├── .gitignore ├── updates ├── lens.yaml ├── notifier.yaml ├── postgresql.yaml ├── image-scanner.yaml ├── .DS_Store ├── gitsensor.yaml ├── grafana.yaml ├── kubewatch.yaml ├── rollout.yaml ├── nats-operator.yaml ├── argocd.yaml ├── nats-streaming.yaml ├── workflow.yaml ├── devtron-dex-ingress.yaml ├── nats-server.yaml ├── migrator.yaml ├── clair.yaml ├── dashboard.yaml ├── external-secret.yaml ├── guard.yaml └── devtron.yaml ├── charts ├── .DS_Store └── devtron │ ├── Chart.yaml │ ├── templates │ ├── devtron-installer.yaml │ ├── NOTES.txt │ ├── configmap-secret.yaml │ └── install.yaml │ ├── values.yaml │ ├── README.md │ └── crds │ └── crd-devtron.yaml ├── yamls ├── .DS_Store ├── nats-server.yaml ├── devtron-dex-ingress.yaml ├── namespace.yaml ├── gitsensor.yaml ├── notifier.yaml ├── clair-config.yaml ├── image-scanner.yaml ├── nats-streaming.yaml ├── guard.yaml ├── kubewatch.yaml ├── workflow.yaml ├── clair.yaml ├── migrator.yaml ├── nats-operator.yaml ├── devtron.yaml ├── serviceaccount.yaml ├── postgresql.yaml ├── minio.yaml ├── lens.yaml ├── dashboard.yaml ├── external-secret.yaml ├── minio-storage.yaml └── grafana.yaml ├── install ├── get-password.sh ├── devtron-installer.yaml ├── devtron-operator-configs.yaml └── install.yaml ├── README.md ├── grumpy_config.txt ├── generate_certificate.sh ├── ca_config.txt ├── LICENSE └── installation-script /.gitignore: -------------------------------------------------------------------------------- 1 | .idea -------------------------------------------------------------------------------- /updates/lens.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: lens-secrets -------------------------------------------------------------------------------- /updates/notifier.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: notifier-secrets -------------------------------------------------------------------------------- /updates/postgresql.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: postgresql-postgresql -------------------------------------------------------------------------------- /charts/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devtron-labs/devtron-installation-script/HEAD/charts/.DS_Store -------------------------------------------------------------------------------- /updates/image-scanner.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: image-scanner-secret -------------------------------------------------------------------------------- /yamls/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devtron-labs/devtron-installation-script/HEAD/yamls/.DS_Store -------------------------------------------------------------------------------- /updates/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devtron-labs/devtron-installation-script/HEAD/updates/.DS_Store -------------------------------------------------------------------------------- /install/get-password.sh: -------------------------------------------------------------------------------- 1 | kubectl -n devtroncd get secret devtron-secret -o jsonpath='{.data.ACD_PASSWORD}' | base64 -d 2 | -------------------------------------------------------------------------------- /updates/gitsensor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: git-sensor 5 | #update: 6 | # spec: -------------------------------------------------------------------------------- /updates/grafana.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: devtron-grafana 5 | #update: 6 | # spec: -------------------------------------------------------------------------------- /updates/kubewatch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: kubewatch-config 5 | #update: 6 | # data: -------------------------------------------------------------------------------- /updates/rollout.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: argo-rollouts 5 | #update: 6 | # spec: -------------------------------------------------------------------------------- /updates/nats-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nats-operator 5 | #update: 6 | # spec: -------------------------------------------------------------------------------- /updates/argocd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: argocd-cm 5 | #update: 6 | # data: 7 | # dex.config: -------------------------------------------------------------------------------- /updates/nats-streaming.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: nats-streaming 5 | #update: 6 | # spec: -------------------------------------------------------------------------------- /updates/workflow.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: workflow-controller-configmap 5 | #update: 6 | #data: 7 | # -------------------------------------------------------------------------------- /updates/devtron-dex-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: argocd-dex-ingress 5 | #update: 6 | # -------------------------------------------------------------------------------- /updates/nats-server.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "nats.io/v1alpha2" 2 | kind: "NatsCluster" 3 | metadata: 4 | name: "devtron-nats" 5 | #update: 6 | # spec: 7 | # size: 5 -------------------------------------------------------------------------------- /updates/migrator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: postgresql-migrate-orchestrator 5 | #update: 6 | # spec: 7 | # template: 8 | # spec: 9 | # containers: -------------------------------------------------------------------------------- /updates/clair.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: clair 5 | #update: 6 | # data: 7 | --- 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | metadata: 11 | name: clair 12 | #update: 13 | # data: -------------------------------------------------------------------------------- /charts/devtron/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: devtron-operator 2 | appVersion: 0.1.0 3 | description: Chart to configure and install Devtron 4 | engine: gotpl 5 | version: 0.10.1 6 | maintainers: 7 | - email: prakarsh@devtron.ai 8 | name: Prakarsh 9 | -------------------------------------------------------------------------------- /updates/dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: devtron-dashboard-secret 5 | #update: 6 | # data: 7 | --- 8 | apiVersion: v1 9 | kind: ConfigMap 10 | metadata: 11 | name: dashboard-cm 12 | #update: 13 | # data: -------------------------------------------------------------------------------- /yamls/nats-server.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: nats-server/templates/nats.yaml 3 | apiVersion: "nats.io/v1alpha2" 4 | kind: "NatsCluster" 5 | metadata: 6 | name: "devtron-nats" 7 | namespace: devtroncd 8 | labels: 9 | release: "devtron" 10 | spec: 11 | size: 3 12 | -------------------------------------------------------------------------------- /install/devtron-installer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: installer.devtron.ai/v1alpha1 2 | kind: Installer 3 | metadata: 4 | name: installer-devtron 5 | namespace: default 6 | spec: 7 | url: https://raw.githubusercontent.com/devtron-labs/devtron-installation-script/main/installation-script 8 | -------------------------------------------------------------------------------- /updates/external-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: devtron-kubernetes-external-secret 5 | #update: 6 | # data: 7 | --- 8 | apiVersion: v1 9 | kind: ConfigMap 10 | metadata: 11 | name: devtron-kubernetes-external-cm 12 | #update: 13 | # data: -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | this repo holds manifest and scripts used for devtron installation 2 | 3 | for usages instruction please refer our [documentation](https://docs.devtron.ai/setup/install) 4 | 5 | In case you are still facing issues please feel free to reach out to us on [discord](https://discord.gg/72JDKy4) 6 | -------------------------------------------------------------------------------- /charts/devtron/templates/devtron-installer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: installer.devtron.ai/v1alpha1 2 | kind: Installer 3 | metadata: 4 | name: installer-devtron 5 | namespace: devtroncd 6 | spec: 7 | url: https://raw.githubusercontent.com/devtron-labs/devtron-installation-script/main/installation-script 8 | -------------------------------------------------------------------------------- /updates/guard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: guard 5 | #update: 6 | # spec: 7 | # template: 8 | # spec: 9 | # containers: 10 | # - resources: 11 | # limit: 12 | # cpu: "0.15" 13 | # memory: 110Mi 14 | # requests: 15 | # cpu: "0.1" 16 | # memory: 100Mi -------------------------------------------------------------------------------- /charts/devtron/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 2 | 1. Run the following command to get the default admin password. Default username is admin 3 | 4 | kubectl -n devtroncd get secret devtron-secret -o jsonpath='{.data.ACD_PASSWORD}' | base64 -d 5 | 6 | 2. You can watch the progress of Devtron microservices installation by the following command 7 | 8 | kubectl -n devtroncd get installers installer-devtron -o jsonpath='{.status.sync.status}' -------------------------------------------------------------------------------- /grumpy_config.txt: -------------------------------------------------------------------------------- 1 | [req] 2 | req_extensions = v3_req 3 | distinguished_name = req_distinguished_name 4 | [ req_distinguished_name ] 5 | [ v3_req ] 6 | basicConstraints=CA:FALSE 7 | subjectAltName=@alt_names 8 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 9 | extendedKeyUsage = serverAuth 10 | 11 | [ alt_names ] 12 | DNS.1 = guard-service 13 | DNS.2 = guard-service.devtroncd 14 | DNS.3 = guard-service.devtroncd.svc 15 | DNS.4 = guard-service.devtroncd.svc.cluster.local -------------------------------------------------------------------------------- /yamls/devtron-dex-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | labels: 5 | app: devtron 6 | release: devtron 7 | name: devtron-ingress 8 | spec: 9 | rules: 10 | - http: 11 | paths: 12 | - backend: 13 | serviceName: devtron-service 14 | servicePort: 80 15 | path: /orchestrator 16 | - backend: 17 | serviceName: devtron-service 18 | servicePort: 80 19 | path: /dashboard 20 | -------------------------------------------------------------------------------- /charts/devtron/templates/configmap-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: devtron-operator-secret 5 | namespace: devtroncd 6 | type: Opaque 7 | data: 8 | {{- range $.Values.secrets.data }} 9 | {{ .key | quote }}: {{ .value | b64enc | quote }} 10 | {{- end }} 11 | 12 | --- 13 | apiVersion: v1 14 | kind: ConfigMap 15 | metadata: 16 | name: devtron-operator-cm 17 | namespace: devtroncd 18 | data: 19 | {{- if .Values.configs }} 20 | {{ toYaml $.Values.configs | indent 2 }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /yamls/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: monitoring 5 | labels: 6 | name: monitoring 7 | --- 8 | apiVersion: v1 9 | kind: Namespace 10 | metadata: 11 | name: devtron-ci 12 | labels: 13 | name: devtron 14 | --- 15 | apiVersion: v1 16 | kind: Namespace 17 | metadata: 18 | name: devtron-cd 19 | labels: 20 | name: devtron 21 | --- 22 | apiVersion: v1 23 | kind: Namespace 24 | metadata: 25 | name: argo 26 | labels: 27 | name: devtron 28 | --- 29 | apiVersion: v1 30 | kind: Namespace 31 | metadata: 32 | name: devtron-demo 33 | labels: 34 | name: devtron -------------------------------------------------------------------------------- /generate_certificate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -o errexit 4 | set -o nounset 5 | #set -o pipefail 6 | 7 | mkdir -p /tmp/certs 8 | 9 | # CREATE THE PRIVATE KEY FOR OUR CUSTOM CA 10 | openssl genrsa -out /tmp/certs/ca.key 2048 11 | 12 | # GENERATE A CA CERT WITH THE PRIVATE KEY 13 | openssl req -new -x509 -key /tmp/certs/ca.key -out /tmp/certs/ca.crt -config /tmp/certs/ca_config.txt 14 | 15 | # CREATE THE PRIVATE KEY FOR OUR GRUMPY SERVER 16 | openssl genrsa -out /tmp/certs/grumpy-key.pem 2048 17 | 18 | # CREATE A CSR FROM THE CONFIGURATION FILE AND OUR PRIVATE KEY 19 | openssl req -new -key /tmp/certs/grumpy-key.pem -subj "/CN=guard-service.devtroncd.svc" -out /tmp/grumpy.csr -config /tmp/certs/grumpy_config.txt 20 | 21 | # CREATE THE CERT SIGNING THE CSR WITH THE CA CREATED BEFORE 22 | openssl x509 -req -in /tmp/grumpy.csr -CA /tmp/certs/ca.crt -CAkey /tmp/certs/ca.key -CAcreateserial -out /tmp/certs/grumpy-crt.pem 23 | 24 | # INJECT CA IN THE WEBHOOK CONFIGURATION 25 | # export CA_BUNDLE=$(cat certs/ca.crt | base64 | tr -d '\n') 26 | #cat _manifest_.yaml | envsubst > manifest.yaml 27 | -------------------------------------------------------------------------------- /ca_config.txt: -------------------------------------------------------------------------------- 1 | [ req ] 2 | default_bits = 2048 3 | default_md = sha512 4 | default_keyfile = ca.key 5 | prompt = no 6 | encrypt_key = yes 7 | 8 | # base request 9 | distinguished_name = req_distinguished_name 10 | 11 | # extensions 12 | req_extensions = v3_req 13 | 14 | # distinguished_name 15 | [ req_distinguished_name ] 16 | countryName = "DE" # C= 17 | stateOrProvinceName = "Cologne" # ST= 18 | localityName = "Cologne" # L= 19 | postalCode = "424242" # L/postalcode= 20 | streetAddress = "Hallo 1621" # L/street= 21 | organizationName = "giantswarm" # O= 22 | organizationalUnitName = "Emojy Department" # OU= 23 | commonName = "giantswarm.io" # CN= 24 | emailAddress = "no-reply@giantswarm.io" # CN/emailAddress= 25 | 26 | # req_extensions 27 | [ v3_req ] 28 | # The subject alternative name extension allows various literal values to be 29 | # included in the configuration file 30 | # http://www.openssl.org/docs/apps/x509v3_config.html 31 | subjectAltName = DNS:www.giantswarm.io,DNS:www2.giantswarm.io # multidomain certificate -------------------------------------------------------------------------------- /install/devtron-operator-configs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: devtron-operator-secret 5 | namespace: devtroncd 6 | type: Opaque 7 | data: 8 | POSTGRESQL_PASSWORD: Y2hhbmdlX21l 9 | WEBHOOK_TOKEN: Y2hhbmdlX21l 10 | AZURE_ACCOUNT_KEY: Y2hhbmdlX21l # token with read write access to AZURE_BLOB_CONTAINER_CI_LOG and AZURE_BLOB_CONTAINER_CI_CACHE ,optional, if not provided pod identity will be used for authentication 11 | --- 12 | apiVersion: v1 13 | kind: ConfigMap 14 | metadata: 15 | name: devtron-operator-cm 16 | namespace: devtroncd 17 | data: 18 | BASE_URL_SCHEME: "http" 19 | #url without scheme and without trailing '/' 20 | BASE_URL: "change-me" 21 | DEX_CONFIG: "change-me" 22 | DEFAULT_CD_LOGS_BUCKET_REGION: "change-me" 23 | DEFAULT_CACHE_BUCKET: "devtron-ci-cache" 24 | DEFAULT_CACHE_BUCKET_REGION: "change-me" 25 | DEFAULT_BUILD_LOGS_BUCKET: "devtron-ci-log" 26 | EXTERNAL_SECRET_AMAZON_REGION: "" 27 | PROMETHEUS_URL: "http://change-me/prometheus" 28 | BLOB_STORAGE_PROVIDER: "MINIO" # AZURE| GCP| S3 | MINIO 29 | AZURE_ACCOUNT_NAME: "test-account" # blob storage account name 30 | AZURE_BLOB_CONTAINER_CI_LOG: "ci-log-container" # container for ci log 31 | AZURE_BLOB_CONTAINER_CI_CACHE: "ci-cache-container" #container for ci cache, -> versioning policy similar to aws 32 | 33 | 34 | -------------------------------------------------------------------------------- /updates/devtron.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: devtron-cm 5 | update: 6 | data: 7 | GIT_SENSOR_TIMEOUT: "300" 8 | LENS_TIMEOUT: "300" 9 | DEFAULT_BUILD_LOGS_KEY_PREFIX: "devtron" 10 | DEFAULT_CD_ARTIFACT_KEY_LOCATION: "devtron/cd-artifacts" 11 | DEFAULT_CD_TIMEOUT: "3600" 12 | CI_LOGS_KEY_PREFIX: "ci-artifacts" 13 | DEFAULT_TIMEOUT: "3600" 14 | CD_LIMIT_CI_CPU: "0.5" 15 | CD_LIMIT_CI_MEM: "3G" 16 | CD_REQ_CI_CPU: "0.5" 17 | CD_REQ_CI_MEM: "3G" 18 | LIMIT_CI_CPU: "0.5" 19 | LIMIT_CI_MEM: "3G" 20 | REQ_CI_CPU: "0.5" 21 | REQ_CI_MEM: "3G" 22 | CD_NODE_TAINTS_KEY: "" 23 | CD_NODE_TAINTS_VALUE: "" 24 | CI_NODE_TAINTS_KEY: "" 25 | CI_NODE_TAINTS_VALUE: "" 26 | CI_NODE_LABEL_SELECTOR: "" 27 | CACHE_LIMIT: "5000000000" 28 | DEFAULT_ARTIFACT_KEY_LOCATION: "devtron/ci-artifacts" 29 | EXTERNAL_CI_PAYLOAD: "{\"ciProjectDetails\":[{\"gitRepository\":\"https://github.com/srj92/getting-started-nodejs.git\",\"checkoutPath\":\"./abc\",\"commitHash\":\"239077135f8cdeeccb7857e2851348f558cb53d3\",\"commitTime\":\"2019-10-31T20:55:21+05:30\",\"branch\":\"master\",\"message\":\"Update README.md\",\"author\":\"Devtron Labs \"}],\"dockerImage\":\"445808685819.dkr.ecr.us-east-2.amazonaws.com/orch:23907713-2\",\"digest\":\"test1\",\"dataSource\":\"ext\",\"materialType\":\"git\"}" 30 | ECR_REPO_NAME_PREFIX: "devtron/" 31 | --- 32 | apiVersion: v1 33 | kind: Secret 34 | metadata: 35 | name: devtron-secret 36 | #update: 37 | # data: 38 | # GRAFANA_PASSWORD: "ssas" 39 | # GRAFANA_USERNAME: "admin" -------------------------------------------------------------------------------- /charts/devtron/values.yaml: -------------------------------------------------------------------------------- 1 | #Use secrets in plaintext, they'll be encoded to base64 automatically. 2 | secrets: 3 | data: 4 | - key: POSTGRESQL_PASSWORD 5 | value: "change-me" 6 | - key: WEBHOOK_TOKEN 7 | value: "XXXXXXXXXXXXXXXXXXXX" 8 | # - key: AZURE_ACCOUNT_KEY # token with read write access to AZURE_BLOB_CONTAINER_CI_LOG and AZURE_BLOB_CONTAINER_CI_CACHE ,optional, if not provided pod identity will be used for authentication 9 | # value: "#########" 10 | 11 | configs: 12 | BASE_URL_SCHEME: "http" 13 | #url without scheme and without trailing '/' 14 | BASE_URL: "www.example.com" 15 | #DEX_CONFIG: |- 16 | # connectors: 17 | # - type: oidc 18 | # id: google 19 | # name: Google 20 | # config: 21 | # issuer: https://accounts.google.com 22 | # clientID: xxxxxxxx-xxxxxxxxxxxxxxxxx.apps.googleusercontent.com 23 | # clientSecret: xxxxxxxxxxxxxxxxx 24 | # redirectURI: :///api/dex/callback 25 | # hostedDomains: 26 | # - example.com 27 | DEFAULT_CD_LOGS_BUCKET_REGION: "change-me" 28 | DEFAULT_CACHE_BUCKET: "devtron-ci-cache" 29 | DEFAULT_CACHE_BUCKET_REGION: "change-me" 30 | DEFAULT_BUILD_LOGS_BUCKET: "devtron-ci-log" 31 | EXTERNAL_SECRET_AMAZON_REGION: "" 32 | PROMETHEUS_URL: "http://change-me/prometheus" 33 | BLOB_STORAGE_PROVIDER: "MINIO" # AZURE| GCP| S3 | MINIO 34 | #AZURE_ACCOUNT_NAME: "test-account" # blob storage account name 35 | #AZURE_BLOB_CONTAINER_CI_LOG: "ci-log-container" # container for ci log 36 | #AZURE_BLOB_CONTAINER_CI_CACHE: "ci-cache-container" #container for ci cache, -> versioning policy similar to aws 37 | 38 | -------------------------------------------------------------------------------- /yamls/gitsensor.yaml: -------------------------------------------------------------------------------- 1 | # Source: gitsensor/templates/generic.yaml 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: git-sensor-secret 6 | labels: 7 | app: git-sensor 8 | --- 9 | apiVersion: v1 10 | kind: ConfigMap 11 | metadata: 12 | name: git-sensor-cm 13 | labels: 14 | app: git-sensor 15 | data: 16 | PG_ADDR: postgresql-postgresql.devtroncd 17 | PG_USER: postgres 18 | --- 19 | # Source: gitsensor/templates/generic.yaml 20 | apiVersion: v1 21 | kind: Service 22 | metadata: 23 | name: git-sensor-service 24 | labels: 25 | app: git-sensor 26 | release: devtron 27 | spec: 28 | ports: 29 | - port: 80 30 | name: sensor 31 | targetPort: 8080 32 | selector: 33 | app: git-sensor 34 | --- 35 | # Source: gitsensor/templates/generic.yaml 36 | apiVersion: apps/v1 37 | kind: StatefulSet 38 | metadata: 39 | name: git-sensor 40 | labels: 41 | release: devtron 42 | app: git-sensor 43 | spec: 44 | selector: 45 | matchLabels: 46 | app: git-sensor # has to match .spec.template.metadata.labels 47 | serviceName: git-sensor 48 | replicas: 1 # by default is 1 49 | template: 50 | metadata: 51 | labels: 52 | app: git-sensor 53 | spec: 54 | terminationGracePeriodSeconds: 10 55 | containers: 56 | - name: git-sensor 57 | image: quay.io/devtron/git-sensor:8badb037-121-2189 58 | ports: 59 | - containerPort: 8080 60 | name: sensor 61 | volumeMounts: 62 | - name: git-volume 63 | mountPath: /git-base/ 64 | envFrom: 65 | - secretRef: 66 | name: git-sensor-secret 67 | - configMapRef: 68 | name: git-sensor-cm 69 | volumeClaimTemplates: 70 | - metadata: 71 | name: git-volume 72 | spec: 73 | accessModes: [ "ReadWriteOnce" ] 74 | resources: 75 | requests: 76 | storage: 2Gi 77 | --- 78 | # Source: gitsensor/templates/servicemonitor.yaml 79 | apiVersion: monitoring.coreos.com/v1 80 | kind: ServiceMonitor 81 | metadata: 82 | name: git-sensor-sm 83 | labels: 84 | chart: gitsensor-0.11.0 85 | app: git-sensor 86 | kind: Prometheus 87 | release: devtron 88 | spec: 89 | endpoints: 90 | - port: app 91 | path: /metrics 92 | selector: 93 | matchLabels: 94 | app: git-sensor 95 | -------------------------------------------------------------------------------- /charts/devtron/templates/install.