├── .github ├── dco.yml └── workflows │ └── release.yaml ├── .gitignore ├── LICENSE ├── README.md ├── config ├── all-in-one │ ├── Chart.yaml │ ├── templates │ │ ├── aimanager.yaml │ │ ├── argocd.yaml │ │ ├── cluster-operator-fyre.yaml │ │ ├── clusters-fyre.yaml │ │ ├── cp-shared.yaml │ │ ├── cp4waiops-config.yaml │ │ ├── cp4waiops-custom.yaml │ │ ├── eventmanager.yaml │ │ ├── humio.yaml │ │ ├── istio.yaml │ │ ├── resource-locker.yaml │ │ ├── robot-shop.yaml │ │ └── rook-ceph.yaml │ └── values.yaml ├── argocd │ ├── kubernetes │ │ └── argocd-cm.yaml │ └── openshift │ │ ├── argocd-rbac.yaml │ │ └── argocd.yaml ├── ceph │ ├── Chart.yaml │ ├── templates │ │ ├── cluster.yaml │ │ ├── common.yaml │ │ ├── crds.yaml │ │ ├── filesystem.yaml │ │ ├── operator-openshift.yaml │ │ ├── storageclass-test.yaml │ │ └── storageclass.yaml │ └── values.yaml ├── clusters │ └── fyre │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── ocp-plus.yaml │ │ ├── qb-large.yaml │ │ └── secret.yaml │ │ └── values.yaml ├── cp-shared │ └── operators │ │ ├── Chart.yaml │ │ ├── templates │ │ └── 060-catalogsource.yaml │ │ └── values.yaml ├── cp4waiops-custom │ ├── Chart.yaml │ ├── templates │ │ ├── custom-size.yaml │ │ ├── image-pull-secrets.yaml │ │ ├── resource-locker-rbac.yaml │ │ ├── x-small-idle.yaml │ │ └── x-small.yaml │ ├── values.x-small-custom.yaml │ └── values.yaml └── cp4waiops │ ├── install-aimgr │ ├── Chart.yaml │ ├── templates │ │ ├── resources │ │ │ ├── 030-global-image-pull-secret.yaml │ │ │ ├── 075-redis-locker.yaml │ │ │ └── 080-installation.yaml │ │ └── subscriptions │ │ │ ├── 000-010-check-prereqs-job.yaml │ │ │ ├── 020-argocd-admin.yaml │ │ │ ├── 020-namespace.yaml │ │ │ ├── 050-policy.yaml │ │ │ ├── 070-operatorgroup.yaml │ │ │ └── 080-subscription.yaml │ └── values.yaml │ └── install-emgr │ ├── Chart.yaml │ ├── templates │ ├── resources │ │ ├── 030-global-image-pull-secret.yaml │ │ └── 070-noi-eventmanager.yaml │ └── subscriptions │ │ ├── 000-010-check-prereqs-job.yaml │ │ ├── 020-argocd-admin.yaml │ │ ├── 021-noi-ns.yaml │ │ ├── 022-crt-noi-serviceaccount.yaml │ │ ├── 040-policy.yaml │ │ ├── 050-noi-catalogsource.yaml │ │ ├── 060-noi-operatorgroup.yaml │ │ └── 061-noi-subscription.yaml │ └── values.yaml └── mkdocs.yml /.github/dco.yml: -------------------------------------------------------------------------------- 1 | # This enables DCO bot for you, please take a look https://github.com/probot/dco 2 | # for more details. 3 | require: 4 | members: false 5 | -------------------------------------------------------------------------------- /.github/workflows/release.yaml: -------------------------------------------------------------------------------- 1 | name: Release Charts 2 | 3 | on: 4 | push: 5 | branches: 6 | - release-3.5 7 | paths: 8 | - 'config/cp4waiops/**' 9 | - 'config/cp-shared/**' 10 | 11 | workflow_dispatch: 12 | 13 | jobs: 14 | release: 15 | runs-on: ubuntu-latest 16 | steps: 17 | - name: Checkout 18 | uses: actions/checkout@v2.4.0 19 | with: 20 | fetch-depth: 0 21 | 22 | - name: Configure Git 23 | run: | 24 | git config user.name "$GITHUB_ACTOR" 25 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 26 | 27 | - name: Run AI Manager chart-releaser for CP4WAIOps 3.5 28 | uses: helm/chart-releaser-action@v1.3.0 29 | with: 30 | version: v1.3.0 31 | charts_dir: 'config/cp4waiops' 32 | env: 33 | CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}' 34 | 35 | - name: Run Shared Components chart-releaser for CP4WAIOps 3.5 36 | uses: helm/chart-releaser-action@v1.3.0 37 | with: 38 | version: v1.3.0 39 | charts_dir: 'config/cp-shared' 40 | env: 41 | CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}' 42 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Binaries for programs and plugins 2 | *.exe 3 | *.exe~ 4 | *.dll 5 | *.so 6 | *.dylib 7 | .DS_Store 8 | 9 | # Test binary, built with `go test -c` 10 | *.test 11 | 12 | # Output of the go coverage tool, specifically when used with LiteIDE 13 | *.out 14 | 15 | # Dependency directories (remove the comment below to include it) 16 | # vendor/ 17 | 18 | # Site docs 19 | site/ 20 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* 4 | 5 | - [Deploy Cloud Pak for Watson AIOps using GitOps](#deploy-cloud-pak-for-watson-aiops-using-gitops) 6 | - [Install CP4WAIOps using GitOps](#install-cp4waiops-using-gitops) 7 | - [More Install Options for CP4WAIOps using GitOps](#more-install-options-for-cp4waiops-using-gitops) 8 | 9 | 10 | 11 | # Deploy Cloud Pak for Watson AIOps using GitOps 12 | 13 | This repository is about using OpenShift GitOps to deployCloud Pak for Watson AIOps(CP4WAIOps) on Red Hat OpenShift Cluster. Refer to our [gitops webpage](https://ibm.github.io/cp4waiops-gitops/docs/) to check detailed document and start your toturial with gitops. 14 | 15 | ## Install CP4WAIOps using GitOps 16 | 17 | Please refer to the following documents and decide how you want to deploy CP4WAIOps: 18 | 19 | - [Install CP4WAIOps using GitOps](https://github.com/IBM/cp4waiops-gitops/blob/docs/docs) 20 | 21 | ## More Install Options for CP4WAIOps using GitOps 22 | 23 | There are some advanced configuration available for CP4WAIOps to support more install scenarios. Also, as a customer, you may want to fork this repository to customize it that meets your specific needs. For more details, please refer to [Customize CP4WAIOps Install](https://github.com/IBM/cp4waiops-gitops/blob/docs/docs/cp4waiops-custom-install.md). 24 | -------------------------------------------------------------------------------- /config/all-in-one/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | name: cp4waiops-aio 4 | description: CP4WAIOps All In One Instance 5 | 6 | # A chart can be either an 'application' or a 'library' chart. 7 | # 8 | # Application charts are a collection of templates that can be packaged into versioned archives 9 | # to be deployed. 10 | # 11 | # Library charts provide useful utilities or functions for the chart developer. They're included as 12 | # a dependency of application charts to inject those utilities and functions into the rendering 13 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 14 | type: application 15 | 16 | # This is the chart version. This version number should be incremented each time you make changes 17 | # to the chart and its templates, including the app version. 18 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 19 | version: 3.6.0 20 | 21 | # This is the version number of the application being deployed. This version number should be 22 | # incremented each time you make changes to the application. Versions are not expected to 23 | # follow Semantic Versioning. They should reflect the version the application is using. 24 | appVersion: "3.6" 25 | -------------------------------------------------------------------------------- /config/all-in-one/templates/aimanager.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cp4waiops.aiManager.enabled }} 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: ApplicationSet 4 | metadata: 5 | name: cp4waiops-aimanagers 6 | spec: 7 | generators: 8 | {{- if .Values.argocd.allowLocalDeploy }} 9 | - clusters: {} 10 | {{- else }} 11 | - clusters: 12 | selector: 13 | matchLabels: 14 | argocd.argoproj.io/secret-type: cluster 15 | {{- end }} 16 | template: 17 | metadata: 18 | name: '{{ `{{name}}-cp4waiops-aimanager` }}' 19 | annotations: 20 | argocd.argoproj.io/sync-wave: "200" 21 | spec: 22 | destination: 23 | namespace: '{{ .Values.cp4waiops.aiManager.namespace }}' 24 | server: '{{ `{{server}}` }}' 25 | project: default 26 | source: 27 | path: "config/cp4waiops/install-aimgr" 28 | repoURL: {{ default "https://github.com/IBM/cp4waiops-gitops" .Values.cp4waiops.repoURL }} 29 | targetRevision: {{ default "release-3.6" .Values.cp4waiops.targetRevision }} 30 | helm: 31 | parameters: 32 | - name: spec.aiManager.instanceName 33 | value: '{{ .Values.cp4waiops.aiManager.instanceName }}' 34 | - name: spec.aiManager.namespace 35 | value: '{{ .Values.cp4waiops.aiManager.namespace }}' 36 | {{- if hasPrefix "x-small" .Values.cp4waiops.profile }} 37 | - name: spec.aiManager.size 38 | value: 'small' 39 | {{- else }} 40 | - name: spec.aiManager.size 41 | value: '{{ .Values.cp4waiops.profile }}' 42 | {{- end }} 43 | {{- if .Values.cp4waiops.imageCatalog }} 44 | - name: spec.imageCatalog 45 | value: '{{ .Values.cp4waiops.imageCatalog }}' 46 | {{- end }} 47 | {{- if .Values.cp4waiops.aiManager.channel }} 48 | - name: spec.aiManager.channel 49 | value: '{{ .Values.cp4waiops.aiManager.channel }}' 50 | {{- end }} 51 | {{- if .Values.cp4waiops.isSNO}} 52 | - name: spec.isSNO 53 | value: '{{ .Values.cp4waiops.isSNO }}' 54 | {{- end }} 55 | {{- if .Values.cp4waiops.storageClass }} 56 | - name: spec.storageClass 57 | value: '{{ .Values.cp4waiops.storageClass }}' 58 | {{- end }} 59 | {{- if .Values.cp4waiops.storageClassLargeBlock }} 60 | - name: spec.storageClassLargeBlock 61 | value: '{{ .Values.cp4waiops.storageClassLargeBlock }}' 62 | {{- end }} 63 | {{- if .Values.globalImagePullSecrets }} 64 | {{- range $idx, $cfg := .Values.globalImagePullSecrets }} 65 | {{- range $key, $val := $cfg }} 66 | - name: globalImagePullSecrets[{{ $idx }}].{{ $key }} 67 | value: '{{ $val }}' 68 | {{- end }} 69 | {{- end }} 70 | {{- end }} 71 | ignoreDifferences: 72 | - group: orchestrator.aiops.ibm.com 73 | jsonPointers: 74 | - /spec/pakModules 75 | kind: Installation 76 | - group: apiextensions.k8s.io 77 | jsonPointers: 78 | - /metadata/generation 79 | kind: CustomResourceDefinition 80 | syncPolicy: 81 | automated: 82 | prune: true 83 | selfHeal: true 84 | syncOptions: 85 | - CreateNamespace=true 86 | {{- end }} 87 | -------------------------------------------------------------------------------- /config/all-in-one/templates/argocd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: argocd-custom 5 | annotations: 6 | argocd.argoproj.io/sync-wave: "-1" 7 | spec: 8 | destination: 9 | {{- if .Values.argocd.namespace }} 10 | namespace: {{ .Values.argocd.namespace }} 11 | {{- else if eq .Values.argocd.cluster "kubernetes" }} 12 | namespace: argocd 13 | {{- else if eq .Values.argocd.cluster "openshift" }} 14 | namespace: openshift-gitops 15 | {{- end }} 16 | server: 'https://kubernetes.default.svc' 17 | project: default 18 | source: 19 | path: config/argocd/{{ .Values.argocd.cluster }} 20 | repoURL: https://github.com/IBM/cp4waiops-gitops 21 | targetRevision: release-3.6 22 | syncPolicy: 23 | automated: 24 | prune: true 25 | selfHeal: true 26 | -------------------------------------------------------------------------------- /config/all-in-one/templates/cluster-operator-fyre.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cluster }} 2 | {{- if and .Values.cluster.enabled (eq .Values.cluster.provider.type "fyre") }} 3 | apiVersion: argoproj.io/v1alpha1 4 | kind: Application 5 | metadata: 6 | name: cluster-operator-fyre 7 | annotations: 8 | argocd.argoproj.io/sync-wave: "-1" 9 | spec: 10 | destination: 11 | {{- if .Values.argocd.namespace }} 12 | namespace: {{ .Values.argocd.namespace }} 13 | {{- else if eq .Values.argocd.cluster "kubernetes" }} 14 | namespace: argocd 15 | {{- else if eq .Values.argocd.cluster "openshift" }} 16 | namespace: openshift-gitops 17 | {{- end }} 18 | server: 'https://kubernetes.default.svc' 19 | project: default 20 | source: 21 | path: gitops-charts/cluster-operator-fyre 22 | repoURL: https://github.com/IBM/sample-app-gitops 23 | targetRevision: HEAD 24 | syncPolicy: 25 | automated: 26 | prune: true 27 | selfHeal: true 28 | {{- end }} 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /config/all-in-one/templates/clusters-fyre.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cluster }} 2 | {{- if and .Values.cluster.enabled (eq .Values.cluster.provider.type "fyre") }} 3 | apiVersion: argoproj.io/v1alpha1 4 | kind: Application 5 | metadata: 6 | name: {{ .Values.cluster.provider.credentials.user }}-clusters-fyre 7 | annotations: 8 | argocd.argoproj.io/sync-wave: "0" 9 | spec: 10 | destination: 11 | {{- if .Values.argocd.namespace }} 12 | namespace: {{ .Values.argocd.namespace }} 13 | {{- else if eq .Values.argocd.cluster "kubernetes" }} 14 | namespace: argocd 15 | {{- else if eq .Values.argocd.cluster "openshift" }} 16 | namespace: openshift-gitops 17 | {{- end }} 18 | server: 'https://kubernetes.default.svc' 19 | project: default 20 | source: 21 | path: config/clusters/fyre 22 | repoURL: {{ default "https://github.com/IBM/cp4waiops-gitops" .Values.cp4waiops.repoURL }} 23 | targetRevision: {{ default "release-3.6" .Values.cp4waiops.targetRevision }} 24 | helm: 25 | parameters: 26 | - name: provider.fyre.credentials.user 27 | value: '{{ .Values.cluster.provider.credentials.user }}' 28 | - name: provider.fyre.credentials.token 29 | value: '{{ .Values.cluster.provider.credentials.token }}' 30 | - name: provider.fyre.credentials.productGroupId 31 | value: '{{ .Values.cluster.provider.credentials.productGroupId }}' 32 | - name: provider.fyre.quotaType 33 | value: '{{ .Values.cluster.provider.quotaType }}' 34 | {{- if .Values.cluster.provider.site }} 35 | - name: provider.fyre.site 36 | value: '{{ .Values.cluster.provider.site }}' 37 | {{- end }} 38 | {{- if .Values.cluster.provider.ocpVersion }} 39 | - name: provider.fyre.ocpVersion 40 | value: '{{ .Values.cluster.provider.ocpVersion }}' 41 | {{- end }} 42 | {{- if .Values.cluster.provider.workerFlavor }} 43 | - name: provider.fyre.workerFlavor 44 | value: '{{ .Values.cluster.provider.workerFlavor }}' 45 | {{- end }} 46 | - name: argocd.namespace 47 | {{- if .Values.argocd.namespace }} 48 | value: {{ .Values.argocd.namespace }} 49 | {{- else if eq .Values.argocd.cluster "kubernetes" }} 50 | value: argocd 51 | {{- else if eq .Values.argocd.cluster "openshift" }} 52 | value: openshift-gitops 53 | {{- end }} 54 | syncPolicy: 55 | automated: 56 | prune: true 57 | selfHeal: true 58 | {{- end }} 59 | {{- end }} 60 | -------------------------------------------------------------------------------- /config/all-in-one/templates/cp-shared.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: ApplicationSet 3 | metadata: 4 | name: cp-shared 5 | spec: 6 | generators: 7 | {{- if .Values.argocd.allowLocalDeploy }} 8 | - clusters: {} 9 | {{- else }} 10 | - clusters: 11 | selector: 12 | matchLabels: 13 | argocd.argoproj.io/secret-type: cluster 14 | {{- end }} 15 | template: 16 | metadata: 17 | name: '{{ `{{name}}-cp-shared` }}' 18 | annotations: 19 | argocd.argoproj.io/sync-wave: "110" 20 | spec: 21 | destination: 22 | namespace: openshift-marketplace 23 | server: 'https://kubernetes.default.svc' 24 | project: default 25 | source: 26 | path: config/cp-shared/operators 27 | repoURL: {{ default "https://github.com/IBM/cp4waiops-gitops" .Values.cp4waiops.repoURL }} 28 | targetRevision: {{ default "release-3.6" .Values.cp4waiops.targetRevision }} 29 | helm: 30 | parameters: 31 | {{- if .Values.cp4waiops.imageCatalog }} 32 | - name: spec.imageCatalog 33 | value: '{{ .Values.cp4waiops.imageCatalog }}' 34 | {{- end }} 35 | syncPolicy: 36 | automated: 37 | prune: true 38 | selfHeal: true 39 | -------------------------------------------------------------------------------- /config/all-in-one/templates/cp4waiops-config.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cp4waiops.setup }} 2 | {{- if .Values.cp4waiops.setup.enabled }} 3 | apiVersion: argoproj.io/v1alpha1 4 | kind: ApplicationSet 5 | metadata: 6 | name: cp4waiops-config 7 | spec: 8 | generators: 9 | {{- if .Values.argocd.allowLocalDeploy }} 10 | - clusters: {} 11 | {{- else }} 12 | - clusters: 13 | selector: 14 | matchLabels: 15 | argocd.argoproj.io/secret-type: cluster 16 | {{- end }} 17 | template: 18 | metadata: 19 | name: '{{ `{{name}}-cp4waiops-config` }}' 20 | annotations: 21 | argocd.argoproj.io/sync-wave: "300" 22 | spec: 23 | destination: 24 | namespace: '{{ .Values.cp4waiops.aiManager.namespace }}' 25 | server: '{{ `{{server}}` }}' 26 | project: default 27 | source: 28 | path: gitops-charts/aiops-config-operator 29 | repoURL: https://github.com/IBM/sample-app-gitops 30 | targetRevision: HEAD 31 | helm: 32 | parameters: 33 | - name: 'humio.enabled' 34 | {{- if .Values.cp4waiops.setup.humio }} 35 | value: {{ hasKey .Values.cp4waiops.setup.humio "enabled" | ternary .Values.cp4waiops.setup.humio.enabled true }} 36 | {{- else }} 37 | value: true 38 | {{- end }} 39 | - name: 'kafka.enabled' 40 | {{- if .Values.cp4waiops.setup.kafka }} 41 | value: {{ hasKey .Values.cp4waiops.setup.kafka "enabled" | ternary .Values.cp4waiops.setup.kafka.enabled true }} 42 | {{- else }} 43 | value: true 44 | {{- end }} 45 | - name: 'kube.enabled' 46 | {{- if .Values.cp4waiops.setup.kubernetes }} 47 | value: {{ hasKey .Values.cp4waiops.setup.kubernetes "enabled" | ternary .Values.cp4waiops.setup.kubernetes.enabled true }} 48 | {{- else }} 49 | value: true 50 | {{- end }} 51 | syncPolicy: 52 | automated: 53 | prune: true 54 | selfHeal: true 55 | syncOptions: 56 | - Validate=false 57 | - SkipDryRunOnMissingResource=true 58 | - FailOnSharedResource=true 59 | - CreateNamespace=true 60 | {{- end }} 61 | {{- end }} 62 | -------------------------------------------------------------------------------- /config/all-in-one/templates/cp4waiops-custom.yaml: -------------------------------------------------------------------------------- 1 | {{- if hasPrefix "x-small" .Values.cp4waiops.profile }} 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: ApplicationSet 4 | metadata: 5 | name: cp4waiops-custom 6 | spec: 7 | generators: 8 | {{- if .Values.argocd.allowLocalDeploy }} 9 | - clusters: {} 10 | {{- else }} 11 | - clusters: 12 | selector: 13 | matchLabels: 14 | argocd.argoproj.io/secret-type: cluster 15 | {{- end }} 16 | template: 17 | metadata: 18 | name: '{{ `{{name}}-cp4waiops-custom` }}' 19 | annotations: 20 | argocd.argoproj.io/sync-wave: "200" 21 | spec: 22 | destination: 23 | namespace: '{{ .Values.cp4waiops.aiManager.namespace }}' 24 | server: '{{ `{{server}}` }}' 25 | project: default 26 | source: 27 | path: config/cp4waiops-custom 28 | repoURL: {{ default "https://github.com/IBM/cp4waiops-gitops" .Values.cp4waiops.repoURL }} 29 | targetRevision: {{ default "release-3.6" .Values.cp4waiops.targetRevision }} 30 | helm: 31 | valueFiles: 32 | - values.yaml 33 | {{- if eq .Values.cp4waiops.profile "x-small-custom" }} 34 | - values.x-small.yaml 35 | {{- end }} 36 | parameters: 37 | - name: 'aiManager.instanceName' 38 | value: '{{ .Values.cp4waiops.aiManager.instanceName }}' 39 | - name: 'aiManager.namespace' 40 | value: '{{ .Values.cp4waiops.aiManager.namespace }}' 41 | - name: 'profile' 42 | value: '{{ .Values.cp4waiops.profile }}' 43 | syncPolicy: 44 | automated: 45 | prune: true 46 | selfHeal: true 47 | syncOptions: 48 | - Validate=false 49 | - SkipDryRunOnMissingResource=true 50 | - FailOnSharedResource=true 51 | - CreateNamespace=true 52 | {{- end }} 53 | -------------------------------------------------------------------------------- /config/all-in-one/templates/eventmanager.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cp4waiops.eventManager.enabled }} 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: ApplicationSet 4 | metadata: 5 | name: cp4waiops-eventmanagers 6 | spec: 7 | generators: 8 | {{- if .Values.argocd.allowLocalDeploy }} 9 | - clusters: {} 10 | {{- else }} 11 | - clusters: 12 | selector: 13 | matchLabels: 14 | argocd.argoproj.io/secret-type: cluster 15 | {{- end }} 16 | template: 17 | metadata: 18 | name: '{{ `{{name}}-cp4waiops-eventmanager` }}' 19 | annotations: 20 | argocd.argoproj.io/sync-wave: "200" 21 | spec: 22 | destination: 23 | namespace: '{{ .Values.cp4waiops.eventManager.namespace }}' 24 | server: '{{ `{{server}}` }}' 25 | project: default 26 | source: 27 | path: "config/cp4waiops/install-emgr" 28 | repoURL: {{ default "https://github.com/IBM/cp4waiops-gitops" .Values.cp4waiops.repoURL }} 29 | targetRevision: {{ default "release-3.6" .Values.cp4waiops.targetRevision }} 30 | helm: 31 | parameters: 32 | - name: spec.eventManager.namespace 33 | value: '{{ .Values.cp4waiops.eventManager.namespace }}' 34 | - name: spec.eventManager.clusterDomain 35 | value: '{{ .Values.cp4waiops.eventManager.clusterDomain }}' 36 | {{- if .Values.cp4waiops.eventManager.version }} 37 | - name: spec.eventManager.version 38 | value: '{{ .Values.cp4waiops.eventManager.version }}' 39 | {{- end }} 40 | {{- if .Values.cp4waiops.eventManager.channel }} 41 | - name: spec.eventManager.channel 42 | value: '{{ .Values.cp4waiops.eventManager.channel }}' 43 | {{- end }} 44 | {{- if .Values.cp4waiops.eventManager.deploymentType }} 45 | - name: spec.eventManager.deploymentType 46 | value: '{{ .Values.cp4waiops.eventManager.deploymentType }}' 47 | {{- end }} 48 | {{- if .Values.cp4waiops.eventManager.imageCatalog }} 49 | - name: spec.imageCatalog 50 | value: '{{ .Values.cp4waiops.eventManager.imageCatalog }}' 51 | {{- end }} 52 | {{- if .Values.cp4waiops.storageClass }} 53 | - name: spec.storageClass 54 | value: '{{ .Values.cp4waiops.storageClass }}' 55 | {{- end }} 56 | {{- if .Values.cp4waiops.storageClassLargeBlock }} 57 | - name: spec.storageClassLargeBlock 58 | value: '{{ .Values.cp4waiops.storageClassLargeBlock }}' 59 | {{- end }} 60 | {{- if .Values.globalImagePullSecrets }} 61 | {{- range $idx, $cfg := .Values.globalImagePullSecrets }} 62 | {{- range $key, $val := $cfg }} 63 | - name: globalImagePullSecrets[{{ $idx }}].