher_admission_request_error_total)[5m]", - "interval": "", - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "AdmissionRequest Error Total", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "VictoriaMetrics", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 52 - }, - "hiddenSeries": false, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.33", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "rate(watcher_admission_request_total[5m])", - "interval": "", - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "AdmissionRequests Total", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "VictoriaMetrics", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 52 - }, - "hiddenSeries": false, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.33", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "rate(watcher_failed_kcp_total[5m])", - "interval": "", - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Failed KCP Requests Total", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "VictoriaMetrics", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 60 - }, - "hiddenSeries": false, - "id": 75, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.33", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "rate(watcher_kcp_requests_total[5m])", - "interval": "", - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "KCP Requests Total", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "VictoriaMetrics", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 60 - }, - "hiddenSeries": false, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.33", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "rate(watcher_admission_request_total[5m]) / rate(watcher_kcp_requests_total[5m])", - "interval": "", - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Requests Ratio", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "", - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-7d", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Lifecycle Manager Watcher Components", - "uid": "O3DERxEnk", - "version": 1 - } -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - grafana_dashboard: "1" - name: klm-dashboard-watcher - namespace: kcp-system ---- -apiVersion: v1 -data: - policy.json: | - { - "rules": [ - { - "match": { - "plan": "trial|free" - }, - "windows": [ - { - "days": [ - "Mon", - "Tue", - "Wed", - "Thu", - "Fri", - "Sat", - "Sun" - ], - "begin": "01:00:00+00:00", - "end": "01:00:00+00:00" - } - ] - }, - { - "match": { - "region": "europe|eu-|uksouth" - }, - "windows": [ - { - "days": [ - "Sat" - ], - "begin": "21:00:00+00:00", - "end": "00:00:00+00:00" - } - ] - }, - { - "match": { - "region": "asia|japan|australia|ap-" - }, - "windows": [ - { - "days": [ - "Sat" - ], - "begin": "14:00:00+00:00", - "end": "17:00:00+00:00" - } - ] - }, - { - "match": { - "region": "central│us|eastus|westus|brazilsouth|northamerica|southamerica|us-|ca-|sa-|na-" - }, - "windows": [ - { - "days": [ - "Sun" - ], - "begin": "14:00:00+00:00", - "end": "17:00:00+00:00" - } - ] - }, - { - "match": { - "region": "me" - }, - "windows": [ - { - "days": [ - "Fri" - ], - "begin": "17:00:00+00:00", - "end": "21:00:00+00:00" - } - ] - } - ], - "default": { - "days": [ - "Sat" - ], - "begin": "21:00:00+00:00", - "end": "23:00:00+00:00" - } - } -kind: ConfigMap -metadata: - name: maintenance-config - namespace: kcp-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: klm-controller-manager-events - namespace: kcp-system -spec: - ports: - - name: klm - port: 8082 - protocol: TCP - targetPort: 8082 - - name: kmm - port: 8083 - protocol: TCP - targetPort: 8083 - selector: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: lifecycle-manager.kyma-project.io - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: klm-controller-manager-metrics - namespace: kcp-system -spec: - ports: - - appProtocol: http - name: metrics - port: 8080 - protocol: TCP - targetPort: metrics - selector: - app.kubernetes.io/component: lifecycle-manager.kyma-project.io - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: klm-webhook-service - namespace: kcp-system -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 9443 - selector: - app.kubernetes.io/component: lifecycle-manager.kyma-project.io - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: lifecycle-manager.kyma-project.io - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: klm-controller-manager - namespace: kcp-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: lifecycle-manager.kyma-project.io - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - traffic.sidecar.istio.io/excludeInboundPorts: "9443" - labels: - app.kubernetes.io/component: lifecycle-manager.kyma-project.io - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - sidecar.istio.io/inject: "true" - spec: - containers: - - args: - - --leader-elect - - --enable-kcp-watcher - - --skr-watcher-path=/skr-webhook - - --skr-watcher-image-tag=1.1.10 - - --skr-watcher-image-registry=europe-docker.pkg.dev/kyma-project/prod - - --enable-domain-name-pinning=true - - --enable-webhooks=true - - --in-kcp-mode - - --rate-limiter-burst=2000 - - --rate-limiter-frequency=1000 - - --k8s-client-qps=1000 - - --k8s-client-burst=2000 - - --cache-sync-timeout=60m - - --failure-max-delay=30s - - --failure-base-delay=5s - - --is-kyma-managed - - --kyma-requeue-success-interval=20s - - --manifest-requeue-success-interval=5s - - --log-level=9 - - --additional-dns-names=localhost,127.0.0.1,host.k3d.internal - - --listener-port-overwrite=9443 - - --leader-election-lease-duration=20s - - --leader-election-renew-deadline=15s - - --leader-election-retry-period=3s - command: - - /manager - image: europe-docker.pkg.dev/kyma-project/prod/lifecycle-manager:latest - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - - containerPort: 8082 - name: listener - - containerPort: 8080 - name: metrics - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 400m - memory: 400Mi - requests: - cpu: 100m - memory: 100Mi - securityContext: - allowPrivilegeEscalation: false - volumeMounts: - - mountPath: /etc/maintenance-policy - name: maintenance-policy - readOnly: true - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - securityContext: - runAsNonRoot: true - serviceAccountName: klm-controller-manager - terminationGracePeriodSeconds: 10 - volumes: - - configMap: - name: maintenance-config - name: maintenance-policy - - name: cert - secret: - defaultMode: 420 - secretName: klm-controller-manager-webhook ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: klm-watcher-serving - namespace: istio-system -spec: - commonName: klm-watcher-selfsigned-ca - dnsNames: - - localhost - - host.k3d.internal - - skr.cluster.local - isCA: true - issuerRef: - group: cert-manager.io - kind: ClusterIssuer - name: klm-watcher-selfsigned - privateKey: - algorithm: RSA - rotationPolicy: Always - size: 4096 - secretName: klm-watcher - secretTemplate: - labels: - operator.kyma-project.io/managed-by: lifecycle-manager ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: klm-controller-manager-webhook-serving - namespace: kcp-system -spec: - dnsNames: - - klm-webhook-service.kcp-system.svc - - klm-webhook-service.kcp-system.svc.cluster.local - issuerRef: - kind: Issuer - name: klm-controller-manager-selfsigned - secretName: klm-controller-manager-webhook ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: klm-watcher-selfsigned - namespace: kcp-system -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - operator.kyma-project.io/managed-by: lifecycle-manager - operator.kyma-project.io/purpose: klm-watcher-cert-manager - name: klm-watcher-selfsigned - namespace: istio-system -spec: - ca: - secretName: klm-watcher ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: klm-controller-manager-selfsigned - namespace: kcp-system -spec: - selfSigned: {} ---- -apiVersion: networking.istio.io/v1beta1 -kind: Gateway -metadata: - annotations: - proxy.istio.io/config: '{"gatewayTopology" : { "forwardClientCertDetails": "SANITIZE_SET" - } }' - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - operator.kyma-project.io/watcher-gateway: default - name: klm-watcher - namespace: kcp-system -spec: - selector: - istio: ingressgateway - servers: - - hosts: - - host.k3d.internal - port: - name: https - number: 443 - protocol: HTTPS - tls: - credentialName: klm-istio-gateway - mode: MUTUAL ---- -apiVersion: operator.kyma-project.io/v1beta2 -kind: Watcher -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - operator.kyma-project.io/managed-by: lifecycle-manager - name: klm-watcher - namespace: kcp-system -spec: - field: spec - gateway: - selector: - matchLabels: - operator.kyma-project.io/watcher-gateway: default - labelsToWatch: - operator.kyma-project.io/watched-by: kyma - resourceToWatch: - group: operator.kyma-project.io - resource: kymas - version: '*' - serviceInfo: - name: klm-controller-manager-events - namespace: kcp-system - port: 8082 ---- -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: controller-manager - namespace: kcp-system -spec: - action: ALLOW - rules: - - to: - - operation: - paths: - - /metrics - - /v1* - - /convert* - - /mutate* - selector: - matchLabels: - app.kubernetes.io/component: lifecycle-manager.kyma-project.io ---- -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - labels: - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp - name: klm-controller-manager - namespace: kcp-system -spec: - action: ALLOW - rules: - - to: - - operation: - paths: - - /metrics - - /v1* - - /convert* - - /mutate* - selector: - matchLabels: - app.kubernetes.io/component: lifecycle-manager.kyma-project.io - app.kubernetes.io/created-by: argo-cd - app.kubernetes.io/instance: kcp-lifecycle-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: lifecycle-manager - app.kubernetes.io/part-of: kcp From bb99f2adcf135a67374a34c5ec32ef4b0c20ed3a Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Tue, 25 Feb 2025 08:58:05 +0100 Subject: [PATCH 16/26] fix kustomize --- config/control-plane/kustomization.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/config/control-plane/kustomization.yaml b/config/control-plane/kustomization.yaml index f7729af5ea..915be48adb 100644 --- a/config/control-plane/kustomization.yaml +++ b/config/control-plane/kustomization.yaml @@ -22,8 +22,7 @@ components: patches: - path: patches/deployment_resources.yaml - path: patches/unique_deployment_webhook_patch.yaml - - # Override certificate name to ensure a unique CM Cert when run with other kubebuilder operators - - path: patches/unique_certificate_name.yaml + - path: patches/unique_certificate_name.yaml # Override certificate name to ensure a unique CM Cert when run with other kubebuilder operators - target: kind: Deployment patch: |- From 3b000d1f5ef078f969bf1915b158ed3222a95042 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Tue, 25 Feb 2025 10:10:10 +0100 Subject: [PATCH 17/26] adapt e2e --- tests/e2e/rbac_privileges_test.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/e2e/rbac_privileges_test.go b/tests/e2e/rbac_privileges_test.go index 588d2d1a34..a10560b980 100644 --- a/tests/e2e/rbac_privileges_test.go +++ b/tests/e2e/rbac_privileges_test.go @@ -16,6 +16,7 @@ var _ = Describe("RBAC Privileges", func() { Expect(err).ToNot(HaveOccurred()) Expect(klmClusterRoleBindings.Items).To(HaveLen(1)) + By("And CRD ClusterRoleBinding has the correct PolicyRules") crdRoleRules := []apirbacv1.PolicyRule{ { APIGroups: []string{"apiextensions.k8s.io"}, @@ -35,7 +36,7 @@ var _ = Describe("RBAC Privileges", func() { kcpSystemKlmRoleBindings, err := ListKlmRoleBindings(kcpClient, ctx, "klm-controller-manager", "kcp-system") Expect(err).ToNot(HaveOccurred()) - Expect(kcpSystemKlmRoleBindings.Items).To(HaveLen(2)) + Expect(kcpSystemKlmRoleBindings.Items).To(HaveLen(3)) leaderElectionRoleRules := []apirbacv1.PolicyRule{ { @@ -171,6 +172,9 @@ var _ = Describe("RBAC Privileges", func() { }, } Expect(GetRoleBindingwithClusterRolePolicyRules(ctx, kcpClient, "klm-controller-manager", + kcpSystemKlmRoleBindings)).Error() + Expect(GetRoleBindingRolePolicyRules(ctx, kcpClient, "klm-controller-manager", + "kcp-system", kcpSystemKlmRoleBindings)).To(Equal(klmManagerRoleRules)) By("And KLM Service Account has the correct RoleBindings in istio-system namespace") From c4c473578ae61113f668a56f4b0345ba2c6306b8 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Tue, 25 Feb 2025 10:24:21 +0100 Subject: [PATCH 18/26] adapt e2e --- tests/e2e/commontestutils/rbac.go | 27 +++++++----------- tests/e2e/rbac_privileges_test.go | 46 +++++++++++++++++++------------ 2 files changed, 39 insertions(+), 34 deletions(-) diff --git a/tests/e2e/commontestutils/rbac.go b/tests/e2e/commontestutils/rbac.go index 2cec1f78d4..5eb39dfd0a 100644 --- a/tests/e2e/commontestutils/rbac.go +++ b/tests/e2e/commontestutils/rbac.go @@ -55,7 +55,7 @@ func ListKlmRoleBindings(clnt client.Client, ctx context.Context, return klmRoleBindings, nil } -func GetClusterRoleBindingPolicyRules(ctx context.Context, clnt client.Client, roleName string, +func GetClusterRolePolicyRules(ctx context.Context, clnt client.Client, roleName string, clusterRoleBindings apirbacv1.ClusterRoleBindingList, ) ([]apirbacv1.PolicyRule, error) { var policyRules []apirbacv1.PolicyRule @@ -71,22 +71,6 @@ func GetClusterRoleBindingPolicyRules(ctx context.Context, clnt client.Client, r return policyRules, nil } -func GetRoleBindingwithClusterRolePolicyRules(ctx context.Context, clnt client.Client, roleName string, - roleBindings apirbacv1.RoleBindingList, -) ([]apirbacv1.PolicyRule, error) { - var policyRules []apirbacv1.PolicyRule - for _, rb := range roleBindings.Items { - if rb.RoleRef.Name == roleName { - var err error - policyRules, err = getClusterRolePolicyRules(ctx, clnt, roleName) - if err != nil { - return nil, errFailedToFetchClusterRole - } - } - } - return policyRules, nil -} - func GetRoleBindingRolePolicyRules(ctx context.Context, clnt client.Client, roleName, namespace string, roleBindings apirbacv1.RoleBindingList, ) ([]apirbacv1.PolicyRule, error) { @@ -104,6 +88,15 @@ func GetRoleBindingRolePolicyRules(ctx context.Context, clnt client.Client, role return policyRules, nil } +func GetClusterRole(ctx context.Context, clnt client.Client, roleName string) (apirbacv1.ClusterRole, error) { + clusterRole := apirbacv1.ClusterRole{} + err := clnt.Get(ctx, client.ObjectKey{Name: roleName}, &clusterRole) + if err != nil { + return clusterRole, errFailedToFetchClusterRole + } + return clusterRole, nil +} + func getClusterRolePolicyRules(ctx context.Context, clnt client.Client, roleName string) ([]apirbacv1.PolicyRule, error, ) { diff --git a/tests/e2e/rbac_privileges_test.go b/tests/e2e/rbac_privileges_test.go index a10560b980..592f8ee872 100644 --- a/tests/e2e/rbac_privileges_test.go +++ b/tests/e2e/rbac_privileges_test.go @@ -11,12 +11,12 @@ import ( var _ = Describe("RBAC Privileges", func() { Context("Given KCP Cluster with KLM Service Account", func() { - It("Then KLM Service Account has the correct ClusterRoleBindings", func() { + It("Then KLM Service Account has the correct number of ClusterRoleBindings", func() { klmClusterRoleBindings, err := ListKlmClusterRoleBindings(kcpClient, ctx, "klm-controller-manager") Expect(err).ToNot(HaveOccurred()) Expect(klmClusterRoleBindings.Items).To(HaveLen(1)) - By("And CRD ClusterRoleBinding has the correct PolicyRules") + By("And CRD ClusterRole has the correct PolicyRules") crdRoleRules := []apirbacv1.PolicyRule{ { APIGroups: []string{"apiextensions.k8s.io"}, @@ -29,15 +29,17 @@ var _ = Describe("RBAC Privileges", func() { Verbs: []string{"update"}, }, } - Expect(GetClusterRoleBindingPolicyRules(ctx, kcpClient, "klm-controller-manager-crds", + Expect(GetClusterRolePolicyRules(ctx, kcpClient, "klm-controller-manager-crds", klmClusterRoleBindings)).To(Equal(crdRoleRules)) - By("And KLM Service Account has the correct RoleBindings in kcp-system namespace") + By("And KLM Service Account has the correct number of RoleBindings in kcp-system namespace") + expectedNumberOfRoleBindings := 3 kcpSystemKlmRoleBindings, err := ListKlmRoleBindings(kcpClient, ctx, "klm-controller-manager", "kcp-system") Expect(err).ToNot(HaveOccurred()) - Expect(kcpSystemKlmRoleBindings.Items).To(HaveLen(3)) + Expect(kcpSystemKlmRoleBindings.Items).To(HaveLen(expectedNumberOfRoleBindings)) + By("And leader-election Role has the correct PolicyRules") leaderElectionRoleRules := []apirbacv1.PolicyRule{ { APIGroups: []string{""}, @@ -55,10 +57,13 @@ var _ = Describe("RBAC Privileges", func() { Verbs: []string{"create", "patch"}, }, } - Expect(GetRoleBindingRolePolicyRules(ctx, kcpClient, "klm-controller-manager-leader-election", + Expect(GetRoleBindingRolePolicyRules(ctx, + kcpClient, + "klm-controller-manager-leader-election", "kcp-system", kcpSystemKlmRoleBindings)).To(Equal(leaderElectionRoleRules)) + By("And controller-manager Role has the correct PolicyRules") klmManagerRoleRules := []apirbacv1.PolicyRule{ { APIGroups: []string{""}, @@ -171,13 +176,22 @@ var _ = Describe("RBAC Privileges", func() { Verbs: []string{"get", "patch", "update"}, }, } - Expect(GetRoleBindingwithClusterRolePolicyRules(ctx, kcpClient, "klm-controller-manager", - kcpSystemKlmRoleBindings)).Error() - Expect(GetRoleBindingRolePolicyRules(ctx, kcpClient, "klm-controller-manager", + _, err = GetClusterRole(ctx, kcpClient, "klm-controller-manager") + Expect(err).To(HaveOccurred()) + + Expect(GetRoleBindingRolePolicyRules(ctx, + kcpClient, + "klm-controller-manager", "kcp-system", kcpSystemKlmRoleBindings)).To(Equal(klmManagerRoleRules)) - By("And KLM Service Account has the correct RoleBindings in istio-system namespace") + By("And KLM Service Account has the correct number of RoleBindings in istio-system namespace") + istioSystemKlmRoleBindings, err := ListKlmRoleBindings(kcpClient, ctx, "klm-controller-manager", + "istio-system") + Expect(err).ToNot(HaveOccurred()) + Expect(istioSystemKlmRoleBindings.Items).To(HaveLen(1)) + + By("And certmanager Role has the correct PolicyRules") istioNamespaceRoleRules := []apirbacv1.PolicyRule{ { APIGroups: []string{""}, @@ -195,14 +209,12 @@ var _ = Describe("RBAC Privileges", func() { Verbs: []string{"list", "watch"}, }, } - istioSystemKlmRoleBindings, err := ListKlmRoleBindings(kcpClient, ctx, "klm-controller-manager", - "istio-system") - Expect(err).ToNot(HaveOccurred()) - Expect(istioSystemKlmRoleBindings.Items).To(HaveLen(1)) - - Expect(GetRoleBindingRolePolicyRules(ctx, kcpClient, "klm-controller-manager-watcher-certmanager", + Expect(GetRoleBindingRolePolicyRules(ctx, + kcpClient, + "klm-controller-manager-certmanager", "istio-system", - istioSystemKlmRoleBindings)).To(Equal(istioNamespaceRoleRules)) + istioSystemKlmRoleBindings)). + To(Equal(istioNamespaceRoleRules)) }) }) }) From 2998cee86373c2ac570e852740cdd3a9d3e667fc Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Tue, 25 Feb 2025 12:16:13 +0100 Subject: [PATCH 19/26] adapt e2e --- tests/e2e/rbac_privileges_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/e2e/rbac_privileges_test.go b/tests/e2e/rbac_privileges_test.go index 592f8ee872..34bbc97dad 100644 --- a/tests/e2e/rbac_privileges_test.go +++ b/tests/e2e/rbac_privileges_test.go @@ -33,7 +33,7 @@ var _ = Describe("RBAC Privileges", func() { klmClusterRoleBindings)).To(Equal(crdRoleRules)) By("And