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: installer 6 | namespace: devtroncd 7 | --- 8 | apiVersion: rbac.authorization.k8s.io/v1 9 | kind: ClusterRoleBinding 10 | metadata: 11 | name: installer 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: cluster-admin 16 | subjects: 17 | - kind: ServiceAccount 18 | name: installer 19 | namespace: devtroncd 20 | --- 21 | apiVersion: rbac.authorization.k8s.io/v1 22 | kind: ClusterRoleBinding 23 | metadata: 24 | name: installer-editor 25 | roleRef: 26 | apiGroup: rbac.authorization.k8s.io 27 | kind: ClusterRole 28 | name: installer-editor-role 29 | subjects: 30 | - kind: ServiceAccount 31 | name: installer 32 | namespace: devtroncd 33 | --- 34 | apiVersion: rbac.authorization.k8s.io/v1 35 | kind: ClusterRole 36 | metadata: 37 | name: installer-editor-role 38 | rules: 39 | - apiGroups: 40 | - installer.devtron.ai 41 | resources: 42 | - installers 43 | verbs: 44 | - create 45 | - delete 46 | - get 47 | - list 48 | - patch 49 | - update 50 | - watch 51 | - apiGroups: 52 | - installer.devtron.ai 53 | resources: 54 | - installers/status 55 | verbs: 56 | - get 57 | --- 58 | apiVersion: apps/v1 59 | kind: Deployment 60 | metadata: 61 | labels: 62 | app: inception 63 | name: inception 64 | namespace: devtroncd 65 | spec: 66 | minReadySeconds: 60 67 | replicas: 1 68 | strategy: 69 | type: 70 | Recreate 71 | selector: 72 | matchLabels: 73 | app: inception 74 | template: 75 | metadata: 76 | creationTimestamp: null 77 | labels: 78 | app: inception 79 | spec: 80 | containers: 81 | - 82 | image: quay.io/devtron/inception:d7236e39-185-3534 83 | imagePullPolicy: IfNotPresent 84 | name: inception 85 | ports: 86 | - 87 | containerPort: 8080 88 | name: app 89 | protocol: TCP 90 | resources: 91 | limits: 92 | cpu: 50m 93 | memory: 500Mi 94 | requests: 95 | cpu: 10m 96 | memory: 100Mi 97 | restartPolicy: Always 98 | serviceAccountName: installer 99 | terminationGracePeriodSeconds: 30 100 | -------------------------------------------------------------------------------- /yamls/notifier.yaml: -------------------------------------------------------------------------------- 1 | # Source: notifier/templates/secret.yaml 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: notifier-secret 6 | labels: 7 | release: devtron 8 | type: Opaque 9 | --- 10 | # Source: notifier/templates/configmap.yaml 11 | apiVersion: v1 12 | kind: ConfigMap 13 | metadata: 14 | name: notifier-cm 15 | labels: 16 | release: devtron 17 | data: 18 | CD_ENVIRONMENT: PROD 19 | DB: orchestrator 20 | DB_HOST: postgresql-postgresql.devtroncd 21 | DB_PORT: "5432" 22 | DB_USER: postgres 23 | --- 24 | # Source: notifier/templates/service.yaml 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: notifier-service 29 | labels: 30 | app: notifier 31 | chart: notifier-3.7.1 32 | release: devtron 33 | spec: 34 | type: ClusterIP 35 | ports: 36 | - port: 80 37 | targetPort: app 38 | protocol: TCP 39 | name: app 40 | selector: 41 | app: notifier 42 | --- 43 | # Source: notifier/templates/deployment.yaml 44 | apiVersion: apps/v1 45 | kind: Deployment 46 | metadata: 47 | name: notifier 48 | labels: 49 | app: notifier 50 | chart: notifier-3.7.1 51 | release: devtron 52 | spec: 53 | selector: 54 | matchLabels: 55 | app: notifier 56 | release: devtron 57 | replicas: 1 58 | minReadySeconds: 60 59 | template: 60 | metadata: 61 | labels: 62 | app: notifier 63 | release: devtron 64 | spec: 65 | terminationGracePeriodSeconds: 30 66 | restartPolicy: Always 67 | containers: 68 | - name: notifier 69 | image: quay.io/devtron/notifier:676ed6e2-137-3458 70 | imagePullPolicy: IfNotPresent 71 | ports: 72 | - name: app 73 | containerPort: 3000 74 | protocol: TCP 75 | env: 76 | - name: CONFIG_HASH 77 | value: f64a7abec5f850c3393a5f3a1efb3a3c62fbcb6530cc3c6807028c41677fc3ec 78 | - name: SECRET_HASH 79 | value: 613cf1b1ff0cf6a867565df5ff0b3585893258f3430f0cccef14cf8c600bc701 80 | - name: POD_NAME 81 | valueFrom: 82 | fieldRef: 83 | fieldPath: metadata.name 84 | envFrom: 85 | - configMapRef: 86 | name: notifier-cm 87 | - secretRef: 88 | name: notifier-secret 89 | resources: 90 | limits: 91 | cpu: "0.5" 92 | memory: 600Mi 93 | requests: 94 | cpu: "0.2" 95 | memory: 100Mi 96 | volumeMounts: [] 97 | volumes: [] 98 | revisionHistoryLimit: 3 99 | -------------------------------------------------------------------------------- /yamls/clair-config.yaml: -------------------------------------------------------------------------------- 1 | clair: 2 | database: 3 | # Database driver. 4 | type: pgsql 5 | options: 6 | # PostgreSQL Connection string. 7 | # https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-CONNSTRING 8 | source: "postgres://clair:clair@clair-pg-postgresql:5432/clair?sslmode=disable" 9 | 10 | 11 | # Number of elements kept in the cache. 12 | # Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database. 13 | cachesize: 16384 14 | 15 | # 32-bit URL-safe base64 key used to encrypt pagination tokens. 16 | # If one is not provided, it will be generated. 17 | # Multiple clair instances in the same cluster need the same value. 18 | paginationkey: "XxoPtCUzrUv4JV5dS+yQ+MdW7yLEJnRMwigVY/bpgtQ=" 19 | api: 20 | # v3 grpc/RESTful API server address. 21 | addr: "0.0.0.0:6060" 22 | 23 | # Health server address. 24 | # This is an unencrypted endpoint useful for load balancers to check to healthiness of the clair server. 25 | healthaddr: "0.0.0.0:6061" 26 | 27 | # Deadline before an API request will respond with a 503. 28 | timeout: 900s 29 | 30 | # Optional PKI configuration. 31 | # If you want to easily generate client certificates and CAs, try the following projects: 32 | # https://github.com/coreos/etcd-ca 33 | # https://github.com/cloudflare/cfssl 34 | servername: 35 | cafile: 36 | keyfile: 37 | certfile: 38 | 39 | worker: 40 | namespace_detectors: 41 | - os-release 42 | - lsb-release 43 | - apt-sources 44 | - alpine-release 45 | - redhat-release 46 | 47 | feature_listers: 48 | - apk 49 | - dpkg 50 | - rpm 51 | 52 | updater: 53 | # Frequency the database will be updated with vulnerabilities from the default data sources. 54 | # The value 0 disables the updater entirely. 55 | interval: "2h" 56 | enabledupdaters: 57 | - debian 58 | - ubuntu 59 | - redhat 60 | - oracle 61 | - alpine 62 | - redhat 63 | 64 | notifier: 65 | # Number of attempts before the notification is marked as failed to be sent. 66 | attempts: 3 67 | 68 | # Duration before a failed notification is retried. 69 | renotifyinterval: 2h 70 | 71 | http: 72 | # Optional endpoint that will receive notifications via POST requests. 73 | endpoint: "https://example.com/notify/me" 74 | 75 | # Optional PKI configuration. 76 | # If you want to easily generate client certificates and CAs, try the following projects: 77 | # https://github.com/cloudflare/cfssl 78 | # https://github.com/coreos/etcd-ca 79 | servername: 80 | cafile: 81 | keyfile: 82 | certfile: 83 | 84 | # Optional HTTP Proxy: must be a valid URL (including the scheme). 85 | proxy: -------------------------------------------------------------------------------- /yamls/image-scanner.yaml: -------------------------------------------------------------------------------- 1 | # Source: image-scanner-new/templates/secret.yaml 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: image-scanner-secret 6 | labels: 7 | release: devtron 8 | type: Opaque 9 | --- 10 | # Source: image-scanner-new/templates/configmap.yaml 11 | apiVersion: v1 12 | kind: ConfigMap 13 | metadata: 14 | name: image-scanner-cm 15 | labels: 16 | release: devtron 17 | data: 18 | CLAIR_ADDR: clair.devtroncd:6060 19 | CLIENT_ID: client-2 20 | NATS_SERVER_HOST: nats://devtron-nats.devtroncd:4222 21 | PG_ADDR: postgresql-postgresql.devtroncd 22 | PG_DATABASE: orchestrator 23 | PG_LOG_QUERY: "false" 24 | PG_PORT: "5432" 25 | PG_USER: postgres 26 | --- 27 | # Source: image-scanner-new/templates/service.yaml 28 | apiVersion: v1 29 | kind: Service 30 | metadata: 31 | name: image-scanner-service 32 | labels: 33 | app: image-scanner 34 | chart: image-scanner-3.9.1 35 | release: devtron 36 | spec: 37 | type: ClusterIP 38 | ports: 39 | - port: 80 40 | targetPort: app 41 | protocol: TCP 42 | name: app 43 | selector: 44 | app: image-scanner 45 | --- 46 | # Source: image-scanner-new/templates/deployment.yaml 47 | apiVersion: apps/v1 48 | kind: Deployment 49 | metadata: 50 | name: image-scanner 51 | labels: 52 | app: image-scanner 53 | chart: image-scanner-3.9.1 54 | release: devtron 55 | spec: 56 | selector: 57 | matchLabels: 58 | app: image-scanner 59 | release: devtron 60 | replicas: 1 61 | minReadySeconds: 60 62 | template: 63 | metadata: 64 | labels: 65 | app: image-scanner 66 | release: devtron 67 | spec: 68 | terminationGracePeriodSeconds: 30 69 | restartPolicy: Always 70 | containers: 71 | - name: image-scanner 72 | image: quay.io/devtron/imge-scanner:0c6ce5c2-123-2193 73 | imagePullPolicy: IfNotPresent 74 | ports: 75 | - name: app 76 | containerPort: 8080 77 | protocol: TCP 78 | env: 79 | - name: CONFIG_HASH 80 | value: 66ea130a3a759ac13165931cc6c106f5a9d40a01171b38982715b5570351134a 81 | - name: SECRET_HASH 82 | value: dab9f1b9549ed81db8bca66052d574b870a25e69d1845100d5c0d0368fbf3ee0 83 | - name: DEVTRON_APP_NAME 84 | value: image-scanner 85 | - name: POD_NAME 86 | valueFrom: 87 | fieldRef: 88 | fieldPath: metadata.name 89 | envFrom: 90 | - configMapRef: 91 | name: image-scanner-cm 92 | - secretRef: 93 | name: image-scanner-secret 94 | resources: 95 | limits: 96 | cpu: "0.05" 97 | memory: 50Mi 98 | requests: 99 | cpu: "0.01" 100 | memory: 10Mi 101 | volumeMounts: [] 102 | volumes: [] 103 | revisionHistoryLimit: 3 104 | -------------------------------------------------------------------------------- /yamls/nats-streaming.yaml: -------------------------------------------------------------------------------- 1 | # Source: nats-streaming/templates/monitoring-svc.yaml 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: nats-streaming-monitoring 6 | labels: 7 | app: nats-streaming 8 | chart: "nats-streaming-0.3.0" 9 | release: "devtron" 10 | spec: 11 | type: ClusterIP 12 | ports: 13 | - name: monitoring 14 | port: 8222 15 | targetPort: monitoring 16 | selector: 17 | app: nats-streaming 18 | release: "devtron" 19 | --- 20 | # Source: nats-streaming/templates/statefulset.yaml 21 | apiVersion: apps/v1 22 | kind: StatefulSet 23 | metadata: 24 | name: nats-streaming 25 | labels: 26 | app: "nats-streaming" 27 | chart: "nats-streaming-0.3.0" 28 | release: "devtron" 29 | spec: 30 | serviceName: devtron-nats 31 | replicas: 3 32 | updateStrategy: 33 | type: RollingUpdate 34 | selector: 35 | matchLabels: 36 | app: nats-streaming 37 | release: "devtron" 38 | template: 39 | metadata: 40 | labels: 41 | app: "nats-streaming" 42 | chart: "nats-streaming-0.3.0" 43 | release: devtron 44 | annotations: 45 | spec: 46 | affinity: 47 | podAntiAffinity: 48 | preferredDuringSchedulingIgnoredDuringExecution: 49 | - weight: 1 50 | podAffinityTerm: 51 | topologyKey: kubernetes.io/hostname 52 | labelSelector: 53 | matchLabels: 54 | app: "nats-streaming" 55 | release: "devtron" 56 | containers: 57 | - name: nats-streaming 58 | image: docker.io/nats-streaming:0.11.2 59 | imagePullPolicy: IfNotPresent 60 | env: 61 | - name: POD_NAME 62 | valueFrom: 63 | fieldRef: 64 | fieldPath: metadata.name 65 | args: [ 66 | "-clustered", 67 | "-cid", "devtron-stan", 68 | "-m", "8222", 69 | "-ns", "nats://devtron-nats.devtroncd:4222", 70 | "-mc", "0", 71 | "-msu", "0", 72 | "-mm", "0", 73 | "-mb", "0", 74 | "-ma", "604800s", 75 | "-hbi", "30s", 76 | "-hbt", "10s", 77 | "-hbf", "330", 78 | 79 | "--cluster_node_id", "$(POD_NAME)", 80 | "--cluster_peers", "nats-streaming-0,nats-streaming-1,nats-streaming-2", 81 | "--store", "file", 82 | "--dir", "/nats/devtron-stan/$(POD_NAME)/data", 83 | "--cluster_log_path", "/nats/devtron-stan/$(POD_NAME)/raft", 84 | "--file_compact_enabled", 85 | "--file_compact_frag", "50", 86 | "--file_compact_interval", "300", 87 | "--file_compact_min_size", "1048576", 88 | "--file_buffer_size", "2097152", 89 | "--file_crc", 90 | "--file_crc_poly", "3988292384", 91 | "--file_sync", 92 | "--file_slice_max_msgs", "0", 93 | "--file_slice_max_bytes", "67108931", 94 | "--file_slice_max_age", "0", 95 | "--file_fds_limit", "0", 96 | "--file_parallel_recovery", "1", 97 | ] 98 | ports: 99 | - name: monitoring 100 | containerPort: 8222 101 | volumeMounts: 102 | - name: datadir 103 | mountPath: /nats 104 | livenessProbe: 105 | httpGet: 106 | path: / 107 | port: monitoring 108 | initialDelaySeconds: 30 109 | periodSeconds: 10 110 | timeoutSeconds: 5 111 | successThreshold: 1 112 | failureThreshold: 6 113 | readinessProbe: 114 | httpGet: 115 | path: / 116 | port: monitoring 117 | initialDelaySeconds: 5 118 | periodSeconds: 10 119 | timeoutSeconds: 5 120 | successThreshold: 1 121 | failureThreshold: 6 122 | resources: 123 | {} 124 | volumes: 125 | - name: datadir 126 | emptyDir: {} 127 | -------------------------------------------------------------------------------- /yamls/guard.yaml: -------------------------------------------------------------------------------- 1 | # Source: guard/templates/secret.yaml 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: guard-secret 6 | labels: 7 | release: devtron 8 | type: Opaque 9 | --- 10 | # Source: guard/templates/service.yaml 11 | apiVersion: v1 12 | kind: Service 13 | metadata: 14 | name: guard-service 15 | labels: 16 | app: guard 17 | chart: guard-3.9.1 18 | release: devtron 19 | spec: 20 | type: ClusterIP 21 | ports: 22 | - port: 443 23 | targetPort: app 24 | protocol: TCP 25 | name: app 26 | selector: 27 | app: guard 28 | --- 29 | # Source: guard/templates/hpa.yaml 30 | apiVersion: autoscaling/v2beta2 31 | kind: HorizontalPodAutoscaler 32 | metadata: 33 | name: guard-hpa 34 | labels: 35 | release: devtron 36 | spec: 37 | scaleTargetRef: 38 | apiVersion: v1 39 | kind: Deployment 40 | name: devtron-guard 41 | minReplicas: 2 42 | maxReplicas: 4 43 | metrics: 44 | - type: Resource 45 | resource: 46 | name: memory 47 | target: 48 | type: Utilization 49 | averageUtilization: 80 50 | - type: Resource 51 | resource: 52 | name: cpu 53 | target: 54 | type: Utilization 55 | averageUtilization: 90 56 | --- 57 | # Source: guard/templates/deployment.yaml 58 | apiVersion: apps/v1 59 | kind: Deployment 60 | metadata: 61 | name: guard 62 | labels: 63 | app: guard 64 | chart: guard-3.9.1 65 | release: devtron 66 | releaseVersion: "1" 67 | pipelineName: guard-dt-prod 68 | spec: 69 | selector: 70 | matchLabels: 71 | app: guard 72 | release: devtron 73 | replicas: 2 74 | minReadySeconds: 60 75 | template: 76 | metadata: 77 | labels: 78 | app: guard 79 | appId: "181" 80 | envId: "4" 81 | release: devtron 82 | spec: 83 | terminationGracePeriodSeconds: 30 84 | restartPolicy: Always 85 | containers: 86 | - name: guard 87 | image: quay.io/devtron/guard:62058d7c-122-2192 88 | imagePullPolicy: IfNotPresent 89 | ports: 90 | - name: app 91 | containerPort: 8080 92 | protocol: TCP 93 | args: 94 | - -alsologtostderr 95 | - --log_dir=/ 96 | - -v=10 97 | - --validator_url=http://devtron-service.devtroncd:80 98 | - 2>&1 99 | env: 100 | - name: CONFIG_HASH 101 | value: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b 102 | - name: SECRET_HASH 103 | value: abaee17d930a742e0a3554336348fde8a2b20e23bbdabb29b4acb8ac393b5da9 104 | - name: DEVTRON_APP_NAME 105 | value: guard 106 | - name: POD_NAME 107 | valueFrom: 108 | fieldRef: 109 | fieldPath: metadata.name 110 | resources: 111 | limits: 112 | cpu: "0.1" 113 | memory: 100Mi 114 | requests: 115 | cpu: "0.1" 116 | memory: 100Mi 117 | 118 | volumeMounts: 119 | - mountPath: /tmp 120 | name: log-volume 121 | - name: guard-secret-vol 122 | mountPath: /etc/certs 123 | volumes: 124 | - emptyDir: {} 125 | name: log-volume 126 | - name: guard-secret-vol 127 | secret: 128 | secretName: guard-secret 129 | revisionHistoryLimit: 3 130 | --- 131 | apiVersion: admissionregistration.k8s.io/v1beta1 132 | kind: ValidatingWebhookConfiguration 133 | metadata: 134 | name: grumpy 135 | webhooks: 136 | - name: grumpy.pipo02mix.org 137 | clientConfig: 138 | service: 139 | name: guard-service 140 | namespace: devtroncd 141 | path: "/validate" 142 | caBundle: "" 143 | rules: 144 | - operations: ["CREATE","UPDATE"] 145 | apiGroups: [""] 146 | apiVersions: ["v1"] 147 | resources: ["pods"] 148 | failurePolicy: Ignore 149 | -------------------------------------------------------------------------------- /yamls/kubewatch.yaml: -------------------------------------------------------------------------------- 1 | # Source: kubewatch/templates/generic.yaml 2 | # Source: kubewatch/templates/servieaccount.yaml 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | labels: 7 | app: kubewatch 8 | chart: kubewatch-0.6.1 9 | release: devtron 10 | name: kubewatch 11 | namespace: devtroncd 12 | --- 13 | # Source: kubewatch/templates/generic.yaml 14 | # Source: kubewatch/templates/configmap.yaml 15 | apiVersion: v1 16 | kind: ConfigMap 17 | metadata: 18 | labels: 19 | app: kubewatch 20 | chart: kubewatch-0.6.1 21 | release: "devtron" 22 | name: kubewatch-config 23 | namespace: devtroncd 24 | data: 25 | .kubewatch.yaml: | 26 | handler: 27 | webhook: 28 | enabled: true 29 | url: http://devtroncd-event-handler-service-prod.devtroncd/event 30 | 31 | resource: 32 | daemonset: false 33 | deployment: false 34 | events: true 35 | job: false 36 | persistentvolume: false 37 | pod: false 38 | replicaset: false 39 | replicationcontroller: false 40 | services: false 41 | --- 42 | # Source: kubewatch/templates/generic.yaml 43 | # Source: kubewatch/templates/clusterrole.yaml 44 | apiVersion: rbac.authorization.k8s.io/v1 45 | kind: ClusterRole 46 | metadata: 47 | labels: 48 | app: kubewatch 49 | chart: kubewatch-0.6.1 50 | release: devtron 51 | name: kubewatch 52 | namespace: devtroncd 53 | rules: 54 | - apiGroups: 55 | - "" 56 | resources: 57 | - pods 58 | - namespaces 59 | - services 60 | - deployments 61 | - replicationcontrollers 62 | - replicasets 63 | - daemonsets 64 | - persistentvolumes 65 | - events 66 | - workflows 67 | verbs: 68 | - list 69 | - watch 70 | - get 71 | - apiGroups: 72 | - apps 73 | resources: 74 | - daemonsets 75 | - deployments 76 | - deployments/scale 77 | - replicasets 78 | - replicasets/scale 79 | - statefulsets 80 | verbs: 81 | - get 82 | - list 83 | - watch 84 | - apiGroups: 85 | - extensions 86 | resources: 87 | - daemonsets 88 | - deployments 89 | - deployments/scale 90 | - replicasets 91 | - replicasets/scale 92 | - replicationcontrollers/scale 93 | verbs: 94 | - get 95 | - list 96 | - watch 97 | - apiGroups: 98 | - batch 99 | resources: 100 | - cronjobs 101 | - jobs 102 | verbs: 103 | - get 104 | - list 105 | - watch 106 | - apiGroups: 107 | - argoproj.io 108 | resources: 109 | - workflows 110 | - applications 111 | verbs: 112 | - get 113 | - list 114 | - watch 115 | --- 116 | # Source: kubewatch/templates/generic.yaml 117 | # Source: kubewatch/templates/clusterrolebinding.yaml 118 | apiVersion: rbac.authorization.k8s.io/v1beta1 119 | kind: ClusterRoleBinding 120 | metadata: 121 | labels: 122 | app: devtron 123 | chart: kubewatch-0.6.1 124 | release: devtron 125 | name: kubewatch 126 | roleRef: 127 | apiGroup: rbac.authorization.k8s.io 128 | kind: ClusterRole 129 | name: kubewatch 130 | subjects: 131 | - kind: ServiceAccount 132 | name: kubewatch 133 | namespace: devtroncd 134 | --- 135 | # Source: kubewatch/templates/generic.yaml 136 | # Source: kubewatch/templates/deployment.yaml 137 | apiVersion: apps/v1 138 | kind: Deployment 139 | metadata: 140 | labels: 141 | app: kubewatch 142 | chart: kubewatch-0.6.1 143 | release: "devtron" 144 | name: kubewatch 145 | namespace: devtroncd 146 | spec: 147 | replicas: 1 148 | selector: 149 | matchLabels: 150 | app: kubewatch 151 | release: devtron 152 | template: 153 | metadata: 154 | annotations: 155 | checksum/config-map: ae58540f4f666750bf92d3af7f94dbccd3bbea95fe76308c7572469c36d55bdc 156 | labels: 157 | app: kubewatch 158 | release: "devtron" 159 | chart: kubewatch-0.6.1 160 | spec: 161 | containers: 162 | - name: kubewatch 163 | image: quay.io/devtron/kubewatch:8aef551d-128-2196 164 | env: 165 | - name: devtroncd_NAMESPACE 166 | value: "devtron-ci" 167 | - name: CI_INFORMER 168 | value: "true" 169 | - name: ACD_NAMESPACE 170 | value: devtroncd 171 | - name: ACD_INFORMER 172 | value: "true" 173 | imagePullPolicy: Always 174 | volumeMounts: 175 | - name: kubewatch-config-map 176 | mountPath: /root/.kubewatch.yaml 177 | subPath: .kubewatch.yaml 178 | resources: 179 | requests: 180 | memory: 128Mi 181 | cpu: 100m 182 | limits: 183 | memory: 128Mi 184 | cpu: 100m 185 | serviceAccountName: kubewatch 186 | tolerations: [] 187 | restartPolicy: Always 188 | volumes: 189 | - name: kubewatch-config-map 190 | configMap: 191 | name: kubewatch-config 192 | -------------------------------------------------------------------------------- /yamls/workflow.yaml: -------------------------------------------------------------------------------- 1 | # This is an auto-generated file. DO NOT EDIT 2 | apiVersion: apiextensions.k8s.io/v1beta1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: workflows.argoproj.io 6 | spec: 7 | group: argoproj.io 8 | names: 9 | kind: Workflow 10 | plural: workflows 11 | shortNames: 12 | - wf 13 | scope: Namespaced 14 | version: v1alpha1 15 | --- 16 | apiVersion: v1 17 | kind: ServiceAccount 18 | metadata: 19 | name: argo-ui 20 | --- 21 | apiVersion: v1 22 | kind: ServiceAccount 23 | metadata: 24 | name: argo 25 | --- 26 | apiVersion: rbac.authorization.k8s.io/v1 27 | kind: ClusterRole 28 | metadata: 29 | labels: 30 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 31 | name: argo-aggregate-to-admin 32 | rules: 33 | - apiGroups: 34 | - argoproj.io 35 | resources: 36 | - workflows 37 | - workflows/finalizers 38 | verbs: 39 | - create 40 | - delete 41 | - deletecollection 42 | - get 43 | - list 44 | - patch 45 | - update 46 | - watch 47 | --- 48 | apiVersion: rbac.authorization.k8s.io/v1 49 | kind: ClusterRole 50 | metadata: 51 | labels: 52 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 53 | name: argo-aggregate-to-edit 54 | rules: 55 | - apiGroups: 56 | - argoproj.io 57 | resources: 58 | - workflows 59 | - workflows/finalizers 60 | verbs: 61 | - create 62 | - delete 63 | - deletecollection 64 | - get 65 | - list 66 | - patch 67 | - update 68 | - watch 69 | --- 70 | apiVersion: rbac.authorization.k8s.io/v1 71 | kind: ClusterRole 72 | metadata: 73 | labels: 74 | rbac.authorization.k8s.io/aggregate-to-view: "true" 75 | name: argo-aggregate-to-view 76 | rules: 77 | - apiGroups: 78 | - argoproj.io 79 | resources: 80 | - workflows 81 | - workflows/finalizers 82 | verbs: 83 | - get 84 | - list 85 | - watch 86 | --- 87 | apiVersion: rbac.authorization.k8s.io/v1 88 | kind: ClusterRole 89 | metadata: 90 | name: argo-cluster-role 91 | rules: 92 | - apiGroups: 93 | - "" 94 | resources: 95 | - pods 96 | - pods/exec 97 | verbs: 98 | - create 99 | - get 100 | - list 101 | - watch 102 | - update 103 | - patch 104 | - delete 105 | - apiGroups: 106 | - "" 107 | resources: 108 | - configmaps 109 | verbs: 110 | - get 111 | - watch 112 | - list 113 | - apiGroups: 114 | - "" 115 | resources: 116 | - persistentvolumeclaims 117 | verbs: 118 | - create 119 | - delete 120 | - apiGroups: 121 | - argoproj.io 122 | resources: 123 | - workflows 124 | - workflows/finalizers 125 | verbs: 126 | - get 127 | - list 128 | - watch 129 | - update 130 | - patch 131 | - delete 132 | --- 133 | apiVersion: rbac.authorization.k8s.io/v1 134 | kind: ClusterRole 135 | metadata: 136 | name: argo-ui-cluster-role 137 | rules: 138 | - apiGroups: 139 | - "" 140 | resources: 141 | - pods 142 | - pods/exec 143 | - pods/log 144 | verbs: 145 | - get 146 | - list 147 | - watch 148 | - apiGroups: 149 | - "" 150 | resources: 151 | - secrets 152 | verbs: 153 | - get 154 | - apiGroups: 155 | - argoproj.io 156 | resources: 157 | - workflows 158 | verbs: 159 | - get 160 | - list 161 | - watch 162 | --- 163 | apiVersion: rbac.authorization.k8s.io/v1 164 | kind: ClusterRoleBinding 165 | metadata: 166 | name: argo-binding 167 | roleRef: 168 | apiGroup: rbac.authorization.k8s.io 169 | kind: ClusterRole 170 | name: argo-cluster-role 171 | subjects: 172 | - kind: ServiceAccount 173 | name: argo 174 | namespace: argo 175 | --- 176 | apiVersion: rbac.authorization.k8s.io/v1 177 | kind: ClusterRoleBinding 178 | metadata: 179 | name: argo-ui-binding 180 | roleRef: 181 | apiGroup: rbac.authorization.k8s.io 182 | kind: ClusterRole 183 | name: argo-ui-cluster-role 184 | subjects: 185 | - kind: ServiceAccount 186 | name: argo-ui 187 | namespace: argo 188 | --- 189 | apiVersion: v1 190 | kind: ConfigMap 191 | metadata: 192 | name: workflow-controller-configmap 193 | --- 194 | apiVersion: v1 195 | kind: Service 196 | metadata: 197 | name: argo-ui 198 | spec: 199 | ports: 200 | - port: 80 201 | targetPort: 8001 202 | selector: 203 | app: argo-ui 204 | --- 205 | apiVersion: apps/v1 206 | kind: Deployment 207 | metadata: 208 | name: argo-ui 209 | spec: 210 | selector: 211 | matchLabels: 212 | app: argo-ui 213 | template: 214 | metadata: 215 | labels: 216 | app: argo-ui 217 | spec: 218 | containers: 219 | - env: 220 | - name: ARGO_NAMESPACE 221 | valueFrom: 222 | fieldRef: 223 | apiVersion: v1 224 | fieldPath: metadata.namespace 225 | - name: IN_CLUSTER 226 | value: "true" 227 | - name: ENABLE_WEB_CONSOLE 228 | value: "false" 229 | - name: BASE_HREF 230 | value: / 231 | image: argoproj/argoui:v2.3.0 232 | name: argo-ui 233 | serviceAccountName: argo-ui 234 | --- 235 | apiVersion: apps/v1 236 | kind: Deployment 237 | metadata: 238 | name: workflow-controller 239 | spec: 240 | selector: 241 | matchLabels: 242 | app: workflow-controller 243 | template: 244 | metadata: 245 | labels: 246 | app: workflow-controller 247 | spec: 248 | containers: 249 | - args: 250 | - --configmap 251 | - workflow-controller-configmap 252 | - --executor-image 253 | - argoproj/argoexec:v2.3.0 254 | command: 255 | - workflow-controller 256 | image: argoproj/workflow-controller:v2.3.0 257 | name: workflow-controller 258 | serviceAccountName: argo -------------------------------------------------------------------------------- /yamls/clair.yaml: -------------------------------------------------------------------------------- 1 | # Source: clair/templates/secret.yaml 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: clair 6 | labels: 7 | release: "devtron" 8 | chart: "clair-0.1.2" 9 | app: clair 10 | type: Opaque 11 | data: 12 | config.yaml: |- 13 | Y2xhaXI6CiAgZGF0YWJhc2U6CiAgICAjIERhdGFiYXNlIGRyaXZlci4KICAgIHR5cGU6IHBnc3FsCiAgICBvcHRpb25zOgogICAgICAjIFBvc3RncmVTUUwgQ29ubmVjdGlvbiBzdHJpbmcuCiAgICAgICMgaHR0cHM6Ly93d3cucG9zdGdyZXNxbC5vcmcvZG9jcy9jdXJyZW50L3N0YXRpYy9saWJwcS1jb25uZWN0Lmh0bWwjTElCUFEtQ09OTlNUUklORwogICAgICBzb3VyY2U6ICJwb3N0Z3JlczovL2NsYWlyOmNsYWlyQGNsYWlyLXBnLXBvc3RncmVzcWw6NTQzMi9jbGFpcj9zc2xtb2RlPWRpc2FibGUiCiAgICAgIAoKICAgICAgIyBOdW1iZXIgb2YgZWxlbWVudHMga2VwdCBpbiB0aGUgY2FjaGUuCiAgICAgICMgVmFsdWVzIHVubGlrZWx5IHRvIGNoYW5nZSAoZS5nLiBuYW1lc3BhY2VzKSBhcmUgY2FjaGVkIGluIG9yZGVyIHRvIHNhdmUgcHJldmVudCBuZWVkbGVzcyByb3VuZHRyaXBzIHRvIHRoZSBkYXRhYmFzZS4KICAgICAgY2FjaGVzaXplOiAxNjM4NAoKICAgICAgIyAzMi1iaXQgVVJMLXNhZmUgYmFzZTY0IGtleSB1c2VkIHRvIGVuY3J5cHQgcGFnaW5hdGlvbiB0b2tlbnMuCiAgICAgICMgSWYgb25lIGlzIG5vdCBwcm92aWRlZCwgaXQgd2lsbCBiZSBnZW5lcmF0ZWQuCiAgICAgICMgTXVsdGlwbGUgY2xhaXIgaW5zdGFuY2VzIGluIHRoZSBzYW1lIGNsdXN0ZXIgbmVlZCB0aGUgc2FtZSB2YWx1ZS4KICAgICAgcGFnaW5hdGlvbmtleTogIlh4b1B0Q1V6clV2NEpWNWRTK3lRK01kVzd5TEVKblJNd2lnVlkvYnBndFE9IgogIGFwaToKICAgICMgdjMgZ3JwYy9SRVNUZnVsIEFQSSBzZXJ2ZXIgYWRkcmVzcy4KICAgIGFkZHI6ICIwLjAuMC4wOjYwNjAiCgogICAgIyBIZWFsdGggc2VydmVyIGFkZHJlc3MuCiAgICAjIFRoaXMgaXMgYW4gdW5lbmNyeXB0ZWQgZW5kcG9pbnQgdXNlZnVsIGZvciBsb2FkIGJhbGFuY2VycyB0byBjaGVjayB0byBoZWFsdGhpbmVzcyBvZiB0aGUgY2xhaXIgc2VydmVyLgogICAgaGVhbHRoYWRkcjogIjAuMC4wLjA6NjA2MSIKCiAgICAjIERlYWRsaW5lIGJlZm9yZSBhbiBBUEkgcmVxdWVzdCB3aWxsIHJlc3BvbmQgd2l0aCBhIDUwMy4KICAgIHRpbWVvdXQ6IDkwMHMKCiAgICAjIE9wdGlvbmFsIFBLSSBjb25maWd1cmF0aW9uLgogICAgIyBJZiB5b3Ugd2FudCB0byBlYXNpbHkgZ2VuZXJhdGUgY2xpZW50IGNlcnRpZmljYXRlcyBhbmQgQ0FzLCB0cnkgdGhlIGZvbGxvd2luZyBwcm9qZWN0czoKICAgICMgaHR0cHM6Ly9naXRodWIuY29tL2NvcmVvcy9ldGNkLWNhCiAgICAjIGh0dHBzOi8vZ2l0aHViLmNvbS9jbG91ZGZsYXJlL2Nmc3NsCiAgICBzZXJ2ZXJuYW1lOgogICAgY2FmaWxlOgogICAga2V5ZmlsZToKICAgIGNlcnRmaWxlOgoKICB3b3JrZXI6CiAgICBuYW1lc3BhY2VfZGV0ZWN0b3JzOgogICAgLSBvcy1yZWxlYXNlCiAgICAtIGxzYi1yZWxlYXNlCiAgICAtIGFwdC1zb3VyY2VzCiAgICAtIGFscGluZS1yZWxlYXNlCiAgICAtIHJlZGhhdC1yZWxlYXNlCgogICAgZmVhdHVyZV9saXN0ZXJzOgogICAgLSBhcGsKICAgIC0gZHBrZwogICAgLSBycG0KCiAgdXBkYXRlcjoKICAgICMgRnJlcXVlbmN5IHRoZSBkYXRhYmFzZSB3aWxsIGJlIHVwZGF0ZWQgd2l0aCB2dWxuZXJhYmlsaXRpZXMgZnJvbSB0aGUgZGVmYXVsdCBkYXRhIHNvdXJjZXMuCiAgICAjIFRoZSB2YWx1ZSAwIGRpc2FibGVzIHRoZSB1cGRhdGVyIGVudGlyZWx5LgogICAgaW50ZXJ2YWw6ICIyaCIKICAgIGVuYWJsZWR1cGRhdGVyczoKICAgIC0gZGViaWFuCiAgICAtIHVidW50dQogICAgLSByZWRoYXQKICAgIC0gb3JhY2xlCiAgICAtIGFscGluZQogICAgLSByZWRoYXQKCiAgbm90aWZpZXI6CiAgICAjIE51bWJlciBvZiBhdHRlbXB0cyBiZWZvcmUgdGhlIG5vdGlmaWNhdGlvbiBpcyBtYXJrZWQgYXMgZmFpbGVkIHRvIGJlIHNlbnQuCiAgICBhdHRlbXB0czogMwoKICAgICMgRHVyYXRpb24gYmVmb3JlIGEgZmFpbGVkIG5vdGlmaWNhdGlvbiBpcyByZXRyaWVkLgogICAgcmVub3RpZnlpbnRlcnZhbDogMmgKCiAgICBodHRwOgogICAgICAjIE9wdGlvbmFsIGVuZHBvaW50IHRoYXQgd2lsbCByZWNlaXZlIG5vdGlmaWNhdGlvbnMgdmlhIFBPU1QgcmVxdWVzdHMuCiAgICAgIGVuZHBvaW50OiAiaHR0cHM6Ly9leGFtcGxlLmNvbS9ub3RpZnkvbWUiCgogICAgICAjIE9wdGlvbmFsIFBLSSBjb25maWd1cmF0aW9uLgogICAgICAjIElmIHlvdSB3YW50IHRvIGVhc2lseSBnZW5lcmF0ZSBjbGllbnQgY2VydGlmaWNhdGVzIGFuZCBDQXMsIHRyeSB0aGUgZm9sbG93aW5nIHByb2plY3RzOgogICAgICAjIGh0dHBzOi8vZ2l0aHViLmNvbS9jbG91ZGZsYXJlL2Nmc3NsCiAgICAgICMgaHR0cHM6Ly9naXRodWIuY29tL2NvcmVvcy9ldGNkLWNhCiAgICAgIHNlcnZlcm5hbWU6CiAgICAgIGNhZmlsZToKICAgICAga2V5ZmlsZToKICAgICAgY2VydGZpbGU6CgogICAgICAjIE9wdGlvbmFsIEhUVFAgUHJveHk6IG11c3QgYmUgYSB2YWxpZCBVUkwgKGluY2x1ZGluZyB0aGUgc2NoZW1lKS4KICAgICAgcHJveHk6Cg== 14 | --- 15 | # Source: clair/templates/service.yaml 16 | apiVersion: v1 17 | kind: Service 18 | metadata: 19 | name: clair 20 | labels: 21 | release: "devtron" 22 | chart: "clair-0.1.2" 23 | app: clair 24 | spec: 25 | type: ClusterIP 26 | ports: 27 | - name: "clair-api" 28 | port: 6060 29 | targetPort: 6060 30 | protocol: TCP 31 | - name: "clair-health" 32 | port: 6061 33 | targetPort: 6061 34 | protocol: TCP 35 | selector: 36 | app: clair 37 | --- 38 | # Source: clair/templates/deployment.yaml 39 | apiVersion: apps/v1 40 | kind: Deployment 41 | metadata: 42 | name: clair 43 | labels: 44 | release: "devtron" 45 | chart: "clair-0.1.2" 46 | app: clair 47 | spec: 48 | replicas: 1 49 | selector: 50 | matchLabels: 51 | app: clair 52 | template: 53 | metadata: 54 | labels: 55 | app: clair 56 | spec: 57 | volumes: 58 | - name: "clair-config" 59 | secret: 60 | secretName: clair 61 | initContainers: 62 | - name: pg-ready-wait 63 | image: postgres:11.3 64 | command: [ "sh", "-c", 65 | "until pg_isready -h postgresql-postgresql.devtroncd -p 5432; 66 | do echo waiting for database; sleep 1; done;"] 67 | containers: 68 | - name: clair 69 | image: "quay.io/coreos/clair:v2.1.4" 70 | imagePullPolicy: IfNotPresent 71 | args: 72 | - "-log-level=info" 73 | ports: 74 | - name: "clair-api" 75 | containerPort: 6060 76 | protocol: TCP 77 | - name: "clair-health" 78 | containerPort: 6061 79 | protocol: TCP 80 | livenessProbe: 81 | httpGet: 82 | path: /health 83 | port: 6061 84 | readinessProbe: 85 | httpGet: 86 | path: /health 87 | port: 6061 88 | volumeMounts: 89 | - name: "clair-config" 90 | mountPath: /etc/clair 91 | readOnly: true 92 | resources: 93 | limits: 94 | cpu: 200m 95 | memory: 1500Mi 96 | requests: 97 | cpu: 100m 98 | memory: 500Mi 99 | -------------------------------------------------------------------------------- /charts/devtron/README.md: -------------------------------------------------------------------------------- 1 | 2 | [![Join Discord](https://img.shields.io/badge/Join%20us%20on-Discord-e01563.svg)](https://discord.gg/72JDKy4) 3 | 4 | # Devtron Installation 5 | 6 | Devtron is an open source software delivery workflow for kubernetes written in go. It is designed as a self-serve platform for operationalizing and maintaining applications (AppOps) on kubernetes in a developer friendly way. 7 | 8 | ## Introduction 9 | 10 | This chart bootstraps deployment of all required components for installation of [Devtron Platform](https://github.com/devtron-labs) on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. 11 | 12 | It packages third party components like 13 | 14 | - [Grafana](https://github.com/grafana/grafana) for displaying application metrics 15 | - [Argocd](https://github.com/argoproj/argo-cd/) for gitops 16 | - [Argo workflows](https://github.com/argoproj/argo) for CI 17 | - [Clair](https://github.com/quay/clair) & [Guard](https://github.com/guard/guard) for image scanning 18 | - [Kubernetes External Secrets](https://github.com/godaddy/kubernetes-external-secrets) for ingegrating with external secret management stores like [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/) or [HashiCorp Vault](https://www.vaultproject.io/) 19 | - [Nats](https://github.com/nats-io) for event streaming 20 | - [Postgres](https://github.com/postgres/postgres) as datastore 21 | - Fork of [Argo Rollout](https://github.com/argoproj/argo-rollouts) 22 | 23 | ## How to use it 24 | 25 | ### Install with Helm 26 | 27 | This chart is currently not available on the official helm repository therefore you need to download it to install it. 28 | 29 | ```bash 30 | $ git clone [https://github.com/devtron-labs/devtron-installation-script.git](https://github.com/devtron-labs/devtron-installation-script.git) 31 | $ cd devtron-installation-script/charts 32 | $ #modify values in values.yaml 33 | $ helm install devtron . -f values.yaml 34 | ``` 35 | For more details about configuration see the [helm chart configuration](#configuration) 36 | 37 | ### Install with kubectl 38 | 39 | If you don't want to install helm on your cluster and just want to use `kubectl` to install `devtron platform`, then please follow following steps: 40 | 41 | ```bash 42 | $ git clone [https://github.com/devtron-labs/devtron-installation-script.git](https://github.com/devtron-labs/devtron-installation-script.git) 43 | $ cd devtron-installation-script/charts/template 44 | $ kubectl apply -n devtroncd -f charts/template/install.yaml 45 | $ # wait for it to finish 46 | $ #edit charts/template/configmap-secret.yaml 47 | $ kubectl apply -n devtroncd -f charts/template/configmap-secret.yaml 48 | $ kubectl apply -n devtroncd -f charts/template/devtron-installer.yaml 49 | ``` 50 | ### Access devtron dashboard 51 | 52 | devtron dashboard in now available at the `BASE_URL/dashboard`, where `BASE_URL` is same as provided in `values.yaml` in case of installation via helm chart OR provided in `charts/template/configmap-secret.yaml` in case of installation via kubectl. 53 | 54 | For login use username:`admin` and for password run command mentioned below. 55 | ```bash 56 | $ kubectl -n devtroncd get secret devtron-secret -o jsonpath='{.data.ACD_PASSWORD}' | base64 -d 57 | ``` 58 | ### Configuration 59 | 60 | All parameters mentioned in the `values.yaml` are mandatory. 61 | 62 | First section is ***secrets.env*** and it has following properties 63 | | Parameter | Description | Default | 64 | |----------:|:------------|:--------| 65 | | **POSTGRESQL_PASSWORD*** | password for postgres database (required) | change-me | 66 | | **WEBHOOK_TOKEN** | If you want to continue using jenkins for CI then please provide this for authentication of requests (optional) | | 67 | 68 | Second section is ***configs*** and has following properties 69 | | Parameter | Description | Default | 70 | |----------:|:------------|:--------| 71 | | **BASE_URL_SCHEME** | either of http or https | http | 72 | | **BASE_URL** | url without scheme and trailing slash (required) `eg. devtron.ai` | `change-me` | 73 | | **DEX_CONFIG** | dex config if you want to integrate login with SSO (optional) for more information check [Argocd documentation](https://argoproj.github.io/argo-cd/operator-manual/user-management/) | 74 | | **DEFAULT_CD_LOGS_BUCKET_REGION** | AWS region of bucket to store CD logs | | 75 | | **DEFAULT_CACHE_BUCKET** | AWS bucket to store docker cache | | 76 | | **DEFAULT_CACHE_BUCKET_REGION** | AWS region of cache bucket defined in previous step | | 77 | | **DEFAULT_BUILD_LOGS_BUCKET** | AWS bucket to store build logs | | 78 | | **CHARTMUSEUM_STORAGE_AMAZON_BUCKET** | AWS bucket to store charts | | 79 | | **CHARTMUSEUM_STORAGE_AMAZON_REGION** | AWS region for bucket defined in previous step to store charts | | 80 | | **EXTERNAL_SECRET_AMAZON_REGION** | AWS region for secret manager to pick | | 81 | | **PROMETHEUS_URL** | url of prometheus where all cluster data is stored, if this is wrong, you will not be able to see application metrics like cpu, ram, http status code, latency and throughput | | 82 | 83 | example of DEX_CONFIG is 84 | 85 | DEX_CONFIG: |- 86 | connectors: 87 | - type: oidc 88 | id: google 89 | name: Google 90 | config: 91 | issuer: https://accounts.google.com 92 | clientID: xxxxxxxx-qwwdsdsqsxxxxxxxxx.apps.googleusercontent.com 93 | clientSecret: fssdsdw121wwxssd 94 | redirectURI: :///api/dex/callback 95 | hostedDomains: 96 | - abc.com 97 | 98 | **Please Note:** 99 | Ensure that the cluster has access to the DEFAULT_CACHE_BUCKET, DEFAULT_BUILD_LOGS_BUCKET, CHARTMUSEUM_STORAGE_AMAZON_BUCKET and AWS secrets backends (SSM & secrets manager) 100 | 101 | -------------------------------------------------------------------------------- /yamls/migrator.yaml: -------------------------------------------------------------------------------- 1 | # Source: postgresql/templates/secrets.yaml 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: postgresql-migrator 6 | labels: 7 | app: postgresql 8 | chart: postgresql-8.6.4 9 | release: "devtron" 10 | type: Opaque 11 | --- 12 | apiVersion: batch/v1 13 | kind: Job 14 | metadata: 15 | name: postgresql-migrate-devtron 16 | spec: 17 | ttlSecondsAfterFinished: 1000 18 | template: 19 | spec: 20 | containers: 21 | - name: postgresql-migrate-devtron 22 | image: quay.io/devtron/migrator:6687f572-133-2208 23 | env: 24 | - name: GIT_BRANCH 25 | value: main 26 | - name: SCRIPT_LOCATION 27 | value: scripts/sql/ 28 | - name: GIT_REPO_URL 29 | value: https://github.com/devtron-labs/devtron.git 30 | - name: DB_TYPE 31 | value: postgres 32 | - name: DB_USER_NAME 33 | value: postgres 34 | - name: DB_HOST 35 | value: postgresql-postgresql.devtroncd 36 | - name: DB_PORT 37 | value: "5432" 38 | - name: DB_NAME 39 | value: orchestrator 40 | - name: MIGRATE_TO_VERSION 41 | value: "0" 42 | - name: GIT_HASH 43 | value: 81e6fbeea632094ba4b7340beb2a61ee4c268f1a 44 | envFrom: 45 | - secretRef: 46 | name: postgresql-migrator 47 | restartPolicy: OnFailure 48 | backoffLimit: 10 49 | activeDeadlineSeconds: 1500 50 | --- 51 | apiVersion: batch/v1 52 | kind: Job 53 | metadata: 54 | name: postgresql-migrate-casbin 55 | spec: 56 | template: 57 | spec: 58 | containers: 59 | - name: postgresql-migrate-casbin 60 | image: quay.io/devtron/migrator:6687f572-133-2208 61 | env: 62 | - name: SCRIPT_LOCATION 63 | value: scripts/casbin/ 64 | - name: GIT_REPO_URL 65 | value: https://github.com/devtron-labs/devtron.git 66 | - name: DB_TYPE 67 | value: postgres 68 | - name: DB_USER_NAME 69 | value: postgres 70 | - name: DB_HOST 71 | value: postgresql-postgresql.devtroncd 72 | - name: DB_PORT 73 | value: "5432" 74 | - name: DB_NAME 75 | value: casbin 76 | - name: MIGRATE_TO_VERSION 77 | value: "0" 78 | - name: GIT_HASH 79 | value: 81e6fbeea632094ba4b7340beb2a61ee4c268f1a 80 | - name: GIT_BRANCH 81 | value: main 82 | envFrom: 83 | - secretRef: 84 | name: postgresql-migrator 85 | restartPolicy: OnFailure 86 | backoffLimit: 1 87 | activeDeadlineSeconds: 1500 88 | --- 89 | apiVersion: batch/v1 90 | kind: Job 91 | metadata: 92 | name: postgresql-migrate-gitsensor 93 | spec: 94 | template: 95 | spec: 96 | containers: 97 | - name: postgresql-migrate-gitsensor 98 | image: quay.io/devtron/migrator:6687f572-133-2208 99 | env: 100 | - name: SCRIPT_LOCATION 101 | value: scripts/sql/ 102 | - name: GIT_REPO_URL 103 | value: https://github.com/devtron-labs/git-sensor.git 104 | - name: DB_TYPE 105 | value: postgres 106 | - name: DB_USER_NAME 107 | value: postgres 108 | - name: DB_HOST 109 | value: postgresql-postgresql.devtroncd 110 | - name: DB_PORT 111 | value: "5432" 112 | - name: DB_NAME 113 | value: git_sensor 114 | - name: MIGRATE_TO_VERSION 115 | value: "0" 116 | - name: GIT_BRANCH 117 | value: main 118 | - name: GIT_HASH 119 | value: 8badb0374525dd0cef0b6d00bc91195d659135c2 120 | envFrom: 121 | - secretRef: 122 | name: postgresql-migrator 123 | restartPolicy: OnFailure 124 | backoffLimit: 1 125 | activeDeadlineSeconds: 1500 126 | --- 127 | apiVersion: batch/v1 128 | kind: Job 129 | metadata: 130 | name: postgresql-migrate-lens 131 | spec: 132 | template: 133 | spec: 134 | containers: 135 | - name: postgresql-migrate-lens 136 | image: quay.io/devtron/migrator:6687f572-133-2208 137 | env: 138 | - name: SCRIPT_LOCATION 139 | value: scripts/sql/ 140 | - name: GIT_REPO_URL 141 | value: https://github.com/devtron-labs/lens.git 142 | - name: DB_TYPE 143 | value: postgres 144 | - name: DB_USER_NAME 145 | value: postgres 146 | - name: DB_HOST 147 | value: postgresql-postgresql.devtroncd 148 | - name: DB_PORT 149 | value: "5432" 150 | - name: DB_NAME 151 | value: lens 152 | - name: MIGRATE_TO_VERSION 153 | value: "0" 154 | - name: GIT_BRANCH 155 | value: main 156 | - name: GIT_HASH 157 | value: 772fcb2a4b3198879efb6139ed3a27dfb40ed681 158 | envFrom: 159 | - secretRef: 160 | name: postgresql-migrator 161 | restartPolicy: OnFailure 162 | backoffLimit: 1 163 | activeDeadlineSeconds: 1500 164 | --- 165 | apiVersion: batch/v1beta1 166 | kind: CronJob 167 | metadata: 168 | name: app-sync-cronjob 169 | spec: 170 | schedule: "0 19 * * *" 171 | jobTemplate: 172 | spec: 173 | template: 174 | spec: 175 | containers: 176 | - name: chart-sync 177 | image: quay.io/devtron/chart-sync:1227622d-132-3775 178 | env: 179 | - name: PG_ADDR 180 | value: postgresql-postgresql.devtroncd 181 | - name: PG_DATABASE 182 | value: orchestrator 183 | - name: PG_USER 184 | value: postgres 185 | envFrom: 186 | - secretRef: 187 | name: devtron-secret 188 | restartPolicy: Never 189 | backoffLimit: 4 190 | --- 191 | apiVersion: batch/v1 192 | kind: Job 193 | metadata: 194 | name: app-sync-job 195 | spec: 196 | template: 197 | spec: 198 | containers: 199 | - name: chart-sync 200 | image: quay.io/devtron/chart-sync:1227622d-132-3775 201 | env: 202 | - name: PG_ADDR 203 | value: postgresql-postgresql.devtroncd 204 | - name: PG_DATABASE 205 | value: orchestrator 206 | - name: PG_USER 207 | value: postgres 208 | envFrom: 209 | - secretRef: 210 | name: devtron-secret 211 | restartPolicy: OnFailure 212 | backoffLimit: 4 213 | activeDeadlineSeconds: 15000 214 | -------------------------------------------------------------------------------- /yamls/nats-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: nats-operator/templates/default-rbac.yaml 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: nats-streaming-operator 7 | namespace: devtroncd 8 | --- 9 | # Source: nats-operator/templates/prereqs.yaml 10 | apiVersion: v1 11 | kind: ServiceAccount 12 | metadata: 13 | name: nats-operator 14 | # Change to the name of the namespace where to install NATS Operator. 