{{ $key }} 64 | value: '{{ $val }}' 65 | {{- end }} 66 | {{- end }} 67 | {{- end }} 68 | ignoreDifferences: 69 | - group: noi.ibm.com/v1beta1 70 | jsonPointers: 71 | - /spec 72 | kind: NOI 73 | - group: v1 74 | jsonPointers: 75 | - /imagePullSecrets 76 | kind: ServiceAccount 77 | syncPolicy: 78 | automated: 79 | prune: true 80 | selfHeal: true 81 | syncOptions: 82 | - CreateNamespace=true 83 | {{- end }} 84 | -------------------------------------------------------------------------------- /config/all-in-one/templates/humio.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.humio }} 2 | {{- if .Values.humio.enabled }} 3 | apiVersion: argoproj.io/v1alpha1 4 | kind: ApplicationSet 5 | metadata: 6 | name: humio-loggings 7 | spec: 8 | generators: 9 | {{- if .Values.argocd.allowLocalDeploy }} 10 | - clusters: {} 11 | {{- else }} 12 | - clusters: 13 | selector: 14 | matchLabels: 15 | argocd.argoproj.io/secret-type: cluster 16 | {{- end }} 17 | template: 18 | metadata: 19 | name: '{{ `{{name}}-humio-logging` }}' 20 | annotations: 21 | argocd.argoproj.io/sync-wave: "200" 22 | spec: 23 | destination: 24 | namespace: humio-logging 25 | server: '{{ `{{server}}` }}' 26 | project: default 27 | source: 28 | path: gitops-charts/humio-helm-charts 29 | repoURL: https://github.com/IBM/sample-app-gitops 30 | targetRevision: HEAD 31 | helm: 32 | parameters: 33 | - name: humio-core.openshift.host 34 | value: 'true' 35 | - name: humio-fluentbit.humioReleaseName 36 | value: '{{ `{{name}}-humio-logging` }}' 37 | syncPolicy: 38 | automated: 39 | prune: true 40 | selfHeal: true 41 | syncOptions: 42 | - Validate=false 43 | - CreateNamespace=true 44 | - SkipDryRunOnMissingResource=true 45 | {{- end }} 46 | {{- end }} 47 | -------------------------------------------------------------------------------- /config/all-in-one/templates/istio.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.istio }} 2 | {{- if .Values.istio.enabled }} 3 | apiVersion: argoproj.io/v1alpha1 4 | kind: ApplicationSet 5 | metadata: 6 | name: istios 7 | spec: 8 | generators: 9 | {{- if .Values.argocd.allowLocalDeploy }} 10 | - clusters: {} 11 | {{- else }} 12 | - clusters: 13 | selector: 14 | matchLabels: 15 | argocd.argoproj.io/secret-type: cluster 16 | {{- end }} 17 | template: 18 | metadata: 19 | name: '{{ `{{name}}-istio` }}' 20 | annotations: 21 | argocd.argoproj.io/sync-wave: "200" 22 | spec: 23 | destination: 24 | namespace: istio-system 25 | server: '{{ `{{server}}` }}' 26 | project: default 27 | source: 28 | path: gitops-charts/istio 29 | repoURL: https://github.com/IBM/sample-app-gitops 30 | targetRevision: HEAD 31 | syncPolicy: 32 | automated: 33 | prune: true 34 | selfHeal: true 35 | syncOptions: 36 | - Validate=false 37 | - SkipDryRunOnMissingResource=true 38 | - FailOnSharedResource=true 39 | - CreateNamespace=true 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /config/all-in-one/templates/resource-locker.yaml: -------------------------------------------------------------------------------- 1 | {{- $resource_locker_enabled := false -}} 2 | 3 | {{- if .Values.robotshop }} 4 | {{- if .Values.robotshop.enabled }} 5 | {{- $resource_locker_enabled = true -}} 6 | {{- end }} 7 | {{- end }} 8 | 9 | {{- if .Values.humio }} 10 | {{- if .Values.humio.enabled }} 11 | {{- $resource_locker_enabled = true -}} 12 | {{- end }} 13 | {{- end }} 14 | 15 | {{- if hasPrefix "x-small" .Values.cp4waiops.profile }} 16 | {{- $resource_locker_enabled = true -}} 17 | {{- end }} 18 | 19 | {{- if $resource_locker_enabled }} 20 | apiVersion: argoproj.io/v1alpha1 21 | kind: ApplicationSet 22 | metadata: 23 | name: resource-lockers 24 | spec: 25 | generators: 26 | {{- if .Values.argocd.allowLocalDeploy }} 27 | - clusters: {} 28 | {{- else }} 29 | - clusters: 30 | selector: 31 | matchLabels: 32 | argocd.argoproj.io/secret-type: cluster 33 | {{- end }} 34 | template: 35 | metadata: 36 | name: '{{ `{{name}}-resource-locker` }}' 37 | annotations: 38 | argocd.argoproj.io/sync-wave: "100" 39 | spec: 40 | destination: 41 | namespace: resource-locker-operator 42 | server: '{{ `{{server}}` }}' 43 | project: default 44 | source: 45 | chart: resource-locker-operator 46 | repoURL: https://redhat-cop.github.io/resource-locker-operator 47 | targetRevision: v1.1.3 48 | syncPolicy: 49 | automated: 50 | prune: true 51 | selfHeal: true 52 | syncOptions: 53 | - CreateNamespace=true 54 | {{- end }} 55 | -------------------------------------------------------------------------------- /config/all-in-one/templates/robot-shop.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.robotshop }} 2 | {{- if .Values.robotshop.enabled }} 3 | apiVersion: argoproj.io/v1alpha1 4 | kind: ApplicationSet 5 | metadata: 6 | name: robot-shops 7 | spec: 8 | generators: 9 | {{- if .Values.argocd.allowLocalDeploy }} 10 | - clusters: {} 11 | {{- else }} 12 | - clusters: 13 | selector: 14 | matchLabels: 15 | argocd.argoproj.io/secret-type: cluster 16 | {{- end }} 17 | template: 18 | metadata: 19 | name: '{{ `{{name}}-robot-shop` }}' 20 | annotations: 21 | argocd.argoproj.io/sync-wave: "200" 22 | spec: 23 | destination: 24 | namespace: robot-shop 25 | server: '{{ `{{server}}` }}' 26 | project: default 27 | source: 28 | path: gitops-charts/robot-shop 29 | repoURL: https://github.com/IBM/sample-app-gitops 30 | targetRevision: HEAD 31 | helm: 32 | parameters: 33 | - name: 'robot-shop.nodeport' 34 | value: 'true' 35 | - name: 'robot-shop.ocCreateRoute' 36 | value: 'true' 37 | - name: 'robot-shop.openshift' 38 | value: 'true' 39 | syncPolicy: 40 | automated: 41 | prune: true 42 | selfHeal: true 43 | syncOptions: 44 | - Validate=false 45 | - SkipDryRunOnMissingResource=true 46 | - CreateNamespace=true 47 | {{- end }} 48 | {{- end }} 49 | -------------------------------------------------------------------------------- /config/all-in-one/templates/rook-ceph.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rookceph.enabled }} 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: ApplicationSet 4 | metadata: 5 | name: rook-cephfs 6 | spec: 7 | generators: 8 | {{- if .Values.argocd.allowLocalDeploy }} 9 | - clusters: {} 10 | {{- else }} 11 | - clusters: 12 | selector: 13 | matchLabels: 14 | argocd.argoproj.io/secret-type: cluster 15 | {{- end }} 16 | template: 17 | metadata: 18 | name: '{{ `{{name}}-rook-ceph` }}' 19 | annotations: 20 | argocd.argoproj.io/sync-wave: "100" 21 | spec: 22 | destination: 23 | namespace: rook-ceph 24 | server: '{{ `{{server}}` }}' 25 | project: default 26 | source: 27 | path: config/ceph 28 | repoURL: {{ default "https://github.com/IBM/cp4waiops-gitops" .Values.cp4waiops.repoURL }} 29 | targetRevision: {{ default "release-3.6" .Values.cp4waiops.targetRevision }} 30 | syncPolicy: 31 | automated: 32 | prune: true 33 | selfHeal: true 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /config/all-in-one/values.yaml: -------------------------------------------------------------------------------- 1 | 2 | # ----------------------------------------------------------------------------- 3 | # Argo CD parameters 4 | # ----------------------------------------------------------------------------- 5 | argocd: 6 | 7 | # The type of the cluster that Argo CD runs on, values includes: 8 | # - kubernetes 9 | # - openshift 10 | cluster: openshift 11 | 12 | # The Argo CD namespace that can be auto-resolved based on cluster type, 13 | # or you can uncomment below parameter to specificy it explicitly. 14 | # namespace: argocd 15 | 16 | # Allow apps to be deployed on the same cluster where Argo CD runs. 17 | allowLocalDeploy: true 18 | 19 | # ----------------------------------------------------------------------------- 20 | # Cluster parameters 21 | # ----------------------------------------------------------------------------- 22 | # cluster: 23 | # 24 | # # Specify whether or not to provision a cluster before install CP4WAIOps. 25 | # enabled: false 26 | # 27 | # # Provider specific configuration 28 | # provider: 29 | # # Fyre configuration 30 | # # NOTE: Fyre is an internal used IaaS platform for IBM 31 | # type: fyre 32 | # # The supported quota type to provision cluster, valid values include: quick-burn, ocp-plus 33 | # quotaType: quick-burn 34 | # # Fyre site required when calling Fyre API, ocp-plus only 35 | # site: "rtp" 36 | # # OCP Version required when calling Fyre API 37 | # ocpVersion: "4.8.27" 38 | # # Fyre configuration 39 | # workerFlavor: extra-large 40 | # # Fyre credentials 41 | # credentials: 42 | # # Fyre user id required when calling Fyre API 43 | # user: REPLACE_IT 44 | # # Fyre user token required when calling Fyre API 45 | # token: REPLACE_IT 46 | # # Fyre product group id required when calling Fyre API 47 | # productGroupId: REPLACE_IT 48 | 49 | # ----------------------------------------------------------------------------- 50 | # Storage parameters 51 | # ----------------------------------------------------------------------------- 52 | rookceph: 53 | 54 | # Specify whether or not to install Rook Ceph as storage used by CP4WAIOps. 55 | enabled: true 56 | 57 | # ----------------------------------------------------------------------------- 58 | # CP4WAIOps parameters 59 | # ----------------------------------------------------------------------------- 60 | cp4waiops: 61 | 62 | # Specify the version of CP4WAIOps, e.g.: v3.2, v3.3. 63 | version: v3.6 64 | 65 | # The username of image registry used to pull CP4WAIOps images. 66 | #dockerUsername: cp 67 | 68 | # The password of image registry used to pull CP4WAIOps images. 69 | #dockerPassword: REPLACE_IT 70 | 71 | # The CP4WAIOps deployment profile, e.g.: x-small, small, large. 72 | # NOTE: The profile x-small is only for small PoC or demo. If you are looking 73 | # for official installation, use profile such as small or large instead. 74 | profile: small 75 | 76 | # isSNO: false 77 | 78 | # The storage class for CP4WAIOps to use. 79 | # storageClass: rook-cephfs 80 | 81 | # The storage class for large block for CP4WAIOps to use. 82 | # storageClassLargeBlock: rook-cephfs 83 | 84 | # imageCatalog for cp-shared, ai-manager and event-manager, override if custom build is used 85 | # imageCatalog: icr.io/cpopen/ibm-operator-catalog:latest 86 | 87 | # AIManager specific configuration 88 | aiManager: 89 | # Specify whether or not to install AI Manager. 90 | enabled: true 91 | # The instance name of AI Manager. 92 | instanceName: aiops-installation 93 | # The namespace where AI Manager is installed. 94 | namespace: cp4waiops 95 | # The channel used to subscribe AI Manager 96 | # channel: v3.4 97 | 98 | eventManager: 99 | # Specify whether or not to install Event Manager. 100 | enabled: true 101 | # The domain name of the cluster where Event Manager is installed. 102 | # Use fully qualified domain name(FQDN), e.g.: apps.clustername.abc.xyz.com. 103 | clusterDomain: REPLACE_IT 104 | # The namespace where Event Manager is installed. 105 | namespace: noi 106 | # The version of Event Manager. 107 | # version: 1.6.4 108 | # The deployment type of Event Manager, values include: trial, production. 109 | # deploymentType: trial 110 | 111 | # Setup CP4WAIOps after installed 112 | # setup: 113 | # Specify whether or not to setup CP4WAIOps with sample integrations, e.g.: 114 | # Humio, Kafka, Kubernetes, etc. after it is installed. 115 | # enabled: true 116 | # Setup Humio integration 117 | # humio: 118 | # enabled: false 119 | # Setup Kafka integration 120 | # kafka: 121 | # enabled: false 122 | # Setup Kubernetes integration 123 | # kubernetes: 124 | # enabled: false 125 | 126 | # Specify a list of registries for image pull when needed during the install. 127 | # globalImagePullSecrets: 128 | # - registry: 129 | # username: 130 | # password: 131 | # - registry: 132 | # username: 133 | # password: 134 | 135 | # ----------------------------------------------------------------------------- 136 | # Robotshop parameters 137 | # ----------------------------------------------------------------------------- 138 | # robotshop: 139 | 140 | # Specify whether or not to install Robotshop. 141 | # enabled: true 142 | 143 | # ----------------------------------------------------------------------------- 144 | # Humio parameters 145 | # ----------------------------------------------------------------------------- 146 | # humio: 147 | 148 | # Specify whether or not to install Humio. 149 | # enabled: true 150 | 151 | # ----------------------------------------------------------------------------- 152 | # Istio parameters 153 | # ----------------------------------------------------------------------------- 154 | # istio: 155 | 156 | # Specify whether or not to install Istio. 157 | # enabled: true 158 | -------------------------------------------------------------------------------- /config/argocd/kubernetes/argocd-cm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: argocd-cm 6 | namespace: argocd 7 | labels: 8 | app.kubernetes.io/name: argocd-cm 9 | app.kubernetes.io/part-of: argocd 10 | annotations: 11 | argocd.argoproj.io/sync-wave: "-1" 12 | data: 13 | application.instanceLabelKey: "argocd.argoproj.io/instance" 14 | resource.customizations: | 15 | argoproj.io/Application: 16 | ignoreDifferences: | 17 | jsonPointers: 18 | - /metadata/labels 19 | health.lua: | 20 | hs = {} 21 | hs.status = "Progressing" 22 | hs.message = "" 23 | if obj.status ~= nil then 24 | if obj.status.health ~= nil then 25 | hs.status = obj.status.health.status 26 | if obj.status.health.message ~= nil then 27 | hs.message = obj.status.health.message 28 | end 29 | end 30 | end 31 | return hs 32 | ceph.rook.io/CephCluster: 33 | health.lua: | 34 | hs = {} 35 | hs.status = "Progressing" 36 | hs.message = "" 37 | if obj.status ~= nil then 38 | if obj.status.state == "Created" and obj.status.phase == "Ready" then 39 | hs.status = "Healthy" 40 | end 41 | if obj.status.message ~= nil then 42 | hs.message = obj.status.message 43 | end 44 | end 45 | return hs 46 | ceph.rook.io/CephFilesystem: 47 | health.lua: | 48 | hs = {} 49 | hs.status = "Progressing" 50 | hs.message = "" 51 | if obj.status ~= nil then 52 | if obj.status.phase == "Ready" then 53 | hs.status = "Healthy" 54 | hs.message = obj.status.phase 55 | end 56 | end 57 | return hs 58 | orchestrator.aiops.ibm.com/Installation: 59 | health.lua: | 60 | hs = {} 61 | hs.status = "Progressing" 62 | hs.message = "" 63 | if obj.status ~= nil then 64 | if obj.status.phase == "Running" and obj.status.locations.cloudPakUiUrl ~= nil and obj.status.locations.csAdminHubUrl ~= nil then 65 | hs.status = "Healthy" 66 | end 67 | end 68 | return hs 69 | core.ir.aiops.ibm.com/IssueResolutionCore: 70 | health.lua: | 71 | hs = {} 72 | hs.status = "Progressing" 73 | hs.message = "" 74 | if obj.status ~= nil then 75 | if obj.status.conditions ~= nil then 76 | for i, condition in ipairs(obj.status.conditions) do 77 | if condition.type == "Ready" and condition.status == "False" then 78 | hs.status = "Degraded" 79 | hs.message = condition.message 80 | return hs 81 | end 82 | if condition.type == "Ready" and condition.status == "True" then 83 | hs.status = "Healthy" 84 | hs.message = condition.message 85 | return hs 86 | end 87 | end 88 | end 89 | end 90 | return hs 91 | ai.ir.aiops.ibm.com/AIOpsAnalyticsOrchestrator: 92 | health.lua: | 93 | hs = {} 94 | hs.status = "Progressing" 95 | hs.message = "" 96 | if obj.status ~= nil then 97 | if obj.status.conditions ~= nil then 98 | for i, condition in ipairs(obj.status.conditions) do 99 | if condition.type == "Ready" and condition.status == "False" then 100 | hs.status = "Degraded" 101 | hs.message = condition.message 102 | return hs 103 | end 104 | if condition.type == "Ready" and condition.status == "True" then 105 | hs.status = "Healthy" 106 | hs.message = condition.message 107 | return hs 108 | end 109 | end 110 | end 111 | end 112 | return hs 113 | lifecycle.ir.aiops.ibm.com/LifecycleService: 114 | health.lua: | 115 | hs = {} 116 | hs.status = "Progressing" 117 | hs.message = "" 118 | if obj.status ~= nil then 119 | if obj.status.conditions ~= nil then 120 | for i, condition in ipairs(obj.status.conditions) do 121 | if condition.type == "Lifecycle Service Ready" and condition.status == "False" then 122 | hs.status = "Degraded" 123 | hs.message = condition.message 124 | return hs 125 | end 126 | if condition.type == "Lifecycle Service Ready" and condition.status == "True" then 127 | hs.status = "Healthy" 128 | hs.message = condition.message 129 | return hs 130 | end 131 | end 132 | end 133 | end 134 | return hs 135 | consoleui.aiops.ibm.com/BaseUI: 136 | health.lua: | 137 | hs = {} 138 | hs.status = "Progressing" 139 | hs.message = "" 140 | if obj.status ~= nil then 141 | if obj.status.conditions ~= nil then 142 | for i, condition in ipairs(obj.status.conditions) do 143 | if condition.type == "Ready" and condition.status == "False" then 144 | hs.status = "Degraded" 145 | hs.message = condition.message 146 | return hs 147 | end 148 | if condition.type == "Ready" and condition.status == "True" then 149 | hs.status = "Healthy" 150 | hs.message = condition.message 151 | return hs 152 | end 153 | end 154 | end 155 | end 156 | return hs 157 | ai-manager.watson-aiops.ibm.com/AIManager: 158 | health.lua: | 159 | hs = {} 160 | hs.status = "Progressing" 161 | hs.message = "" 162 | if obj.status ~= nil then 163 | if obj.status.phase == "Completed" then 164 | hs.status = "Healthy" 165 | hs.message = obj.status.message 166 | end 167 | end 168 | return hs 169 | connectors.aiops.ibm.com/AIOpsEdge: 170 | health.lua: | 171 | hs = {} 172 | hs.status = "Progressing" 173 | hs.message = "" 174 | if obj.status ~= nil then 175 | if obj.status.phase == "Configured" then 176 | hs.status = "Healthy" 177 | hs.message = obj.status.phase 178 | end 179 | end 180 | return hs 181 | asm.ibm.com/ASM: 182 | health.lua: | 183 | hs = {} 184 | hs.status = "Progressing" 185 | hs.message = "" 186 | if obj.status ~= nil then 187 | if obj.status.phase == "OK" then 188 | hs.status = "Healthy" 189 | hs.message = obj.status.phase 190 | end 191 | end 192 | return hs 193 | maistra.io/ServiceMeshControlPlane: 194 | health.lua: | 195 | hs = {} 196 | hs.status = "Progressing" 197 | hs.message = "" 198 | if obj.status ~= nil then 199 | if obj.status.conditions ~= nil then 200 | for i, condition in ipairs(obj.status.conditions) do 201 | if condition.type == "Ready" and condition.status == "True" then 202 | hs.status = "Healthy" 203 | hs.message = condition.message 204 | return hs 205 | end 206 | end 207 | end 208 | end 209 | return hs 210 | maistra.io/ServiceMeshMemberRoll: 211 | health.lua: | 212 | hs = {} 213 | hs.status = "Progressing" 214 | hs.message = "" 215 | if obj.status ~= nil then 216 | if obj.status.conditions ~= nil then 217 | for i, condition in ipairs(obj.status.conditions) do 218 | if condition.type == "Ready" and condition.status == "True" then 219 | hs.status = "Healthy" 220 | hs.message = condition.message 221 | return hs 222 | end 223 | end 224 | end 225 | end 226 | return hs 227 | clusters.ibm.com/OpenShiftFyre: 