KLM Service Account has the correct number of RoleBindings in kcp-system namespace") - expectedNumberOfRoleBindings := 3 + expectedNumberOfRoleBindings := 2 kcpSystemKlmRoleBindings, err := ListKlmRoleBindings(kcpClient, ctx, "klm-controller-manager", "kcp-system") Expect(err).ToNot(HaveOccurred()) @@ -178,7 +178,7 @@ var _ = Describe("RBAC Privileges", func() { } _, err = GetClusterRole(ctx, kcpClient, "klm-controller-manager") Expect(err).To(HaveOccurred()) - + Expect(GetRoleBindingRolePolicyRules(ctx, kcpClient, "klm-controller-manager", From 819c6b90437e1fca9ba5804f009d5e2bf364d144 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Tue, 25 Feb 2025 13:04:21 +0100 Subject: [PATCH 20/26] adapt e2e --- tests/e2e/rbac_privileges_test.go | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tests/e2e/rbac_privileges_test.go b/tests/e2e/rbac_privileges_test.go index 34bbc97dad..2739e86dda 100644 --- a/tests/e2e/rbac_privileges_test.go +++ b/tests/e2e/rbac_privileges_test.go @@ -85,16 +85,6 @@ var _ = Describe("RBAC Privileges", func() { Resources: []string{"services"}, Verbs: []string{"get", "list", "watch"}, }, - { - APIGroups: []string{"apiextensions.k8s.io"}, - Resources: []string{"customresourcedefinitions"}, - Verbs: []string{"get", "list", "watch"}, - }, - { - APIGroups: []string{"apiextensions.k8s.io"}, - Resources: []string{"customresourcedefinitions/status"}, - Verbs: []string{"update"}, - }, { APIGroups: []string{"cert-manager.io"}, Resources: []string{"certificates"}, From b7f3731b8886395ba298e50db2fdaa186db6c41a Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Tue, 25 Feb 2025 13:37:46 +0100 Subject: [PATCH 21/26] bump docker version to rid of warning --- versions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.yaml b/versions.yaml index 662cee015e..24de30c1a4 100644 --- a/versions.yaml +++ b/versions.yaml @@ -1,7 +1,7 @@ # defines the versions of the tools used in the project certManager: "1.17.1" controllerTools: "0.14.0" -docker: "27.4.0" +docker: "27.5.1" go: "1.23.6" golangciLint: "1.60.3" istio: "1.24.1" From 2a5e52658113c08578851f966dc354d69c7e9912 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Tue, 25 Feb 2025 14:36:38 +0100 Subject: [PATCH 22/26] remove moduletemplate create & delete verbs --- config/rbac/manager_role.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/config/rbac/manager_role.yaml b/config/rbac/manager_role.yaml index d123ab64fe..ca62f62472 100644 --- a/config/rbac/manager_role.yaml +++ b/config/rbac/manager_role.yaml @@ -149,8 +149,6 @@ rules: resources: - moduletemplates verbs: - - create - - delete - get - list - patch From 91ace3b41a6feb1c6c261ded33c9a0878fc9cfa4 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Tue, 25 Feb 2025 14:48:10 +0100 Subject: [PATCH 23/26] adapt e2e --- tests/e2e/rbac_privileges_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/e2e/rbac_privileges_test.go b/tests/e2e/rbac_privileges_test.go index 2739e86dda..cbfd89f933 100644 --- a/tests/e2e/rbac_privileges_test.go +++ b/tests/e2e/rbac_privileges_test.go @@ -143,7 +143,7 @@ var _ = Describe("RBAC Privileges", func() { { APIGroups: []string{"operator.kyma-project.io"}, Resources: []string{"moduletemplates"}, - Verbs: []string{"create", "delete", "get", "list", "patch", "update", "watch"}, + Verbs: []string{"get", "list", "patch", "update", "watch"}, }, { APIGroups: []string{"operator.kyma-project.io"}, From 7f915c703534aa0eb6a2690fb28b4287008ab676 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Thu, 27 Feb 2025 08:59:01 +0100 Subject: [PATCH 24/26] apply renamings --- PROJECT | 24 +++++++++---------- .../patches/unique_certificate_name.yaml | 2 +- config/default/kustomization.yaml | 2 +- .../{namespace_create.yaml => namespace.yaml} | 2 +- config/rbac/kustomization.yaml | 2 +- ...ertificate_setup.yaml => certificate.yaml} | 0 