15 | # Alternatively, change to "nats-io" to perform a cluster-scoped deployment in supported versions. 16 | namespace: devtroncd 17 | --- 18 | # Source: nats-operator/templates/prereqs.yaml 19 | apiVersion: v1 20 | kind: ServiceAccount 21 | metadata: 22 | name: nats-server 23 | namespace: devtroncd 24 | --- 25 | # Source: nats-operator/templates/default-rbac.yaml 26 | apiVersion: rbac.authorization.k8s.io/v1 27 | kind: ClusterRole 28 | metadata: 29 | name: nats-streaming-operator 30 | rules: 31 | # Allow creating CRDs 32 | - apiGroups: 33 | - apiextensions.k8s.io 34 | resources: 35 | - customresourcedefinitions 36 | verbs: ["*"] 37 | 38 | # Allow all actions on NatsClusters 39 | - apiGroups: 40 | - nats.io 41 | resources: 42 | - natsclusters 43 | - natsserviceroles 44 | verbs: ["*"] 45 | 46 | # Allow all actions on NatsStreamingClusters 47 | - apiGroups: 48 | - streaming.nats.io 49 | resources: 50 | - natsstreamingclusters 51 | verbs: ["*"] 52 | 53 | # Allow actions on basic Kubernetes objects 54 | - apiGroups: [""] 55 | resources: 56 | - configmaps 57 | - secrets 58 | - pods 59 | - services 60 | - serviceaccounts 61 | - serviceaccounts/token 62 | - endpoints 63 | - events 64 | verbs: ["*"] 65 | --- 66 | # Source: nats-operator/templates/prereqs.yaml 67 | apiVersion: rbac.authorization.k8s.io/v1 68 | kind: ClusterRole 69 | metadata: 70 | name: nats-operator 71 | rules: 72 | # Allow creating CRDs 73 | - apiGroups: 74 | - apiextensions.k8s.io 75 | resources: 76 | - customresourcedefinitions 77 | verbs: ["get", "list", "create", "update", "watch"] 78 | 79 | # Allow all actions on NATS Operator manager CRDs 80 | - apiGroups: 81 | - nats.io 82 | resources: 83 | - natsclusters 84 | - natsserviceroles 85 | verbs: ["*"] 86 | 87 | # Allowed actions on Pods 88 | - apiGroups: [""] 89 | resources: 90 | - pods 91 | verbs: ["create", "watch", "get", "patch", "update", "delete", "list"] 92 | 93 | # Allowed actions on Services 94 | - apiGroups: [""] 95 | resources: 96 | - services 97 | verbs: ["create", "watch", "get", "patch", "update", "delete", "list"] 98 | 99 | # Allowed actions on Secrets 100 | - apiGroups: [""] 101 | resources: 102 | - secrets 103 | verbs: ["create", "watch", "get", "update", "delete", "list"] 104 | 105 | # Allow all actions on some special subresources 106 | - apiGroups: [""] 107 | resources: 108 | - pods/exec 109 | - pods/log 110 | - serviceaccounts/token 111 | - events 112 | verbs: ["*"] 113 | 114 | # Allow listing Namespaces and ServiceAccounts 115 | - apiGroups: [""] 116 | resources: 117 | - namespaces 118 | - serviceaccounts 119 | verbs: ["list", "get", "watch"] 120 | 121 | # Allow actions on Endpoints 122 | - apiGroups: [""] 123 | resources: 124 | - endpoints 125 | verbs: ["create", "watch", "get", "update", "delete", "list"] 126 | --- 127 | # Source: nats-operator/templates/prereqs.yaml 128 | apiVersion: rbac.authorization.k8s.io/v1 129 | kind: ClusterRole 130 | metadata: 131 | name: nats-server 132 | rules: 133 | - apiGroups: [""] 134 | resources: 135 | - nodes 136 | verbs: ["get"] 137 | --- 138 | # Source: nats-operator/templates/default-rbac.yaml 139 | apiVersion: rbac.authorization.k8s.io/v1 140 | kind: ClusterRoleBinding 141 | metadata: 142 | name: nats-streaming-operator-binding 143 | roleRef: 144 | apiGroup: rbac.authorization.k8s.io 145 | kind: ClusterRole 146 | name: nats-streaming-operator 147 | subjects: 148 | - kind: ServiceAccount 149 | name: nats-streaming-operator 150 | namespace: devtroncd 151 | --- 152 | # Source: nats-operator/templates/prereqs.yaml 153 | apiVersion: rbac.authorization.k8s.io/v1 154 | kind: ClusterRoleBinding 155 | metadata: 156 | name: nats-operator-binding 157 | roleRef: 158 | apiGroup: rbac.authorization.k8s.io 159 | kind: ClusterRole 160 | name: nats-operator 161 | subjects: 162 | - kind: ServiceAccount 163 | name: nats-operator 164 | # Change to the name of the namespace where to install NATS Operator. 165 | # Alternatively, change to "nats-io" to perform a cluster-scoped deployment in supported versions. 166 | namespace: devtroncd 167 | 168 | # NOTE: When performing multiple namespace-scoped installations, all 169 | # "nats-operator" service accounts (across the different namespaces) 170 | # MUST be added to this binding. 171 | #- kind: ServiceAccount 172 | # name: nats-operator 173 | # namespace: nats-io 174 | #- kind: ServiceAccount 175 | # name: nats-operator 176 | # namespace: namespace-2 177 | #(...) 178 | --- 179 | # Source: nats-operator/templates/prereqs.yaml 180 | apiVersion: rbac.authorization.k8s.io/v1 181 | kind: ClusterRoleBinding 182 | metadata: 183 | name: nats-server-binding 184 | roleRef: 185 | apiGroup: rbac.authorization.k8s.io 186 | kind: ClusterRole 187 | name: nats-server 188 | subjects: 189 | - kind: ServiceAccount 190 | name: nats-server 191 | namespace: devtroncd 192 | --- 193 | # Source: nats-operator/templates/10-deployment.yaml 194 | apiVersion: apps/v1 195 | kind: Deployment 196 | metadata: 197 | name: nats-operator 198 | # Change to the name of the namespace where to install NATS Operator. 199 | # Alternatively, change to "nats-io" to perform a cluster-scoped deployment in supported versions. 200 | namespace: devtroncd 201 | spec: 202 | replicas: 1 203 | selector: 204 | matchLabels: 205 | name: nats-operator 206 | template: 207 | metadata: 208 | labels: 209 | name: nats-operator 210 | spec: 211 | serviceAccountName: nats-operator 212 | containers: 213 | - name: nats-operator 214 | image: connecteverything/nats-operator:0.5.0-v1alpha2 215 | imagePullPolicy: IfNotPresent 216 | args: 217 | - nats-operator 218 | # Uncomment to perform a cluster-scoped deployment in supported versions. 219 | #- --feature-gates=ClusterScoped=true 220 | ports: 221 | - name: readyz 222 | containerPort: 8080 223 | env: 224 | - name: MY_POD_NAMESPACE 225 | valueFrom: 226 | fieldRef: 227 | fieldPath: metadata.namespace 228 | - name: MY_POD_NAME 229 | valueFrom: 230 | fieldRef: 231 | fieldPath: metadata.name 232 | readinessProbe: 233 | httpGet: 234 | path: /readyz 235 | port: readyz 236 | initialDelaySeconds: 15 237 | timeoutSeconds: 3 238 | -------------------------------------------------------------------------------- /yamls/devtron.yaml: -------------------------------------------------------------------------------- 1 | # Source: devtron/templates/secret.yaml 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: devtron-secret 6 | labels: 7 | release: devtron 8 | type: Opaque 9 | --- 10 | # Source: devtron/templates/configmap.yaml 11 | apiVersion: v1 12 | kind: ConfigMap 13 | metadata: 14 | name: devtron-cm 15 | labels: 16 | release: devtron 17 | data: 18 | DASHBOARD_PORT: "80" 19 | DASHBOARD_HOST: "dashboard-service.devtroncd" 20 | CD_HOST: "argocd-server.devtroncd" 21 | CD_PORT: "80" 22 | CD_NAMESPACE: "devtroncd" 23 | EVENT_URL: "http://notifier-service.devtroncd:80/notify" 24 | GIT_SENSOR_URL: "http://git-sensor-service.devtroncd:80" 25 | GIT_SENSOR_TIMEOUT: "300" 26 | GRAFANA_ORG_ID: "2" 27 | LENS_URL: "http://lens-service.devtroncd:80" 28 | LENS_TIMEOUT: "300" 29 | NATS_SERVER_HOST: "nats://devtron-nats.devtroncd:4222" 30 | CLUSTER_ID: "devtron-stan" 31 | CLIENT_ID: "orchestrator" 32 | ACK_DURATION: "30" 33 | PG_ADDR: "postgresql-postgresql.devtroncd" 34 | PG_PORT: "5432" 35 | PG_USER: "postgres" 36 | PG_DATABASE: "orchestrator" 37 | APP: "orchestrator" 38 | PG_LOG_QUERY: "true" 39 | LOG_LEVEL: "0" 40 | GIT_WORKING_DIRECTORY: "/tmp/gitops/" 41 | ACD_URL: "argocd-server.devtroncd" 42 | ACD_USER: "admin" 43 | ACD_TIMEOUT: "300" 44 | ACD_SKIP_VERIFY: "true" 45 | DEX_HOST: "http://argocd-dex-server.devtroncd" 46 | DEX_PORT: "5556" 47 | MODE: "PROD" 48 | CD_LIMIT_CI_CPU: "0.5" 49 | CD_LIMIT_CI_MEM: "3G" 50 | CD_REQ_CI_CPU: "0.5" 51 | CD_REQ_CI_MEM: "3G" 52 | CD_NODE_TAINTS_KEY: "" 53 | CD_WORKFLOW_SERVICE_ACCOUNT: "cd-runner" 54 | DEFAULT_BUILD_LOGS_KEY_PREFIX: "devtron" 55 | DEFAULT_CD_ARTIFACT_KEY_LOCATION: "devtron/cd-artifacts" 56 | CD_NODE_TAINTS_VALUE: "" 57 | CD_ARTIFACT_LOCATION_FORMAT: "%d/%d.zip" 58 | DEFAULT_CD_NAMESPACE: "devtron-cd" 59 | DEFAULT_CI_IMAGE: "quay.io/devtron/ci-runner:a70b9836-138-3612" 60 | DEFAULT_CD_TIMEOUT: "3600" 61 | WF_CONTROLLER_INSTANCE_ID: "devtron-runner" 62 | CI_LOGS_KEY_PREFIX: "ci-artifacts" 63 | DEFAULT_NAMESPACE: "devtron-ci" 64 | DEFAULT_TIMEOUT: "3600" 65 | LIMIT_CI_CPU: "0.5" 66 | LIMIT_CI_MEM: "3G" 67 | REQ_CI_CPU: "0.5" 68 | REQ_CI_MEM: "3G" 69 | CI_NODE_TAINTS_KEY: "" 70 | CI_NODE_TAINTS_VALUE: "" 71 | CI_NODE_LABEL_SELECTOR: "" 72 | CACHE_LIMIT: "5000000000" 73 | DEFAULT_ARTIFACT_KEY_LOCATION: "devtron/ci-artifacts" 74 | WORKFLOW_SERVICE_ACCOUNT: "ci-runner" 75 | EXTERNAL_CI_PAYLOAD: "{\"ciProjectDetails\":[{\"gitRepository\":\"https://github.com/srj92/getting-started-nodejs.git\",\"checkoutPath\":\"./abc\",\"commitHash\":\"239077135f8cdeeccb7857e2851348f558cb53d3\",\"commitTime\":\"2019-10-31T20:55:21+05:30\",\"branch\":\"master\",\"message\":\"Update README.md\",\"author\":\"Suraj Gupta \"}],\"dockerImage\":\"445808685819.dkr.ecr.us-east-2.amazonaws.com/orch:23907713-2\",\"digest\":\"test1\",\"dataSource\":\"ext\",\"materialType\":\"git\"}" 76 | CI_ARTIFACT_LOCATION_FORMAT: "%d/%d.zip" 77 | IMAGE_SCANNER_ENDPOINT: "http://image-scanner-service.devtroncd:80" 78 | ECR_REPO_NAME_PREFIX: "devtron/" 79 | ACD_USERNAME: "admin" 80 | DEX_RURL: "http://argocd-dex-server.devtroncd:8080/callback" 81 | DEX_URL: "http://argocd-dex-server.devtroncd:5556/dex" 82 | CExpirationTime: "600" 83 | JwtExpirationTime: "120" 84 | ACD_CM: "argocd-cm" 85 | ACD_NAMESPACE: "devtroncd" 86 | MINIO_ENDPOINT: http://devtron-minio:9000 87 | GRAFANA_HOST: "devtron-grafana.devtroncd" 88 | GRAFANA_PORT: "80" 89 | GRAFANA_NAMESPACE: "devtroncd" 90 | 91 | --- 92 | apiVersion: v1 93 | kind: ConfigMap 94 | metadata: 95 | name: devtron-cluster-components 96 | labels: 97 | release: devtron 98 | data: 99 | rollout.yaml: >- 100 | rollout: 101 | resources: 102 | limits: 103 | cpu: 250m 104 | memory: 200Mi 105 | requests: 106 | cpu: 50m 107 | memory: 100Mi 108 | --- 109 | # Source: devtron/templates/service.yaml 110 | apiVersion: v1 111 | kind: Service 112 | metadata: 113 | name: devtron-service 114 | labels: 115 | app: devtron 116 | chart: devtron-3.9.1 117 | release: devtron 118 | spec: 119 | type: ClusterIP 120 | ports: 121 | - port: 80 122 | targetPort: devtron 123 | protocol: TCP 124 | name: devtron 125 | selector: 126 | app: devtron 127 | --- 128 | # Source: devtron/templates/deployment.yaml 129 | apiVersion: apps/v1 130 | kind: Deployment 131 | metadata: 132 | name: devtron 133 | labels: 134 | app: devtron 135 | chart: devtron-3.9.1 136 | release: devtron 137 | spec: 138 | selector: 139 | matchLabels: 140 | app: devtron 141 | release: devtron 142 | replicas: 1 143 | minReadySeconds: 60 144 | template: 145 | metadata: 146 | labels: 147 | app: devtron 148 | release: devtron 149 | spec: 150 | terminationGracePeriodSeconds: 30 151 | restartPolicy: Always 152 | serviceAccountName: devtron 153 | containers: 154 | - name: devtron 155 | image: "quay.io/devtron/devtron:81e6fbee-146-3825" 156 | imagePullPolicy: IfNotPresent 157 | ports: 158 | - name: devtron 159 | containerPort: 8080 160 | protocol: TCP 161 | env: 162 | - name: CONFIG_HASH 163 | value: 5525423a62b342ee763eb2e88dd40cfefd83f00e187a4ea2ff85dd39c00b6e01 164 | - name: SECRET_HASH 165 | value: fe216c236a95cf38868e5a08ef90f94e015e8842d79893e5214aa2cbccc27da4 166 | - name: DEVTRON_APP_NAME 167 | value: devtron 168 | - name: POD_NAME 169 | valueFrom: 170 | fieldRef: 171 | fieldPath: metadata.name 172 | envFrom: 173 | - configMapRef: 174 | name: devtron-cm 175 | - secretRef: 176 | name: devtron-secret 177 | resources: 178 | limits: 179 | cpu: "0.5" 180 | memory: 500Mi 181 | requests: 182 | cpu: "0.2" 183 | memory: 100Mi 184 | volumeMounts: 185 | - mountPath: /cluster/component 186 | name: devtron-cluster-components-vol 187 | volumes: 188 | - configMap: 189 | name: devtron-cluster-components 190 | name: devtron-cluster-components-vol 191 | revisionHistoryLimit: 3 192 | --- 193 | # Source: devtron/templates/servicemonitor.yaml 194 | apiVersion: monitoring.coreos.com/v1 195 | kind: ServiceMonitor 196 | metadata: 197 | name: devtron-sm 198 | labels: 199 | kind: Prometheus 200 | app: devtron 201 | chart: devtron-3.9.1 202 | release: devtron 203 | spec: 204 | endpoints: 205 | - port: devtron 206 | path: /metrics 207 | scheme: http 208 | interval: 30s 209 | scrapeTimeout: 3s 210 | selector: 211 | matchLabels: 212 | app: devtron 213 | -------------------------------------------------------------------------------- /yamls/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | # Source: workflow/templates/cd-role.yaml 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: devtron 6 | namespace: devtroncd 7 | labels: 8 | release: devtron 9 | --- 10 | # Source: workflow/templates/cd-role.yaml 11 | apiVersion: v1 12 | kind: ServiceAccount 13 | metadata: 14 | name: cd-runner 15 | namespace: devtron-cd 16 | labels: 17 | release: devtron 18 | --- 19 | # Source: workflow/templates/ci-role.yaml 20 | apiVersion: v1 21 | kind: ServiceAccount 22 | metadata: 23 | name: ci-runner 24 | namespace: devtron-ci 25 | labels: 26 | release: devtron 27 | --- 28 | # Source: workflow/templates/cd-role.yaml 29 | apiVersion: rbac.authorization.k8s.io/v1 30 | kind: ClusterRole 31 | metadata: 32 | # "namespace" omitted since ClusterRoles are not namespaced 33 | name: workflow-cluster-role 34 | rules: 35 | - apiGroups: 36 | - "" 37 | resources: 38 | - pods 39 | verbs: 40 | - get 41 | - watch 42 | - patch 43 | - apiGroups: 44 | - "" 45 | resources: 46 | - pods/log 47 | verbs: 48 | - get 49 | - watch 50 | - apiGroups: 51 | - "" 52 | resources: 53 | - configmaps 54 | verbs: 55 | - create 56 | - apiGroups: 57 | - "" 58 | resources: 59 | - secrets 60 | verbs: 61 | - create 62 | --- 63 | # Source: workflow/templates/ci-role.yaml 64 | apiVersion: rbac.authorization.k8s.io/v1 65 | kind: ClusterRole 66 | metadata: 67 | # "namespace" omitted since ClusterRoles are not namespaced 68 | name: workflow-cluster-role 69 | rules: 70 | - apiGroups: 71 | - "" 72 | resources: 73 | - pods 74 | verbs: 75 | - get 76 | - watch 77 | - patch 78 | - apiGroups: 79 | - "" 80 | resources: 81 | - pods/log 82 | verbs: 83 | - get 84 | - watch 85 | --- 86 | # Source: workflow/templates/generic.yaml 87 | apiVersion: rbac.authorization.k8s.io/v1 88 | kind: ClusterRole 89 | metadata: 90 | labels: 91 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 92 | name: argo-aggregate-to-admin 93 | rules: 94 | - apiGroups: 95 | - argoproj.io 96 | resources: 97 | - workflows 98 | - workflows/finalizers 99 | verbs: 100 | - create 101 | - delete 102 | - deletecollection 103 | - get 104 | - list 105 | - patch 106 | - update 107 | - watch 108 | --- 109 | # Source: workflow/templates/generic.yaml 110 | apiVersion: rbac.authorization.k8s.io/v1 111 | kind: ClusterRole 112 | metadata: 113 | labels: 114 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 115 | name: argo-aggregate-to-edit 116 | rules: 117 | - apiGroups: 118 | - argoproj.io 119 | resources: 120 | - workflows 121 | - workflows/finalizers 122 | verbs: 123 | - create 124 | - delete 125 | - deletecollection 126 | - get 127 | - list 128 | - patch 129 | - update 130 | - watch 131 | --- 132 | # Source: workflow/templates/generic.yaml 133 | apiVersion: rbac.authorization.k8s.io/v1 134 | kind: ClusterRole 135 | metadata: 136 | labels: 137 | rbac.authorization.k8s.io/aggregate-to-view: "true" 138 | name: argo-aggregate-to-view 139 | rules: 140 | - apiGroups: 141 | - argoproj.io 142 | resources: 143 | - workflows 144 | - workflows/finalizers 145 | verbs: 146 | - get 147 | - list 148 | - watch 149 | --- 150 | # Source: workflow/templates/generic.yaml 151 | apiVersion: rbac.authorization.k8s.io/v1 152 | kind: ClusterRole 153 | metadata: 154 | name: argo-cluster-role 155 | rules: 156 | - apiGroups: 157 | - "" 158 | resources: 159 | - pods 160 | - pods/exec 161 | verbs: 162 | - create 163 | - get 164 | - list 165 | - watch 166 | - update 167 | - patch 168 | - delete 169 | - apiGroups: 170 | - "" 171 | resources: 172 | - configmaps 173 | verbs: 174 | - get 175 | - watch 176 | - list 177 | - apiGroups: 178 | - "" 179 | resources: 180 | - persistentvolumeclaims 181 | verbs: 182 | - create 183 | - delete 184 | - apiGroups: 185 | - argoproj.io 186 | resources: 187 | - workflows 188 | - workflows/finalizers 189 | verbs: 190 | - get 191 | - list 192 | - watch 193 | - update 194 | - patch 195 | - delete 196 | --- 197 | # Source: workflow/templates/generic.yaml 198 | apiVersion: rbac.authorization.k8s.io/v1 199 | kind: ClusterRole 200 | metadata: 201 | name: argo-ui-cluster-role 202 | rules: 203 | - apiGroups: 204 | - "" 205 | resources: 206 | - pods 207 | - pods/exec 208 | - pods/log 209 | verbs: 210 | - get 211 | - list 212 | - watch 213 | - apiGroups: 214 | - "" 215 | resources: 216 | - secrets 217 | verbs: 218 | - get 219 | - apiGroups: 220 | - argoproj.io 221 | resources: 222 | - workflows 223 | verbs: 224 | - get 225 | - list 226 | - watch 227 | --- 228 | apiVersion: rbac.authorization.k8s.io/v1 229 | kind: ClusterRole 230 | metadata: 231 | labels: 232 | app.kubernetes.io/instance: devtron 233 | name: devtron 234 | rules: 235 | - apiGroups: 236 | - "" 237 | resources: 238 | - configmaps 239 | - secrets 240 | verbs: 241 | - get 242 | - list 243 | - watch 244 | - patch 245 | - update 246 | - create 247 | - apiGroups: 248 | - argoproj.io 249 | resources: 250 | - workflows 251 | - applications 252 | verbs: 253 | - get 254 | - list 255 | - watch 256 | - create 257 | - delete 258 | - patch 259 | - apiGroups: 260 | - "" 261 | resources: 262 | - namespaces 263 | verbs: 264 | - get 265 | - list 266 | - watch 267 | - update 268 | - patch 269 | - delete 270 | - create 271 | - apiGroups: 272 | - "" 273 | resources: 274 | - pods/exec 275 | verbs: 276 | - create 277 | --- 278 | apiVersion: rbac.authorization.k8s.io/v1 279 | kind: ClusterRoleBinding 280 | metadata: 281 | labels: 282 | app.kubernetes.io/instance: devtron 283 | name: devtron 284 | roleRef: 285 | apiGroup: rbac.authorization.k8s.io 286 | kind: ClusterRole 287 | name: devtron 288 | subjects: 289 | - kind: ServiceAccount 290 | name: devtron 291 | namespace: devtroncd 292 | --- 293 | # Source: workflow/templates/cd-role.yaml 294 | apiVersion: rbac.authorization.k8s.io/v1 295 | kind: ClusterRoleBinding 296 | metadata: 297 | name: workflow-cluster-role 298 | roleRef: 299 | apiGroup: rbac.authorization.k8s.io 300 | kind: ClusterRole 301 | name: workflow-cluster-role 302 | subjects: 303 | - kind: ServiceAccount 304 | name: ci-runner 305 | namespace: devtron-ci 306 | - kind: ServiceAccount 307 | name: cd-runner 308 | namespace: devtron-cd 309 | - kind: ServiceAccount 310 | name: devtron 311 | namespace: devtroncd 312 | --- 313 | # Source: workflow/templates/ci-role.yaml 314 | apiVersion: rbac.authorization.k8s.io/v1 315 | kind: ClusterRoleBinding 316 | metadata: 317 | name: workflow-cluster-role 318 | roleRef: 319 | apiGroup: rbac.authorization.k8s.io 320 | kind: ClusterRole 321 | name: workflow-cluster-role 322 | subjects: 323 | - kind: ServiceAccount 324 | name: ci-runner 325 | namespace: devtron-ci 326 | - kind: ServiceAccount 327 | name: devtron 328 | namespace: devtroncd -------------------------------------------------------------------------------- /charts/devtron/crds/crd-devtron.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1beta1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.3.0 6 | creationTimestamp: null 7 | name: installers.installer.devtron.ai 8 | spec: 9 | group: installer.devtron.ai 10 | names: 11 | kind: Installer 12 | listKind: InstallerList 13 | plural: installers 14 | singular: installer 15 | scope: Namespaced 16 | validation: 17 | openAPIV3Schema: 18 | description: Installer is the Schema for the installers API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: InstallerSpec defines the desired state of Installer 34 | properties: 35 | reSync: 36 | type: boolean 37 | url: 38 | description: URL of the BOM version to be installed 39 | type: string 40 | type: object 41 | status: 42 | description: InstallerStatus defines the observed state of Installer 43 | properties: 44 | current_spec_hash: 45 | type: string 46 | sync: 47 | description: SyncStatus is a comparison result of application spec and 48 | deployed application. 