228 | health.lua: | 229 | hs = {} 230 | hs.status = "Progressing" 231 | hs.message = "" 232 | if obj.status ~= nil then 233 | if obj.status.cluster ~= nil then 234 | if obj.status.cluster.status ~= nil then 235 | if obj.status.cluster.status == "deployed" then 236 | hs.status = "Healthy" 237 | end 238 | hs.message = obj.status.cluster.status 239 | end 240 | end 241 | end 242 | return hs 243 | -------------------------------------------------------------------------------- /config/argocd/openshift/argocd-rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ClusterRoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: openshift-argocd-admin-in-cluster 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "-1" 8 | subjects: 9 | - kind: ServiceAccount 10 | name: openshift-gitops-argocd-application-controller 11 | namespace: openshift-gitops 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: cluster-admin 16 | -------------------------------------------------------------------------------- /config/argocd/openshift/argocd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: ArgoCD 4 | metadata: 5 | annotations: 6 | argocd.argoproj.io/sync-wave: "-1" 7 | finalizers: 8 | - argoproj.io/finalizer 9 | name: openshift-gitops 10 | namespace: openshift-gitops 11 | spec: 12 | applicationInstanceLabelKey: "argocd.argoproj.io/instance" 13 | resourceCustomizations: | 14 | argoproj.io/Application: 15 | ignoreDifferences: | 16 | jsonPointers: 17 | - /metadata/labels 18 | health.lua: | 19 | hs = {} 20 | hs.status = "Progressing" 21 | hs.message = "" 22 | if obj.status ~= nil then 23 | if obj.status.health ~= nil then 24 | hs.status = obj.status.health.status 25 | if obj.status.health.message ~= nil then 26 | hs.message = obj.status.health.message 27 | end 28 | end 29 | end 30 | return hs 31 | argoproj.io/ApplicationSet: 32 | ignoreDifferences: | 33 | jsonPointers: 34 | - /metadata/labels 35 | ceph.rook.io/CephCluster: 36 | health.lua: | 37 | hs = {} 38 | hs.status = "Progressing" 39 | hs.message = "" 40 | if obj.status ~= nil then 41 | if obj.status.state == "Created" and obj.status.phase == "Ready" then 42 | hs.status = "Healthy" 43 | end 44 | if obj.status.message ~= nil then 45 | hs.message = obj.status.message 46 | end 47 | end 48 | return hs 49 | ceph.rook.io/CephFilesystem: 50 | health.lua: | 51 | hs = {} 52 | hs.status = "Progressing" 53 | hs.message = "" 54 | if obj.status ~= nil then 55 | if obj.status.phase == "Ready" then 56 | hs.status = "Healthy" 57 | hs.message = obj.status.phase 58 | end 59 | end 60 | return hs 61 | orchestrator.aiops.ibm.com/Installation: 62 | health.lua: | 63 | hs = {} 64 | hs.status = "Progressing" 65 | hs.message = "" 66 | if obj.status ~= nil then 67 | if obj.status.phase == "Running" and obj.status.locations.cloudPakUiUrl ~= nil and obj.status.locations.csAdminHubUrl ~= nil then 68 | hs.status = "Healthy" 69 | end 70 | end 71 | return hs 72 | core.ir.aiops.ibm.com/IssueResolutionCore: 73 | health.lua: | 74 | hs = {} 75 | hs.status = "Progressing" 76 | hs.message = "" 77 | if obj.status ~= nil then 78 | if obj.status.conditions ~= nil then 79 | for i, condition in ipairs(obj.status.conditions) do 80 | if condition.type == "Ready" and condition.status == "False" then 81 | hs.status = "Degraded" 82 | hs.message = condition.message 83 | return hs 84 | end 85 | if condition.type == "Ready" and condition.status == "True" then 86 | hs.status = "Healthy" 87 | hs.message = condition.message 88 | return hs 89 | end 90 | end 91 | end 92 | end 93 | return hs 94 | ai.ir.aiops.ibm.com/AIOpsAnalyticsOrchestrator: 95 | health.lua: | 96 | hs = {} 97 | hs.status = "Progressing" 98 | hs.message = "" 99 | if obj.status ~= nil then 100 | if obj.status.conditions ~= nil then 101 | for i, condition in ipairs(obj.status.conditions) do 102 | if condition.type == "Ready" and condition.status == "False" then 103 | hs.status = "Degraded" 104 | hs.message = condition.message 105 | return hs 106 | end 107 | if condition.type == "Ready" and condition.status == "True" then 108 | hs.status = "Healthy" 109 | hs.message = condition.message 110 | return hs 111 | end 112 | end 113 | end 114 | end 115 | return hs 116 | lifecycle.ir.aiops.ibm.com/LifecycleService: 117 | health.lua: | 118 | hs = {} 119 | hs.status = "Progressing" 120 | hs.message = "" 121 | if obj.status ~= nil then 122 | if obj.status.conditions ~= nil then 123 | for i, condition in ipairs(obj.status.conditions) do 124 | if condition.type == "Lifecycle Service Ready" and condition.status == "False" then 125 | hs.status = "Degraded" 126 | hs.message = condition.message 127 | return hs 128 | end 129 | if condition.type == "Lifecycle Service Ready" and condition.status == "True" then 130 | hs.status = "Healthy" 131 | hs.message = condition.message 132 | return hs 133 | end 134 | end 135 | end 136 | end 137 | return hs 138 | consoleui.aiops.ibm.com/BaseUI: 139 | health.lua: | 140 | hs = {} 141 | hs.status = "Progressing" 142 | hs.message = "" 143 | if obj.status ~= nil then 144 | if obj.status.conditions ~= nil then 145 | for i, condition in ipairs(obj.status.conditions) do 146 | if condition.type == "Ready" and condition.status == "False" then 147 | hs.status = "Degraded" 148 | hs.message = condition.message 149 | return hs 150 | end 151 | if condition.type == "Ready" and condition.status == "True" then 152 | hs.status = "Healthy" 153 | hs.message = condition.message 154 | return hs 155 | end 156 | end 157 | end 158 | end 159 | return hs 160 | ai-manager.watson-aiops.ibm.com/AIManager: 161 | health.lua: | 162 | hs = {} 163 | hs.status = "Progressing" 164 | hs.message = "" 165 | if obj.status ~= nil then 166 | if obj.status.phase == "Completed" then 167 | hs.status = "Healthy" 168 | hs.message = obj.status.message 169 | end 170 | end 171 | return hs 172 | connectors.aiops.ibm.com/AIOpsEdge: 173 | health.lua: | 174 | hs = {} 175 | hs.status = "Progressing" 176 | hs.message = "" 177 | if obj.status ~= nil then 178 | if obj.status.phase == "Configured" then 179 | hs.status = "Healthy" 180 | hs.message = obj.status.phase 181 | end 182 | end 183 | return hs 184 | asm.ibm.com/ASM: 185 | health.lua: | 186 | hs = {} 187 | hs.status = "Progressing" 188 | hs.message = "" 189 | if obj.status ~= nil then 190 | if obj.status.phase == "OK" then 191 | hs.status = "Healthy" 192 | hs.message = obj.status.phase 193 | end 194 | end 195 | return hs 196 | maistra.io/ServiceMeshControlPlane: 197 | health.lua: | 198 | hs = {} 199 | hs.status = "Progressing" 200 | hs.message = "" 201 | if obj.status ~= nil then 202 | if obj.status.conditions ~= nil then 203 | for i, condition in ipairs(obj.status.conditions) do 204 | if condition.type == "Ready" and condition.status == "True" then 205 | hs.status = "Healthy" 206 | hs.message = condition.message 207 | return hs 208 | end 209 | end 210 | end 211 | end 212 | return hs 213 | maistra.io/ServiceMeshMemberRoll: 214 | health.lua: | 215 | hs = {} 216 | hs.status = "Progressing" 217 | hs.message = "" 218 | if obj.status ~= nil then 219 | if obj.status.conditions ~= nil then 220 | for i, condition in ipairs(obj.status.conditions) do 221 | if condition.type == "Ready" and condition.status == "True" then 222 | hs.status = "Healthy" 223 | hs.message = condition.message 224 | return hs 225 | end 226 | end 227 | end 228 | end 229 | return hs 230 | clusters.ibm.com/OpenShiftFyre: 231 | health.lua: | 232 | hs = {} 233 | hs.status = "Progressing" 234 | hs.message = "" 235 | if obj.status ~= nil then 236 | if obj.status.cluster ~= nil then 237 | if obj.status.cluster.status ~= nil then 238 | if obj.status.cluster.status == "deployed" then 239 | hs.status = "Healthy" 240 | end 241 | hs.message = obj.status.cluster.status 242 | end 243 | end 244 | end 245 | return hs 246 | -------------------------------------------------------------------------------- /config/ceph/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | name: ceph 4 | description: Sample chart for rookceph 5 | 6 | # A chart can be either an 'application' or a 'library' chart. 7 | # 8 | # Application charts are a collection of templates that can be packaged into versioned archives 9 | # to be deployed. 10 | # 11 | # Library charts provide useful utilities or functions for the chart developer. They're included as 12 | # a dependency of application charts to inject those utilities and functions into the rendering 13 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 14 | type: application 15 | 16 | # This is the chart version. This version number should be incremented each time you make changes 17 | # to the chart and its templates, including the app version. 18 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 19 | version: 1.0 20 | 21 | # This is the version number of the application being deployed. This version number should be 22 | # incremented each time you make changes to the application. Versions are not expected to 23 | # follow Semantic Versioning. They should reflect the version the application is using. 24 | appVersion: "1.0" 25 | 26 | -------------------------------------------------------------------------------- /config/ceph/templates/cluster.yaml: -------------------------------------------------------------------------------- 1 | ################################################################################################################# 2 | # Define the settings for the rook-ceph cluster with common settings for a production cluster. 3 | # All nodes with available raw devices will be used for the Ceph cluster. At least three nodes are required 4 | # in this example. See the documentation for more details on storage settings available. 5 | 6 | # For example, to create the cluster: 7 | # kubectl create -f crds.yaml -f common.yaml -f operator.yaml 8 | # kubectl create -f cluster.yaml 9 | ################################################################################################################# 10 | 11 | apiVersion: ceph.rook.io/v1 12 | kind: CephCluster 13 | metadata: 14 | name: rook-ceph 15 | namespace: rook-ceph # namespace:cluster 16 | spec: 17 | cephVersion: 18 | # The container image used to launch the Ceph daemon pods (mon, mgr, osd, mds, rgw). 19 | # v13 is mimic, v14 is nautilus, and v15 is octopus. 20 | # RECOMMENDATION: In production, use a specific version tag instead of the general v14 flag, which pulls the latest release and could result in different 21 | # versions running within the cluster. See tags available at https://hub.docker.com/r/ceph/ceph/tags/. 22 | # If you want to be more precise, you can always use a timestamp tag such ceph/ceph:v15.2.9-20201217 23 | # This tag might not contain a new Ceph version, just security fixes from the underlying operating system, which will reduce vulnerabilities 24 | image: ceph/ceph:v15.2.9 25 | # Whether to allow unsupported versions of Ceph. Currently `nautilus` and `octopus` are supported. 26 | # Future versions such as `pacific` would require this to be set to `true`. 27 | # Do not set to true in production. 28 | # allowUnsupported: false 29 | # The path on the host where configuration files will be persisted. Must be specified. 30 | # Important: if you reinstall the cluster, make sure you delete this directory from each host or else the mons will fail to start on the new cluster. 31 | # In Minikube, the '/data' directory is configured to persist across reboots. Use "/data/rook" in Minikube environment. 32 | dataDirHostPath: /var/lib/rook 33 | # Whether or not upgrade should continue even if a check fails 34 | # This means Ceph's status could be degraded and we don't recommend upgrading but you might decide otherwise 35 | # Use at your OWN risk 36 | # To understand Rook's upgrade process of Ceph, read https://rook.io/docs/rook/master/ceph-upgrade.html#ceph-version-upgrades 37 | # skipUpgradeChecks: false 38 | # Whether or not continue if PGs are not clean during an upgrade 39 | # continueUpgradeAfterChecksEvenIfNotHealthy: false 40 | # WaitTimeoutForHealthyOSDInMinutes defines the time (in minutes) the operator would wait before an OSD can be stopped for upgrade or restart. 41 | # If the timeout exceeds and OSD is not ok to stop, then the operator would skip upgrade for the current OSD and proceed with the next one 42 | # if `continueUpgradeAfterChecksEvenIfNotHealthy` is `false`. If `continueUpgradeAfterChecksEvenIfNotHealthy` is `true`, then opertor would 43 | # continue with the upgrade of an OSD even if its not ok to stop after the timeout. This timeout won't be applied if `skipUpgradeChecks` is `true`. 44 | # The default wait timeout is 10 minutes. 45 | waitTimeoutForHealthyOSDInMinutes: 10 46 | mon: 47 | # Set the number of mons to be started. Must be an odd number, and is generally recommended to be 3. 48 | count: 3 49 | # The mons should be on unique nodes. For production, at least 3 nodes are recommended for this reason. 50 | # Mons should only be allowed on the same node for test environments where data loss is acceptable. 51 | # allowMultiplePerNode: false 52 | mgr: 53 | modules: 54 | # Several modules should not need to be included in this list. The "dashboard" and "monitoring" modules 55 | # are already enabled by other settings in the cluster CR. 56 | - name: pg_autoscaler 57 | enabled: true 58 | # enable the ceph dashboard for viewing cluster status 59 | dashboard: 60 | enabled: true 61 | # serve the dashboard under a subpath (useful when you are accessing the dashboard via a reverse proxy) 62 | # urlPrefix: /ceph-dashboard 63 | # serve the dashboard at the given port. 64 | # port: 8443 65 | # serve the dashboard using SSL 66 | ssl: true 67 | # enable prometheus alerting for cluster 68 | monitoring: 69 | # requires Prometheus to be pre-installed 70 | # enabled: false 71 | # namespace to deploy prometheusRule in. If empty, namespace of the cluster will be used. 72 | # Recommended: 73 | # If you have a single rook-ceph cluster, set the rulesNamespace to the same namespace as the cluster or keep it empty. 74 | # If you have multiple rook-ceph clusters in the same k8s cluster, choose the same namespace (ideally, namespace with prometheus 75 | # deployed) to set rulesNamespace for all the clusters. Otherwise, you will get duplicate alerts with multiple alert definitions. 76 | rulesNamespace: rook-ceph 77 | network: 78 | # enable host networking 79 | #provider: host 80 | # EXPERIMENTAL: enable the Multus network provider 81 | #provider: multus 82 | #selectors: 83 | # The selector keys are required to be `public` and `cluster`. 84 | # Based on the configuration, the operator will do the following: 85 | # 1. if only the `public` selector key is specified both public_network and cluster_network Ceph settings will listen on that interface 86 | # 2. if both `public` and `cluster` selector keys are specified the first one will point to 'public_network' flag and the second one to 'cluster_network' 87 | # 88 | # In order to work, each selector value must match a NetworkAttachmentDefinition object in Multus 89 | # 90 | #public: public-conf --> NetworkAttachmentDefinition object name in Multus 91 | #cluster: cluster-conf --> NetworkAttachmentDefinition object name in Multus 92 | # Provide internet protocol version. IPv6, IPv4 or empty string are valid options. Empty string would mean IPv4 93 | #ipFamily: "IPv6" 94 | # enable the crash collector for ceph daemon crash collection 95 | crashCollector: 96 | disable: false 97 | # enable log collector, daemons will log on files and rotate 98 | # logCollector: 99 | # enabled: true 100 | # periodicity: 24h # SUFFIX may be 'h' for hours or 'd' for days. 101 | # automate [data cleanup process](https://github.com/rook/rook/blob/master/Documentation/ceph-teardown.md#delete-the-data-on-hosts) in cluster destruction. 102 | cleanupPolicy: 103 | # Since cluster cleanup is destructive to data, confirmation is required. 104 | # To destroy all Rook data on hosts during uninstall, confirmation must be set to "yes-really-destroy-data". 105 | # This value should only be set when the cluster is about to be deleted. After the confirmation is set, 106 | # Rook will immediately stop configuring the cluster and only wait for the delete command. 107 | # If the empty string is set, Rook will not destroy any data on hosts during uninstall. 108 | # confirmation: "" 109 | # sanitizeDisks represents settings for sanitizing OSD disks on cluster deletion 110 | sanitizeDisks: 111 | # method indicates if the entire disk should be sanitized or simply ceph's metadata 112 | # in both case, re-install is possible 113 | # possible choices are 'complete' or 'quick' (default) 114 | method: quick 115 | # dataSource indicate where to get random bytes from to write on the disk 116 | # possible choices are 'zero' (default) or 'random' 117 | # using random sources will consume entropy from the system and will take much more time then the zero source 118 | dataSource: zero 119 | # iteration overwrite N times instead of the default (1) 120 | # takes an integer value 121 | iteration: 1 122 | # allowUninstallWithVolumes defines how the uninstall should be performed 123 | # If set to true, cephCluster deletion does not wait for the PVs to be deleted. 124 | # allowUninstallWithVolumes: false 125 | # To control where various services will be scheduled by kubernetes, use the placement configuration sections below. 126 | # The example under 'all' would have all services scheduled on kubernetes nodes labeled with 'role=storage-node' and 127 | # tolerate taints with a key of 'storage-node'. 128 | # placement: 129 | # all: 130 | # nodeAffinity: 131 | # requiredDuringSchedulingIgnoredDuringExecution: 132 | # nodeSelectorTerms: 133 | # - matchExpressions: 134 | # - key: role 135 | # operator: In 136 | # values: 137 | # - storage-node 138 | # podAffinity: 139 | # podAntiAffinity: 140 | # topologySpreadConstraints: 141 | # tolerations: 142 | # - key: storage-node 143 | # operator: Exists 144 | # The above placement information can also be specified for mon, osd, and mgr components 145 | # mon: 146 | # Monitor deployments may contain an anti-affinity rule for avoiding monitor 147 | # collocation on the same node. This is a required rule when host network is used 148 | # or when AllowMultiplePerNode is false. Otherwise this anti-affinity rule is a 149 | # preferred rule with weight: 50. 150 | # osd: 151 | # mgr: 152 | # cleanup: 153 | annotations: 154 | # all: 155 | # mon: 156 | # osd: 157 | # cleanup: 158 | # prepareosd: 159 | # If no mgr annotations are set, prometheus scrape annotations will be set by default. 160 | # mgr: 161 | labels: 162 | # all: 163 | # mon: 164 | # osd: 165 | # cleanup: 166 | # mgr: 167 | # prepareosd: 168 | resources: 169 | # The requests and limits set here, allow the mgr pod to use half of one CPU core and 1 gigabyte of memory 170 | # mgr: 171 | # limits: 172 | # cpu: "500m" 173 | # memory: "1024Mi" 174 | # requests: 175 | # cpu: "500m" 176 | # memory: "1024Mi" 177 | # The above example requests/limits can also be added to the mon and osd components 178 | # mon: 179 | # osd: 180 | # prepareosd: 181 | # crashcollector: 182 | # logcollector: 183 | # cleanup: 184 | # The option to automatically remove OSDs that are out and are safe to destroy. 185 | removeOSDsIfOutAndSafeToRemove: false 186 | # priorityClassNames: 187 | # all: rook-ceph-default-priority-class 188 | # mon: rook-ceph-mon-priority-class 189 | # osd: rook-ceph-osd-priority-class 190 | # mgr: rook-ceph-mgr-priority-class 191 | storage: # cluster level storage configuration and selection 192 | useAllNodes: true 193 | useAllDevices: true 194 | #deviceFilter: 195 | config: 196 | # crushRoot: "custom-root" # specify a non-default root label for the CRUSH map 197 | # metadataDevice: "md0" # specify a non-rotational storage so ceph-volume will use it as block db device of bluestore. 198 | # databaseSizeMB: "1024" # uncomment if the disks are smaller than 100 GB 199 | # journalSizeMB: "1024" # uncomment if the disks are 20 GB or smaller 200 | # osdsPerDevice: "1" # this value can be overridden at the node or device level 201 | # encryptedDevice: "true" # the default value for this option is "false" 202 | # Individual nodes and their config can be specified as well, but 'useAllNodes' above must be set to false. Then, only the named 203 | # nodes below will be used as storage resources. Each node's 'name' field should match their 'kubernetes.io/hostname' label. 