config/watcher/kustomization.yaml | 2 +- config/watcher_local_test/kustomization.yaml | 2 +- config/watcher_local_test/namespace.yaml | 4 ++++ config/watcher_local_test/namespaces.yaml | 10 -------- 10 files changed, 21 insertions(+), 29 deletions(-) rename config/default/{namespace_create.yaml => namespace.yaml} (68%) rename config/watcher/{certificate_setup.yaml => certificate.yaml} (100%) create mode 100644 config/watcher_local_test/namespace.yaml delete mode 100644 config/watcher_local_test/namespaces.yaml diff --git a/PROJECT b/PROJECT index 4b3755f680..25e67a803b 100644 --- a/PROJECT +++ b/PROJECT @@ -10,19 +10,6 @@ plugins: projectName: operator repo: github.com/kyma-project/lifecycle-manager resources: -- api: - crdVersion: v1 - namespaced: true - domain: kyma-project.io - group: operator - kind: Manifest - path: github.com/kyma-project/module-manager/api/v1beta1 - version: v1beta1 - webhooks: - conversion: true - defaulting: true - validation: true - webhookVersion: v1 - api: crdVersion: v1 namespaced: true @@ -107,4 +94,15 @@ resources: webhooks: conversion: true webhookVersion: v1 +- api: + crdVersion: v1 + namespaced: true + domain: kyma-project.io + group: operator + kind: ModuleReleaseMeta + path: github.com/kyma-project/lifecycle-manager/api/v1beta2 + version: v1beta2 + webhooks: + conversion: true + webhookVersion: v1 version: "3" diff --git a/config/control-plane/patches/unique_certificate_name.yaml b/config/control-plane/patches/unique_certificate_name.yaml index c9eb096306..08c73fb4f9 100644 --- a/config/control-plane/patches/unique_certificate_name.yaml +++ b/config/control-plane/patches/unique_certificate_name.yaml @@ -3,4 +3,4 @@ kind: Certificate metadata: name: controller-manager-webhook-serving # this name should match the one appeared in kustomizeconfig.yaml spec: - secretName: klm-controller-manager-webhook # secretName will not be prefixed, since it's not managed by kustomize \ No newline at end of file + secretName: klm-controller-manager-webhook # secretName will not be prefixed, since it's not managed by kustomize diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 13a236e04b..45f58ac3ba 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -13,7 +13,7 @@ patches: resources: - ../manager - ../certmanager - - namespace_create.yaml + - namespace.yaml components: - ../crd - ../rbac diff --git a/config/default/namespace_create.yaml b/config/default/namespace.yaml similarity index 68% rename from config/default/namespace_create.yaml rename to config/default/namespace.yaml index 38c7c7022c..a33da52528 100644 --- a/config/default/namespace_create.yaml +++ b/config/default/namespace.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: kcp-system \ No newline at end of file + name: kcp-system diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 1b5d54dc3c..63394c4b96 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -3,10 +3,10 @@ kind: Component resources: - service_account.yaml - manager_role.yaml + - manager_role_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml - crd_cluster_role.yaml - crd_cluster_role_binding.yaml - - manager_role_binding.yaml - certmanager_role.yaml - certmanager_role_binding.yaml diff --git a/config/watcher/certificate_setup.yaml b/config/watcher/certificate.yaml similarity index 100% rename from config/watcher/certificate_setup.yaml rename to config/watcher/certificate.yaml diff --git a/config/watcher/kustomization.yaml b/config/watcher/kustomization.yaml index 51ac34bdf8..5acb2daed5 100644 --- a/config/watcher/kustomization.yaml +++ b/config/watcher/kustomization.yaml @@ -3,7 +3,7 @@ kind: Component generatorOptions: disableNameSuffixHash: true resources: - - certificate_setup.yaml + - certificate.yaml - gateway.yaml - kyma_watcher.yaml patches: diff --git a/config/watcher_local_test/kustomization.yaml b/config/watcher_local_test/kustomization.yaml