49 | properties: 50 | conditions: 51 | items: 52 | description: InstallerCondition contains details about current 53 | application condition 54 | properties: 55 | lastTransitionTime: 56 | description: LastTransitionTime is the time the condition 57 | was first observed. 58 | format: date-time 59 | type: string 60 | message: 61 | description: Message contains human-readable message indicating 62 | details about condition 63 | type: string 64 | type: 65 | description: Type is an application condition type 66 | type: string 67 | required: 68 | - message 69 | - type 70 | type: object 71 | type: array 72 | data: 73 | type: string 74 | health: 75 | properties: 76 | message: 77 | type: string 78 | status: 79 | description: Represents resource health status 80 | type: string 81 | type: object 82 | history: 83 | description: RevisionHistories is a array of history, oldest first 84 | and newest last 85 | items: 86 | description: RevisionHistory contains information relevant to 87 | an application deployment 88 | properties: 89 | deployStartedAt: 90 | description: DeployStartedAt holds the time the deployment 91 | started 92 | format: date-time 93 | type: string 94 | deployedAt: 95 | description: DeployedAt holds the time the deployment completed 96 | format: date-time 97 | type: string 98 | id: 99 | description: ID is an auto incrementing identifier of the 100 | RevisionHistory 101 | format: int64 102 | type: integer 103 | revision: 104 | description: Revision holds the revision of the sync 105 | type: string 106 | source: 107 | description: ApplicationSource contains information about 108 | github repository, path within repository and target application 109 | environment. 110 | properties: 111 | url: 112 | type: string 113 | type: object 114 | required: 115 | - deployedAt 116 | - id 117 | - revision 118 | type: object 119 | type: array 120 | resources: 121 | items: 122 | description: ResourceStatus holds the current sync and health 123 | status of a resource 124 | properties: 125 | group: 126 | type: string 127 | health: 128 | properties: 129 | message: 130 | type: string 131 | status: 132 | description: Represents resource health status 133 | type: string 134 | type: object 135 | kind: 136 | type: string 137 | message: 138 | type: string 139 | name: 140 | type: string 141 | namespace: 142 | type: string 143 | operation: 144 | type: string 145 | status: 146 | type: string 147 | version: 148 | type: string 149 | type: object 150 | type: array 151 | status: 152 | type: string 153 | url: 154 | description: URL of the BOM version pulled 155 | type: string 156 | required: 157 | - status 158 | type: object 159 | required: 160 | - current_spec_hash 161 | - sync 162 | type: object 163 | type: object 164 | version: v1alpha1 165 | versions: 166 | - name: v1alpha1 167 | served: true 168 | storage: true 169 | status: 170 | acceptedNames: 171 | kind: "" 172 | plural: "" 173 | conditions: [] 174 | storedVersions: [] 175 | -------------------------------------------------------------------------------- /yamls/postgresql.yaml: -------------------------------------------------------------------------------- 1 | # Source: postgresql/templates/secrets.yaml 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: postgresql-postgresql 6 | labels: 7 | app: postgresql 8 | chart: postgresql-8.6.4 9 | release: "devtron" 10 | type: Opaque 11 | --- 12 | # Source: postgresql/templates/initialization-configmap.yaml 13 | apiVersion: v1 14 | kind: ConfigMap 15 | metadata: 16 | name: postgresql-postgresql-init-scripts 17 | labels: 18 | app: postgresql 19 | chart: postgresql-8.6.4 20 | release: "devtron" 21 | data: 22 | db_create.sql: | 23 | create database casbin; 24 | create database git_sensor; 25 | create database lens; 26 | create database clair; 27 | --- 28 | # Source: postgresql/templates/metrics-svc.yaml 29 | apiVersion: v1 30 | kind: Service 31 | metadata: 32 | name: postgresql-postgresql-metrics 33 | labels: 34 | app: postgresql 35 | chart: postgresql-8.6.4 36 | release: "devtron" 37 | annotations: 38 | prometheus.io/port: "9187" 39 | prometheus.io/scrape: "true" 40 | spec: 41 | type: ClusterIP 42 | ports: 43 | - name: http-metrics 44 | port: 9187 45 | targetPort: http-metrics 46 | selector: 47 | app: postgresql 48 | release: devtron 49 | role: master 50 | --- 51 | # Source: postgresql/templates/svc-headless.yaml 52 | apiVersion: v1 53 | kind: Service 54 | metadata: 55 | name: postgresql-postgresql-headless 56 | labels: 57 | app: postgresql 58 | chart: postgresql-8.6.4 59 | release: "devtron" 60 | spec: 61 | type: ClusterIP 62 | clusterIP: None 63 | ports: 64 | - name: tcp-postgresql 65 | port: 5432 66 | targetPort: tcp-postgresql 67 | selector: 68 | app: postgresql 69 | release: "devtron" 70 | --- 71 | # Source: postgresql/templates/svc.yaml 72 | apiVersion: v1 73 | kind: Service 74 | metadata: 75 | name: postgresql-postgresql 76 | labels: 77 | app: postgresql 78 | chart: postgresql-8.6.4 79 | release: "devtron" 80 | spec: 81 | type: ClusterIP 82 | ports: 83 | - name: tcp-postgresql 84 | port: 5432 85 | targetPort: tcp-postgresql 86 | selector: 87 | app: postgresql 88 | release: "devtron" 89 | role: master 90 | --- 91 | # Source: postgresql/templates/statefulset.yaml 92 | apiVersion: apps/v1 93 | kind: StatefulSet 94 | metadata: 95 | name: postgresql-postgresql 96 | labels: 97 | app: postgresql 98 | chart: postgresql-8.6.4 99 | release: "devtron" 100 | spec: 101 | serviceName: postgresql-postgresql-headless 102 | replicas: 1 103 | updateStrategy: 104 | type: RollingUpdate 105 | selector: 106 | matchLabels: 107 | app: postgresql 108 | release: "devtron" 109 | role: master 110 | template: 111 | metadata: 112 | name: postgresql-postgresql 113 | labels: 114 | app: postgresql 115 | chart: postgresql-8.6.4 116 | release: "devtron" 117 | role: master 118 | spec: 119 | securityContext: 120 | fsGroup: 1001 121 | initContainers: 122 | - name: init-chmod-data 123 | image: docker.io/bitnami/minideb:latest 124 | imagePullPolicy: "Always" 125 | resources: 126 | requests: 127 | cpu: 250m 128 | memory: 256Mi 129 | command: 130 | - /bin/sh 131 | - -cx 132 | - | 133 | 134 | mkdir -p /bitnami/postgresql/data 135 | chmod 700 /bitnami/postgresql/data 136 | find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ 137 | xargs chown -R 1001:1001 138 | chmod -R 777 /dev/shm 139 | securityContext: 140 | runAsUser: 0 141 | volumeMounts: 142 | 143 | - name: data 144 | mountPath: /bitnami/postgresql 145 | subPath: 146 | - name: dshm 147 | mountPath: /dev/shm 148 | # - name: do-something 149 | # image: busybox 150 | # command: ['do', 'something'] 151 | 152 | containers: 153 | - name: postgresql-postgresql 154 | image: docker.io/bitnami/postgresql:11.3.0-debian-9-r28 155 | imagePullPolicy: "Always" 156 | resources: 157 | requests: 158 | cpu: 250m 159 | memory: 256Mi 160 | securityContext: 161 | runAsUser: 1001 162 | env: 163 | - name: BITNAMI_DEBUG 164 | value: "false" 165 | - name: POSTGRESQL_PORT_NUMBER 166 | value: "5432" 167 | - name: POSTGRESQL_VOLUME_DIR 168 | value: "/bitnami/postgresql" 169 | - name: PGDATA 170 | value: "/bitnami/postgresql/data" 171 | - name: POSTGRES_USER 172 | value: "postgres" 173 | - name: POSTGRES_PASSWORD 174 | valueFrom: 175 | secretKeyRef: 176 | name: postgresql-postgresql 177 | key: postgresql-password 178 | - name: POSTGRES_DB 179 | value: "orchestrator" 180 | - name: POSTGRESQL_ENABLE_LDAP 181 | value: "no" 182 | ports: 183 | - name: tcp-postgresql 184 | containerPort: 5432 185 | livenessProbe: 186 | exec: 187 | command: 188 | - /bin/sh 189 | - -c 190 | - exec pg_isready -U "postgres" -d "orchestrator" -h 127.0.0.1 -p 5432 191 | initialDelaySeconds: 30 192 | periodSeconds: 10 193 | timeoutSeconds: 5 194 | successThreshold: 1 195 | failureThreshold: 6 196 | readinessProbe: 197 | exec: 198 | command: 199 | - /bin/sh 200 | - -c 201 | - -e 202 | - | 203 | exec pg_isready -U "postgres" -d "orchestrator" -h 127.0.0.1 -p 5432 204 | [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] 205 | initialDelaySeconds: 5 206 | periodSeconds: 10 207 | timeoutSeconds: 5 208 | successThreshold: 1 209 | failureThreshold: 6 210 | volumeMounts: 211 | - name: custom-init-scripts 212 | mountPath: /docker-entrypoint-initdb.d/ 213 | - name: dshm 214 | mountPath: /dev/shm 215 | - name: data 216 | mountPath: /bitnami/postgresql 217 | subPath: 218 | - name: metrics 219 | image: docker.io/wrouesnel/postgres_exporter:v0.4.7 220 | imagePullPolicy: "IfNotPresent" 221 | env: 222 | - name: DATA_SOURCE_URI 223 | value: "127.0.0.1:5432/orchestrator?sslmode=disable" 224 | - name: DATA_SOURCE_PASS 225 | valueFrom: 226 | secretKeyRef: 227 | name: postgresql-postgresql 228 | key: postgresql-password 229 | - name: DATA_SOURCE_USER 230 | value: postgres 231 | livenessProbe: 232 | httpGet: 233 | path: / 234 | port: http-metrics 235 | initialDelaySeconds: 5 236 | periodSeconds: 10 237 | timeoutSeconds: 5 238 | successThreshold: 1 239 | failureThreshold: 6 240 | readinessProbe: 241 | httpGet: 242 | path: / 243 | port: http-metrics 244 | initialDelaySeconds: 5 245 | periodSeconds: 10 246 | timeoutSeconds: 5 247 | successThreshold: 1 248 | failureThreshold: 6 249 | volumeMounts: 250 | ports: 251 | - name: http-metrics 252 | containerPort: 9187 253 | volumes: 254 | - name: custom-init-scripts 255 | configMap: 256 | name: postgresql-postgresql-init-scripts 257 | - name: dshm 258 | emptyDir: 259 | medium: Memory 260 | sizeLimit: 1Gi 261 | volumeClaimTemplates: 262 | - metadata: 263 | name: data 264 | spec: 265 | accessModes: 266 | - "ReadWriteOnce" 267 | resources: 268 | requests: 269 | storage: "20Gi" 270 | -------------------------------------------------------------------------------- /yamls/minio.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: minio/templates/post-install-prometheus-metrics-serviceaccount.yaml 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: devtron-minio-update-prometheus-secret 7 | labels: 8 | app: minio-update-prometheus-secret 9 | chart: minio-8.0.9 10 | release: devtron-minio 11 | heritage: Helm 12 | --- 13 | # Source: minio/templates/serviceaccount.yaml 14 | apiVersion: v1 15 | kind: ServiceAccount 16 | metadata: 17 | name: "devtron-minio" 18 | namespace: "devtroncd" 19 | labels: 20 | app: minio 21 | chart: minio-8.0.9 22 | release: "devtron-minio" 23 | --- 24 | # Source: minio/templates/secrets.yaml 25 | apiVersion: v1 26 | kind: Secret 27 | metadata: 28 | name: devtron-minio 29 | labels: 30 | app: minio 31 | chart: minio-8.0.9 32 | release: devtron-minio 33 | heritage: Helm 34 | type: Opaque 35 | data: 36 | accesskey: "" 37 | secretkey: "" 38 | --- 39 | # Source: minio/templates/configmap.yaml 40 | apiVersion: v1 41 | kind: ConfigMap 42 | metadata: 43 | name: devtron-minio 44 | labels: 45 | app: minio 46 | chart: minio-8.0.9 47 | release: devtron-minio 48 | heritage: Helm 49 | data: 50 | initialize: |- 51 | #!/bin/sh 52 | set -e ; # Have script exit in the event of a failed command. 53 | MC_CONFIG_DIR="/etc/minio/mc/" 54 | MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" 55 | 56 | # connectToMinio 57 | # Use a check-sleep-check loop to wait for Minio service to be available 58 | connectToMinio() { 59 | SCHEME=$1 60 | ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts 61 | set -e ; # fail if we can't read the keys. 62 | ACCESS=$(cat /config/accesskey) ; SECRET=$(cat /config/secretkey) ; 63 | set +e ; # The connections to minio are allowed to fail. 64 | echo "Connecting to Minio server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; 65 | MC_COMMAND="${MC} config host add myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; 66 | $MC_COMMAND ; 67 | STATUS=$? ; 68 | until [ $STATUS = 0 ] 69 | do 70 | ATTEMPTS=`expr $ATTEMPTS + 1` ; 71 | echo \"Failed attempts: $ATTEMPTS\" ; 72 | if [ $ATTEMPTS -gt $LIMIT ]; then 73 | exit 1 ; 74 | fi ; 75 | sleep 2 ; # 1 second intervals between attempts 76 | $MC_COMMAND ; 77 | STATUS=$? ; 78 | done ; 79 | set -e ; # reset `e` as active 80 | return 0 81 | } 82 | 83 | # checkBucketExists ($bucket) 84 | # Check if the bucket exists, by using the exit code of `mc ls` 85 | checkBucketExists() { 86 | BUCKET=$1 87 | CMD=$(${MC} ls myminio/$BUCKET > /dev/null 2>&1) 88 | return $? 89 | } 90 | 91 | # createBucket ($bucket, $policy, $purge) 92 | # Ensure bucket exists, purging if asked to 93 | createBucket() { 94 | BUCKET=$1 95 | POLICY=$2 96 | PURGE=$3 97 | VERSIONING=$4 98 | 99 | # Purge the bucket, if set & exists 100 | # Since PURGE is user input, check explicitly for `true` 101 | if [ $PURGE = true ]; then 102 | if checkBucketExists $BUCKET ; then 103 | echo "Purging bucket '$BUCKET'." 104 | set +e ; # don't exit if this fails 105 | ${MC} rm -r --force myminio/$BUCKET 106 | set -e ; # reset `e` as active 107 | else 108 | echo "Bucket '$BUCKET' does not exist, skipping purge." 109 | fi 110 | fi 111 | 112 | # Create the bucket if it does not exist 113 | if ! checkBucketExists $BUCKET ; then 114 | echo "Creating bucket '$BUCKET'" 115 | ${MC} mb myminio/$BUCKET 116 | else 117 | echo "Bucket '$BUCKET' already exists." 118 | fi 119 | 120 | 121 | # set versioning for bucket 122 | if [ ! -z $VERSIONING ] ; then 123 | if [ $VERSIONING = true ] ; then 124 | echo "Enabling versioning for '$BUCKET'" 125 | ${MC} version enable myminio/$BUCKET 126 | elif [ $VERSIONING = false ] ; then 127 | echo "Suspending versioning for '$BUCKET'" 128 | ${MC} version suspend myminio/$BUCKET 129 | fi 130 | else 131 | echo "Bucket '$BUCKET' versioning unchanged." 132 | fi 133 | 134 | # At this point, the bucket should exist, skip checking for existence 135 | # Set policy on the bucket 136 | echo "Setting policy of bucket '$BUCKET' to '$POLICY'." 137 | ${MC} policy set $POLICY myminio/$BUCKET 138 | } 139 | 140 | # Try connecting to Minio instance 141 | scheme=http 142 | connectToMinio $scheme 143 | --- 144 | # Source: minio/templates/post-install-prometheus-metrics-role.yaml 145 | apiVersion: rbac.authorization.k8s.io/v1 146 | kind: Role 147 | metadata: 148 | name: devtron-minio-update-prometheus-secret 149 | labels: 150 | app: minio-update-prometheus-secret 151 | chart: minio-8.0.9 152 | release: devtron-minio 153 | heritage: Helm 154 | rules: 155 | - apiGroups: 156 | - "" 157 | resources: 158 | - secrets 159 | verbs: 160 | - get 161 | - create 162 | - update 163 | - patch 164 | resourceNames: 165 | - devtron-minio-prometheus 166 | - apiGroups: 167 | - "" 168 | resources: 169 | - secrets 170 | verbs: 171 | - create 172 | - apiGroups: 173 | - monitoring.coreos.com 174 | resources: 175 | - servicemonitors 176 | verbs: 177 | - get 178 | resourceNames: 179 | - devtron-minio 180 | --- 181 | # Source: minio/templates/post-install-prometheus-metrics-rolebinding.yaml 182 | apiVersion: rbac.authorization.k8s.io/v1 183 | kind: RoleBinding 184 | metadata: 185 | name: devtron-minio-update-prometheus-secret 186 | labels: 187 | app: minio-update-prometheus-secret 188 | chart: minio-8.0.9 189 | release: devtron-minio 190 | heritage: Helm 191 | roleRef: 192 | apiGroup: rbac.authorization.k8s.io 193 | kind: Role 194 | name: devtron-minio-update-prometheus-secret 195 | subjects: 196 | - kind: ServiceAccount 197 | name: devtron-minio-update-prometheus-secret 198 | namespace: "devtroncd" 199 | --- 200 | # Source: minio/templates/service.yaml 201 | apiVersion: v1 202 | kind: Service 203 | metadata: 204 | name: devtron-minio 205 | labels: 206 | app: minio 207 | chart: minio-8.0.9 208 | release: devtron-minio 209 | heritage: Helm 210 | spec: 211 | type: ClusterIP 212 | ports: 213 | - name: http 214 | port: 9000 215 | protocol: TCP 216 | targetPort: 9000 217 | selector: 218 | app: minio 219 | release: devtron-minio 220 | --- 221 | # Source: minio/templates/deployment.yaml 222 | apiVersion: apps/v1 223 | kind: Deployment 224 | metadata: 225 | name: devtron-minio 226 | labels: 227 | app: minio 228 | chart: minio-8.0.9 229 | release: devtron-minio 230 | heritage: Helm 231 | spec: 232 | strategy: 233 | type: RollingUpdate 234 | rollingUpdate: 235 | maxSurge: 100% 236 | maxUnavailable: 0 237 | replicas: 2 238 | selector: 239 | matchLabels: 240 | app: minio 241 | release: devtron-minio 242 | template: 243 | metadata: 244 | name: devtron-minio 245 | labels: 246 | app: minio 247 | release: devtron-minio 248 | annotations: 249 | checksum/secrets: aaf5e0723bdf801ec67a8c8f1493bd9123f721e1a26f72a5a339f7ba49e5bd16 250 | checksum/config: 5ccfb463b70d1f2842f14345fcca8df900eb969689aacba1582b1c0959d1ac0c 251 | spec: 252 | serviceAccountName: "devtron-minio" 253 | containers: 254 | - name: minio 255 | image: "minio/minio:RELEASE.2020-12-03T05-49-24Z" 256 | imagePullPolicy: IfNotPresent 257 | command: 258 | - "/bin/sh" 259 | - "-ce" 260 | - "/usr/bin/docker-entrypoint.sh minio -S /etc/minio/certs/ gateway azure" 261 | volumeMounts: 262 | ports: 263 | - name: http 264 | containerPort: 9000 265 | env: 266 | - name: MINIO_ACCESS_KEY 267 | valueFrom: 268 | secretKeyRef: 269 | name: devtron-minio 270 | key: accesskey 271 | - name: MINIO_SECRET_KEY 272 | valueFrom: 273 | secretKeyRef: 274 | name: devtron-minio 275 | key: secretkey 276 | resources: 277 | requests: 278 | memory: 1Gi 279 | volumes: 280 | - name: minio-user 281 | secret: 282 | secretName: devtron-minio 283 | -------------------------------------------------------------------------------- /yamls/lens.yaml: -------------------------------------------------------------------------------- 1 | # Source: lens/templates/configmap.yaml 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: lens-secret 6 | labels: 7 | release: devtron 8 | --- 9 | # Source: lens/templates/configmap.yaml 10 | apiVersion: v1 11 | kind: ConfigMap 12 | metadata: 13 | name: lens-cm 14 | labels: 15 | release: devtron 16 | data: 17 | GIT_SENSOR_URL: http://git-sensor-service.devtroncd:80 18 | NATS_SERVER_HOST: nats://devtron-nats.devtroncd:4222 19 | PG_ADDR: postgresql-postgresql.devtroncd 20 | PG_PORT: "5432" 21 | PG_USER: postgres 22 | PG_DATABASE: lens 23 | --- 24 | # Source: lens/templates/sidecar-configmap.yaml 25 | apiVersion: v1 26 | kind: ConfigMap 27 | metadata: 28 | name: sidecar-config-lens 29 | labels: 30 | release: devtron 31 | data: 32 | envoy-config.json: | 33 | { 34 | "stats_config": { 35 | "use_all_default_tags": false, 36 | "stats_tags": [ 37 | { 38 | "tag_name": "cluster_name", 39 | "regex": "^cluster\\.((.+?(\\..+?\\.svc\\.cluster\\.local)?)\\.)" 40 | }, 41 | { 42 | "tag_name": "tcp_prefix", 43 | "regex": "^tcp\\.((.*?)\\.)\\w+?$" 44 | }, 45 | { 46 | "tag_name": "response_code", 47 | "regex": "_rq(_(\\d{3}))$" 48 | }, 49 | { 50 | "tag_name": "response_code_class", 51 | "regex": ".*_rq(_(\\dxx))$" 52 | }, 53 | { 54 | "tag_name": "http_conn_manager_listener_prefix", 55 | "regex": "^listener(?=\\.).*?\\.http\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)" 56 | }, 57 | { 58 | "tag_name": "http_conn_manager_prefix", 59 | "regex": "^http\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)" 60 | }, 61 | { 62 | "tag_name": "listener_address", 63 | "regex": "^listener\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)" 64 | }, 65 | { 66 | "tag_name": "mongo_prefix", 67 | "regex": "^mongo\\.(.+?)\\.(collection|cmd|cx_|op_|delays_|decoding_)(.*?)$" 68 | } 69 | ], 70 | "stats_matcher": { 71 | "inclusion_list": { 72 | "patterns": [ 73 | { 74 | "regex": ".*_rq_\\dxx$" 75 | }, 76 | { 77 | "regex": ".*_rq_time$" 78 | }, 79 | { 80 | "regex": "cluster.