204 | # nodes: 205 | # - name: "172.17.4.201" 206 | # devices: # specific devices to use for storage can be specified for each node 207 | # - name: "sdb" 208 | # - name: "nvme01" # multiple osds can be created on high performance devices 209 | # config: 210 | # osdsPerDevice: "5" 211 | # - name: "/dev/disk/by-id/ata-ST4000DM004-XXXX" # devices can be specified using full udev paths 212 | # config: # configuration can be specified at the node level which overrides the cluster level config 213 | # storeType: filestore 214 | # - name: "172.17.4.301" 215 | # deviceFilter: "^sd." 216 | # The section for configuring management of daemon disruptions during upgrade or fencing. 217 | disruptionManagement: 218 | # If true, the operator will create and manage PodDisruptionBudgets for OSD, Mon, RGW, and MDS daemons. OSD PDBs are managed dynamically 219 | # via the strategy outlined in the [design](https://github.com/rook/rook/blob/master/design/ceph/ceph-managed-disruptionbudgets.md). The operator will 220 | # block eviction of OSDs by default and unblock them safely when drains are detected. 221 | # managePodBudgets: false 222 | # A duration in minutes that determines how long an entire failureDomain like `region/zone/host` will be held in `noout` (in addition to the 223 | # default DOWN/OUT interval) when it is draining. This is only relevant when `managePodBudgets` is `true`. The default value is `30` minutes. 224 | osdMaintenanceTimeout: 30 225 | # A duration in minutes that the operator will wait for the placement groups to become healthy (active+clean) after a drain was completed and OSDs came back up. 226 | # Operator will continue with the next drain if the timeout exceeds. It only works if `managePodBudgets` is `true`. 227 | # No values or 0 means that the operator will wait until the placement groups are healthy before unblocking the next drain. 228 | # pgHealthCheckTimeout: 0 229 | # If true, the operator will create and manage MachineDisruptionBudgets to ensure OSDs are only fenced when the cluster is healthy. 230 | # Only available on OpenShift. 231 | # manageMachineDisruptionBudgets: false 232 | # Namespace in which to watch for the MachineDisruptionBudgets. 233 | machineDisruptionBudgetNamespace: openshift-machine-api 234 | 235 | # healthChecks 236 | # Valid values for daemons are 'mon', 'osd', 'status' 237 | healthCheck: 238 | daemonHealth: 239 | mon: 240 | # disabled: false 241 | interval: 45s 242 | osd: 243 | # disabled: false 244 | interval: 60s 245 | status: 246 | # disabled: false 247 | interval: 60s 248 | # Change pod liveness probe, it works for all mon,mgr,osd daemons 249 | livenessProbe: 250 | mon: {} 251 | # disabled: false 252 | mgr: {} 253 | # disabled: false 254 | osd: {} 255 | # disabled: false -------------------------------------------------------------------------------- /config/ceph/templates/filesystem.yaml: -------------------------------------------------------------------------------- 1 | ################################################################################################################# 2 | # Create a filesystem with settings with replication enabled for a production environment. 3 | # A minimum of 3 OSDs on different nodes are required in this example. 4 | # kubectl create -f filesystem.yaml 5 | ################################################################################################################# 6 | 7 | apiVersion: ceph.rook.io/v1 8 | kind: CephFilesystem 9 | metadata: 10 | name: myfs 11 | namespace: rook-ceph # namespace:cluster 12 | spec: 13 | # The metadata pool spec. Must use replication. 14 | metadataPool: 15 | replicated: 16 | size: 3 17 | requireSafeReplicaSize: true 18 | parameters: 19 | # Inline compression mode for the data pool 20 | # Further reference: https://docs.ceph.com/docs/nautilus/rados/configuration/bluestore-config-ref/#inline-compression 21 | compression_mode: none 22 | # gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity of a given pool 23 | # for more info: https://docs.ceph.com/docs/master/rados/operations/placement-groups/#specifying-expected-pool-size 24 | #target_size_ratio: ".5" 25 | # The list of data pool specs. Can use replication or erasure coding. 26 | dataPools: 27 | - failureDomain: host 28 | replicated: 29 | size: 3 30 | # Disallow setting pool with replica 1, this could lead to data loss without recovery. 31 | # Make sure you're *ABSOLUTELY CERTAIN* that is what you want 32 | requireSafeReplicaSize: true 33 | parameters: 34 | # Inline compression mode for the data pool 35 | # Further reference: https://docs.ceph.com/docs/nautilus/rados/configuration/bluestore-config-ref/#inline-compression 36 | compression_mode: none 37 | # gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity of a given pool 38 | # for more info: https://docs.ceph.com/docs/master/rados/operations/placement-groups/#specifying-expected-pool-size 39 | #target_size_ratio: ".5" 40 | # Whether to preserve filesystem after CephFilesystem CRD deletion 41 | preserveFilesystemOnDelete: true 42 | # The metadata service (mds) configuration 43 | metadataServer: 44 | # The number of active MDS instances 45 | activeCount: 1 46 | # Whether each active MDS instance will have an active standby with a warm metadata cache for faster failover. 47 | # If false, standbys will be available, but will not have a warm cache. 48 | activeStandby: true 49 | # The affinity rules to apply to the mds deployment 50 | placement: 51 | # nodeAffinity: 52 | # requiredDuringSchedulingIgnoredDuringExecution: 53 | # nodeSelectorTerms: 54 | # - matchExpressions: 55 | # - key: role 56 | # operator: In 57 | # values: 58 | # - mds-node 59 | # topologySpreadConstraints: 60 | # tolerations: 61 | # - key: mds-node 62 | # operator: Exists 63 | # podAffinity: 64 | podAntiAffinity: 65 | requiredDuringSchedulingIgnoredDuringExecution: 66 | - labelSelector: 67 | matchExpressions: 68 | - key: app 69 | operator: In 70 | values: 71 | - rook-ceph-mds 72 | # topologyKey: kubernetes.io/hostname will place MDS across different hosts 73 | topologyKey: kubernetes.io/hostname 74 | preferredDuringSchedulingIgnoredDuringExecution: 75 | - weight: 100 76 | podAffinityTerm: 77 | labelSelector: 78 | matchExpressions: 79 | - key: app 80 | operator: In 81 | values: 82 | - rook-ceph-mds 83 | # topologyKey: */zone can be used to spread MDS across different AZ 84 | # Use in k8s cluster if your cluster is v1.16 or lower 85 | # Use in k8s cluster is v1.17 or upper 86 | topologyKey: topology.kubernetes.io/zone 87 | # A key/value list of annotations 88 | annotations: 89 | # key: value 90 | # A key/value list of labels 91 | labels: 92 | # key: value 93 | resources: 94 | # The requests and limits set here, allow the filesystem MDS Pod(s) to use half of one CPU core and 1 gigabyte of memory 95 | # limits: 96 | # cpu: "500m" 97 | # memory: "1024Mi" 98 | # requests: 99 | # cpu: "500m" 100 | # memory: "1024Mi" 101 | # priorityClassName: my-priority-class 102 | -------------------------------------------------------------------------------- /config/ceph/templates/operator-openshift.yaml: -------------------------------------------------------------------------------- 1 | ################################################################################################################# 2 | # Create the rook operator and necessary security context constraints for running 3 | # Rook in an OpenShift cluster. 4 | # For example, to create the rook-ceph cluster: 5 | # oc create -f crds.yaml -f common.yaml -f operator-openshift.yaml 6 | # oc create -f cluster.yaml 7 | ################################################################################################################# 8 | # scc for the Rook and Ceph daemons 9 | kind: SecurityContextConstraints 10 | apiVersion: security.openshift.io/v1 11 | metadata: 12 | name: rook-ceph 13 | allowPrivilegedContainer: true 14 | allowHostNetwork: true 15 | allowHostDirVolumePlugin: true 16 | priority: 17 | allowedCapabilities: [] 18 | allowHostPorts: true 19 | allowHostPID: true # remove this once we drop support for Nautilus 20 | allowHostIPC: true 21 | readOnlyRootFilesystem: false 22 | requiredDropCapabilities: [] 23 | defaultAddCapabilities: [] 24 | runAsUser: 25 | type: RunAsAny 26 | seLinuxContext: 27 | type: MustRunAs 28 | fsGroup: 29 | type: MustRunAs 30 | supplementalGroups: 31 | type: RunAsAny 32 | allowedFlexVolumes: 33 | - driver: "ceph.rook.io/rook" 34 | - driver: "ceph.rook.io/rook-ceph" 35 | volumes: 36 | - configMap 37 | - downwardAPI 38 | - emptyDir 39 | - flexVolume 40 | - hostPath 41 | - persistentVolumeClaim 42 | - projected 43 | - secret 44 | users: 45 | # A user needs to be added for each rook service account. 46 | # This assumes running in the default sample "rook-ceph" namespace. 47 | # If other namespaces or service accounts are configured, they need to be updated here. 48 | - system:serviceaccount:rook-ceph:rook-ceph-system # serviceaccount:namespace:operator 49 | - system:serviceaccount:rook-ceph:default # serviceaccount:namespace:cluster 50 | - system:serviceaccount:rook-ceph:rook-ceph-mgr # serviceaccount:namespace:cluster 51 | - system:serviceaccount:rook-ceph:rook-ceph-osd # serviceaccount:namespace:cluster 52 | --- 53 | # scc for the CSI driver 54 | kind: SecurityContextConstraints 55 | apiVersion: security.openshift.io/v1 56 | metadata: 57 | name: rook-ceph-csi 58 | allowPrivilegedContainer: true 59 | allowHostNetwork: true 60 | allowHostDirVolumePlugin: true 61 | priority: 62 | allowedCapabilities: ['*'] 63 | allowHostPorts: true 64 | allowHostPID: true 65 | allowHostIPC: true 66 | readOnlyRootFilesystem: false 67 | requiredDropCapabilities: [] 68 | defaultAddCapabilities: [] 69 | runAsUser: 70 | type: RunAsAny 71 | seLinuxContext: 72 | type: RunAsAny 73 | fsGroup: 74 | type: RunAsAny 75 | supplementalGroups: 76 | type: RunAsAny 77 | allowedFlexVolumes: 78 | - driver: "ceph.rook.io/rook" 79 | - driver: "ceph.rook.io/rook-ceph" 80 | volumes: ['*'] 81 | users: 82 | # A user needs to be added for each rook service account. 83 | # This assumes running in the default sample "rook-ceph" namespace. 84 | # If other namespaces or service accounts are configured, they need to be updated here. 85 | - system:serviceaccount:rook-ceph:rook-csi-rbd-plugin-sa # serviceaccount:namespace:operator 86 | - system:serviceaccount:rook-ceph:rook-csi-rbd-provisioner-sa # serviceaccount:namespace:operator 87 | - system:serviceaccount:rook-ceph:rook-csi-cephfs-plugin-sa # serviceaccount:namespace:operator 88 | - system:serviceaccount:rook-ceph:rook-csi-cephfs-provisioner-sa # serviceaccount:namespace:operator 89 | --- 90 | # Rook Ceph Operator Config 91 | # Use this ConfigMap to override operator configurations 92 | # Precedence will be given to this config in case Env Var also exists for the same 93 | # 94 | kind: ConfigMap 95 | apiVersion: v1 96 | metadata: 97 | name: rook-ceph-operator-config 98 | # should be in the namespace of the operator 99 | namespace: rook-ceph # namespace:operator 100 | data: 101 | # Enable the CSI driver. 102 | # To run the non-default version of the CSI driver, see the override-able image properties in operator.yaml 103 | ROOK_CSI_ENABLE_CEPHFS: "true" 104 | # Enable the default version of the CSI RBD driver. To start another version of the CSI driver, see image properties below. 105 | ROOK_CSI_ENABLE_RBD: "true" 106 | ROOK_CSI_ENABLE_GRPC_METRICS: "true" 107 | 108 | # Set logging level for csi containers. 109 | # Supported values from 0 to 5. 0 for general useful logs, 5 for trace level verbosity. 110 | # CSI_LOG_LEVEL: "0" 111 | 112 | # OMAP generator generates the omap mapping between the PV name and the RBD image 113 | # which helps CSI to identify the rbd images for CSI operations. 114 | # CSI_ENABLE_OMAP_GENERATOR need to be enabled when we are using rbd mirroring feature. 115 | # By default OMAP generator is disabled and when enabled it willbe deployed as a 116 | # sidecar with CSI provisioner pod, to enable set it to true. 117 | # CSI_ENABLE_OMAP_GENERATOR: "true" 118 | 119 | # set to false to disable deployment of snapshotter container in CephFS provisioner pod. 120 | CSI_ENABLE_CEPHFS_SNAPSHOTTER: "true" 121 | 122 | # set to false to disable deployment of snapshotter container in RBD provisioner pod. 123 | CSI_ENABLE_RBD_SNAPSHOTTER: "true" 124 | 125 | # Enable Ceph Kernel clients on kernel < 4.17 which support quotas for Cephfs 126 | # If you disable the kernel client, your application may be disrupted during upgrade. 127 | # See the upgrade guide: https://rook.io/docs/rook/master/ceph-upgrade.html 128 | CSI_FORCE_CEPHFS_KERNEL_CLIENT: "true" 129 | 130 | # (Optional) policy for modifying a volume's ownership or permissions when the RBD PVC is being mounted. 131 | # supported values are documented at https://kubernetes-csi.github.io/docs/support-fsgroup.html 132 | CSI_RBD_FSGROUPPOLICY: "ReadWriteOnceWithFSType" 133 | 134 | # (Optional) policy for modifying a volume's ownership or permissions when the CephFS PVC is being mounted. 135 | # supported values are documented at https://kubernetes-csi.github.io/docs/support-fsgroup.html 136 | CSI_CEPHFS_FSGROUPPOLICY: "ReadWriteOnceWithFSType" 137 | 138 | # (Optional) Allow starting unsupported ceph-csi image 139 | ROOK_CSI_ALLOW_UNSUPPORTED_VERSION: "false" 140 | # The default version of CSI supported by Rook will be started. To change the version 141 | # of the CSI driver to something other than what is officially supported, change 142 | # these images to the desired release of the CSI driver. 143 | # ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.2.0" 144 | # ROOK_CSI_REGISTRAR_IMAGE: "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.0.1" 145 | # ROOK_CSI_RESIZER_IMAGE: "k8s.gcr.io/sig-storage/csi-resizer:v1.0.0" 146 | # ROOK_CSI_PROVISIONER_IMAGE: "k8s.gcr.io/sig-storage/csi-provisioner:v2.0.0" 147 | # ROOK_CSI_SNAPSHOTTER_IMAGE: "k8s.gcr.io/sig-storage/csi-snapshotter:v3.0.0" 148 | # ROOK_CSI_ATTACHER_IMAGE: "k8s.gcr.io/sig-storage/csi-attacher:v3.0.0" 149 | 150 | # (Optional) set user created priorityclassName for csi plugin pods. 151 | # CSI_PLUGIN_PRIORITY_CLASSNAME: "system-node-critical" 152 | 153 | # (Optional) set user created priorityclassName for csi provisioner pods. 154 | # CSI_PROVISIONER_PRIORITY_CLASSNAME: "system-cluster-critical" 155 | 156 | # CSI CephFS plugin daemonset update strategy, supported values are OnDelete and RollingUpdate. 157 | # Default value is RollingUpdate. 158 | # CSI_CEPHFS_PLUGIN_UPDATE_STRATEGY: "OnDelete" 159 | # CSI RBD plugin daemonset update strategy, supported values are OnDelete and RollingUpdate. 160 | # Default value is RollingUpdate. 161 | # CSI_RBD_PLUGIN_UPDATE_STRATEGY: "OnDelete" 162 | 163 | # kubelet directory path, if kubelet configured to use other than /var/lib/kubelet path. 164 | # ROOK_CSI_KUBELET_DIR_PATH: "/var/lib/kubelet" 165 | 166 | # Labels to add to the CSI CephFS Deployments and DaemonSets Pods. 167 | # ROOK_CSI_CEPHFS_POD_LABELS: "key1=value1,key2=value2" 168 | # Labels to add to the CSI RBD Deployments and DaemonSets Pods. 169 | # ROOK_CSI_RBD_POD_LABELS: "key1=value1,key2=value2" 170 | 171 | # (Optional) Ceph Provisioner NodeAffinity. 172 | # CSI_PROVISIONER_NODE_AFFINITY: "role=storage-node; storage=rook, ceph" 173 | # (Optional) CEPH CSI provisioner tolerations list. Put here list of taints you want to tolerate in YAML format. 174 | # CSI provisioner would be best to start on the same nodes as other ceph daemons. 175 | # CSI_PROVISIONER_TOLERATIONS: | 176 | # - effect: NoSchedule 177 | # key: node-role.kubernetes.io/controlplane 178 | # operator: Exists 179 | # - effect: NoExecute 180 | # key: node-role.kubernetes.io/etcd 181 | # operator: Exists 182 | # (Optional) Ceph CSI plugin NodeAffinity. 183 | # CSI_PLUGIN_NODE_AFFINITY: "role=storage-node; storage=rook, ceph" 184 | # (Optional) CEPH CSI plugin tolerations list. Put here list of taints you want to tolerate in YAML format. 185 | # CSI plugins need to be started on all the nodes where the clients need to mount the storage. 186 | # CSI_PLUGIN_TOLERATIONS: | 187 | # - effect: NoSchedule 188 | # key: node-role.kubernetes.io/controlplane 189 | # operator: Exists 190 | # - effect: NoExecute 191 | # key: node-role.kubernetes.io/etcd 192 | # operator: Exists 193 | 194 | # (Optional) CEPH CSI RBD provisioner resource requirement list, Put here list of resource 195 | # requests and limits you want to apply for provisioner pod 196 | # CSI_RBD_PROVISIONER_RESOURCE: | 197 | # - name : csi-provisioner 198 | # resource: 199 | # requests: 200 | # memory: 128Mi 201 | # cpu: 100m 202 | # limits: 203 | # memory: 256Mi 204 | # cpu: 200m 205 | # - name : csi-resizer 206 | # resource: 207 | # requests: 208 | # memory: 128Mi 209 | # cpu: 100m 210 | # limits: 211 | # memory: 256Mi 212 | # cpu: 200m 213 | # - name : csi-attacher 214 | # resource: 215 | # requests: 216 | # memory: 128Mi 217 | # cpu: 100m 218 | # limits: 219 | # memory: 256Mi 220 | # cpu: 200m 221 | # - name : csi-snapshotter 222 | # resource: 223 | # requests: 224 | # memory: 128Mi 225 | # cpu: 100m 226 | # limits: 227 | # memory: 256Mi 228 | # cpu: 200m 229 | # - name : csi-rbdplugin 230 | # resource: 231 | # requests: 232 | # memory: 512Mi 233 | # cpu: 250m 234 | # limits: 235 | # memory: 1Gi 236 | # cpu: 500m 237 | # - name : liveness-prometheus 238 | # resource: 239 | # requests: 240 | # memory: 128Mi 241 | # cpu: 50m 242 | # limits: 243 | # memory: 256Mi 244 | # cpu: 100m 245 | # (Optional) CEPH CSI RBD plugin resource requirement list, Put here list of resource 246 | # requests and limits you want to apply for plugin pod 247 | # CSI_RBD_PLUGIN_RESOURCE: | 248 | # - name : driver-registrar 249 | # resource: 250 | # requests: 251 | # memory: 128Mi 252 | # cpu: 50m 253 | # limits: 254 | # memory: 256Mi 255 | # cpu: 100m 256 | # - name : csi-rbdplugin 257 | # resource: 258 | # requests: 259 | # memory: 512Mi 260 | # cpu: 250m 261 | # limits: 262 | # memory: 1Gi 263 | # cpu: 500m 264 | # - name : liveness-prometheus 265 | # resource: 266 | # requests: 267 | # memory: 128Mi 268 | # cpu: 50m 269 | # limits: 270 | # memory: 256Mi 271 | # cpu: 100m 272 | # (Optional) CEPH CSI CephFS provisioner resource requirement list, Put here list of resource 273 | # requests and limits you want to apply for provisioner pod 274 | # CSI_CEPHFS_PROVISIONER_RESOURCE: | 275 | # - name : csi-provisioner 276 | # resource: 277 | # requests: 278 | # memory: 128Mi 279 | # cpu: 100m 280 | # limits: 281 | # memory: 256Mi 282 | # cpu: 200m 283 | # - name : csi-resizer 284 | # resource: 285 | # requests: 286 | # memory: 128Mi 287 | # cpu: 100m 288 | # limits: 289 | # memory: 256Mi 290 | # cpu: 200m 291 | # - name : csi-attacher 292 | # resource: 293 | # requests: 294 | # memory: 128Mi 295 | # cpu: 100m 296 | # limits: 297 | # memory: 256Mi 298 | # cpu: 200m 299 | # - name : csi-cephfsplugin 300 | # resource: 301 | # requests: 302 | # memory: 512Mi 303 | # cpu: 250m 304 | # limits: 305 | # memory: 1Gi 306 | # cpu: 500m 307 | # - name : liveness-prometheus 308 | # resource: 309 | # requests: 310 | # memory: 128Mi 311 | # cpu: 50m 312 | # limits: 313 | # memory: 256Mi 314 | # cpu: 100m 315 | # (Optional) CEPH CSI CephFS plugin resource requirement list, Put here list of resource 316 | # requests and limits you want to apply for plugin pod 317 | # CSI_CEPHFS_PLUGIN_RESOURCE: | 318 | # - name : driver-registrar 319 | # resource: 320 | # requests: 321 | # memory: 128Mi 322 | # cpu: 50m 323 | # limits: 324 | # memory: 256Mi 325 | # cpu: 100m 326 | # - name : csi-cephfsplugin 327 | # resource: 328 | # requests: 329 | # memory: 512Mi 330 | # cpu: 250m 331 | # limits: 332 | # memory: 1Gi 333 | # cpu: 500m 334 | # - name : liveness-prometheus 335 | # resource: 336 | # requests: 337 | # memory: 128Mi 338 | # cpu: 50m 339 | # limits: 340 | # memory: 256Mi 341 | # cpu: 100m 342 | 343 | # Configure CSI Ceph FS grpc and liveness metrics port 344 | # CSI_CEPHFS_GRPC_METRICS_PORT: "9091" 345 | # CSI_CEPHFS_LIVENESS_METRICS_PORT: "9081" 346 | # Configure CSI RBD grpc and liveness metrics port 347 | # CSI_RBD_GRPC_METRICS_PORT: "9090" 348 | # CSI_RBD_LIVENESS_METRICS_PORT: "9080" 349 | 350 | # Whether the OBC provisioner should watch on the operator namespace or not, if not the namespace of the cluster will be used 351 | ROOK_OBC_WATCH_OPERATOR_NAMESPACE: "true" 352 | 353 | # (Optional) Admission controller NodeAffinity. 