index 459a69ca57..bd53c5aa3f 100644 --- a/config/watcher_local_test/kustomization.yaml +++ b/config/watcher_local_test/kustomization.yaml @@ -7,7 +7,7 @@ kind: Kustomization generatorOptions: disableNameSuffixHash: true resources: - - namespaces.yaml + - namespace.yaml - ../control-plane components: - ../istio diff --git a/config/watcher_local_test/namespace.yaml b/config/watcher_local_test/namespace.yaml new file mode 100644 index 0000000000..a33da52528 --- /dev/null +++ b/config/watcher_local_test/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kcp-system diff --git a/config/watcher_local_test/namespaces.yaml b/config/watcher_local_test/namespaces.yaml deleted file mode 100644 index e9b6051e69..0000000000 --- a/config/watcher_local_test/namespaces.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: kcp-system ---- -apiVersion: v1 -kind: Namespace -metadata: - name: kyma-system From 3fef4e59ec5c316c1338c70a3f345b403a9dc6d7 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Thu, 27 Feb 2025 09:24:19 +0100 Subject: [PATCH 25/26] adapt policy rules for cm, watcher and kyma --- config/default/kustomization.yaml | 2 +- .../deployment_webhook.yaml} | 0 config/rbac/manager_role.yaml | 8 -------- 3 files changed, 1 insertion(+), 9 deletions(-) rename config/default/{manager_webhook_patch.yaml => patches/deployment_webhook.yaml} (100%) diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 45f58ac3ba..6b4f8d0091 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -9,7 +9,7 @@ commonLabels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/part-of: manual-deployment patches: - - path: manager_webhook_patch.yaml + - path: patches/deployment_webhook.yaml resources: - ../manager - ../certmanager diff --git a/config/default/manager_webhook_patch.yaml b/config/default/patches/deployment_webhook.yaml similarity index 100% rename from config/default/manager_webhook_patch.yaml rename to config/default/patches/deployment_webhook.yaml diff --git a/config/rbac/manager_role.yaml b/config/rbac/manager_role.yaml index ca62f62472..8ad0ad7d7d 100644 --- a/config/rbac/manager_role.yaml +++ b/config/rbac/manager_role.yaml @@ -10,12 +10,8 @@ rules: resources: - configmaps verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - "" @@ -88,8 +84,6 @@ rules: resources: - kymas verbs: - - create - - delete - get - list - patch @@ -165,8 +159,6 @@ rules: resources: - watchers verbs: - - create - - delete - get - list - patch From 1c6245ffdea16dddc98c7584d62388a25fc5cb84 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner Date: Thu, 27 Feb 2025 10:32:02 +0100 Subject: [PATCH 26/26] adapt e2e --- tests/e2e/rbac_privileges_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/e2e/rbac_privileges_test.go b/tests/e2e/rbac_privileges_test.go index cbfd89f933..3357558e2d 100644 --- a/tests/e2e/rbac_privileges_test.go +++ b/tests/e2e/rbac_privileges_test.go @@ -68,7 +68,7 @@ var _ = Describe("RBAC Privileges", func() { { APIGroups: []string{""}, Resources: []string{"configmaps"}, - Verbs: []string{"create", "delete", "get", "list", "patch", "update", "watch"}, + Verbs: []string{"get", "list", "watch"}, }, { APIGroups: []string{""}, @@ -108,7 +108,7 @@ var _ = Describe("RBAC Privileges", func() { { APIGroups: []string{"operator.kyma-project.io"}, Resources: []string{"kymas"}, - Verbs: []string{"create", "delete", "get", "list", "patch", "update", "watch"}, + Verbs: []string{"get", "list", "patch", "update", "watch"}, }, { APIGroups: []string{"operator.kyma-project.io"}, @@ -153,7 +153,7 @@ var _ = Describe("RBAC Privileges", func() { { APIGroups: []string{"operator.kyma-project.io"}, Resources: []string{"watchers"}, - Verbs: []string{"create", "delete", "get", "list", "patch", "update", "watch"}, + Verbs: []string{"get", "list", "patch", "update", "watch"}, }, { APIGroups: []string{"operator.kyma-project.io"},