*" 81 | }, 82 | ] 83 | } 84 | } 85 | }, 86 | "admin": { 87 | "access_log_path": "/dev/null", 88 | "address": { 89 | "socket_address": { 90 | "address": "0.0.0.0", 91 | "port_value": 9901 92 | } 93 | } 94 | }, 95 | "static_resources": { 96 | "clusters": [ 97 | { 98 | "name": "6", 99 | "type": "STATIC", 100 | "connect_timeout": "0.250s", 101 | "lb_policy": "ROUND_ROBIN", 102 | "hosts": [ 103 | { 104 | "socket_address": { 105 | "protocol": "TCP", 106 | "address": "127.0.0.1", 107 | "port_value": 8080 108 | } 109 | } 110 | ] 111 | } 112 | ], 113 | "listeners":[ 114 | { 115 | "address": { 116 | "socket_address": { 117 | "protocol": "TCP", 118 | "address": "0.0.0.0", 119 | "port_value": 8790 120 | } 121 | }, 122 | "filter_chains": [ 123 | { 124 | "filters": [ 125 | { 126 | "name": "envoy.http_connection_manager", 127 | "config": { 128 | "codec_type": "AUTO", 129 | "stat_prefix": "stats", 130 | "route_config": { 131 | "virtual_hosts": [ 132 | { 133 | "name": "backend", 134 | "domains": [ 135 | "*" 136 | ], 137 | "routes": [ 138 | { 139 | "match": { 140 | "prefix": "/" 141 | }, 142 | "route": { 143 | "cluster": "6" 144 | } 145 | } 146 | ] 147 | } 148 | ] 149 | }, 150 | "http_filters": { 151 | "name": "envoy.router" 152 | } 153 | } 154 | } 155 | ] 156 | } 157 | ] 158 | } 159 | ] 160 | } 161 | } 162 | --- 163 | # Source: lens/templates/service.yaml 164 | apiVersion: v1 165 | kind: Service 166 | metadata: 167 | name: lens-service 168 | labels: 169 | app: lens 170 | chart: lens-3.7.1 171 | release: devtron 172 | spec: 173 | type: ClusterIP 174 | ports: 175 | - port: 80 176 | targetPort: app 177 | protocol: TCP 178 | name: app 179 | - port: 9901 180 | name: envoy-admin 181 | selector: 182 | app: lens 183 | --- 184 | # Source: lens/templates/hpa.yaml 185 | apiVersion: autoscaling/v2beta1 186 | kind: HorizontalPodAutoscaler 187 | metadata: 188 | name: lens-hpa 189 | spec: 190 | scaleTargetRef: 191 | apiVersion: v1 192 | kind: Deployment 193 | name: lens 194 | minReplicas: 1 195 | maxReplicas: 2 196 | metrics: 197 | - type: Resource 198 | resource: 199 | name: memory 200 | targetAverageUtilization: 90 201 | - type: Resource 202 | resource: 203 | name: cpu 204 | targetAverageUtilization: 80 205 | --- 206 | # Source: lens/templates/deployment.yaml 207 | apiVersion: apps/v1 208 | kind: Deployment 209 | metadata: 210 | name: lens 211 | labels: 212 | app: lens 213 | chart: lens-3.7.1 214 | release: devtron 215 | spec: 216 | selector: 217 | matchLabels: 218 | app: lens 219 | release: devtron 220 | replicas: 1 221 | minReadySeconds: 60 222 | template: 223 | metadata: 224 | labels: 225 | app: lens 226 | release: devtron 227 | spec: 228 | terminationGracePeriodSeconds: 30 229 | restartPolicy: Always 230 | containers: 231 | - name: envoy 232 | image: envoyproxy/envoy:v1.14.1 233 | ports: 234 | - containerPort: 9901 235 | protocol: TCP 236 | name: envoy-admin 237 | - name: app 238 | containerPort: 8790 239 | protocol: TCP 240 | command: ["/usr/local/bin/envoy"] 241 | args: ["-c", "/etc/envoy-config/envoy-config.json", "-l", "info", "--log-format", "[METADATA][%Y-%m-%d %T.%e][%t][%l][%n] %v"] 242 | volumeMounts: 243 | - name: envoy-config-volume 244 | mountPath: /etc/envoy-config/ 245 | - name: lens 246 | image: quay.io/devtron/lens:772fcb2a-125-2194 247 | imagePullPolicy: IfNotPresent 248 | ports: 249 | - name: app 250 | containerPort: 8080 251 | protocol: TCP 252 | env: 253 | - name: CONFIG_HASH 254 | value: 1b9a3decafa1e6653dbe094dc6214c1caff4f2185f1a533d5dc566cd5bdebc2a 255 | - name: SECRET_HASH 256 | value: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 257 | - name: POD_NAME 258 | valueFrom: 259 | fieldRef: 260 | fieldPath: metadata.name 261 | envFrom: 262 | - configMapRef: 263 | name: lens-cm 264 | - secretRef: 265 | name: lens-secret 266 | resources: 267 | limits: 268 | cpu: "0.05" 269 | memory: 50Mi 270 | requests: 271 | cpu: "0.01" 272 | memory: 10Mi 273 | volumeMounts: [] 274 | volumes: 275 | - name: envoy-config-volume 276 | configMap: 277 | name: sidecar-config-lens 278 | revisionHistoryLimit: 3 279 | --- 280 | # Source: lens/templates/metrics-service-monitor.yaml 281 | apiVersion: monitoring.coreos.com/v1 282 | kind: ServiceMonitor 283 | metadata: 284 | name: lens-sm 285 | labels: 286 | app: lens 287 | release: devtron 288 | spec: 289 | jobLabel: lens 290 | endpoints: 291 | - port: envoy-admin 292 | interval: 30s 293 | path: /stats/prometheus 294 | selector: 295 | matchLabels: 296 | app: lens 297 | namespaceSelector: 298 | matchNames: 299 | - devtroncd 300 | -------------------------------------------------------------------------------- /yamls/dashboard.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: dashboard/templates/secret.yaml 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: devtron-dashboard-secret 7 | labels: 8 | release: devtron 9 | type: Opaque 10 | --- 11 | # Source: dashboard/templates/configmap.yaml 12 | apiVersion: v1 13 | kind: ConfigMap 14 | metadata: 15 | name: dashboard-cm 16 | labels: 17 | release: devtron 18 | data: 19 | GA_ENABLED: "false" 20 | HOTJAR_ENABLED: "false" 21 | SENTRY_ENABLED: "false" 22 | SENTRY_ENV: PRODUCTION 23 | --- 24 | # Source: dashboard/templates/sidecar-configmap.yaml 25 | apiVersion: v1 26 | kind: ConfigMap 27 | metadata: 28 | name: sidecar-config-dashboard 29 | labels: 30 | release: devtron 31 | data: 32 | envoy-config.json: | 33 | { 34 | "stats_config": { 35 | "use_all_default_tags": false, 36 | "stats_tags": [ 37 | { 38 | "tag_name": "cluster_name", 39 | "regex": "^cluster\\.((.+?(\\..+?\\.svc\\.cluster\\.local)?)\\.)" 40 | }, 41 | { 42 | "tag_name": "tcp_prefix", 43 | "regex": "^tcp\\.((.*?)\\.)\\w+?$" 44 | }, 45 | { 46 | "tag_name": "response_code", 47 | "regex": "_rq(_(\\d{3}))$" 48 | }, 49 | { 50 | "tag_name": "response_code_class", 51 | "regex": ".*_rq(_(\\dxx))$" 52 | }, 53 | { 54 | "tag_name": "http_conn_manager_listener_prefix", 55 | "regex": "^listener(?=\\.).*?\\.http\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)" 56 | }, 57 | { 58 | "tag_name": "http_conn_manager_prefix", 59 | "regex": "^http\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)" 60 | }, 61 | { 62 | "tag_name": "listener_address", 63 | "regex": "^listener\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)" 64 | }, 65 | { 66 | "tag_name": "mongo_prefix", 67 | "regex": "^mongo\\.(.+?)\\.(collection|cmd|cx_|op_|delays_|decoding_)(.*?)$" 68 | } 69 | ], 70 | "stats_matcher": { 71 | "inclusion_list": { 72 | "patterns": [ 73 | { 74 | "regex": ".*_rq_\\dxx$" 75 | }, 76 | { 77 | "regex": ".*_rq_time$" 78 | }, 79 | { 80 | "regex": "cluster.*" 81 | }, 82 | ] 83 | } 84 | } 85 | }, 86 | "admin": { 87 | "access_log_path": "/dev/null", 88 | "address": { 89 | "socket_address": { 90 | "address": "0.0.0.0", 91 | "port_value": 9901 92 | } 93 | } 94 | }, 95 | "static_resources": { 96 | "clusters": [ 97 | { 98 | "name": "1-0", 99 | "type": "STATIC", 100 | "connect_timeout": "0.250s", 101 | "lb_policy": "ROUND_ROBIN", 102 | "load_assignment": { 103 | "cluster_name": "9", 104 | "endpoints": { 105 | "lb_endpoints": [ 106 | { 107 | "endpoint": { 108 | "address": { 109 | "socket_address": { 110 | "protocol": "TCP", 111 | "address": "127.0.0.1", 112 | "port_value": 80 113 | } 114 | } 115 | } 116 | } 117 | ] 118 | } 119 | } 120 | }, 121 | ], 122 | "listeners":[ 123 | { 124 | "address": { 125 | "socket_address": { 126 | "protocol": "TCP", 127 | "address": "0.0.0.0", 128 | "port_value": 8790 129 | } 130 | }, 131 | "filter_chains": [ 132 | { 133 | "filters": [ 134 | { 135 | "name": "envoy.filters.network.http_connection_manager", 136 | "config": { 137 | "codec_type": "AUTO", 138 | "stat_prefix": "stats", 139 | "route_config": { 140 | "virtual_hosts": [ 141 | { 142 | "name": "backend", 143 | "domains": [ 144 | "*" 145 | ], 146 | "routes": [ 147 | { 148 | "match": { 149 | "prefix": "/" 150 | }, 151 | "route": { 152 | "cluster": "1-0" 153 | } 154 | } 155 | ] 156 | } 157 | ] 158 | }, 159 | "http_filters": { 160 | "name": "envoy.filters.http.router" 161 | } 162 | } 163 | } 164 | ] 165 | } 166 | ] 167 | }, 168 | ] 169 | } 170 | } 171 | --- 172 | # Source: dashboard/templates/service.yaml 173 | apiVersion: v1 174 | kind: Service 175 | metadata: 176 | name: dashboard-service 177 | labels: 178 | app: dashboard 179 | chart: dashboard-3.9.1 180 | release: devtron 181 | spec: 182 | type: ClusterIP 183 | ports: 184 | - port: 80 185 | targetPort: app 186 | protocol: TCP 187 | name: app 188 | - port: 9901 189 | name: envoy-admin 190 | selector: 191 | app: dashboard 192 | --- 193 | # Source: dashboard/templates/deployment.yaml 194 | apiVersion: apps/v1 195 | kind: Deployment 196 | metadata: 197 | name: dashboard 198 | labels: 199 | app: dashboard 200 | chart: dashboard-3.9.1 201 | release: devtron 202 | spec: 203 | selector: 204 | matchLabels: 205 | app: dashboard 206 | release: devtron 207 | replicas: 1 208 | minReadySeconds: 60 209 | template: 210 | metadata: 211 | labels: 212 | app: dashboard 213 | release: devtron 214 | spec: 215 | terminationGracePeriodSeconds: 30 216 | restartPolicy: Always 217 | containers: 218 | - name: envoy 219 | image: envoyproxy/envoy:v1.14.1 220 | resources: 221 | limits: 222 | cpu: 50m 223 | memory: 50Mi 224 | requests: 225 | cpu: 50m 226 | memory: 50Mi 227 | ports: 228 | - containerPort: 9901 229 | protocol: TCP 230 | name: envoy-admin 231 | - name: app 232 | containerPort: 8790 233 | protocol: TCP 234 | command: ["/usr/local/bin/envoy"] 235 | args: ["-c", "/etc/envoy-config/envoy-config.json", "-l", "info", "--log-format", "[METADATA][%Y-%m-%d %T.%e][%t][%l][%n] %v"] 236 | volumeMounts: 237 | - name: envoy-config-volume 238 | mountPath: /etc/envoy-config/ 239 | - name: dashboard 240 | image: "quay.io/devtron/dashboard:80d3194a-136-3816" 241 | imagePullPolicy: IfNotPresent 242 | ports: 243 | - name: app 244 | containerPort: 80 245 | protocol: TCP 246 | env: 247 | - name: CONFIG_HASH 248 | value: d79e473c6352af87345c540cbbe1307c4cdc5a014f3393d3d46ff194442179e0 249 | - name: SECRET_HASH 250 | value: 552efd3342e616f7ff4a7d2fffd4879809af5efabeda4c1a8597aeafefcb017d 251 | - name: DEVTRON_APP_NAME 252 | value: dashboard 253 | - name: POD_NAME 254 | valueFrom: 255 | fieldRef: 256 | fieldPath: metadata.name 257 | envFrom: 258 | - configMapRef: 259 | name: dashboard-cm 260 | - secretRef: 261 | name: devtron-dashboard-secret 262 | resources: 263 | limits: 264 | cpu: "0.05" 265 | memory: 50Mi 266 | requests: 267 | cpu: "0.01" 268 | memory: 10Mi 269 | volumeMounts: [] 270 | volumes: 271 | - name: envoy-config-volume 272 | configMap: 273 | name: sidecar-config-dashboard 274 | revisionHistoryLimit: 3 275 | --- 276 | # Source: dashboard/templates/metrics-service-monitor.yaml 277 | apiVersion: monitoring.coreos.com/v1 278 | kind: ServiceMonitor 279 | metadata: 280 | name: dashboard 281 | labels: 282 | app: dashboard 283 | chart: dashboard-3.9.1 284 | release: devtron 285 | spec: 286 | jobLabel: dashboard 287 | endpoints: 288 | - port: envoy-admin 289 | interval: 30s 290 | path: /stats/prometheus 291 | selector: 292 | matchLabels: 293 | app: dashboard 294 | namespaceSelector: 295 | matchNames: 296 | - devtroncd:w 297 | -------------------------------------------------------------------------------- /install/install.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1beta1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.3.0 6 | creationTimestamp: null 7 | name: installers.installer.devtron.ai 8 | spec: 9 | group: installer.devtron.ai 10 | names: 11 | kind: Installer 12 | listKind: InstallerList 13 | plural: installers 14 | singular: installer 15 | scope: Namespaced 16 | validation: 17 | openAPIV3Schema: 18 | description: Installer is the Schema for the installers API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: InstallerSpec defines the desired state of Installer 34 | properties: 35 | url: 36 | description: URL of the BOM version to be installed 37 | type: string 38 | type: object 39 | status: 40 | description: InstallerStatus defines the observed state of Installer 41 | properties: 42 | current_spec_hash: 43 | type: string 44 | sync: 45 | description: SyncStatus is a comparison result of application spec and 46 | deployed application. 47 | properties: 48 | conditions: 49 | items: 50 | description: InstallerCondition contains details about current 51 | application condition 52 | properties: 53 | lastTransitionTime: 54 | description: LastTransitionTime is the time the condition 55 | was first observed. 56 | format: date-time 57 | type: string 58 | message: 59 | description: Message contains human-readable message indicating 60 | details about condition 61 | type: string 62 | type: 63 | description: Type is an application condition type 64 | type: string 65 | required: 66 | - message 67 | - type 68 | type: object 69 | type: array 70 | data: 71 | type: string 72 | health: 73 | properties: 74 | message: 75 | type: string 76 | status: 77 | description: Represents resource health status 78 | type: string 79 | type: object 80 | history: 81 | description: RevisionHistories is a array of history, oldest first 82 | and newest last 83 | items: 84 | description: RevisionHistory contains information relevant to 85 | an application deployment 86 | properties: 87 | deployStartedAt: 88 | description: DeployStartedAt holds the time the deployment 89 | started 90 | format: date-time 91 | type: string 92 | deployedAt: 93 | description: DeployedAt holds the time the deployment completed 94 | format: date-time 95 | type: string 96 | id: 97 | description: ID is an auto incrementing identifier of the 98 | RevisionHistory 99 | format: int64 100 | type: integer 101 | revision: 102 | description: Revision holds the revision of the sync 103 | type: string 104 | source: 105 | description: ApplicationSource contains information about 106 | github repository, path within repository and target application 107 | environment. 108 | properties: 109 | url: 110 | type: string 111 | type: object 112 | required: 113 | - deployedAt 114 | - id 115 | - revision 116 | type: object 117 | type: array 118 | resources: 119 | items: 120 | description: ResourceStatus holds the current sync and health 121 | status of a resource 122 | properties: 123 | group: 124 | type: string 125 | health: 126 | properties: 127 | message: 128 | type: string 129 | status: 130 | description: Represents resource health status 131 | type: string 132 | type: object 133 | kind: 134 | type: string 135 | name: 136 | type: string 137 | namespace: 138 | type: string 139 | operation: 140 | type: string 141 | status: 142 | type: string 143 | version: 144 | type: string 145 | type: object 146 | type: array 147 | status: 148 | type: string 149 | url: 150 | description: URL of the BOM version pulled 151 | type: string 152 | required: 153 | - status 154 | type: object 155 | required: 156 | - current_spec_hash 157 | - sync 158 | type: object 159 | type: object 160 | version: v1alpha1 161 | versions: 162 | - name: v1alpha1 163 | served: true 164 | storage: true 165 | status: 166 | acceptedNames: 167 | kind: "" 168 | plural: "" 169 | conditions: [] 170 | storedVersions: [] 171 | --- 172 | apiVersion: v1 173 | kind: Namespace 174 | metadata: 175 | labels: 176 | name: devtron 177 | name: devtroncd 178 | --- 179 | apiVersion: v1 180 | kind: ServiceAccount 181 | metadata: 182 | name: installer 183 | namespace: devtroncd 184 | --- 185 | apiVersion: rbac.authorization.k8s.io/v1 186 | kind: ClusterRoleBinding 187 | metadata: 188 | name: installer 189 | roleRef: 190 | apiGroup: rbac.authorization.k8s.io 191 | kind: ClusterRole 192 | name: cluster-admin 193 | subjects: 194 | - kind: ServiceAccount 195 | name: installer 196 | namespace: devtroncd 197 | --- 198 | apiVersion: rbac.authorization.k8s.io/v1 199 | kind: ClusterRoleBinding 200 | metadata: 201 | name: installer-editor 202 | roleRef: 203 | apiGroup: rbac.authorization.k8s.io 204 | kind: ClusterRole 205 | name: installer-editor-role 206 | subjects: 207 | - kind: ServiceAccount 208 | name: installer 209 | namespace: devtroncd 210 | --- 211 | apiVersion: rbac.authorization.k8s.io/v1 212 | kind: ClusterRole 213 | metadata: 214 | name: installer-editor-role 215 | rules: 216 | - apiGroups: 217 | - installer.devtron.ai 218 | resources: 219 | - installers 220 | verbs: 221 | - create 222 | - delete 223 | - get 224 | - list 225 | - patch 226 | - update 227 | - watch 228 | - apiGroups: 229 | - installer.devtron.ai 230 | resources: 231 | - installers/status 232 | verbs: 233 | - get 234 | --- 235 | apiVersion: apps/v1 236 | kind: Deployment 237 | metadata: 238 | labels: 239 | app: inception 240 | name: inception 241 | namespace: devtroncd 242 | spec: 243 | minReadySeconds: 60 244 | replicas: 1 245 | strategy: 246 | type: Recreate 247 | selector: 248 | matchLabels: 249 | app: inception 250 | template: 251 | metadata: 252 | creationTimestamp: null 253 | labels: 254 | app: inception 255 | spec: 256 | containers: 257 | - 258 | image: quay.io/devtron/inception:d7236e39-185-3534 259 | imagePullPolicy: IfNotPresent 260 | name: inception 261 | ports: 262 | - 263 | containerPort: 8080 264 | name: app 265 | protocol: TCP 266 | resources: 267 | limits: 268 | cpu: 50m 269 | memory: 500Mi 270 | requests: 271 | cpu: 10m 272 | memory: 100Mi 273 | restartPolicy: Always 274 | serviceAccountName: installer 275 | terminationGracePeriodSeconds: 30 276 | -------------------------------------------------------------------------------- /yamls/external-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1beta1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: externalsecrets.kubernetes-client.io 5 | annotations: 6 | # for helm v2 backwards compatibility 7 | helm.sh/hook: crd-install 8 | # used in e2e testing 9 | app.kubernetes.io/managed-by: helm 10 | spec: 11 | group: kubernetes-client.io 12 | version: v1 13 | scope: Namespaced 14 | 15 | names: 16 | shortNames: 17 | - es 18 | kind: ExternalSecret 19 | plural: externalsecrets 20 | singular: externalsecret 21 | 22 | additionalPrinterColumns: 23 | - JSONPath: .status.lastSync 24 | name: Last Sync 25 | type: date 26 | - JSONPath: .status.status 27 | name: status 28 | type: string 29 | - JSONPath: .metadata.creationTimestamp 30 | name: Age 31 | type: date 32 | 33 | validation: 34 | openAPIV3Schema: 35 | properties: 36 | spec: 37 | type: object 38 | properties: 39 | template: 40 | description: Template which will be deep merged without mutating 41 | any existing fields. into generated secret, can be used to 42 | set for example annotations or type on the generated secret 43 | type: object 44 | backendType: 45 | type: string 46 | enum: 47 | - secretsManager 48 | - systemManager 49 | - vault 50 | - azureKeyVault 51 | - gcpSecretsManager 52 | - alicloudSecretsManager 53 | vaultRole: 54 | type: string 55 | vaultMountPoint: 56 | type: string 57 | kvVersion: 58 | description: Vault K/V version either 1 or 2, default = 2 59 | type: integer 60 | minimum: 1 61 | maximum: 2 62 | keyVaultName: 63 | type: string 64 | key: 65 | type: string 66 | dataFrom: 67 | type: array 68 | items: 69 | type: string 70 | data: 71 | type: array 72 | items: 73 | type: object 74 | properties: 75 | key: 76 | description: Secret key in backend 77 | type: string 78 | name: 79 | description: Name set for this key in the generated secret 80 | type: string 81 | property: 82 | description: Property to extract if secret in backend is a JSON object 83 | isBinary: 84 | description: >- 85 | You must set this to true if configuring an item for a binary file stored in Azure KeyVault. 86 | Azure automatically base64 encodes binary files and setting this to true ensures External Secrets 87 | does not base64 encode the base64 encoded binary files. 