354 | # ADMISSION_CONTROLLER_NODE_AFFINITY: "role=storage-node; storage=rook, ceph" 355 | # (Optional) Admission controller tolerations list. Put here list of taints you want to tolerate in YAML format. 356 | # Admission controller would be best to start on the same nodes as other ceph daemons. 357 | # ADMISSION_CONTROLLER_TOLERATIONS: | 358 | # - effect: NoSchedule 359 | # key: node-role.kubernetes.io/controlplane 360 | # operator: Exists 361 | # - effect: NoExecute 362 | # key: node-role.kubernetes.io/etcd 363 | # operator: Exists 364 | --- 365 | # The deployment for the rook operator 366 | # OLM: BEGIN OPERATOR DEPLOYMENT 367 | apiVersion: apps/v1 368 | kind: Deployment 369 | metadata: 370 | name: rook-ceph-operator 371 | namespace: rook-ceph # namespace:operator 372 | labels: 373 | operator: rook 374 | storage-backend: ceph 375 | spec: 376 | selector: 377 | matchLabels: 378 | app: rook-ceph-operator 379 | replicas: 1 380 | template: 381 | metadata: 382 | labels: 383 | app: rook-ceph-operator 384 | spec: 385 | serviceAccountName: rook-ceph-system 386 | containers: 387 | - name: rook-ceph-operator 388 | image: rook/ceph:v1.5.8 389 | args: ["ceph", "operator"] 390 | volumeMounts: 391 | - mountPath: /var/lib/rook 392 | name: rook-config 393 | - mountPath: /etc/ceph 394 | name: default-config-dir 395 | env: 396 | - name: ROOK_CURRENT_NAMESPACE_ONLY 397 | value: "false" 398 | # To disable RBAC, uncomment the following: 399 | # - name: RBAC_ENABLED 400 | # value: "false" 401 | # Rook Agent toleration. Will tolerate all taints with all keys. 402 | # Choose between NoSchedule, PreferNoSchedule and NoExecute: 403 | # - name: AGENT_TOLERATION 404 | # value: "NoSchedule" 405 | # (Optional) Rook Agent toleration key. Set this to the key of the taint you want to tolerate 406 | # - name: AGENT_TOLERATION_KEY 407 | # value: "" 408 | # (Optional) Rook Agent priority class name to set on the pod(s) 409 | # - name: AGENT_PRIORITY_CLASS_NAME 410 | # value: "" 411 | # (Optional) Rook Agent NodeAffinity. 412 | # - name: AGENT_NODE_AFFINITY 413 | # value: "role=storage-node; storage=rook,ceph" 414 | # (Optional) Rook Agent mount security mode. Can by `Any` or `Restricted`. 415 | # `Any` uses Ceph admin credentials by default/fallback. 416 | # For using `Restricted` you must have a Ceph secret in each namespace storage should be consumed from and 417 | # set `mountUser` to the Ceph user, `mountSecret` to the Kubernetes secret name. 418 | # to the namespace in which the `mountSecret` Kubernetes secret namespace. 419 | # - name: AGENT_MOUNT_SECURITY_MODE 420 | # value: "Any" 421 | # Set the path where the Rook agent can find the flex volumes 422 | - name: FLEXVOLUME_DIR_PATH 423 | value: "/etc/kubernetes/kubelet-plugins/volume/exec" 424 | # Set the path where kernel modules can be found 425 | # - name: LIB_MODULES_DIR_PATH 426 | # value: "" 427 | # Mount any extra directories into the agent container 428 | # - name: AGENT_MOUNTS 429 | # value: "somemount=/host/path:/container/path,someothermount=/host/path2:/container/path2" 430 | # Rook Discover toleration. Will tolerate all taints with all keys. 431 | # Choose between NoSchedule, PreferNoSchedule and NoExecute: 432 | # - name: DISCOVER_TOLERATION 433 | # value: "NoSchedule" 434 | # (Optional) Rook Discover toleration key. Set this to the key of the taint you want to tolerate 435 | # - name: DISCOVER_TOLERATION_KEY 436 | # value: "" 437 | # (Optional) Rook Discover priority class name to set on the pod(s) 438 | # - name: DISCOVER_PRIORITY_CLASS_NAME 439 | # value: "" 440 | # (Optional) Discover Agent NodeAffinity. 441 | # - name: DISCOVER_AGENT_NODE_AFFINITY 442 | # value: "role=storage-node; storage=rook, ceph" 443 | # (Optional) Discover Agent Pod Labels. 444 | # - name: DISCOVER_AGENT_POD_LABELS 445 | # value: "key1=value1,key2=value2" 446 | # Allow rook to create multiple file systems. Note: This is considered 447 | # an experimental feature in Ceph as described at 448 | # http://docs.ceph.com/docs/master/cephfs/experimental-features/#multiple-filesystems-within-a-ceph-cluster 449 | # which might cause mons to crash as seen in https://github.com/rook/rook/issues/1027 450 | - name: ROOK_ALLOW_MULTIPLE_FILESYSTEMS 451 | value: "false" 452 | # The logging level for the operator: INFO | DEBUG 453 | - name: ROOK_LOG_LEVEL 454 | value: "INFO" 455 | # The duration between discovering devices in the rook-discover daemonset. 456 | - name: ROOK_DISCOVER_DEVICES_INTERVAL 457 | value: "60m" 458 | # Whether to start pods as privileged that mount a host path, which includes the Ceph mon and osd pods. 459 | # Set this to true if SELinux is enabled (e.g. OpenShift) to workaround the anyuid issues. 460 | # For more details see https://github.com/rook/rook/issues/1314#issuecomment-355799641 461 | - name: ROOK_HOSTPATH_REQUIRES_PRIVILEGED 462 | value: "true" 463 | # In some situations SELinux relabelling breaks (times out) on large filesystems, and doesn't work with cephfs ReadWriteMany volumes (last relabel wins). 464 | # Disable it here if you have similar issues. 465 | # For more details see https://github.com/rook/rook/issues/2417 466 | - name: ROOK_ENABLE_SELINUX_RELABELING 467 | value: "true" 468 | # In large volumes it will take some time to chown all the files. Disable it here if you have performance issues. 469 | # For more details see https://github.com/rook/rook/issues/2254 470 | - name: ROOK_ENABLE_FSGROUP 471 | value: "true" 472 | # Disable automatic orchestration when new devices are discovered 473 | - name: ROOK_DISABLE_DEVICE_HOTPLUG 474 | value: "false" 475 | # Provide customised regex as the values using comma. For eg. regex for rbd based volume, value will be like "(?i)rbd[0-9]+". 476 | # In case of more than one regex, use comma to separate between them. 477 | # Default regex will be "(?i)dm-[0-9]+,(?i)rbd[0-9]+,(?i)nbd[0-9]+" 478 | # add regex expression after putting a comma to blacklist a disk 479 | # If value is empty, the default regex will be used. 480 | - name: DISCOVER_DAEMON_UDEV_BLACKLIST 481 | value: "(?i)dm-[0-9]+,(?i)rbd[0-9]+,(?i)nbd[0-9]+" 482 | 483 | # Whether to enable the flex driver. By default it is enabled and is fully supported, but will be deprecated in some future release 484 | # in favor of the CSI driver. 485 | - name: ROOK_ENABLE_FLEX_DRIVER 486 | value: "false" 487 | 488 | # Whether to start the discovery daemon to watch for raw storage devices on nodes in the cluster. 489 | # This daemon does not need to run if you are only going to create your OSDs based on StorageClassDeviceSets with PVCs. 490 | - name: ROOK_ENABLE_DISCOVERY_DAEMON 491 | value: "false" 492 | 493 | # Whether to start machineDisruptionBudget and machineLabel controller to watch for the osd pods and MDBs. 494 | - name: ROOK_ENABLE_MACHINE_DISRUPTION_BUDGET 495 | value: "false" 496 | 497 | # Time to wait until the node controller will move Rook pods to other 498 | # nodes after detecting an unreachable node. 499 | # Pods affected by this setting are: 500 | # mgr, rbd, mds, rgw, nfs, PVC based mons and osds, and ceph toolbox 501 | # The value used in this variable replaces the default value of 300 secs 502 | # added automatically by k8s as Toleration for 503 | # 504 | # The total amount of time to reschedule Rook pods in healthy nodes 505 | # before detecting a condition will be the sum of: 506 | # --> node-monitor-grace-period: 40 seconds (k8s kube-controller-manager flag) 507 | # --> ROOK_UNREACHABLE_NODE_TOLERATION_SECONDS: 5 seconds 508 | - name: ROOK_UNREACHABLE_NODE_TOLERATION_SECONDS 509 | value: "5" 510 | 511 | # The name of the node to pass with the downward API 512 | - name: NODE_NAME 513 | valueFrom: 514 | fieldRef: 515 | fieldPath: spec.nodeName 516 | # The pod name to pass with the downward API 517 | - name: POD_NAME 518 | valueFrom: 519 | fieldRef: 520 | fieldPath: metadata.name 521 | # The pod namespace to pass with the downward API 522 | - name: POD_NAMESPACE 523 | valueFrom: 524 | fieldRef: 525 | fieldPath: metadata.namespace 526 | 527 | # Uncomment it to run lib bucket provisioner in multithreaded mode 528 | #- name: LIB_BUCKET_PROVISIONER_THREADS 529 | # value: "5" 530 | 531 | volumes: 532 | - name: rook-config 533 | emptyDir: {} 534 | - name: default-config-dir 535 | emptyDir: {} 536 | # OLM: END OPERATOR DEPLOYMENT 537 | -------------------------------------------------------------------------------- /config/ceph/templates/storageclass-test.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: ceph.rook.io/v1 2 | kind: CephBlockPool 3 | metadata: 4 | name: replicapool 5 | namespace: rook-ceph # namespace:cluster 6 | spec: 7 | failureDomain: host 8 | replicated: 9 | size: 1 10 | # Disallow setting pool with replica 1, this could lead to data loss without recovery. 11 | # Make sure you're *ABSOLUTELY CERTAIN* that is what you want 12 | requireSafeReplicaSize: false 13 | # gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity of a given pool 14 | # for more info: https://docs.ceph.com/docs/master/rados/operations/placement-groups/#specifying-expected-pool-size 15 | #targetSizeRatio: .5 16 | --- 17 | apiVersion: storage.k8s.io/v1 18 | kind: StorageClass 19 | metadata: 20 | name: rook-ceph-block 21 | annotations: 22 | argocd.argoproj.io/sync-wave: "1000" 23 | # Change "rook-ceph" provisioner prefix to match the operator namespace if needed 24 | provisioner: rook-ceph.rbd.csi.ceph.com # driver:namespace:operator 25 | parameters: 26 | # clusterID is the namespace where the rook cluster is running 27 | # If you change this namespace, also change the namespace below where the secret namespaces are defined 28 | clusterID: rook-ceph # namespace:cluster 29 | 30 | # If you want to use erasure coded pool with RBD, you need to create 31 | # two pools. one erasure coded and one replicated. 32 | # You need to specify the replicated pool here in the `pool` parameter, it is 33 | # used for the metadata of the images. 34 | # The erasure coded pool must be set as the `dataPool` parameter below. 35 | #dataPool: ec-data-pool 36 | pool: replicapool 37 | 38 | # RBD image format. Defaults to "2". 39 | imageFormat: "2" 40 | 41 | # RBD image features. Available for imageFormat: "2". CSI RBD currently supports only `layering` feature. 42 | imageFeatures: layering 43 | 44 | # The secrets contain Ceph admin credentials. These are generated automatically by the operator 45 | # in the same namespace as the cluster. 46 | csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner 47 | csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph # namespace:cluster 48 | csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner 49 | csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph # namespace:cluster 50 | csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node 51 | csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph # namespace:cluster 52 | # Specify the filesystem type of the volume. If not specified, csi-provisioner 53 | # will set default as `ext4`. 54 | csi.storage.k8s.io/fstype: ext4 55 | # uncomment the following to use rbd-nbd as mounter on supported nodes 56 | #mounter: rbd-nbd 57 | allowVolumeExpansion: true 58 | reclaimPolicy: Delete 59 | -------------------------------------------------------------------------------- /config/ceph/templates/storageclass.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: StorageClass 3 | metadata: 4 | name: rook-cephfs 5 | annotations: 6 | storageclass.kubernetes.io/is-default-class: "true" 7 | argocd.argoproj.io/sync-wave: "1000" 8 | provisioner: rook-ceph.cephfs.csi.ceph.com # driver:namespace:operator 9 | parameters: 10 | # clusterID is the namespace where operator is deployed. 11 | clusterID: rook-ceph # namespace:cluster 12 | 13 | # CephFS filesystem name into which the volume shall be created 14 | fsName: myfs 15 | 16 | # Ceph pool into which the volume shall be created 17 | # Required for provisionVolume: "true" 18 | pool: myfs-data0 19 | 20 | # The secrets contain Ceph admin credentials. These are generated automatically by the operator 21 | # in the same namespace as the cluster. 22 | csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner 23 | csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph # namespace:cluster 24 | csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner 25 | csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph # namespace:cluster 26 | csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node 27 | csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph # namespace:cluster 28 | 29 | # (optional) The driver can use either ceph-fuse (fuse) or ceph kernel client (kernel) 30 | # If omitted, default volume mounter will be used - this is determined by probing for ceph-fuse 31 | # or by setting the default mounter explicitly via --volumemounter command-line argument. 32 | # mounter: kernel 33 | reclaimPolicy: Delete 34 | allowVolumeExpansion: true 35 | mountOptions: 36 | # uncomment the following line for debugging 37 | #- debug 38 | -------------------------------------------------------------------------------- /config/ceph/values.yaml: -------------------------------------------------------------------------------- 1 | # ----------------------------------------------------------------------------- 2 | # Ceph rook parameters 3 | # ----------------------------------------------------------------------------- 4 | -------------------------------------------------------------------------------- /config/clusters/fyre/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | name: fyre-clusters 4 | description: Sample chart for cluster provisioning on Fyre 5 | 6 | # A chart can be either an 'application' or a 'library' chart. 7 | # 8 | # Application charts are a collection of templates that can be packaged into versioned archives 9 | # to be deployed. 10 | # 11 | # Library charts provide useful utilities or functions for the chart developer. They're included as 12 | # a dependency of application charts to inject those utilities and functions into the rendering 13 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 14 | type: application 15 | 16 | # This is the chart version. This version number should be incremented each time you make changes 17 | # to the chart and its templates, including the app version. 18 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 19 | version: 0.0.1 20 | 21 | # This is the version number of the application being deployed. This version number should be 22 | # incremented each time you make changes to the application. Versions are not expected to 23 | # follow Semantic Versioning. They should reflect the version the application is using. 24 | appVersion: "0.0.1" 25 | -------------------------------------------------------------------------------- /config/clusters/fyre/templates/ocp-plus.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.provider.fyre.quotaType "ocp-plus" }} 2 | apiVersion: clusters.ibm.com/v1alpha1 3 | kind: OpenShiftFyre 4 | metadata: 5 | name: {{ .Values.provider.fyre.credentials.user }}-ocp-plus 6 | namespace: {{ default "default" .Release.Namespace }} 7 | spec: 8 | # Add fields here 9 | argocd: 10 | namespace: {{ .Values.argocd.namespace }} 11 | providerSecretRef: fyre-{{ .Values.provider.fyre.credentials.user }}-secret 12 | quotaType: "ocp_plus" 13 | site: {{ .Values.provider.fyre.site }} 14 | ocpVersion: {{ .Values.provider.fyre.ocpVersion }} 15 | platform: "x" 16 | {{- if eq .Values.provider.fyre.workerFlavor "extra-large" }} 17 | worker: 18 | count: "6" 19 | cpu: "16" 20 | memory: "32" 21 | additionalDisk: 22 | - "100" 23 | {{- else }} 24 | worker: 25 | count: "3" 26 | cpu: "16" 27 | memory: "32" 28 | additionalDisk: 29 | - "100" 30 | {{- end }} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /config/clusters/fyre/templates/qb-large.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.provider.fyre.quotaType "quick-burn" }} 2 | apiVersion: clusters.ibm.com/v1alpha1 3 | kind: OpenShiftFyre 4 | metadata: 5 | name: {{ .Values.provider.fyre.credentials.user }}-qb-large 6 | namespace: {{ default "default" .Release.Namespace }} 7 | spec: 8 | # Add fields here 9 | providerSecretRef: fyre-{{ .Values.provider.fyre.credentials.user }}-secret 10 | ocpVersion: {{ .Values.provider.fyre.ocpVersion }} 11 | size: "large" 12 | argocd: 13 | namespace: {{ .Values.argocd.namespace }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /config/clusters/fyre/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | {{- $productGroupId := toString .Values.provider.fyre.credentials.productGroupId -}} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: fyre-{{ .Values.provider.fyre.credentials.user }}-secret 7 | namespace: {{ default "default" .Release.Namespace }} 8 | data: 9 | username: "{{ b64enc .Values.provider.fyre.credentials.user }}" 10 | password: "{{ b64enc .Values.provider.fyre.credentials.token }}" 11 | product_group_id: "{{ b64enc $productGroupId }}" 12 | type: Opaque 13 | -------------------------------------------------------------------------------- /config/clusters/fyre/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | provider: 3 | fyre: 4 | quotaType: quick-burn 5 | site: "svl" 6 | ocpVersion: "4.8.27" 7 | workerFlavor: extra-large 8 | credentials: 9 | user: REPLACE_IT 10 | token: REPLACE_IT 11 | productGroupId: REPLACE_IT 12 | 13 | argocd: 14 | namespace: openshift-gitops 15 | -------------------------------------------------------------------------------- /config/cp-shared/operators/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v2 3 | name: cp-shared-operators 4 | description: Shared resources for Cloud Pak operators 5 | 6 | # A chart can be either an 'application' or a 'library' chart. 7 | # 8 | # Application charts are a collection of templates that can be packaged into versioned archives 9 | # to be deployed. 10 | # 11 | # Library charts provide useful utilities or functions for the chart developer. They're included as 12 | # a dependency of application charts to inject those utilities and functions into the rendering 13 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 14 | type: application 15 | 16 | # This is the chart version. This version number should be incremented each time you make changes 17 | # to the chart and its templates, including the app version. 18 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 19 | version: 3.6.0 20 | 21 | # This is the version number of the application being deployed. This version number should be 22 | # incremented each time you make changes to the application. Versions are not expected to 23 | # follow Semantic Versioning. They should reflect the version the application is using. 24 | appVersion: "3.6" 25 | 26 | -------------------------------------------------------------------------------- /config/cp-shared/operators/templates/060-catalogsource.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: CatalogSource 3 | metadata: 4 | name: {{.Values.spec.catalogName}} 5 | namespace: {{.Values.spec.catalogNamespace}} 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "60" 8 | spec: 9 | displayName: "IBM Operator Catalog" 10 | publisher: IBM 11 | sourceType: grpc 12 | image: {{.Values.spec.imageCatalog}} 13 | updateStrategy: 14 | registryPoll: 15 | interval: 45m -------------------------------------------------------------------------------- /config/cp-shared/operators/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | spec: 3 | imageCatalog: icr.io/cpopen/ibm-operator-catalog:latest 4 | catalogNamespace: openshift-marketplace 5 | catalogName: ibm-operator-catalog 6 | -------------------------------------------------------------------------------- /config/cp4waiops-custom/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | name: cp4waiops-custom 4 | description: The CP4WAIOps Customized Instance 5 | 6 | # A chart can be either an 'application' or a 'library' chart. 