88 | type: boolean 89 | required: 90 | - name 91 | - key 92 | roleArn: 93 | type: string 94 | oneOf: 95 | - properties: 96 | backendType: 97 | enum: 98 | - secretsManager 99 | - systemManager 100 | - properties: 101 | backendType: 102 | enum: 103 | - vault 104 | - properties: 105 | backendType: 106 | enum: 107 | - azureKeyVault 108 | required: 109 | - keyVaultName 110 | - properties: 111 | backendType: 112 | enum: 113 | - gcpSecretsManager 114 | - properties: 115 | backendType: 116 | enum: 117 | - alicloudSecretsManager 118 | anyOf: 119 | - required: 120 | - data 121 | - required: 122 | - dataFrom 123 | subresources: 124 | status: {} 125 | --- 126 | # Source: devtron/templates/secret.yaml 127 | apiVersion: v1 128 | kind: Secret 129 | metadata: 130 | name: devtron-kubernetes-external-secret 131 | labels: 132 | release: devtron 133 | type: Opaque 134 | --- 135 | # Source: devtron/templates/configmap.yaml 136 | apiVersion: v1 137 | kind: ConfigMap 138 | metadata: 139 | name: devtron-kubernetes-external-cm 140 | labels: 141 | release: devtron 142 | --- 143 | # Source: kubernetes-external-secrets/templates/serviceaccount.yaml 144 | apiVersion: v1 145 | kind: ServiceAccount 146 | metadata: 147 | name: devtron-kubernetes-external-secrets 148 | namespace: "devtroncd" 149 | labels: 150 | app.kubernetes.io/name: kubernetes-external-secrets 151 | helm.sh/chart: kubernetes-external-secrets-6.0.0 152 | app.kubernetes.io/instance: devtron 153 | --- 154 | # Source: kubernetes-external-secrets/templates/rbac.yaml 155 | apiVersion: rbac.authorization.k8s.io/v1beta1 156 | kind: ClusterRole 157 | metadata: 158 | name: devtron-kubernetes-external-secrets 159 | labels: 160 | app.kubernetes.io/name: kubernetes-external-secrets 161 | helm.sh/chart: kubernetes-external-secrets-6.0.0 162 | app.kubernetes.io/instance: devtron 163 | rules: 164 | - apiGroups: [""] 165 | resources: ["secrets"] 166 | verbs: ["create", "update"] 167 | - apiGroups: [""] 168 | resources: ["namespaces"] 169 | verbs: ["get", "watch", "list"] 170 | - apiGroups: ["apiextensions.k8s.io"] 171 | resources: ["customresourcedefinitions"] 172 | resourceNames: ["externalsecrets.kubernetes-client.io"] 173 | verbs: ["get", "update"] 174 | - apiGroups: ["kubernetes-client.io"] 175 | resources: ["externalsecrets"] 176 | verbs: ["get", "watch", "list"] 177 | - apiGroups: ["kubernetes-client.io"] 178 | resources: ["externalsecrets/status"] 179 | verbs: ["get", "update"] 180 | - apiGroups: ["apiextensions.k8s.io"] 181 | resources: ["customresourcedefinitions"] 182 | verbs: ["create"] 183 | --- 184 | # Source: kubernetes-external-secrets/templates/rbac.yaml 185 | apiVersion: rbac.authorization.k8s.io/v1beta1 186 | kind: ClusterRoleBinding 187 | metadata: 188 | name: devtron-kubernetes-external-secrets 189 | labels: 190 | app.kubernetes.io/name: kubernetes-external-secrets 191 | helm.sh/chart: kubernetes-external-secrets-6.0.0 192 | app.kubernetes.io/instance: devtron 193 | roleRef: 194 | apiGroup: rbac.authorization.k8s.io 195 | kind: ClusterRole 196 | name: devtron-kubernetes-external-secrets 197 | subjects: 198 | - name: devtron-kubernetes-external-secrets 199 | namespace: "devtroncd" 200 | kind: ServiceAccount 201 | --- 202 | # Source: kubernetes-external-secrets/templates/rbac.yaml 203 | apiVersion: rbac.authorization.k8s.io/v1beta1 204 | kind: ClusterRoleBinding 205 | metadata: 206 | name: devtron-kubernetes-external-secrets-auth 207 | labels: 208 | app.kubernetes.io/name: kubernetes-external-secrets 209 | helm.sh/chart: kubernetes-external-secrets-6.0.0 210 | app.kubernetes.io/instance: devtron 211 | roleRef: 212 | apiGroup: rbac.authorization.k8s.io 213 | kind: ClusterRole 214 | name: system:auth-delegator 215 | subjects: 216 | - name: devtron-kubernetes-external-secrets 217 | namespace: "devtroncd" 218 | kind: ServiceAccount 219 | --- 220 | # Source: kubernetes-external-secrets/templates/service.yaml 221 | apiVersion: v1 222 | kind: Service 223 | metadata: 224 | name: devtron-kubernetes-external-secrets 225 | namespace: "devtroncd" 226 | labels: 227 | app.kubernetes.io/name: kubernetes-external-secrets 228 | helm.sh/chart: kubernetes-external-secrets-6.0.0 229 | app.kubernetes.io/instance: devtron 230 | spec: 231 | selector: 232 | app.kubernetes.io/name: kubernetes-external-secrets 233 | ports: 234 | - protocol: TCP 235 | port: 3001 236 | name: prometheus 237 | targetPort: prometheus 238 | --- 239 | # Source: kubernetes-external-secrets/templates/deployment.yaml 240 | apiVersion: apps/v1 241 | kind: Deployment 242 | metadata: 243 | name: devtron-kubernetes-external-secrets 244 | namespace: "devtroncd" 245 | labels: 246 | app.kubernetes.io/name: kubernetes-external-secrets 247 | helm.sh/chart: kubernetes-external-secrets-6.0.0 248 | app.kubernetes.io/instance: devtron 249 | spec: 250 | replicas: 1 251 | selector: 252 | matchLabels: 253 | app.kubernetes.io/name: kubernetes-external-secrets 254 | app.kubernetes.io/instance: devtron 255 | template: 256 | metadata: 257 | labels: 258 | app.kubernetes.io/name: kubernetes-external-secrets 259 | app.kubernetes.io/instance: devtron 260 | spec: 261 | serviceAccountName: devtron-kubernetes-external-secrets 262 | containers: 263 | - name: kubernetes-external-secrets 264 | image: "godaddy/kubernetes-external-secrets:6.0.0" 265 | ports: 266 | - name: prometheus 267 | containerPort: 3001 268 | imagePullPolicy: IfNotPresent 269 | resources: 270 | limits: 271 | cpu: 260m 272 | memory: 128Mi 273 | requests: 274 | cpu: 200m 275 | memory: 128Mi 276 | env: 277 | - name: "LOG_LEVEL" 278 | value: "info" 279 | - name: "LOG_MESSAGE_KEY" 280 | value: "msg" 281 | - name: "METRICS_PORT" 282 | value: "3001" 283 | - name: "POLLER_INTERVAL_MILLISECONDS" 284 | value: "10000" 285 | envFrom: 286 | - configMapRef: 287 | name: devtron-kubernetes-external-cm 288 | - secretRef: 289 | name: devtron-kubernetes-external-secret 290 | # Params for env vars populated from k8s secrets 291 | securityContext: 292 | runAsNonRoot: true -------------------------------------------------------------------------------- /yamls/minio-storage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: minio/templates/post-install-prometheus-metrics-serviceaccount.yaml 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: devtron-minio-update-prometheus-secret 7 | labels: 8 | app: minio-update-prometheus-secret 9 | chart: minio-8.0.10 10 | release: devtron 11 | heritage: Helm 12 | --- 13 | # Source: minio/templates/serviceaccount.yaml 14 | apiVersion: v1 15 | kind: ServiceAccount 16 | metadata: 17 | name: "devtron-minio" 18 | namespace: "devtroncd" 19 | labels: 20 | app: minio 21 | chart: minio-8.0.10 22 | release: "devtron" 23 | --- 24 | # Source: minio/templates/secrets.yaml 25 | apiVersion: v1 26 | kind: Secret 27 | metadata: 28 | name: devtron-minio 29 | labels: 30 | app: minio 31 | chart: minio-8.0.10 32 | release: devtron 33 | heritage: Helm 34 | type: Opaque 35 | data: 36 | accesskey: "" 37 | secretkey: "" 38 | --- 39 | # Source: minio/templates/configmap.yaml 40 | apiVersion: v1 41 | kind: ConfigMap 42 | metadata: 43 | name: devtron-minio 44 | labels: 45 | app: minio 46 | chart: minio-8.0.10 47 | release: devtron 48 | heritage: Helm 49 | data: 50 | initialize: |- 51 | #!/bin/sh 52 | set -e ; # Have script exit in the event of a failed command. 53 | MC_CONFIG_DIR="/etc/minio/mc/" 54 | MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" 55 | 56 | # connectToMinio 57 | # Use a check-sleep-check loop to wait for Minio service to be available 58 | connectToMinio() { 59 | SCHEME=$1 60 | ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts 61 | set -e ; # fail if we can't read the keys. 62 | ACCESS=$(cat /config/accesskey) ; SECRET=$(cat /config/secretkey) ; 63 | set +e ; # The connections to minio are allowed to fail. 64 | echo "Connecting to Minio server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; 65 | MC_COMMAND="${MC} config host add myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; 66 | $MC_COMMAND ; 67 | STATUS=$? ; 68 | until [ $STATUS = 0 ] 69 | do 70 | ATTEMPTS=`expr $ATTEMPTS + 1` ; 71 | echo \"Failed attempts: $ATTEMPTS\" ; 72 | if [ $ATTEMPTS -gt $LIMIT ]; then 73 | exit 1 ; 74 | fi ; 75 | sleep 2 ; # 1 second intervals between attempts 76 | $MC_COMMAND ; 77 | STATUS=$? ; 78 | done ; 79 | set -e ; # reset `e` as active 80 | return 0 81 | } 82 | 83 | # checkBucketExists ($bucket) 84 | # Check if the bucket exists, by using the exit code of `mc ls` 85 | checkBucketExists() { 86 | BUCKET=$1 87 | CMD=$(${MC} ls myminio/$BUCKET > /dev/null 2>&1) 88 | return $? 89 | } 90 | 91 | # createBucket ($bucket, $policy, $purge) 92 | # Ensure bucket exists, purging if asked to 93 | createBucket() { 94 | BUCKET=$1 95 | POLICY=$2 96 | PURGE=$3 97 | VERSIONING=$4 98 | 99 | # Purge the bucket, if set & exists 100 | # Since PURGE is user input, check explicitly for `true` 101 | if [ $PURGE = true ]; then 102 | if checkBucketExists $BUCKET ; then 103 | echo "Purging bucket '$BUCKET'." 104 | set +e ; # don't exit if this fails 105 | ${MC} rm -r --force myminio/$BUCKET 106 | set -e ; # reset `e` as active 107 | else 108 | echo "Bucket '$BUCKET' does not exist, skipping purge." 109 | fi 110 | fi 111 | 112 | # Create the bucket if it does not exist 113 | if ! checkBucketExists $BUCKET ; then 114 | echo "Creating bucket '$BUCKET'" 115 | ${MC} mb myminio/$BUCKET 116 | else 117 | echo "Bucket '$BUCKET' already exists." 118 | fi 119 | 120 | 121 | # set versioning for bucket 122 | if [ ! -z $VERSIONING ] ; then 123 | if [ $VERSIONING = true ] ; then 124 | echo "Enabling versioning for '$BUCKET'" 125 | ${MC} version enable myminio/$BUCKET 126 | elif [ $VERSIONING = false ] ; then 127 | echo "Suspending versioning for '$BUCKET'" 128 | ${MC} version suspend myminio/$BUCKET 129 | fi 130 | else 131 | echo "Bucket '$BUCKET' versioning unchanged." 132 | fi 133 | 134 | # At this point, the bucket should exist, skip checking for existence 135 | # Set policy on the bucket 136 | echo "Setting policy of bucket '$BUCKET' to '$POLICY'." 137 | ${MC} policy set $POLICY myminio/$BUCKET 138 | } 139 | 140 | # Try connecting to Minio instance 141 | scheme=http 142 | connectToMinio $scheme 143 | # Create the buckets 144 | createBucket devtron-ci-log none false 145 | createBucket devtron-ci-cache none false 146 | --- 147 | # Source: minio/templates/post-install-prometheus-metrics-role.yaml 148 | apiVersion: rbac.authorization.k8s.io/v1 149 | kind: Role 150 | metadata: 151 | name: devtron-minio-update-prometheus-secret 152 | labels: 153 | app: minio-update-prometheus-secret 154 | chart: minio-8.0.10 155 | release: devtron 156 | heritage: Helm 157 | rules: 158 | - apiGroups: 159 | - "" 160 | resources: 161 | - secrets 162 | verbs: 163 | - get 164 | - create 165 | - update 166 | - patch 167 | resourceNames: 168 | - devtron-minio-prometheus 169 | - apiGroups: 170 | - "" 171 | resources: 172 | - secrets 173 | verbs: 174 | - create 175 | - apiGroups: 176 | - monitoring.coreos.com 177 | resources: 178 | - servicemonitors 179 | verbs: 180 | - get 181 | resourceNames: 182 | - devtron-minio 183 | --- 184 | # Source: minio/templates/post-install-prometheus-metrics-rolebinding.yaml 185 | apiVersion: rbac.authorization.k8s.io/v1 186 | kind: RoleBinding 187 | metadata: 188 | name: devtron-minio-update-prometheus-secret 189 | labels: 190 | app: minio-update-prometheus-secret 191 | chart: minio-8.0.10 192 | release: devtron 193 | heritage: Helm 194 | roleRef: 195 | apiGroup: rbac.authorization.k8s.io 196 | kind: Role 197 | name: devtron-minio-update-prometheus-secret 198 | subjects: 199 | - kind: ServiceAccount 200 | name: devtron-minio-update-prometheus-secret 201 | namespace: "devtroncd" 202 | --- 203 | # Source: minio/templates/service.yaml 204 | apiVersion: v1 205 | kind: Service 206 | metadata: 207 | name: devtron-minio 208 | labels: 209 | app: minio 210 | chart: minio-8.0.10 211 | release: devtron 212 | heritage: Helm 213 | spec: 214 | type: ClusterIP 215 | ports: 216 | - name: http 217 | port: 9000 218 | protocol: TCP 219 | targetPort: 9000 220 | selector: 221 | app: minio 222 | release: devtron 223 | --- 224 | # Source: minio/templates/statefulset.yaml 225 | apiVersion: v1 226 | kind: Service 227 | metadata: 228 | name: devtron-minio-svc 229 | labels: 230 | app: minio 231 | chart: minio-8.0.10 232 | release: "devtron" 233 | heritage: "Helm" 234 | spec: 235 | publishNotReadyAddresses: true 236 | clusterIP: None 237 | ports: 238 | - name: http 239 | port: 9000 240 | protocol: TCP 241 | selector: 242 | app: minio 243 | release: devtron 244 | --- 245 | # Source: minio/templates/statefulset.yaml 246 | apiVersion: apps/v1 247 | kind: StatefulSet 248 | metadata: 249 | name: devtron-minio 250 | labels: 251 | app: minio 252 | chart: minio-8.0.10 253 | release: devtron 254 | heritage: Helm 255 | spec: 256 | updateStrategy: 257 | type: RollingUpdate 258 | podManagementPolicy: "Parallel" 259 | serviceName: devtron-minio-svc 260 | replicas: 4 261 | selector: 262 | matchLabels: 263 | app: minio 264 | release: devtron 265 | template: 266 | metadata: 267 | name: devtron-minio 268 | labels: 269 | app: minio 270 | release: devtron 271 | annotations: 272 | checksum/secrets: 850b2f8c1d8e151fea9b065a92d565fd62fe655998ec52222341a6a74e5b8daf 273 | checksum/config: 337081c741d9233f54af572dbcab63f68ad6fd788209a6c9d443cac8307c5348 274 | spec: 275 | serviceAccountName: "devtron-minio" 276 | securityContext: 277 | runAsUser: 1000 278 | runAsGroup: 1000 279 | fsGroup: 1000 280 | containers: 281 | - name: minio 282 | image: minio/minio:RELEASE.2021-02-14T04-01-33Z 283 | imagePullPolicy: IfNotPresent 284 | 285 | command: [ "/bin/sh", 286 | "-ce", 287 | "/usr/bin/docker-entrypoint.sh minio -S /etc/minio/certs/ server http://devtron-minio-{0...3}.devtron-minio-svc.devtroncd.svc.cluster.local/export" ] 288 | volumeMounts: 289 | - name: export 290 | mountPath: /export 291 | ports: 292 | - name: http 293 | containerPort: 9000 294 | env: 295 | - name: MINIO_ACCESS_KEY 296 | valueFrom: 297 | secretKeyRef: 298 | name: devtron-minio 299 | key: accesskey 300 | - name: MINIO_SECRET_KEY 301 | valueFrom: 302 | secretKeyRef: 303 | name: devtron-minio 304 | key: secretkey 305 | resources: 306 | requests: 307 | memory: 1Gi 308 | volumes: 309 | - name: minio-user 310 | secret: 311 | secretName: devtron-minio 312 | volumeClaimTemplates: 313 | - metadata: 314 | name: export 315 | spec: 316 | accessModes: [ "ReadWriteOnce" ] 317 | resources: 318 | requests: 319 | storage: 50Gi 320 | --- 321 | # Source: minio/templates/post-install-create-bucket-job.yaml 322 | apiVersion: batch/v1 323 | kind: Job 324 | metadata: 325 | name: devtron-minio-make-bucket-job 326 | labels: 327 | app: minio-make-bucket-job 328 | chart: minio-8.0.10 329 | release: devtron 330 | heritage: Helm 331 | annotations: 332 | "helm.sh/hook": post-install,post-upgrade 333 | "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation 334 | spec: 335 | template: 336 | metadata: 337 | labels: 338 | app: minio-job 339 | release: devtron 340 | spec: 341 | restartPolicy: OnFailure 342 | volumes: 343 | - name: minio-configuration 344 | projected: 345 | sources: 346 | - configMap: 347 | name: devtron-minio 348 | - secret: 349 | name: devtron-minio 350 | serviceAccountName: "devtron-minio" 351 | containers: 352 | - name: minio-mc 353 | image: "minio/mc:RELEASE.2021-02-14T04-28-06Z" 354 | imagePullPolicy: IfNotPresent 355 | command: ["/bin/sh", "/config/initialize"] 356 | env: 357 | - name: MINIO_ENDPOINT 358 | value: devtron-minio 359 | - name: MINIO_PORT 360 | value: "9000" 361 | volumeMounts: 362 | - name: minio-configuration 363 | mountPath: /config 364 | resources: 365 | requests: 366 | memory: 128Mi -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /yamls/grafana.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: devtron-grafana-cred-secret 5 | type: Opaque 6 | data: 7 | admin-user: YWRtaW4= 8 | --- 9 | # Source: grafana/templates/podsecuritypolicy.yaml 10 | apiVersion: policy/v1beta1 11 | kind: PodSecurityPolicy 12 | metadata: 13 | name: devtron-grafana 14 | namespace: devtroncd 15 | labels: 16 | helm.sh/chart: grafana-6.1.0 17 | app.kubernetes.io/name: grafana 18 | app.kubernetes.io/instance: devtron 19 | app.kubernetes.io/version: "7.3.1" 20 | app.kubernetes.io/managed-by: Helm 21 | annotations: 22 | seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' 23 | seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' 24 | apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' 25 | apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' 26 | spec: 27 | privileged: false 28 | allowPrivilegeEscalation: false 29 | requiredDropCapabilities: 30 | # Default set from Docker, without DAC_OVERRIDE or CHOWN 31 | - FOWNER 32 | - FSETID 33 | - KILL 34 | - SETGID 35 | - SETUID 36 | - SETPCAP 37 | - NET_BIND_SERVICE 38 | - NET_RAW 39 | - SYS_CHROOT 40 | - MKNOD 41 | - AUDIT_WRITE 42 | - SETFCAP 43 | volumes: 44 | - 'configMap' 45 | - 'emptyDir' 46 | - 'projected' 47 | - 'csi' 48 | - 'secret' 49 | - 'downwardAPI' 50 | - 'persistentVolumeClaim' 51 | hostNetwork: false 52 | hostIPC: false 53 | hostPID: false 54 | runAsUser: 55 | rule: 'RunAsAny' 56 | seLinux: 57 | rule: 'RunAsAny' 58 | supplementalGroups: 59 | rule: 'RunAsAny' 60 | fsGroup: 61 | rule: 'RunAsAny' 62 | readOnlyRootFilesystem: false 63 | --- 64 | # Source: grafana/templates/tests/test-podsecuritypolicy.yaml 65 | apiVersion: policy/v1beta1 66 | kind: PodSecurityPolicy 67 | metadata: 68 | name: devtron-grafana-test 69 | namespace: devtroncd 70 | labels: 71 | helm.sh/chart: grafana-6.1.0 72 | app.kubernetes.io/name: grafana 73 | app.kubernetes.io/instance: devtron 74 | app.kubernetes.io/version: "7.3.1" 75 | app.kubernetes.io/managed-by: Helm 76 | spec: 77 | allowPrivilegeEscalation: true 78 | privileged: false 79 | hostNetwork: false 80 | hostIPC: false 81 | hostPID: false 82 | fsGroup: 83 | rule: RunAsAny 84 | seLinux: 85 | rule: RunAsAny 86 | supplementalGroups: 87 | rule: RunAsAny 88 | runAsUser: 89 | rule: RunAsAny 90 | volumes: 91 | - configMap 92 | - downwardAPI 93 | - emptyDir 94 | - projected 95 | - csi 96 | - secret 97 | --- 98 | # Source: grafana/templates/serviceaccount.yaml 99 | apiVersion: v1 100 | kind: ServiceAccount 101 | metadata: 102 | labels: 103 | helm.sh/chart: grafana-6.1.0 104 | app.kubernetes.io/name: grafana 105 | app.kubernetes.io/instance: devtron 106 | app.kubernetes.io/version: "7.3.1" 107 | app.kubernetes.io/managed-by: Helm 108 | name: devtron-grafana 109 | namespace: devtroncd 110 | --- 111 | # Source: grafana/templates/tests/test-serviceaccount.yaml 112 | apiVersion: v1 113 | kind: ServiceAccount 114 | metadata: 115 | labels: 116 | helm.sh/chart: grafana-6.1.0 117 | app.kubernetes.io/name: grafana 118 | app.kubernetes.io/instance: devtron 119 | app.kubernetes.io/version: "7.3.1" 120 | app.kubernetes.io/managed-by: Helm 121 | name: devtron-grafana-test 122 | namespace: devtroncd 123 | --- 124 | # Source: grafana/templates/configmap-dashboard-provider.yaml 125 | apiVersion: v1 126 | kind: ConfigMap 127 | metadata: 128 | labels: 129 | helm.sh/chart: grafana-6.1.0 130 | app.kubernetes.io/name: grafana 131 | app.kubernetes.io/instance: devtron 132 | app.kubernetes.io/version: "7.3.1" 133 | app.kubernetes.io/managed-by: Helm 134 | name: devtron-grafana-config-dashboards 135 | namespace: devtroncd 136 | data: 137 | provider.yaml: |- 138 | apiVersion: 1 139 | providers: 140 | - name: 'sidecarProvider' 141 | orgId: 1 142 | folder: '' 143 | type: file 144 | disableDeletion: false 145 | allowUiUpdates: false 146 | options: 147 | foldersFromFilesStructure: false 148 | path: /tmp/dashboards 149 | --- 150 | # Source: grafana/templates/configmap.yaml 151 | apiVersion: v1 152 | kind: ConfigMap 153 | metadata: 154 | name: devtron-grafana 155 | namespace: devtroncd 156 | labels: 157 | helm.sh/chart: grafana-6.1.0 158 | app.kubernetes.io/name: grafana 159 | app.kubernetes.io/instance: devtron 160 | app.kubernetes.io/version: "7.3.1" 161 | app.kubernetes.io/managed-by: Helm 162 | data: 163 | grafana.ini: | 164 | [analytics] 165 | check_for_updates = true 166 | [grafana_net] 167 | url = https://grafana.net 168 | [log] 169 | mode = console 170 | [paths] 171 | data = /var/lib/grafana/data 172 | logs = /var/log/grafana 173 | plugins = /var/lib/grafana/plugins 174 | provisioning = /etc/grafana/provisioning 175 | [server] 176 | rool_url = "" 177 | dashboardproviders.yaml: | 178 | apiVersion: 1 179 | providers: [] 180 | download_dashboards.sh: | 181 | #!/usr/bin/env sh 182 | set -euf 183 | mkdir -p /var/lib/grafana/dashboards/devtron-provider 184 | curl -skf \ 185 | --connect-timeout 60 \ 186 | --max-time 60 \ 187 | -H "Accept: application/json" \ 188 | -H "Content-Type: application/json;charset=UTF-8" \ 189 | "https://grafana.com/api/dashboards/13322/revisions/2/download" | sed '/-- .* --/! s/"datasource":.*,/"datasource": "Prometheus",/g'\ 190 | > "/var/lib/grafana/dashboards/devtron-provider/cpu-usage.json" 191 | curl -skf \ 192 | --connect-timeout 60 \ 193 | --max-time 60 \ 194 | -H "Accept: application/json" \ 195 | -H "Content-Type: application/json;charset=UTF-8" \ 196 | "https://grafana.com/api/dashboards/13320/revisions/2/download" | sed '/-- .* --/! s/"datasource":.*,/"datasource": "Prometheus",/g'\ 197 | > "/var/lib/grafana/dashboards/devtron-provider/latency-status.json" 198 | curl -skf \ 199 | --connect-timeout 60 \ 200 | --max-time 60 \ 201 | -H "Accept: application/json" \ 202 | -H "Content-Type: application/json;charset=UTF-8" \ 203 | "https://grafana.com/api/dashboards/13325/revisions/3/download" | sed '/-- .* --/! s/"datasource":.*,/"datasource": "Prometheus",/g'\ 204 | > "/var/lib/grafana/dashboards/devtron-provider/memory-usage.json" 205 | curl -skf \ 206 | --connect-timeout 60 \ 207 | --max-time 60 \ 208 | -H "Accept: application/json" \ 209 | -H "Content-Type: application/json;charset=UTF-8" \ 210 | "https://grafana.com/api/dashboards/13321/revisions/2/download" | sed '/-- .* --/! s/"datasource":.*,/"datasource": "Prometheus",/g'\ 211 | > "/var/lib/grafana/dashboards/devtron-provider/response-status.json" 212 | curl -skf \ 213 | --connect-timeout 60 \ 214 | --max-time 60 \ 215 | -H "Accept: application/json" \ 216 | -H "Content-Type: application/json;charset=UTF-8" \ 217 | "https://grafana.com/api/dashboards/13323/revisions/5/download" | sed '/-- .* --/! s/"datasource":.*,/"datasource": "Prometheus",/g'\ 218 | > "/var/lib/grafana/dashboards/devtron-provider/memory-usage-below-k8s1-15.json" 219 | curl -skf \ 220 | --connect-timeout 60 \ 221 | --max-time 60 \ 222 | -H "Accept: application/json" \ 223 | -H "Content-Type: application/json;charset=UTF-8" \ 224 | "https://grafana.com/api/dashboards/13324/revisions/3/download" | sed '/-- .* --/! s/"datasource":.