7 | # 8 | # Application charts are a collection of templates that can be packaged into versioned archives 9 | # to be deployed. 10 | # 11 | # Library charts provide useful utilities or functions for the chart developer. They're included as 12 | # a dependency of application charts to inject those utilities and functions into the rendering 13 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 14 | type: application 15 | 16 | # This is the chart version. This version number should be incremented each time you make changes 17 | # to the chart and its templates, including the app version. 18 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 19 | version: 0.0.1 20 | 21 | # This is the version number of the application being deployed. This version number should be 22 | # incremented each time you make changes to the application. Versions are not expected to 23 | # follow Semantic Versioning. They should reflect the version the application is using. 24 | appVersion: "0.0.1" 25 | -------------------------------------------------------------------------------- /config/cp4waiops-custom/templates/image-pull-secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: redhatcop.redhat.io/v1alpha1 2 | kind: ResourceLocker 3 | metadata: 4 | name: image-pull-secrets 5 | namespace: resource-locker-operator 6 | spec: 7 | patches: 8 | - id: aiopsanalyticsorchestrator-locker 9 | patchTemplate: | 10 | spec: 11 | pullSecrets: 12 | - ibm-entitlement-key 13 | patchType: application/merge-patch+json 14 | targetObjectRef: 15 | apiVersion: ai.ir.aiops.ibm.com/v1beta1 16 | kind: AIOpsAnalyticsOrchestrator 17 | name: aiops 18 | namespace: {{.Values.aiManager.namespace}} 19 | - id: aiops-topology-service-account-locker 20 | patchTemplate: | 21 | imagePullSecrets: 22 | - name: ibm-entitlement-key 23 | metadata: 24 | labels: 25 | managedByUser: "true" 26 | patchType: application/strategic-merge-patch+json 27 | targetObjectRef: 28 | apiVersion: v1 29 | kind: ServiceAccount 30 | name: aiops-topology-service-account 31 | namespace: {{.Values.aiManager.namespace}} 32 | serviceAccountRef: 33 | name: resource-locker-operator-controller-manager 34 | -------------------------------------------------------------------------------- /config/cp4waiops-custom/templates/resource-locker-rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ClusterRoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: resource-locker-operator 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "-1" 8 | subjects: 9 | - kind: ServiceAccount 10 | name: resource-locker-operator-controller-manager 11 | namespace: resource-locker-operator 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: cluster-admin 16 | -------------------------------------------------------------------------------- /config/cp4waiops-custom/templates/x-small-idle.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.profile "x-small-idle" }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | annotations: 6 | argocd.argoproj.io/sync-wave: "-1" 7 | name: aiops-custom-size-profile 8 | namespace: {{ .Values.aiManager.namespace }} 9 | data: 10 | profiles: | 11 | generatedFor: "NonHA" 12 | automationbase: 13 | kafka: 14 | replicas: 1 15 | config: 16 | default.replication.factor: 1 17 | min.insync.replicas: 1 18 | resources: 19 | limits: 20 | cpu: 500m 21 | memory: 1280Mi 22 | requests: 23 | cpu: 150m 24 | memory: 500Mi 25 | zookeeper: 26 | replicas: 1 27 | resources: 28 | limits: 29 | cpu: 1000m 30 | memory: 256Mi 31 | requests: 32 | cpu: 10m 33 | memory: 128Mi 34 | elasticsearch: 35 | env: 36 | - name: ES_JAVA_OPTS 37 | value: -Xms512M -Xmx512M 38 | replicas: 1 39 | resources: 40 | limits: 41 | cpu: 500m 42 | memory: 1536Mi 43 | requests: 44 | cpu: 100m 45 | memory: 768Mi 46 | tls-proxy: 47 | resources: 48 | limits: 49 | cpu: 500m 50 | memory: 200Mi 51 | requests: 52 | cpu: 10m 53 | memory: 100Mi 54 | cp4waiops-eventprocessor: 55 | flink: 56 | # Settings for the jobmanager statefulSet 57 | jobmanager: 58 | replicas: 1 59 | resources: 60 | limits: 61 | cpu: 1000m 62 | memory: 1Gi 63 | requests: 64 | cpu: 100m 65 | memory: 1Gi 66 | # Settings for the taskmanager statefulSet 67 | taskmanager: 68 | replicas: 1 69 | resources: 70 | limits: 71 | cpu: 1600m 72 | memory: 5888Mi 73 | requests: 74 | cpu: 500m 75 | memory: 2048Mi 76 | properties: 77 | jobmanager.memory.heap.size: 512mb 78 | jobmanager.memory.jvm-metaspace.size: 128mb 79 | taskmanager.memory.heap.size: 4096mb 80 | taskmanager.memory.managed.size: 512mb 81 | taskmanager.numberOfTaskSlots: 8 82 | configmaps: 83 | - name: aiops-topology-sizing 84 | data: 85 | asm: | 86 | cassandra: 87 | specs: 88 | replicas: 1 89 | containers: 90 | cassandra: 91 | resources: 92 | limits: 93 | cpu: 600m 94 | memory: 1500Mi 95 | requests: 96 | cpu: 20m 97 | memory: 512Mi 98 | env: 99 | - name: CASSANDRA_HEAP_SIZE 100 | value: 600M 101 | - name: CASSANDRA_HEAP_NEWSIZE 102 | value: 150M 103 | operandconfigs: 104 | - name: aimanager-operator 105 | spec: 106 | aimanager: 107 | modelTrain: 108 | maxLearners: 1 109 | - name: ibm-management-kong 110 | spec: 111 | kong: 112 | replicaCount: 1 113 | - name: couchdb 114 | spec: 115 | couchdbcluster: 116 | size: 1 117 | resources: 118 | db: 119 | limits: 120 | cpu: 700m 121 | memory: 768Mi 122 | requests: 123 | cpu: 20m 124 | memory: 64Mi 125 | search: 126 | limits: 127 | cpu: 500m 128 | memory: 250Mi 129 | requests: 130 | cpu: 10m 131 | memory: 64Mi 132 | mgmt: 133 | limits: 134 | cpu: 500m 135 | memory: 128Mi 136 | requests: 137 | cpu: 10m 138 | memory: 64Mi 139 | - name: redis 140 | spec: 141 | redissentinel: 142 | resources: 143 | member: 144 | db: 145 | limits: 146 | cpu: 500m 147 | memory: 512Mi 148 | requests: 149 | cpu: 10m 150 | memory: 32Mi 151 | mgmt: 152 | limits: 153 | cpu: 500m 154 | memory: 150Mi 155 | requests: 156 | cpu: 30m 157 | memory: 64Mi 158 | proxy: 159 | limits: 160 | cpu: 500m 161 | memory: 150Mi 162 | requests: 163 | cpu: 10m 164 | memory: 32Mi 165 | proxylog: 166 | limits: 167 | cpu: 500m 168 | memory: 150Mi 169 | requests: 170 | cpu: 10m 171 | memory: 32Mi 172 | sentinel: 173 | db: 174 | limits: 175 | cpu: 500m 176 | memory: 512Mi 177 | requests: 178 | cpu: 10m 179 | memory: 32Mi 180 | mgmt: 181 | limits: 182 | cpu: 500m 183 | memory: 150Mi 184 | requests: 185 | cpu: 30m 186 | memory: 64Mi 187 | proxy: 188 | limits: 189 | cpu: 500m 190 | memory: 150Mi 191 | requests: 192 | cpu: 20m 193 | memory: 64Mi 194 | proxylog: 195 | limits: 196 | cpu: 500m 197 | memory: 150Mi 198 | requests: 199 | cpu: 10m 200 | memory: 32Mi 201 | - name: ir-lifecycle-operator 202 | spec: 203 | lifecycleservice: 204 | customSizing: 205 | logstash: 206 | resourceLimitsCPU: 625m 207 | resourceLimitsMemory: 1536Mi 208 | resourceRequestsCPU: 20m 209 | resourceRequestsMemory: 600Mi 210 | taskManager: 211 | resourceLimitsCPU: 500m 212 | resourceLimitsMemory: 1280Mi 213 | resourceRequestsCPU: 250m 214 | resourceRequestsMemory: 1280Mi 215 | jobManager: 216 | resourceLimitsCPU: 600m 217 | resourceLimitsMemory: 768Mi 218 | resourceRequestsCPU: 100m 219 | resourceRequestsMemory: 512Mi 220 | - name: ir-ai-operator 221 | spec: 222 | aiopsanalyticsorchestrator: 223 | customSizing: 224 | deployments: 225 | - name: probablecause 226 | replicas: 1 227 | containers: 228 | - name: probablecause 229 | limits: 230 | cpu: 1000m 231 | memory: 1Gi 232 | requests: 233 | cpu: 20m 234 | memory: 300Mi 235 | - name: classifier 236 | replicas: 1 237 | containers: 238 | - name: classifier 239 | limits: 240 | cpu: 1 241 | memory: 2048Mi 242 | requests: 243 | cpu: 10m 244 | memory: 64Mi 245 | 246 | - name: metric-action 247 | replicas: 1 248 | containers: 249 | - name: metric-action 250 | limits: 251 | cpu: 1000m 252 | memory: 1500Mi 253 | requests: 254 | cpu: 50m 255 | memory: 100Mi 256 | - name: metric-api 257 | replicas: 1 258 | containers: 259 | - name: metric-api 260 | limits: 261 | cpu: 1000m 262 | memory: 1500Mi 263 | requests: 264 | cpu: 50m 265 | memory: 100Mi 266 | - name: metric-spark 267 | replicas: 1 268 | containers: 269 | - name: metric-spark 270 | limits: 271 | cpu: 1000m 272 | memory: 1500Mi 273 | requests: 274 | cpu: 50m 275 | memory: 100Mi 276 | 277 | - name: spark-master 278 | replicas: 1 279 | containers: 280 | - name: spark-master 281 | limits: 282 | cpu: 600m 283 | memory: 488Mi 284 | requests: 285 | cpu: 50m 286 | memory: 128Mi 287 | 288 | - name: spark-worker 289 | replicas: 1 290 | containers: 291 | - name: spark-worker 292 | limits: 293 | cpu: 1 294 | memory: 1000Mi 295 | requests: 296 | cpu: 10m 297 | memory: 256Mi 298 | - name: spark-pipeline-composer 299 | replicas: 1 300 | containers: 301 | - name: spark-pipeline-composer 302 | limits: 303 | cpu: 250m 304 | memory: 896Mi 305 | requests: 306 | cpu: 20m 307 | memory: 128Mi 308 | - name: ir-core-operator 309 | spec: 310 | issueresolutioncore: 311 | customSizing: 312 | deployments: 313 | - name: ncodl-api 314 | replicas: 1 315 | containers: 316 | - name: api 317 | limits: 318 | cpu: 500m 319 | memory: 1024Mi 320 | requests: 321 | cpu: 60m 322 | memory: 128Mi 323 | - name: ncodl-if 324 | replicas: 1 325 | containers: 326 | - name: iducforward 327 | limits: 328 | cpu: 500m 329 | memory: 1024Mi 330 | requests: 331 | cpu: 10m 332 | memory: 128Mi 333 | - name: ncodl-ir 334 | replicas: 1 335 | containers: 336 | - name: iducrelay 337 | limits: 338 | cpu: 500m 339 | memory: 1024Mi 340 | requests: 341 | cpu: 10m 342 | memory: 128Mi 343 | - name: ncodl-jobmgr 344 | replicas: 1 345 | containers: 346 | - name: jobmgr 347 | limits: 348 | cpu: 500m 349 | memory: 1024Mi 350 | requests: 351 | cpu: 10m 352 | memory: 128Mi 353 | - name: ncodl-std 354 | replicas: 1 355 | containers: 356 | - name: standard 357 | limits: 358 | cpu: 500m 359 | memory: 1024Mi 360 | requests: 361 | cpu: 20m 362 | memory: 128Mi 363 | - name: logstash 364 | replicas: 1 365 | containers: 366 | - name: logstash 367 | limits: 368 | cpu: 1000m 369 | memory: 1792Mi 370 | requests: 371 | cpu: 20m 372 | memory: 512Mi 373 | statefulSets: 374 | - name: ncobackup 375 | replicas: 1 376 | containers: 377 | - name: agg-gate 378 | limits: 379 | cpu: 500m 380 | memory: 512Mi 381 | requests: 382 | cpu: 10m 383 | memory: 64Mi 384 | - name: objserv 385 | limits: 386 | cpu: 500m 387 | memory: 1024Mi 388 | requests: 389 | cpu: 10m 390 | memory: 64Mi 391 | - name: ncoprimary 392 | replicas: 1 393 | containers: 394 | - name: objserv 395 | limits: 396 | cpu: 500m 397 | memory: 1024Mi 398 | requests: 399 | cpu: 10m 400 | memory: 50Mi 401 | --- 402 | apiVersion: redhatcop.redhat.io/v1alpha1 403 | kind: ResourceLocker 404 | metadata: 405 | name: aimanager-resource-locker 406 | namespace: resource-locker-operator 407 | spec: 408 | patches: 409 | - id: aimanagermainprod-locker 410 | patchTemplate: | 411 | spec: 412 | helmValues: 413 | changeRisk: 414 | resources: 415 | limits: 416 | cpu: 750m 417 | memory: 1400Mi 418 | requests: 419 | cpu: 50m 420 | memory: 500Mi 421 | logAnomaly: 422 | resources: 423 | limits: 424 | cpu: 500m 425 | memory: 2048Mi 426 | requests: 427 | cpu: 250m 428 | memory: 128Mi 429 | aiPlatformApiServer: 430 | resources: 431 | limits: 432 | cpu: 200m 433 | memory: 2Gi 434 | requests: 435 | cpu: 10m 436 | memory: 50Mi 437 | controller: 438 | resources: 439 | limits: 440 | cpu: 1000m 441 | memory: 1Gi 442 | requests: 443 | cpu: 50m 444 | memory: 100Mi 445 | 446 | similarIncidents: 447 | resources: 448 | limits: 449 | memory: 2Gi 450 | cpu: 800m 451 | requests: 452 | cpu: 40m 453 | memory: 256Mi 454 | chatopsSlackIntegrator: 455 | resources: 456 | limits: 457 | cpu: 300m 458 | memory: 512Mi 459 | requests: 460 | cpu: 20m 461 | memory: 128Mi 462 | chatopsTeamsIntegrator: 463 | resources: 464 | limits: 465 | cpu: 300m 466 | memory: 512Mi 467 | requests: 468 | cpu: 20m 469 | memory: 128Mi 470 | chatopsOrchestrator: 471 | resources: 472 | limits: 473 | cpu: 200m 474 | memory: 1Gi 475 | requests: 476 | cpu: 20m 477 | memory: 88Mi 478 | 479 | global: 480 | logAnomaly: 481 | replicas: 1 482 | patchType: application/merge-patch+json 483 | targetObjectRef: 484 | apiVersion: ai-manager.watson-aiops.ibm.com/v1beta1 485 | kind: AIManagerMainProd 486 | name: aimanager 487 | namespace: cp4waiops 488 | serviceAccountRef: 489 | name: resource-locker-operator-controller-manager 490 | --- 491 | apiVersion: redhatcop.redhat.io/v1alpha1 492 | kind: ResourceLocker 493 | metadata: 494 | name: iaf-resource-locker 495 | namespace: resource-locker-operator 496 | spec: 497 | patches: 498 | - id: nginx-locker 499 | patchTemplate: | 500 | spec: 501 | replicas: 1 502 | patchType: application/strategic-merge-patch+json 503 | targetObjectRef: 504 | apiVersion: apps/v1 505 | kind: Deployment 506 | name: ibm-nginx 507 | namespace: cp4waiops 508 | - id: usermgmt-locker 509 | patchTemplate: | 510 | spec: 511 | replicas: 1 512 | patchType: application/strategic-merge-patch+json 513 | targetObjectRef: 514 | apiVersion: apps/v1 515 | kind: Deployment 516 | name: usermgmt 517 | namespace: cp4waiops 518 | - id: zen-core-locker 519 | patchTemplate: | 520 | spec: 521 | replicas: 1 522 | patchType: application/strategic-merge-patch+json 523 | targetObjectRef: 524 | apiVersion: apps/v1 525 | kind: Deployment 526 | name: zen-core 527 | namespace: cp4waiops 528 | - id: zen-core-api-locker 529 | patchTemplate: | 530 | spec: 531 | replicas: 1 532 | patchType: application/strategic-merge-patch+json 533 | targetObjectRef: 534 | apiVersion: apps/v1 535 | kind: Deployment 536 | name: zen-core-api 537 | namespace: cp4waiops 538 | - id: automationbase-locker 539 | patchTemplate: | 540 | spec: 541 | kafka: 542 | entityOperator: 543 | tlsSidecar: 544 | resources: 545 | limits: 546 | cpu: 500m 547 | memory: 128Mi 548 | requests: 549 | cpu: 10m 550 | memory: 16Mi 551 | topicOperator: 552 | resources: 553 | limits: 554 | cpu: 500m 555 | memory: 256Mi 556 | requests: 557 | cpu: 10m 558 | memory: 100Mi 559 | userOperator: 560 | resources: 561 | limits: 562 | cpu: 500m 563 | memory: 256Mi 564 | requests: 565 | cpu: 10m 566 | memory: 100Mi 567 | patchType: application/merge-patch+json 568 | targetObjectRef: 569 | apiVersion: base.automation.ibm.com/v1beta1 570 | kind: AutomationBase 571 | name: automationbase-sample 572 | namespace: cp4waiops 573 | serviceAccountRef: 574 | name: resource-locker-operator-controller-manager 575 | --- 576 | apiVersion: redhatcop.redhat.io/v1alpha1 577 | kind: ResourceLocker 578 | metadata: 579 | name: appmanager-resource-locker 580 | namespace: resource-locker-operator 581 | spec: 582 | patches: 583 | - id: aiopsedge-operator-controller-manager-locker 584 | patchTemplate: | 585 | spec: 586 | replicas: 1 587 | patchType: application/strategic-merge-patch+json 588 | targetObjectRef: 589 | apiVersion: apps/v1 590 | kind: Deployment 591 | name: aiopsedge-operator-controller-manager 592 | namespace: {{.Values.aiManager.namespace}} 593 | serviceAccountRef: 594 | name: resource-locker-operator-controller-manager 595 | 596 | {{- end }} 597 | -------------------------------------------------------------------------------- /config/cp4waiops-custom/templates/x-small.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.profile "x-small" }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | annotations: 6 | argocd.argoproj.io/sync-wave: "-1" 7 | name: aiops-custom-size-profile 8 | namespace: {{ .Values.aiManager.namespace }} 9 | data: 10 | profiles: | 11 | generatedFor: "NonHA" 12 | automationbase: 13 | kafka: 14 | replicas: 1 15 | config: 16 | default.replication.factor: 1 17 | min.insync.replicas: 1 18 | resources: 19 | limits: 20 | cpu: 500m 21 | memory: 1280Mi 22 | requests: 23 | cpu: 250m 24 | memory: 500Mi 25 | zookeeper: 26 | replicas: 1 27 | resources: 28 | limits: 29 | cpu: 1000m 30 | memory: 256Mi 31 | requests: 32 | cpu: 50m 33 | memory: 256Mi 34 | elasticsearch: 35 | env: 36 | - name: ES_JAVA_OPTS 37 | value: -Xms512M -Xmx512M 38 | replicas: 1 39 | resources: 40 | limits: 41 | cpu: 500m 42 | memory: 1536Mi 43 | requests: 44 | cpu: 250m 45 | memory: 1Gi 46 | tls-proxy: 47 | resources: 48 | limits: 49 | cpu: 500m 50 | memory: 200Mi 51 | requests: 52 | cpu: 100m 53 | memory: 100Mi 54 | cp4waiops-eventprocessor: 55 | flink: 56 | # Settings for the jobmanager statefulSet 57 | jobmanager: 58 | replicas: 1 59 | resources: 60 | limits: 61 | cpu: 1000m 62 | memory: 1Gi 63 | requests: 64 | cpu: 100m 65 | memory: 1Gi 66 | # Settings for the taskmanager statefulSet 67 | taskmanager: 68 | replicas: 1 69 | resources: 70 | limits: 71 | cpu: 1600m 72 | memory: 5888Mi 73 | requests: 74 | cpu: 500m 75 | memory: 2048Mi 76 | properties: 77 | jobmanager.memory.heap.size: 512mb 78 | jobmanager.memory.jvm-metaspace.size: 128mb 79 | taskmanager.memory.heap.size: 4gb 80 | taskmanager.memory.managed.size: 512mb 81 | taskmanager.numberOfTaskSlots: 8 82 | configmaps: 83 | - name: aiops-topology-sizing 84 | data: 85 | asm: | 86 | cassandra: 87 | specs: 88 | replicas: 1 89 | containers: 90 | cassandra: 91 | resources: 92 | limits: 93 | cpu: 600m 94 | memory: 1500Mi 95 | requests: 96 | cpu: 200m 97 | memory: 1500Mi 98 | env: 99 | - name: CASSANDRA_HEAP_SIZE 100 | value: 600M 101 | - name: CASSANDRA_HEAP_NEWSIZE 102 | value: 150M 103 | operandconfigs: 104 | - name: aimanager-operator 105 | spec: 106 | aimanager: 107 | modelTrain: 108 | maxLearners: 1 109 | - name: ibm-management-kong 110 | spec: 111 | kong: 112 | replicaCount: 1 113 | - name: couchdb 114 | spec: 115 | couchdbcluster: 116 | size: 1 117 | resources: 118 | db: 119 | limits: 120 | cpu: 700m 121 | memory: 768Mi 122 | requests: 123 | cpu: 250m 124 | memory: 768Mi 125 | search: 126 | limits: 127 | cpu: 500m 128 | memory: 250Mi 129 | requests: 130 | cpu: 250m 131 | memory: 250Mi 132 | mgmt: 133 | limits: 134 | cpu: 500m 135 | memory: 128Mi 136 | requests: 137 | cpu: 250m 138 | memory: 64Mi 139 | - name: redis 140 | spec: 141 | redissentinel: 142 | resources: 143 | member: 144 | db: 145 | limits: 146 | cpu: 500m 147 | memory: 512Mi 148 | requests: 149 | cpu: 60m 150 | memory: 256Mi 151 | mgmt: 152 | limits: 153 | cpu: 500m 154 | memory: 150Mi 155 | requests: 156 | cpu: 60m 157 | memory: 100Mi 158 | proxy: 159 | limits: 160 | cpu: 500m 161 | memory: 150Mi 162 | requests: 163 | cpu: 60m 164 | memory: 100Mi 165 | proxylog: 166 | limits: 167 | cpu: 500m 168 | memory: 150Mi 169 | requests: 170 | cpu: 60m 171 | memory: 100Mi 172 | sentinel: 173 | db: 174 | limits: 175 | cpu: 500m 176 | memory: 512Mi 177 | requests: 178 | cpu: 60m 179 | memory: 256Mi 180 | mgmt: 181 | limits: 182 | cpu: 500m 183 | memory: 150Mi 184 | requests: 185 | cpu: 60m 186 | memory: 100Mi 187 | proxy: 188 | limits: 189 | cpu: 500m 190 | memory: 150Mi 191 | requests: 192 | cpu: 60m 193 | memory: 100Mi 194 | proxylog: 195 | limits: 196 | cpu: 500m 197 | memory: 150Mi 198 | requests: 199 | cpu: 60m 200 | memory: 100Mi 201 | - name: ir-lifecycle-operator 202 | spec: 203 | lifecycleservice: 204 | customSizing: 205 | logstash: 206 | resourceLimitsCPU: 625m 207 | resourceLimitsMemory: 1536Mi 208 | resourceRequestsCPU: 250m 209 | resourceRequestsMemory: 600Mi 210 | taskManager: 211 | resourceLimitsCPU: 500m 212 | resourceLimitsMemory: 1280Mi 213 | resourceRequestsCPU: 250m 214 | resourceRequestsMemory: 1280Mi 215 | jobManager: 216 | resourceLimitsCPU: 600m 217 | resourceLimitsMemory: 768Mi 218 | resourceRequestsCPU: 100m 219 | resourceRequestsMemory: 512Mi 220 | - name: ir-ai-operator 221 | spec: 222 | aiopsanalyticsorchestrator: 223 | customSizing: 224 | deployments: 225 | - name: probablecause 226 | replicas: 1 227 | containers: 228 | - name: probablecause 229 | limits: 230 | cpu: 1000m 231 | memory: 1Gi 232 | requests: 233 | cpu: 400m 234 | memory: 750Mi 235 | - name: classifier 236 | replicas: 1 237 | containers: 238 | - name: classifier 239 | limits: 240 | cpu: 1 241 | memory: 2048Mi 242 | requests: 243 | cpu: 400m 244 | memory: 750Mi 245 | - name: spark-worker 246 | replicas: 1 247 | containers: 248 | - name: spark-worker 249 | limits: 250 | cpu: 1 251 | memory: 1000Mi 252 | requests: 253 | cpu: 350m 254 | memory: 1000Mi 255 | - name: spark-pipeline-composer 256 | replicas: 1 257 | containers: 258 | - name: spark-pipeline-composer 259 | limits: 260 | cpu: 250m 261 | memory: 896Mi 262 | requests: 263 | cpu: 250m 264 | memory: 600Mi 265 | - name: ir-core-operator 266 | spec: 267 | issueresolutioncore: 268 | customSizing: 269 | deployments: 270 | - name: ncodl-api 271 | replicas: 1 272 | containers: 273 | - name: api 274 | limits: 275 | cpu: 500m 276 | memory: 1024Mi 277 | requests: 278 | cpu: 100m 279 | memory: 512Mi 280 | - name: ncodl-if 281 | replicas: 1 282 | containers: 283 | - name: iducforward 284 | limits: 285 | cpu: 500m 286 | memory: 1024Mi 287 | requests: 288 | cpu: 100m 289 | memory: 512Mi 290 | - name: ncodl-ir 291 | replicas: 1 292 | containers: 293 | - name: iducrelay 294 | limits: 295 | cpu: 500m 296 | memory: 1024Mi 297 | requests: 298 | cpu: 50m 299 | memory: 512Mi 300 | - name: ncodl-jobmgr 301 | replicas: 1 302 | containers: 303 | - name: jobmgr 304 | limits: 305 | cpu: 500m 306 | memory: 1024Mi 307 | requests: 308 | cpu: 50m 309 | memory: 512Mi 310 | - name: ncodl-std 311 | replicas: 1 312 | containers: 313 | - name: standard 314 | limits: 315 | cpu: 500m 316 | memory: 1024Mi 317 | requests: 318 | cpu: 50m 319 | memory: 512Mi 320 | - name: logstash 321 | replicas: 1 322 | containers: 323 | - name: logstash 324 | limits: 325 | cpu: 1000m 326 | memory: 1792Mi 327 | requests: 328 | cpu: 100m 329 | memory: 700Mi 330 | statefulsets: 331 | - name: ncobackup 332 | replicas: 1 333 | containers: 334 | - name: agg-gate 335 | limits: 336 | cpu: 500m 337 | memory: 512Mi 338 | requests: 339 | cpu: 50m 340 | memory: 256Mi 341 | - name: objserv 342 | limits: 343 | cpu: 500m 344 | memory: 1024Mi 345 | requests: 346 | cpu: 100m 347 | memory: 512Mi 348 | - name: ncoprimary 349 | replicas: 1 350 | containers: 351 | - name: objserv 352 | limits: 353 | cpu: 500m 354 | memory: 1024Mi 355 | requests: 356 | cpu: 125m 357 | memory: 512Mi 358 | --- 359 | apiVersion: redhatcop.redhat.io/v1alpha1 360 | kind: ResourceLocker 361 | metadata: 362 | name: aimanager-resource-locker 363 | namespace: resource-locker-operator 364 | spec: 365 | patches: 366 | - id: aimanagermainprod-locker 367 | patchTemplate: | 368 | spec: 369 | helmValues: 370 | changeRisk: 371 | resources: 372 | limits: 373 | cpu: 750m 374 | memory: 1400Mi 375 | requests: 376 | cpu: 500m 377 | memory: 1000Mi 378 | logAnomaly: 379 | resources: 380 | limits: 381 | cpu: 500m 382 | memory: 2048Mi 383 | requests: 384 | cpu: 250m 385 | memory: 256Mi 386 | aiPlatformApiServer: 387 | resources: 388 | limits: 389 | cpu: 200m 390 | memory: 2Gi 391 | requests: 392 | cpu: 100m 393 | memory: 512Mi 394 | global: 395 | logAnomaly: 396 | replicas: 1 397 | patchType: application/merge-patch+json 398 | targetObjectRef: 399 | apiVersion: ai-manager.watson-aiops.ibm.com/v1beta1 400 | kind: AIManagerMainProd 401 | name: aimanager 402 | namespace: cp4waiops 403 | serviceAccountRef: 404 | name: resource-locker-operator-controller-manager 405 | --- 406 | apiVersion: redhatcop.redhat.io/v1alpha1 407 | kind: ResourceLocker 408 | metadata: 409 | name: iaf-resource-locker 410 | namespace: resource-locker-operator 411 | spec: 412 | patches: 413 | - id: nginx-locker 414 | patchTemplate: | 415 | spec: 416 | replicas: 1 417 | patchType: application/strategic-merge-patch+json 418 | targetObjectRef: 419 | apiVersion: apps/v1 420 | kind: Deployment 421 | name: ibm-nginx 422 | namespace: cp4waiops 423 | - id: usermgmt-locker 424 | patchTemplate: | 425 | spec: 426 | replicas: 1 427 | patchType: application/strategic-merge-patch+json 428 | targetObjectRef: 429 | apiVersion: apps/v1 430 | kind: Deployment 431 | name: usermgmt 432 | namespace: cp4waiops 433 | - id: zen-core-locker 434 | patchTemplate: | 435 | spec: 436 | replicas: 1 437 | patchType: application/strategic-merge-patch+json 438 | targetObjectRef: 439 | apiVersion: apps/v1 440 | kind: Deployment 441 | name: zen-core 442 | namespace: cp4waiops 443 | - id: zen-core-api-locker 444 | patchTemplate: | 445 | spec: 446 | replicas: 1 447 | patchType: application/strategic-merge-patch+json 448 | targetObjectRef: 449 | apiVersion: apps/v1 450 | kind: Deployment 451 | name: zen-core-api 452 | namespace: cp4waiops 453 | - id: automationbase-locker 454 | patchTemplate: | 455 | spec: 456 | kafka: 457 | entityOperator: 458 | tlsSidecar: 459 | resources: 460 | limits: 461 | cpu: 500m 462 | memory: 128Mi 463 | requests: 464 | cpu: 100m 465 | memory: 64Mi 466 | topicOperator: 467 | resources: 468 | limits: 469 | cpu: 500m 470 | memory: 256Mi 471 | requests: 472 | cpu: 100m 473 | memory: 256Mi 474 | userOperator: 475 | resources: 476 | limits: 477 | cpu: 500m 478 | memory: 256Mi 479 | requests: 480 | cpu: 100m 481 | memory: 256Mi 482 | patchType: application/merge-patch+json 483 | targetObjectRef: 484 | apiVersion: base.automation.ibm.com/v1beta1 485 | kind: AutomationBase 486 | name: automationbase-sample 487 | namespace: cp4waiops 488 | serviceAccountRef: 489 | name: resource-locker-operator-controller-manager 490 | --- 491 | apiVersion: redhatcop.redhat.io/v1alpha1 492 | kind: ResourceLocker 493 | metadata: 494 | name: appmanager-resource-locker 495 | namespace: resource-locker-operator 496 | spec: 497 | patches: 498 | - id: aiopsedge-operator-controller-manager-locker 499 | patchTemplate: | 500 | spec: 501 | replicas: 1 502 | patchType: application/strategic-merge-patch+json 503 | targetObjectRef: 504 | apiVersion: apps/v1 505 | kind: Deployment 506 | name: aiopsedge-operator-controller-manager 507 | namespace: {{.Values.aiManager.namespace}} 508 | serviceAccountRef: 509 | name: resource-locker-operator-controller-manager 510 | {{- end }} 511 | -------------------------------------------------------------------------------- /config/cp4waiops-custom/values.x-small-custom.yaml: -------------------------------------------------------------------------------- 1 | ################################### 2 | # Custom Profile 3 | ################################### 4 | 5 | res: 6 | cassandra: 7 | replicas: 1 8 | limits: 9 | cpu: 600m 10 | memory: 1500Mi 11 | requests: 12 | cpu: 200m 13 | memory: 1500Mi 14 | heap: 15 | size: 600M 16 | newSize: 150M 17 | 18 | couchdbcluster: 19 | db: 20 | limits: 21 | cpu: "700m" 22 | memory: "768Mi" 23 | requests: 24 | cpu: "250m" 25 | memory: "768Mi" 26 | search: 27 | limits: 28 | cpu: "500m" 29 | memory: "250Mi" 30 | requests: 31 | cpu: "250m" 32 | memory: "250Mi" 33 | mgmt: 34 | limits: 35 | cpu: "500m" 36 | memory: "128Mi" 37 | requests: 38 | cpu: "250m" 39 | memory: "64Mi" 40 | 41 | redis: 42 | member: 43 | db: 44 | limits: 45 | cpu: "500m" 46 | memory: 512Mi 47 | requests: 48 | cpu: "60m" 49 | memory: 256Mi 50 | mgmt: 51 | limits: 52 | cpu: "500m" 53 | memory: 150Mi 54 | requests: 55 | cpu: "60m" 56 | memory: 100Mi 57 | proxy: 58 | limits: 59 | cpu: "500m" 60 | memory: 150Mi 61 | requests: 62 | cpu: "60m" 63 | memory: 100Mi 64 | proxylog: 65 | limits: 66 | cpu: "500m" 67 | memory: 150Mi 68 | requests: 69 | cpu: "60m" 70 | memory: 100Mi 71 | sentinel: 72 | db: 73 | limits: 74 | cpu: "500m" 75 | memory: 512Mi 76 | requests: 77 | cpu: "60m" 78 | memory: 256Mi 79 | mgmt: 80 | limits: 81 | cpu: "500m" 82 | memory: 150Mi 83 | requests: 84 | cpu: "60m" 85 | memory: 100Mi 86 | proxy: 87 | limits: 88 | cpu: "500m" 89 | memory: 150Mi 90 | requests: 91 | cpu: "60m" 92 | memory: 100Mi 93 | proxylog: 94 | limits: 95 | cpu: "500m" 96 | memory: 150Mi 97 | requests: 98 | cpu: "60m" 99 | memory: 100Mi 100 | 101 | lifecycleservice: 102 | logstash: 103 | limits: 104 | cpu: 625m 105 | memory: 1536Mi 106 | requests: 107 | cpu: 250m 108 | memory: 600Mi 109 | taskManager: 110 | limits: 111 | cpu: 500m 112 | memory: 1280Mi 113 | requests: 114 | cpu: 250m 115 | memory: 1280Mi 116 | jobManager: 117 | limits: 118 | cpu: 600m 119 | memory: 768Mi 120 | requests: 121 | cpu: 100m 122 | memory: 512Mi 123 | 124 | probablecause: 125 | replicas: 1 126 | limits: 127 | cpu: 1000m 128 | memory: 1Gi 129 | requests: 130 | cpu: 400m 131 | memory: 750Mi 132 | classifier: 133 | replicas: 1 134 | limits: 135 | cpu: "1" 136 | memory: 2048Mi 137 | requests: 138 | cpu: 400m 139 | memory: 750Mi 140 | sparkworker: 141 | replicas: 1 142 | limits: 143 | cpu: "1" 144 | memory: 1000Mi 145 | requests: 146 | cpu: 350m 147 | memory: 1000Mi 148 | sparkpipelinecomposer: 149 | replicas: 1 150 | limits: 151 | cpu: 250m 152 | memory: 896Mi 153 | requests: 154 | cpu: 250m 155 | memory: 600Mi 156 | 157 | ncodlapi: 158 | replicas: 1 159 | limits: 160 | cpu: 500m 161 | memory: 1024Mi 162 | requests: 163 | cpu: 100m 164 | memory: 512Mi 165 | ncodlif: 166 | replicas: 1 167 | limits: 168 | cpu: 500m 169 | memory: 1024Mi 170 | requests: 171 | cpu: 100m 172 | memory: 512Mi 173 | ncodlir: 174 | replicas: 1 175 | limits: 176 | cpu: 500m 177 | memory: 1024Mi 178 | requests: 179 | cpu: 50m 180 | memory: 512Mi 181 | ncodljobmgr: 182 | replicas: 1 183 | limits: 184 | cpu: 500m 185 | memory: 1024Mi 186 | requests: 187 | cpu: 50m 188 | memory: 512Mi 189 | ncodlstd: 190 | replicas: 1 191 | limits: 192 | cpu: 500m 193 | memory: 1024Mi 194 | requests: 195 | cpu: 50m 196 | memory: 512Mi 197 | logstash: 198 | replicas: 1 199 | limits: 200 | cpu: 500m 201 | memory: 1792Mi 202 | requests: 203 | cpu: 100m 204 | memory: 700Mi 205 | ncobackup: 206 | replicas: 1 207 | agggate: 208 | limits: 209 | cpu: 500m 210 | memory: 512Mi 211 | requests: 212 | cpu: 50m 213 | memory: 256Mi 214 | objserv: 215 | limits: 216 | cpu: 500m 217 | memory: 1024Mi 218 | requests: 219 | cpu: 100m 220 | memory: 512Mi 221 | ncoprimary: 222 | replicas: 1 223 | limits: 224 | cpu: 500m 225 | memory: 1024Mi 226 | requests: 227 | cpu: 125m 228 | memory: 512Mi 229 | 230 | changeRisk: 231 | limits: 232 | cpu: 750m 233 | memory: 1400Mi 234 | requests: 235 | cpu: 500m 236 | memory: 1000Mi 237 | logAnomaly: 238 | limits: 239 | cpu: 500m 240 | memory: 2048Mi 241 | requests: 242 | cpu: 250m 243 | memory: 256Mi 244 | aiPlatformApiServer: 245 | limits: 246 | memory: 2Gi 247 | cpu: 200m 248 | requests: 249 | memory: 512Mi 250 | cpu: 100m 251 | 252 | nginx: 253 | replicas: 1 254 | 255 | usermgmt: 256 | replicas: 1 257 | 258 | zencore: 259 | replicas: 1 260 | 261 | zencoreapi: 262 | replicas: 1 263 | 264 | elasticsearch: 265 | replicas: 1 266 | javaOps: "-Xms512M -Xmx512M" 267 | elasticsearch: 268 | limits: 269 | cpu: 500m 270 | memory: 1535Mi 271 | requests: 272 | cpu: 250m 273 | memory: 1Gi 274 | tlsproxy: 275 | limits: 276 | cpu: 500m 277 | memory: 200Mi 278 | requests: 279 | cpu: 100m 280 | memory: 100Mi 281 | 282 | kafka: 283 | entityOperator: 284 | tlsSidecar: 285 | limits: 286 | cpu: 500m 287 | memory: 128Mi 288 | requests: 289 | cpu: 100m 290 | memory: 64Mi 291 | topicOperator: 292 | limits: 293 | cpu: 500m 294 | memory: 256Mi 295 | requests: 296 | cpu: 100m 297 | memory: 256Mi 298 | userOperator: 299 | limits: 300 | cpu: 500m 301 | memory: 256Mi 302 | requests: 303 | cpu: 100m 304 | memory: 256Mi 305 | kafka: 306 | replicas: 1 307 | limits: 308 | cpu: 500m 309 | memory: 1280Mi 310 | requests: 311 | cpu: 250m 312 | memory: 500Mi 313 | zookeeper: 314 | replicas: 1 315 | limits: 316 | cpu: 1000m 317 | memory: 256Mi 318 | requests: 319 | cpu: 50m 320 | memory: 256Mi 321 | 322 | flink: 323 | jobmanager: 324 | replicas: 1 325 | jobmanager: 326 | limits: 327 | cpu: 750m 328 | memory: 2560Mi 329 | requests: 330 | cpu: 100m 331 | memory: 1024Mi 332 | tlsproxy: 333 | limits: 334 | cpu: 500m 335 | memory: 512Mi 336 | requests: 337 | cpu: 100m 338 | memory: 256Mi 339 | heapSize: 512mb 340 | jvmMetaSpaceSize: 128mb 341 | taskmanager: 342 | replicas: 1 343 | taskmanager: 344 | limits: 345 | cpu: 1600m 346 | memory: 5888Mi 347 | requests: 348 | cpu: 500m 349 | memory: 2048Mi 350 | heapSize: 4096mb 351 | managedSize: 512mb 352 | numberOfTaskSlots: 8 353 | 354 | aiopsedgeOperator: 355 | replicas: 1 356 | 357 | kong: 358 | replicas: 1 359 | 360 | aimanager: 361 | maxLearners: 1 362 | 363 | -------------------------------------------------------------------------------- /config/cp4waiops-custom/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | profile: small 3 | 4 | aiManager: 5 | instanceName: aiops-installation 6 | namespace: cp4waiops 7 | -------------------------------------------------------------------------------- /config/cp4waiops/install-aimgr/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | name: aimanager 4 | description: AIManager Chart 5 | 6 | # A chart can be either an 'application' or a 'library' chart. 7 | # 8 | # Application charts are a collection of templates that can be packaged into versioned archives 9 | # to be deployed. 10 | # 11 | # Library charts provide useful utilities or functions for the chart developer. They're included as 12 | # a dependency of application charts to inject those utilities and functions into the rendering 13 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 14 | type: application 15 | 16 | # This is the chart version. This version number should be incremented each time you make changes 17 | # to the chart and its templates, including the app version. 18 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 19 | version: 3.6.0 20 | 21 | # This is the version number of the application being deployed. This version number should be 22 | # incremented each time you make changes to the application. Versions are not expected to 23 | # follow Semantic Versioning. They should reflect the version the application is using. 24 | appVersion: "3.6" 25 | 26 | -------------------------------------------------------------------------------- /config/cp4waiops/install-aimgr/templates/resources/030-global-image-pull-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.globalImagePullSecrets }} 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: global-image-pull-secret 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "30" 8 | namespace: {{.Values.spec.aiManager.namespace}} 9 | spec: 10 | template: 11 | spec: 12 | containers: 13 | - name: config 14 | image: quay.io/openshift/origin-cli:latest 15 | imagePullPolicy: IfNotPresent 16 | resources: 17 | requests: 18 | memory: "500Mi" 19 | cpu: "500m" 20 | limits: 21 | memory: "500Mi" 22 | cpu: "500m" 23 | command: 24 | - /bin/sh 25 | - -c 26 | - | 27 | set -eo pipefail 28 | set -x 29 | 30 | # Extract the existing pull secret from cluster 31 | rm -rf ${HOME}/.dockerconfigjson 32 | oc extract secret/pull-secret -n openshift-config --to ${HOME} --confirm 33 | if [[ $? -ne 0 ]]; then 34 | logger "[ERROR] Failed to extract existing pull-secret!" 35 | return 1 36 | fi 37 | 38 | {{- range .Values.globalImagePullSecrets }} 39 | DOCKER_REPO={{ .registry }} 40 | DOCKER_USER={{ .username }} 41 | DOCKER_KEY={{ .password }} 42 | DOCKER_AUTH=$DOCKER_USER:$DOCKER_KEY 43 | oc registry login --registry $DOCKER_REPO \ 44 | --auth-basic=$DOCKER_AUTH \ 45 | --to=${HOME}/.dockerconfigjson 46 | {{- end }} 47 | 48 | # Apply the new secret 49 | oc set data secret/pull-secret --from-file .dockerconfigjson=${HOME}/.dockerconfigjson -n openshift-config 50 | 51 | wait_time=40 52 | # master nodes 53 | sleep $wait_time 54 | num_masters=$(oc get machineconfigpools master --no-headers -o custom-columns=":status.machineCount") 55 | num_masters_ready=$(oc get machineconfigpools master --no-headers -o custom-columns=":status.readyMachineCount") 56 | # worker nodes 57 | num_workers=$(oc get machineconfigpools worker --no-headers -o custom-columns=":status.machineCount") 58 | num_workers_ready=$(oc get machineconfigpools worker --no-headers -o custom-columns=":status.readyMachineCount") 59 | attempt=1 60 | if [ $num_masters_ready -lt $num_masters ]; then 61 | while [[ $num_masters_ready -lt $num_masters ]] && [[ $attempt -le $attempts ]] 62 | do 63 | echo "Not all master nodes updated" 64 | echo "$num_masters_ready/$num_masters master nodes currently ready - $attempt/$attempts" 65 | ((attempt=$attempt+1)) 66 | sleep $wait_time 67 | num_masters_ready=$(oc get machineconfigpools master --no-headers -o custom-columns=":status.readyMachineCount") 68 | done 69 | else 70 | echo "All master nodes updated" 71 | fi 72 | attempt=1 73 | if [ $num_workers_ready -lt $num_workers ]; then 74 | while [[ $num_workers_ready -lt $num_workers ]] && [[ $attempt -le $attempts ]] 75 | do 76 | echo "Not all worker nodes updated" 77 | echo "$num_workers_ready/$num_workers worker nodes currently ready - $attempt/$attempts" 78 | ((attempt=$attempt+1)) 79 | sleep $wait_time 80 | num_workers_ready=$(oc get machineconfigpools worker --no-headers -o custom-columns=":status.readyMachineCount") 81 | done 82 | else 83 | echo "All worker nodes updated" 84 | fi 85 | 86 | restartPolicy: Never 87 | serviceAccountName: openshift-argocd-admin-ai 88 | backoffLimit: 1 89 | {{- end }} -------------------------------------------------------------------------------- /config/cp4waiops/install-aimgr/templates/resources/075-redis-locker.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.spec.isSNO }} 2 | apiVersion: redhatcop.redhat.io/v1alpha1 3 | kind: ResourceLocker 4 | metadata: 5 | annotations: 6 | argocd.argoproj.io/sync-wave: "75" 7 | name: redis-resource-locker 8 | namespace: resource-locker-operator 9 | spec: 10 | patches: 11 | - id: redis-sen-locker 12 | patchTemplate: | 13 | spec: 14 | size: 2 15 | members: 16 | affinity: 17 | podAntiAffinity: null 18 | patchType: application/merge-patch+json 19 | targetObjectRef: 20 | apiVersion: redis.databases.cloud.ibm.com/v1 21 | kind: RedisSentinel 22 | name: example-redis 23 | namespace: {{.Values.spec.aiManager.namespace}} 24 | serviceAccountRef: 25 | name: resource-locker-operator-controller-manager 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /config/cp4waiops/install-aimgr/templates/resources/080-installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: orchestrator.aiops.ibm.com/v1alpha1 2 | kind: Installation 3 | metadata: 4 | name: {{.Values.spec.aiManager.instanceName}} 5 | namespace: {{.Values.spec.aiManager.namespace}} 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "80" 8 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 9 | spec: 10 | size: {{.Values.spec.aiManager.size}} 11 | storageClass: {{.Values.spec.storageClass}} 12 | storageClassLargeBlock: {{.Values.spec.storageClassLargeBlock}} 13 | license: 14 | accept: true 15 | #{{- if not .Values.globalImagePullSecrets }} 16 | #imagePullSecret: ibm-entitlement-key 17 | #{{- end }} 18 | pakModules: 19 | - name: aiopsFoundation 20 | enabled: {{.Values.spec.aiManager.pakModules.aiopsFoundation.enabled}} 21 | - name: applicationManager 22 | enabled: {{.Values.spec.aiManager.pakModules.applicationManager.enabled}} 23 | - name: aiManager 24 | enabled: {{.Values.spec.aiManager.pakModules.aiManager.enabled}} 25 | - name: connection 26 | enabled: {{.Values.spec.aiManager.pakModules.connection.enabled}} -------------------------------------------------------------------------------- /config/cp4waiops/install-aimgr/templates/subscriptions/000-010-check-prereqs-job.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.spec.storageClass "rook-cephfs" }} 2 | --- 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: check-aiops-prereqs 7 | annotations: 8 | argocd.argoproj.io/sync-wave: "-1000" 9 | --- 10 | apiVersion: rbac.authorization.k8s.io/v1 11 | kind: ClusterRole 12 | metadata: 13 | name: {{ .Release.Name }}-check-aiops-prereqs 14 | annotations: 15 | argocd.argoproj.io/sync-wave: "-1000" 16 | rules: 17 | - apiGroups: ["storage.k8s.io"] 18 | resources: 19 | - storageclass 20 | verbs: ["get", "list", "watch"] 21 | --- 22 | apiVersion: rbac.authorization.k8s.io/v1 23 | kind: ClusterRoleBinding 24 | metadata: 25 | name: {{ .Release.Name }}-check-aiops-prereqs 26 | annotations: 27 | argocd.argoproj.io/sync-wave: "-1000" 28 | roleRef: 29 | apiGroup: rbac.authorization.k8s.io 30 | kind: ClusterRole 31 | name: {{ .Release.Name }}-check-aiops-prereqs 32 | subjects: 33 | - kind: ServiceAccount 34 | name: check-aiops-prereqs 35 | namespace: {{.Values.spec.aiManager.namespace}} 36 | --- 37 | apiVersion: batch/v1 38 | kind: Job 39 | metadata: 40 | name: check-aiops-prereqs 41 | annotations: 42 | argocd.argoproj.io/sync-wave: "-900" 43 | spec: 44 | template: 45 | spec: 46 | containers: 47 | - name: check-aiops-prereqs 48 | image: quay.io/openshift/origin-cli:latest 49 | command: 50 | - /bin/sh 51 | - -c 52 | - | 53 | set -x 54 | while : ; do 55 | if oc get sc -o "jsonpath={.items[*].metadata.annotations['storageclass\.kubernetes\.io/is-default-class']}" | grep -q ^true$; then 56 | echo "INFO: Default storage class available." 57 | exit 0 58 | fi 59 | echo "INFO: Default storage class not available, waiting." 60 | sleep 10 61 | done 62 | restartPolicy: Never 63 | serviceAccountName: check-aiops-prereqs 64 | backoffLimit: 10 65 | {{- end }} -------------------------------------------------------------------------------- /config/cp4waiops/install-aimgr/templates/subscriptions/020-argocd-admin.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: openshift-argocd-admin-ai 6 | namespace: {{.Values.spec.aiManager.namespace}} 7 | --- 8 | kind: ClusterRoleBinding 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | metadata: 11 | name: openshift-argocd-admin-ai 12 | annotations: 13 | argocd.argoproj.io/sync-wave: "20" 14 | subjects: 15 | - kind: ServiceAccount 16 | name: openshift-argocd-admin-ai 17 | namespace: {{.Values.spec.aiManager.namespace}} 18 | roleRef: 19 | apiGroup: rbac.authorization.k8s.io 20 | kind: ClusterRole 21 | name: cluster-admin -------------------------------------------------------------------------------- /config/cp4waiops/install-aimgr/templates/subscriptions/020-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: {{.Values.spec.aiManager.namespace}} 5 | annotations: 6 | argocd.argoproj.io/sync-wave: "20" 7 | spec: 8 | finalizers: 9 | - kubernetes -------------------------------------------------------------------------------- /config/cp4waiops/install-aimgr/templates/subscriptions/050-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: configure-aiops-network-policy 5 | annotations: 6 | argocd.argoproj.io/sync-wave: "50" 7 | namespace: {{.Values.spec.aiManager.namespace}} 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: config 13 | image: quay.io/openshift/origin-cli:latest 14 | imagePullPolicy: IfNotPresent 15 | resources: 16 | requests: 17 | memory: "64Mi" 18 | cpu: "250m" 19 | limits: 20 | memory: "96Mi" 21 | cpu: "300m" 22 | command: 23 | - /bin/sh 24 | - -c 25 | - | 26 | set -eo pipefail 27 | set -x 28 | 29 | default_policy=$(oc get namespace default -o jsonpath={.metadata.labels.'network\.openshift\.io/policy-group'}) \ 30 | || { 31 | echo "ERROR: Unable to get default ingress policy ." 32 | exit 1 33 | } 34 | if [ "${default_policy}" == "ingress" ]; then 35 | echo "INFO: Default network policy is already \"ingress\"." 36 | exit 37 | else 38 | strategy=$(oc get ingresscontroller default \ 39 | -n openshift-ingress-operator \ 40 | -o jsonpath={.status.endpointPublishingStrategy.type}) \ 41 | || { 42 | echo "ERROR: Getting ingress controller strategy failed." 43 | exit 1 44 | } 45 | if [ "${strategy}" == "HostNetwork" ]; then 46 | oc patch namespace default \ 47 | --type=json \ 48 | -p '[{"op":"add","path":"/metadata/labels","value":{"network.openshift.io/policy-group":"ingress"}}]' \ 49 | && echo "INFO: Default network policy set to \"ingress\"." \ 50 | || { 51 | echo "ERROR: Patching network policy labels failed." 52 | exit 1 53 | } 54 | fi 55 | fi 56 | 57 | restartPolicy: Never 58 | serviceAccountName: openshift-argocd-admin-ai 59 | backoffLimit: 1 -------------------------------------------------------------------------------- /config/cp4waiops/install-aimgr/templates/subscriptions/070-operatorgroup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: cp4waiops-operator-group 5 | namespace: {{.Values.spec.aiManager.namespace}} 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "70" 8 | spec: 9 | targetNamespaces: 10 | - {{.Values.spec.aiManager.namespace}} -------------------------------------------------------------------------------- /config/cp4waiops/install-aimgr/templates/subscriptions/080-subscription.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | name: ibm-aiops-orchestrator 5 | namespace: {{.Values.spec.aiManager.namespace}} 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "80" 8 | spec: 9 | channel: {{.Values.spec.aiManager.channel}} 10 | installPlanApproval: Automatic 11 | name: ibm-aiops-orchestrator 12 | source: ibm-operator-catalog 13 | sourceNamespace: openshift-marketplace 14 | -------------------------------------------------------------------------------- /config/cp4waiops/install-aimgr/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ################################### 3 | # CP4WAIOps - Common Configs 4 | ################################### 5 | 6 | spec: 7 | ## AI Manager catalog source image 8 | ## 9 | #imageCatalog: icr.io/cpopen/ibm-operator-catalog:latest 10 | 11 | ## dockerUsername is the usrname of IBM® Entitled Registry. 12 | ## It is used to create a docker-registry secret to enable your deployment to pull the AI Manager images 13 | ## from the IBM® Entitled Registry. 14 | ## Default is cp 15 | # dockerUsername: cp 16 | 17 | ## Obtain the entitlement key that is assigned to your IBMid. 18 | ## Log in to MyIBM Container Software Library: https://myibm.ibm.com/products-services/containerlibrary 19 | ## Opens in a new tab with the IBMid and password details 20 | ## that are associated with the entitled software. 21 | ## DO NOT Commit your docker password here, but always specify it in UI or CLI when creating the ArgoCD app. 22 | ## 23 | # dockerPassword: REPLACE_IT 24 | 25 | ## storageClass is the storage class that you want to use. 26 | ## If the storage provider for your deployment is Red Hat OpenShift Data Foundation, 27 | ## previously called Red Hat OpenShift Container Storage, then set this to ocs-storagecluster-cephfs 28 | ## 29 | storageClass: rook-cephfs 30 | 31 | ## is ocp SNO? if yes, will adjust redis 32 | # isSNO: false 33 | 34 | ## If the storage provider for your deployment is Red Hat OpenShift Data Foundation, 35 | ## previously called Red Hat OpenShift Container Storage, then set this to ocs-storagecluster-ceph-rbd 36 | storageClassLargeBlock: rook-cephfs 37 | 38 | aiManager: 39 | 40 | # The instance name of AI Manager. 41 | instanceName: aiops-installation 42 | 43 | ## A channel defines a stream of updates for an Operator and is used to roll out updates for subscribers. 44 | ## For example, if you want to install AI Manager 3.2, the channel should be v3.2 45 | ## 46 | channel: v3.6 47 | 48 | ## size is the size that you require for your AI Manager installation. It can be small or large. 49 | ## More information: https://www.ibm.com/docs/en/cloud-paks/cloud-pak-watson-aiops/3.2.0?topic=requirements-ai-manager 50 | size: small 51 | 52 | ## namespace is the project (namespace) that you want to create the AI Manager instance in. 53 | ## You must create a custom project (namespace) and not use the default, kube-system, 54 | ## kube-public, openshift-node, openshift-infra, or openshift projects (namespaces). 55 | ## This is because AI Manager uses Security Context Constraints (SCC), 56 | ## and SCCs cannot be assigned to pods created in one of the default OpenShift projects (namespaces). 57 | ## 58 | namespace: cp4waiops 59 | 60 | ## enable pakModules 61 | pakModules: 62 | aiopsFoundation: 63 | enabled: true 64 | applicationManager: 65 | enabled: true 66 | aiManager: 67 | enabled: true 68 | connection: 69 | enabled: true 70 | -------------------------------------------------------------------------------- /config/cp4waiops/install-emgr/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | name: eventmanager 4 | description: EventManager Chart 5 | 6 | # A chart can be either an 'application' or a 'library' chart. 7 | # 8 | # Application charts are a collection of templates that can be packaged into versioned archives 9 | # to be deployed. 10 | # 11 | # Library charts provide useful utilities or functions for the chart developer. They're included as 12 | # a dependency of application charts to inject those utilities and functions into the rendering 13 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 14 | type: application 15 | 16 | # This is the chart version. This version number should be incremented each time you make changes 17 | # to the chart and its templates, including the app version. 18 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 19 | version: 3.6.0 20 | 21 | # This is the version number of the application being deployed. This version number should be 22 | # incremented each time you make changes to the application. Versions are not expected to 23 | # follow Semantic Versioning. They should reflect the version the application is using. 24 | appVersion: "3.6" 25 | 26 | -------------------------------------------------------------------------------- /config/cp4waiops/install-emgr/templates/resources/030-global-image-pull-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.globalImagePullSecrets }} 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: global-image-pull-secret 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "40" 8 | namespace: {{.Values.spec.eventManager.namespace}} 9 | spec: 10 | template: 11 | spec: 12 | containers: 13 | - name: config 14 | image: quay.io/openshift/origin-cli:latest 15 | imagePullPolicy: IfNotPresent 16 | resources: 17 | requests: 18 | memory: "500Mi" 19 | cpu: "500m" 20 | limits: 21 | memory: "500Mi" 22 | cpu: "500m" 23 | command: 24 | - /bin/sh 25 | - -c 26 | - | 27 | set -eo pipefail 28 | set -x 29 | 30 | # Extract the existing pull secret from cluster 31 | rm -rf ${HOME}/.dockerconfigjson 32 | oc extract secret/pull-secret -n openshift-config --to ${HOME} --confirm 33 | if [[ $? -ne 0 ]]; then 34 | logger "[ERROR] Failed to extract existing pull-secret!" 35 | return 1 36 | fi 37 | 38 | {{- range .Values.globalImagePullSecrets }} 39 | DOCKER_REPO={{ .registry }} 40 | DOCKER_USER={{ .username }} 41 | DOCKER_KEY={{ .password }} 42 | DOCKER_AUTH=$DOCKER_USER:$DOCKER_KEY 43 | oc registry login --registry $DOCKER_REPO \ 44 | --auth-basic=$DOCKER_AUTH \ 45 | --to=${HOME}/.dockerconfigjson 46 | {{- end }} 47 | 48 | # Apply the new secret 49 | oc set data secret/pull-secret --from-file .dockerconfigjson=${HOME}/.dockerconfigjson -n openshift-config 50 | 51 | wait_time=40 52 | # master nodes 53 | sleep $wait_time 54 | num_masters=$(oc get machineconfigpools master --no-headers -o custom-columns=":status.machineCount") 55 | num_masters_ready=$(oc get machineconfigpools master --no-headers -o custom-columns=":status.readyMachineCount") 56 | # worker nodes 57 | num_workers=$(oc get machineconfigpools worker --no-headers -o custom-columns=":status.machineCount") 58 | num_workers_ready=$(oc get machineconfigpools worker --no-headers -o custom-columns=":status.readyMachineCount") 59 | attempt=1 60 | if [ $num_masters_ready -lt $num_masters ]; then 61 | while [[ $num_masters_ready -lt $num_masters ]] && [[ $attempt -le $attempts ]] 62 | do 63 | echo "Not all master nodes updated" 64 | echo "$num_masters_ready/$num_masters master nodes currently ready - $attempt/$attempts" 65 | ((attempt=$attempt+1)) 66 | sleep $wait_time 67 | num_masters_ready=$(oc get machineconfigpools master --no-headers -o custom-columns=":status.readyMachineCount") 68 | done 69 | else 70 | echo "All master nodes updated" 71 | fi 72 | attempt=1 73 | if [ $num_workers_ready -lt $num_workers ]; then 74 | while [[ $num_workers_ready -lt $num_workers ]] && [[ $attempt -le $attempts ]] 75 | do 76 | echo "Not all worker nodes updated" 77 | echo "$num_workers_ready/$num_workers worker nodes currently ready - $attempt/$attempts" 78 | ((attempt=$attempt+1)) 79 | sleep $wait_time 80 | num_workers_ready=$(oc get machineconfigpools worker --no-headers -o custom-columns=":status.readyMachineCount") 81 | done 82 | else 83 | echo "All worker nodes updated" 84 | fi 85 | 86 | cat < /dev/null \ 35 | && echo "INFO: NOI service account exists." \ 36 | || { 37 | echo "INFO: Create the NOI service account with the entitlement key pull secret." 38 | oc create serviceaccount noi-service-account -n "${TARGET_NAMESPACE}" \ 39 | && oc adm policy add-scc-to-user privileged system:serviceaccount:${TARGET_NAMESPACE}:noi-service-account \ 40 | && oc get sa noi-service-account -n "${TARGET_NAMESPACE}" \ 41 | || result=1 42 | 43 | if [ ! ${result} -eq 0 ]; then 44 | oc delete ServiceAccount noi-service-account --namespace "${TARGET_NAMESPACE}" 45 | fi 46 | } 47 | 48 | if [ ${result} -eq 0 ]; then 49 | echo "INFO: Event Manager prereq configuration successful." 50 | else 51 | echo "ERROR: Event Manager prereq configuration failed." 52 | fi 53 | 54 | exit ${result} 55 | 56 | restartPolicy: Never 57 | serviceAccountName: openshift-argocd-admin-noi 58 | backoffLimit: 1 59 | -------------------------------------------------------------------------------- /config/cp4waiops/install-emgr/templates/subscriptions/040-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: configure-aiops-network-policy 5 | annotations: 6 | argocd.argoproj.io/sync-wave: "40" 7 | namespace: {{.Values.spec.eventManager.namespace}} 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: config 13 | image: quay.io/openshift/origin-cli:latest 14 | imagePullPolicy: IfNotPresent 15 | resources: 16 | requests: 17 | memory: "64Mi" 18 | cpu: "250m" 19 | limits: 20 | memory: "96Mi" 21 | cpu: "300m" 22 | command: 23 | - /bin/sh 24 | - -c 25 | - | 26 | set -eo pipefail 27 | set -x 28 | 29 | default_policy=$(oc get namespace default -o jsonpath={.metadata.labels.'network\.openshift\.io/policy-group'}) \ 30 | || { 31 | echo "ERROR: Unable to get default ingress policy ." 32 | exit 1 33 | } 34 | if [ "${default_policy}" == "ingress" ]; then 35 | echo "INFO: Default network policy is already \"ingress\"." 36 | exit 37 | else 38 | strategy=$(oc get ingresscontroller default \ 39 | -n openshift-ingress-operator \ 40 | -o jsonpath={.status.endpointPublishingStrategy.type}) \ 41 | || { 42 | echo "ERROR: Getting ingress controller strategy failed." 43 | exit 1 44 | } 45 | if [ "${strategy}" == "HostNetwork" ]; then 46 | oc patch namespace default \ 47 | --type=json \ 48 | -p '[{"op":"add","path":"/metadata/labels","value":{"network.openshift.io/policy-group":"ingress"}}]' \ 49 | && echo "INFO: Default network policy set to \"ingress\"." \ 50 | || { 51 | echo "ERROR: Patching network policy labels failed." 52 | exit 1 53 | } 54 | fi 55 | fi 56 | 57 | restartPolicy: Never 58 | serviceAccountName: openshift-argocd-admin-noi 59 | backoffLimit: 1 -------------------------------------------------------------------------------- /config/cp4waiops/install-emgr/templates/subscriptions/050-noi-catalogsource.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: CatalogSource 3 | metadata: 4 | name: ibm-noi-catalog 5 | namespace: openshift-marketplace 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "50" 8 | spec: 9 | displayName: ibm-noi-catalog 10 | publisher: IBM Content 11 | sourceType: grpc 12 | image: {{.Values.spec.imageCatalog}} 13 | updateStrategy: 14 | registryPoll: 15 | interval: 45m -------------------------------------------------------------------------------- /config/cp4waiops/install-emgr/templates/subscriptions/060-noi-operatorgroup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: cp4waiops-operator-group 5 | namespace: {{.Values.spec.eventManager.namespace}} 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "60" 8 | spec: 9 | targetNamespaces: 10 | - {{.Values.spec.eventManager.namespace}} 11 | -------------------------------------------------------------------------------- /config/cp4waiops/install-emgr/templates/subscriptions/061-noi-subscription.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | name: noi 5 | namespace: {{.Values.spec.eventManager.namespace}} 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "61" 8 | spec: 9 | channel: {{.Values.spec.eventManager.channel}} 10 | installPlanApproval: Automatic 11 | name: noi 12 | source: ibm-noi-catalog 13 | sourceNamespace: openshift-marketplace -------------------------------------------------------------------------------- /config/cp4waiops/install-emgr/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ################################### 3 | # CP4WAIOps - Common Configs 4 | ################################### 5 | spec: 6 | 7 | ## AI Manager catalog source image 8 | ## 9 | imageCatalog: icr.io/cpopen/ibm-operator-catalog:latest 10 | 11 | ## dockerUsername is the usrname of IBM® Entitled Registry. 12 | ## It is used to create a docker-registry secret to enable your deployment to pull the AI Manager images 13 | ## from the IBM® Entitled Registry. 14 | ## Default is cp 15 | # dockerUsername: cp 16 | 17 | ## Obtain the entitlement key that is assigned to your IBMid. 18 | ## Log in to MyIBM Container Software Library: https://myibm.ibm.com/products-services/containerlibrary 19 | ## Opens in a new tab with the IBMid and password details 20 | ## that are associated with the entitled software. 21 | ## DO NOT Commit your docker password here, but always specify it in UI or CLI when creating the ArgoCD app. 22 | ## 23 | # dockerPassword: REPLACE_IT 24 | 25 | ## storageClass is the storage class that you want to use. 26 | ## If the storage provider for your deployment is Red Hat OpenShift Data Foundation, 27 | ## previously called Red Hat OpenShift Container Storage, then set this to ocs-storagecluster-cephfs 28 | ## 29 | storageClass: rook-cephfs 30 | 31 | ## If the storage provider for your deployment is Red Hat OpenShift Data Foundation, 32 | ## previously called Red Hat OpenShift Container Storage, then set this to ocs-storagecluster-ceph-rbd 33 | storageClassLargeBlock: rook-cephfs 34 | 35 | eventManager: 36 | 37 | # eventManager version 38 | version: 1.6.6 39 | 40 | ## Use the fully qualified domain name (FQDN) to formulate the clusterDomain property, using the following formula: 41 | ## 42 | clusterDomain: apps.clustername.*.*.com 43 | 44 | ## A channel defines a stream of updates for an Operator and is used to roll out updates for subscribers. 45 | ## For example, if you want to install Evemt Manager 1.5, the channel should be v1.5 46 | ## 47 | channel: v1.10 48 | 49 | ## Deployment type (trial or production) 50 | ## 51 | deploymentType: trial 52 | 53 | ## namespace is the project (namespace) that you want to create the Event Manager instance in. 54 | ## You must create a custom project (namespace) and not use the default, kube-system, 55 | ## kube-public, openshift-node, openshift-infra, or openshift projects (namespaces). 56 | ## 57 | namespace: noi 58 | -------------------------------------------------------------------------------- /mkdocs.yml: -------------------------------------------------------------------------------- 1 | site_name: IBM Cloud Pak for Watson AIOps 2 | site_url: https://ibm.github.io/cp4waiops-gitops/docs/ 3 | repo_url: https://github.com/IBM/cp4waiops-gitops 4 | nav: 5 | - GitOps Install: 6 | - Introduction: README.md 7 | - v3.4: 8 | - Online Install: how-to-deploy-cp4waiops.md 9 | - Advanced Install Options: 10 | - Customize CP4WAIOps Install: cp4waiops-custom-install.md 11 | - Deploy Demo Environment: deploy-cloudpak-with-sample-apps.md 12 | - Deploy to Multiple Clusters: deploy-cloudpak-to-multiple-clusters.md 13 | - Deploy with Cluster Provisioning: deploy-ocp-cloudpak-with-gitops.md 14 | 15 | theme: 16 | name: material 17 | # logo: images/logo.png 18 | # favicon: images/logo.png 19 | palette: 20 | scheme: default 21 | primary: black 22 | font: 23 | text: IBM Plex Sans 24 | code: IBM Plex Mono 25 | language: en 26 | features: 27 | - navigation.instant 28 | - navigation.tracking 29 | - navigation.tabs 30 | - navigation.tabs.sticky 31 | - navigation.top 32 | - navigation.sections 33 | use_directory_urls: true 34 | 35 | markdown_extensions: 36 | - attr_list 37 | - md_in_html 38 | - admonition 39 | - toc: 40 | permalink: true 41 | toc_depth: 5 42 | - pymdownx.superfences 43 | - pymdownx.tabbed 44 | - pymdownx.highlight 45 | - pymdownx.tabbed 46 | - pymdownx.details 47 | - pymdownx.snippets: 48 | base_path: docs/snippets 49 | extra_css: 50 | - css/extra.css 51 | --------------------------------------------------------------------------------