*,/"datasource": "Prometheus",/g'\ 225 | > "/var/lib/grafana/dashboards/devtron-provider/cpu-usage-below-k8s1-15.json" 226 | --- 227 | # Source: grafana/templates/dashboards-json-configmap.yaml 228 | apiVersion: v1 229 | kind: ConfigMap 230 | metadata: 231 | name: devtron-grafana-dashboards-devtron-provider 232 | namespace: devtroncd 233 | labels: 234 | helm.sh/chart: grafana-6.1.0 235 | app.kubernetes.io/name: grafana 236 | app.kubernetes.io/instance: devtron 237 | app.kubernetes.io/version: "7.3.1" 238 | app.kubernetes.io/managed-by: Helm 239 | dashboard-provider: devtron-provider 240 | data: 241 | {} 242 | --- 243 | # Source: grafana/templates/tests/test-configmap.yaml 244 | apiVersion: v1 245 | kind: ConfigMap 246 | metadata: 247 | name: devtron-grafana-test 248 | namespace: devtroncd 249 | labels: 250 | helm.sh/chart: grafana-6.1.0 251 | app.kubernetes.io/name: grafana 252 | app.kubernetes.io/instance: devtron 253 | app.kubernetes.io/version: "7.3.1" 254 | app.kubernetes.io/managed-by: Helm 255 | data: 256 | run.sh: |- 257 | @test "Test Health" { 258 | url="http://devtron-grafana/api/health" 259 | 260 | code=$(wget --server-response --spider --timeout 10 --tries 1 ${url} 2>&1 | awk '/^ HTTP/{print $2}') 261 | [ "$code" == "200" ] 262 | } 263 | --- 264 | # Source: grafana/templates/pvc.yaml 265 | apiVersion: v1 266 | kind: PersistentVolumeClaim 267 | metadata: 268 | name: devtron-grafana 269 | namespace: devtroncd 270 | labels: 271 | helm.sh/chart: grafana-6.1.0 272 | app.kubernetes.io/name: grafana 273 | app.kubernetes.io/instance: devtron 274 | app.kubernetes.io/version: "7.3.1" 275 | app.kubernetes.io/managed-by: Helm 276 | finalizers: 277 | - kubernetes.io/pvc-protection 278 | spec: 279 | accessModes: 280 | - "ReadWriteOnce" 281 | resources: 282 | requests: 283 | storage: "20Gi" 284 | --- 285 | # Source: grafana/templates/clusterrole.yaml 286 | kind: ClusterRole 287 | apiVersion: rbac.authorization.k8s.io/v1 288 | metadata: 289 | labels: 290 | helm.sh/chart: grafana-6.1.0 291 | app.kubernetes.io/name: grafana 292 | app.kubernetes.io/instance: devtron 293 | app.kubernetes.io/version: "7.3.1" 294 | app.kubernetes.io/managed-by: Helm 295 | name: devtron-grafana-clusterrole 296 | rules: 297 | - apiGroups: [""] # "" indicates the core API group 298 | resources: ["configmaps", "secrets"] 299 | verbs: ["get", "watch", "list"] 300 | --- 301 | # Source: grafana/templates/clusterrolebinding.yaml 302 | kind: ClusterRoleBinding 303 | apiVersion: rbac.authorization.k8s.io/v1 304 | metadata: 305 | name: devtron-grafana-clusterrolebinding 306 | labels: 307 | helm.sh/chart: grafana-6.1.0 308 | app.kubernetes.io/name: grafana 309 | app.kubernetes.io/instance: devtron 310 | app.kubernetes.io/version: "7.3.1" 311 | app.kubernetes.io/managed-by: Helm 312 | subjects: 313 | - kind: ServiceAccount 314 | name: devtron-grafana 315 | namespace: devtroncd 316 | roleRef: 317 | kind: ClusterRole 318 | name: devtron-grafana-clusterrole 319 | apiGroup: rbac.authorization.k8s.io 320 | --- 321 | # Source: grafana/templates/role.yaml 322 | apiVersion: rbac.authorization.k8s.io/v1beta1 323 | kind: Role 324 | metadata: 325 | name: devtron-grafana 326 | namespace: devtroncd 327 | labels: 328 | helm.sh/chart: grafana-6.1.0 329 | app.kubernetes.io/name: grafana 330 | app.kubernetes.io/instance: devtron 331 | app.kubernetes.io/version: "7.3.1" 332 | app.kubernetes.io/managed-by: Helm 333 | rules: 334 | - apiGroups: ['extensions'] 335 | resources: ['podsecuritypolicies'] 336 | verbs: ['use'] 337 | resourceNames: [devtron-grafana] 338 | --- 339 | # Source: grafana/templates/tests/test-role.yaml 340 | apiVersion: rbac.authorization.k8s.io/v1 341 | kind: Role 342 | metadata: 343 | name: devtron-grafana-test 344 | namespace: devtroncd 345 | labels: 346 | helm.sh/chart: grafana-6.1.0 347 | app.kubernetes.io/name: grafana 348 | app.kubernetes.io/instance: devtron 349 | app.kubernetes.io/version: "7.3.1" 350 | app.kubernetes.io/managed-by: Helm 351 | rules: 352 | - apiGroups: ['policy'] 353 | resources: ['podsecuritypolicies'] 354 | verbs: ['use'] 355 | resourceNames: [devtron-grafana-test] 356 | --- 357 | # Source: grafana/templates/rolebinding.yaml 358 | apiVersion: rbac.authorization.k8s.io/v1beta1 359 | kind: RoleBinding 360 | metadata: 361 | name: devtron-grafana 362 | namespace: devtroncd 363 | labels: 364 | helm.sh/chart: grafana-6.1.0 365 | app.kubernetes.io/name: grafana 366 | app.kubernetes.io/instance: devtron 367 | app.kubernetes.io/version: "7.3.1" 368 | app.kubernetes.io/managed-by: Helm 369 | roleRef: 370 | apiGroup: rbac.authorization.k8s.io 371 | kind: Role 372 | name: devtron-grafana 373 | subjects: 374 | - kind: ServiceAccount 375 | name: devtron-grafana 376 | namespace: devtroncd 377 | --- 378 | # Source: grafana/templates/tests/test-rolebinding.yaml 379 | apiVersion: rbac.authorization.k8s.io/v1 380 | kind: RoleBinding 381 | metadata: 382 | name: devtron-grafana-test 383 | namespace: devtroncd 384 | labels: 385 | helm.sh/chart: grafana-6.1.0 386 | app.kubernetes.io/name: grafana 387 | app.kubernetes.io/instance: devtron 388 | app.kubernetes.io/version: "7.3.1" 389 | app.kubernetes.io/managed-by: Helm 390 | roleRef: 391 | apiGroup: rbac.authorization.k8s.io 392 | kind: Role 393 | name: devtron-grafana-test 394 | subjects: 395 | - kind: ServiceAccount 396 | name: devtron-grafana-test 397 | namespace: devtroncd 398 | --- 399 | # Source: grafana/templates/service.yaml 400 | apiVersion: v1 401 | kind: Service 402 | metadata: 403 | name: devtron-grafana 404 | namespace: devtroncd 405 | labels: 406 | helm.sh/chart: grafana-6.1.0 407 | app.kubernetes.io/name: grafana 408 | app.kubernetes.io/instance: devtron 409 | app.kubernetes.io/version: "7.3.1" 410 | app.kubernetes.io/managed-by: Helm 411 | spec: 412 | type: ClusterIP 413 | ports: 414 | - name: service 415 | port: 80 416 | protocol: TCP 417 | targetPort: 3000 418 | 419 | selector: 420 | app.kubernetes.io/name: grafana 421 | app.kubernetes.io/instance: devtron 422 | --- 423 | # Source: grafana/templates/deployment.yaml 424 | apiVersion: apps/v1 425 | kind: Deployment 426 | metadata: 427 | name: devtron-grafana 428 | namespace: devtroncd 429 | labels: 430 | helm.sh/chart: grafana-6.1.0 431 | app.kubernetes.io/name: grafana 432 | app.kubernetes.io/instance: devtron 433 | app.kubernetes.io/version: "7.3.1" 434 | app.kubernetes.io/managed-by: Helm 435 | spec: 436 | replicas: 1 437 | revisionHistoryLimit: 10 438 | selector: 439 | matchLabels: 440 | app.kubernetes.io/name: grafana 441 | app.kubernetes.io/instance: devtron 442 | strategy: 443 | type: RollingUpdate 444 | template: 445 | metadata: 446 | labels: 447 | app.kubernetes.io/name: grafana 448 | app.kubernetes.io/instance: devtron 449 | annotations: 450 | checksum/config: 89350704a21d833a1e123c16bc249c737f3b3aa48b3ef07cf0a32f1d05c44ef3 451 | checksum/dashboards-json-config: d14aa82dad8b17b12eead46c8a1f781fbe16244a909f25a3f24ac666e641e121 452 | checksum/sc-dashboard-provider-config: 140064eb60c97bcede797691712d8cf2c835d295c285d1c830fd5a7609c86d4f 453 | spec: 454 | 455 | serviceAccountName: devtron-grafana 456 | securityContext: 457 | fsGroup: 472 458 | runAsGroup: 472 459 | runAsUser: 472 460 | initContainers: 461 | - name: init-chown-data 462 | image: "busybox:1.31.1" 463 | imagePullPolicy: IfNotPresent 464 | securityContext: 465 | runAsNonRoot: false 466 | runAsUser: 0 467 | command: ["chown", "-R", "472:472", "/var/lib/grafana"] 468 | resources: 469 | {} 470 | volumeMounts: 471 | - name: storage 472 | mountPath: "/var/lib/grafana" 473 | - name: download-dashboards 474 | image: "curlimages/curl:7.73.0" 475 | imagePullPolicy: IfNotPresent 476 | command: ["/bin/sh"] 477 | args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh /etc/grafana/download_dashboards.sh" ] 478 | resources: 479 | {} 480 | env: 481 | volumeMounts: 482 | - name: config 483 | mountPath: "/etc/grafana/download_dashboards.sh" 484 | subPath: download_dashboards.sh 485 | - name: storage 486 | mountPath: "/var/lib/grafana" 487 | - name: grafana-sc-datasources 488 | image: "kiwigrid/k8s-sidecar:1.1.0" 489 | imagePullPolicy: IfNotPresent 490 | env: 491 | - name: METHOD 492 | value: LIST 493 | - name: LABEL 494 | value: "grafana_datasource" 495 | - name: FOLDER 496 | value: "/etc/grafana/provisioning/datasources" 497 | - name: RESOURCE 498 | value: "both" 499 | resources: 500 | {} 501 | volumeMounts: 502 | - name: sc-datasources-volume 503 | mountPath: "/etc/grafana/provisioning/datasources" 504 | containers: 505 | - name: grafana-sc-dashboard 506 | image: "kiwigrid/k8s-sidecar:1.1.0" 507 | imagePullPolicy: IfNotPresent 508 | env: 509 | - name: METHOD 510 | value: 511 | - name: LABEL 512 | value: "grafana_dashboard" 513 | - name: FOLDER 514 | value: "/tmp/dashboards" 515 | - name: RESOURCE 516 | value: "both" 517 | resources: 518 | {} 519 | volumeMounts: 520 | - name: sc-dashboard-volume 521 | mountPath: "/tmp/dashboards" 522 | - name: grafana 523 | image: "grafana/grafana:7.3.1" 524 | imagePullPolicy: IfNotPresent 525 | volumeMounts: 526 | - name: config 527 | mountPath: "/etc/grafana/grafana.ini" 528 | subPath: grafana.ini 529 | - name: storage 530 | mountPath: "/var/lib/grafana" 531 | - name: config 532 | mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" 533 | subPath: dashboardproviders.yaml 534 | - name: sc-dashboard-volume 535 | mountPath: "/tmp/dashboards" 536 | 537 | - name: sc-dashboard-provider 538 | mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml" 539 | subPath: provider.yaml 540 | - name: sc-datasources-volume 541 | mountPath: "/etc/grafana/provisioning/datasources" 542 | ports: 543 | - name: service 544 | containerPort: 80 545 | protocol: TCP 546 | - name: grafana 547 | containerPort: 3000 548 | protocol: TCP 549 | env: 550 | - name: GF_SECURITY_ADMIN_USER 551 | valueFrom: 552 | secretKeyRef: 553 | name: devtron-grafana-cred-secret 554 | key: admin-user 555 | - name: GF_SECURITY_ADMIN_PASSWORD 556 | valueFrom: 557 | secretKeyRef: 558 | name: devtron-grafana-cred-secret 559 | key: admin-password 560 | 561 | livenessProbe: 562 | failureThreshold: 10 563 | httpGet: 564 | path: /api/health 565 | port: 3000 566 | initialDelaySeconds: 60 567 | timeoutSeconds: 30 568 | readinessProbe: 569 | httpGet: 570 | path: /api/health 571 | port: 3000 572 | resources: 573 | limits: 574 | cpu: 300m 575 | memory: 400Mi 576 | requests: 577 | cpu: 300m 578 | memory: 400Mi 579 | volumes: 580 | - name: config 581 | configMap: 582 | name: devtron-grafana 583 | - name: dashboards-devtron-provider 584 | configMap: 585 | name: devtron-grafana-dashboards-devtron-provider 586 | - name: storage 587 | persistentVolumeClaim: 588 | claimName: devtron-grafana 589 | - name: sc-dashboard-volume 590 | emptyDir: {} 591 | - name: sc-dashboard-provider 592 | configMap: 593 | name: devtron-grafana-config-dashboards 594 | - name: sc-datasources-volume 595 | emptyDir: {} 596 | --- 597 | # Source: grafana/templates/ingress.yaml 598 | apiVersion: networking.k8s.io/v1beta1 599 | kind: Ingress 600 | metadata: 601 | name: devtron-grafana 602 | namespace: devtroncd 603 | labels: 604 | helm.sh/chart: grafana-6.1.0 605 | app.kubernetes.io/name: grafana 606 | app.kubernetes.io/instance: devtron 607 | app.kubernetes.io/version: "7.3.1" 608 | app.kubernetes.io/managed-by: Helm 609 | annotations: 610 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 611 | spec: 612 | rules: 613 | - host: 614 | http: 615 | paths: 616 | - path: /grafana 617 | backend: 618 | serviceName: devtron-grafana 619 | servicePort: 80 620 | --- 621 | # Source: grafana/templates/tests/test.yaml 622 | apiVersion: v1 623 | kind: Pod 624 | metadata: 625 | name: devtron-grafana-test 626 | labels: 627 | helm.sh/chart: grafana-6.1.0 628 | app.kubernetes.io/name: grafana 629 | app.kubernetes.io/instance: devtron 630 | app.kubernetes.io/version: "7.3.1" 631 | app.kubernetes.io/managed-by: Helm 632 | annotations: 633 | "helm.sh/hook": test-success 634 | namespace: devtroncd 635 | spec: 636 | serviceAccountName: devtron-grafana-test 637 | containers: 638 | - name: devtron-test 639 | image: "bats/bats:v1.1.0" 640 | imagePullPolicy: "IfNotPresent" 641 | command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"] 642 | volumeMounts: 643 | - mountPath: /tests 644 | name: tests 645 | readOnly: true 646 | volumes: 647 | - name: tests 648 | configMap: 649 | name: devtron-grafana-test 650 | restartPolicy: Never -------------------------------------------------------------------------------- /installation-script: -------------------------------------------------------------------------------- 1 | LTAG="main"; 2 | REPO_RAW_URL="https://raw.githubusercontent.com/devtron-labs/devtron-installation-script/"; 3 | 4 | operatorSecret = kubectl get secret -n devtroncd devtron-operator-secret; 5 | operatorConfigMap = kubectl get cm -n devtroncd devtron-operator-cm; 6 | postgresqlPassword = jsonSelect(operatorSecret, "data.POSTGRESQL_PASSWORD"); 7 | acdPassword = jsonSelect(operatorSecret, "data.ACD_PASSWORD"); 8 | webHookToken = jsonSelect(operatorSecret, "data.WEBHOOK_TOKEN"); 9 | grafanaPassword = jsonSelect(operatorSecret, "data.GRAFANA_PASSWORD"); 10 | azureAccountKey = jsonSelect(operatorSecret, "data.AZURE_ACCOUNT_KEY"); 11 | 12 | baseURLScheme = jsonSelect(operatorConfigMap, "data.BASE_URL_SCHEME"); 13 | baseURL = jsonSelect(operatorConfigMap, "data.BASE_URL"); 14 | dexConfig = jsonSelect(operatorConfigMap, "data.DEX_CONFIG"); 15 | defaultCDLogsBucketRegion = jsonSelect(operatorConfigMap, "data.DEFAULT_CD_LOGS_BUCKET_REGION"); 16 | defaultCacheBucket = jsonSelect(operatorConfigMap, "data.DEFAULT_CACHE_BUCKET"); 17 | defaultCacheBucketRegion = jsonSelect(operatorConfigMap, "data.DEFAULT_CACHE_BUCKET_REGION"); 18 | defaultBuildLogsBucket = jsonSelect(operatorConfigMap, "data.DEFAULT_BUILD_LOGS_BUCKET"); 19 | externalSecretAmazonRegion = jsonSelect(operatorConfigMap, "data.EXTERNAL_SECRET_AMAZON_REGION"); 20 | prometheusUrl = jsonSelect(operatorConfigMap, "data.PROMETHEUS_URL"); 21 | setupDevtronIngress = jsonSelect(operatorConfigMap, "data.ENABLE_INGRESS"); 22 | devtronIngressAnnotations = jsonSelect(operatorConfigMap, "data.INGRESS_ANNOTATIONS"); 23 | 24 | cloudProvider = jsonSelect(operatorConfigMap, "data.BLOB_STORAGE_PROVIDER"); 25 | azureAccountName = jsonSelect(operatorConfigMap, "data.AZURE_ACCOUNT_NAME"); 26 | azureBlobContainerCiLog = jsonSelect(operatorConfigMap, "data.AZURE_BLOB_CONTAINER_CI_LOG"); 27 | azureBlobContainerCiCache = jsonSelect(operatorConfigMap, "data.AZURE_BLOB_CONTAINER_CI_CACHE"); 28 | 29 | passwordGen = `#!/bin/bash 30 | openssl rand -base64 20 | base64 | tr -d ':\n' | tr -d '=' | base64 | tr -d ':\n'`; 31 | 32 | shebang = `#!/bin/bash 33 | `; 34 | sleep50 = shebang + ` 35 | sleep 50`; 36 | 37 | base64EncoderPrefix = `#!/bin/bash 38 | `; 39 | base64EncoderSuffix = ` | base64 | tr -d ':\n'`; 40 | 41 | base64DecoderPrefix = `#!/bin/bash 42 | `; 43 | base64DecoderSuffix = ` | base64 -d | tr -d ':\n'`; 44 | 45 | if !postgresqlPassword { 46 | postgresqlPassword = shellScript passwordGen; 47 | } 48 | if !baseURL { 49 | log("baseURL is mandatory"); 50 | } 51 | 52 | ######Generating raw urls 53 | argocd_raw = REPO_RAW_URL + LTAG + "/yamls/argocd.yaml"; 54 | clair_raw = REPO_RAW_URL + LTAG + "/yamls/clair.yaml"; 55 | clairConfig_raw = REPO_RAW_URL + LTAG + "/yamls/clair-config.yaml"; 56 | dashboard_raw = REPO_RAW_URL + LTAG + "/yamls/dashboard.yaml"; 57 | gitSensor_raw = REPO_RAW_URL + LTAG + "/yamls/gitsensor.yaml"; 58 | guard_raw = REPO_RAW_URL + LTAG + "/yamls/guard.yaml"; 59 | postgresql_raw = REPO_RAW_URL + LTAG + "/yamls/postgresql.yaml"; 60 | imageScanner_raw = REPO_RAW_URL + LTAG + "/yamls/image-scanner.yaml"; 61 | kubewatch_raw = REPO_RAW_URL + LTAG + "/yamls/kubewatch.yaml"; 62 | lens_raw = REPO_RAW_URL + LTAG + "/yamls/lens.yaml"; 63 | migrator_raw = REPO_RAW_URL + LTAG + "/yamls/migrator.yaml"; 64 | natsOperator_raw = REPO_RAW_URL + LTAG + "/yamls/nats-operator.yaml"; 65 | natsServer_raw = REPO_RAW_URL + LTAG + "/yamls/nats-server.yaml"; 66 | natsStreaming_raw = REPO_RAW_URL + LTAG + "/yamls/nats-streaming.yaml"; 67 | notifier_raw = REPO_RAW_URL + LTAG + "/yamls/notifier.yaml"; 68 | devtron_raw = REPO_RAW_URL + LTAG + "/yamls/devtron.yaml"; 69 | devtronDexIngress_raw = REPO_RAW_URL + LTAG + "/yamls/devtron-dex-ingress.yaml"; 70 | workflow_raw = REPO_RAW_URL + LTAG + "/yamls/workflow.yaml"; 71 | serviceAccount_raw = REPO_RAW_URL + LTAG + "/yamls/serviceaccount.yaml"; 72 | namespace_raw = REPO_RAW_URL + LTAG + "/yamls/namespace.yaml"; 73 | externalSecret_raw = REPO_RAW_URL + LTAG + "/yamls/external-secret.yaml"; 74 | grafana_raw = REPO_RAW_URL + LTAG + "/yamls/grafana.yaml"; 75 | rollout_raw = REPO_RAW_URL + LTAG + "/yamls/rollout.yaml"; 76 | minio_raw = REPO_RAW_URL + LTAG + "/yamls/minio.yaml"; 77 | minioStorage_raw = REPO_RAW_URL + LTAG + "/yamls/minio-storage.yaml"; 78 | 79 | ######Downloading the manifests 80 | argocd = download(argocd_raw); 81 | clair = download(clair_raw); 82 | clairConfig = download(clairConfig_raw); 83 | dashboard = download(dashboard_raw); 84 | gitSensor = download(gitSensor_raw); 85 | guard = download(guard_raw); 86 | postgresql = download(postgresql_raw); 87 | imageScanner = download(imageScanner_raw); 88 | kubewatch = download(kubewatch_raw); 89 | lens = download(lens_raw); 90 | migrator = download(migrator_raw); 91 | natsOperator = download(natsOperator_raw); 92 | natsServer = download(natsServer_raw); 93 | natsStreaming = download(natsStreaming_raw); 94 | notifier = download(notifier_raw); 95 | devtron = download(devtron_raw); 96 | devtronDexIngress = download(devtronDexIngress_raw); 97 | workflow = download(workflow_raw); 98 | serviceAccount = download(serviceAccount_raw); 99 | namespace = download(namespace_raw); 100 | externalSecret = download(externalSecret_raw); 101 | grafana = download(grafana_raw); 102 | rollout = download(rollout_raw); 103 | minio = download(minio_raw); 104 | minioStorage = download(minioStorage_raw); 105 | 106 | ######Downloading the manifests 107 | 108 | argocdOverride = kubectl get cm -n devtroncd argocd-override-cm; 109 | clairOverride = kubectl get cm -n devtroncd clair-override-cm; 110 | clairConfigOverride = kubectl get cm -n devtroncd clair-config-override-cm; 111 | dashboardOverride = kubectl get cm -n devtroncd dashboard-override-cm; 112 | gitSensorOverride = kubectl get cm -n devtroncd git-sensor-override-cm; 113 | guardOverride = kubectl get cm -n devtroncd guard-override-cm; 114 | postgresqlOverride = kubectl get cm -n devtroncd postgresql-override-cm; 115 | imageScannerOverride = kubectl get cm -n devtroncd image-scanner-override-cm; 116 | kubewatchOverride = kubectl get cm -n devtroncd kubewatch-override-cm; 117 | lensOverride = kubectl get cm -n devtroncd lens-override-cm; 118 | migratorOverride = kubectl get cm -n devtroncd migrator-override-cm; 119 | natsOperatorOverride = kubectl get cm -n devtroncd nats-operator-override-cm; 120 | natsServerOverride = kubectl get cm -n devtroncd nats-server-override-cm; 121 | natsStreamingOverride = kubectl get cm -n devtroncd nats-streaming-override-cm; 122 | notifierOverride = kubectl get cm -n devtroncd notifier-override-cm; 123 | devtronOverride = kubectl get cm -n devtroncd devtron-override-cm; 124 | devtronDexIngressOverride = kubectl get cm -n devtroncd devtron-dex-ingress-override-cm; 125 | workflowOverride = kubectl get cm -n devtroncd workflow-override-cm; 126 | serviceAccountOverride = kubectl get cm -n devtroncd devtron-service-account-override-cm; 127 | namespaceOverride = kubectl get cm -n devtroncd namespace-override-cm; 128 | externalSecretOverride = kubectl get cm -n devtroncd external-secret-override-cm; 129 | grafanaOverride = kubectl get cm -n devtroncd grafana-override-cm; 130 | rolloutOverride = kubectl get cm -n devtroncd rollout-override-cm; 131 | minioOverride = kubectl get cm -n devtroncd minio-override-cm; 132 | minioStorageOverride = kubectl get cm -n devtroncd minio-storage-override-cm; 133 | 134 | 135 | argocdOverride = jsonSelect(argocdOverride, "data.override"); 136 | clairOverride = jsonSelect(clairOverride, "data.override"); 137 | clairConfigOverride = jsonSelect(clairConfigOverride, "data.override"); 138 | dashboardOverride = jsonSelect(dashboardOverride, "data.override"); 139 | gitSensorOverride = jsonSelect(gitSensorOverride, "data.override"); 140 | guardOverride = jsonSelect(guardOverride, "data.override"); 141 | postgresqlOverride = jsonSelect(postgresqlOverride, "data.override"); 142 | imageScannerOverride = jsonSelect(imageScannerOverride, "data.override"); 143 | kubewatchOverride = jsonSelect(kubewatchOverride, "data.override"); 144 | lensOverride = jsonSelect(lensOverride, "data.override"); 145 | migratorOverride = jsonSelect(migratorOverride, "data.override"); 146 | natsOperatorOverride = jsonSelect(natsOperatorOverride, "data.override"); 147 | natsServerOverride = jsonSelect(natsServerOverride, "data.override"); 148 | natsStreamingOverride = jsonSelect(natsStreamingOverride, "data.override"); 149 | notifierOverride = jsonSelect(notifierOverride, "data.override"); 150 | devtronOverride = jsonSelect(devtronOverride, "data.override"); 151 | devtronDexIngressOverride = jsonSelect(devtronDexIngressOverride, "data.override"); 152 | workflowOverride = jsonSelect(workflowOverride, "data.override"); 153 | serviceAccountOverride = jsonSelect(serviceAccountOverride, "data.override"); 154 | namespaceOverride = jsonSelect(namespaceOverride, "data.override"); 155 | grafanaOverride = jsonSelect(grafanaOverride, "data.override"); 156 | rolloutOverride = jsonSelect(rolloutOverride, "data.override"); 157 | minioOverride = jsonSelect(minioOverride, "data.override"); 158 | minioStorageOverride = jsonSelect(minioStorageOverride, "data.override"); 159 | 160 | #minio start 161 | hasMinio = kubectl get sts devtron-minio -n devtroncd; 162 | minioAccesskey = ""; 163 | minioSecretkey = ""; 164 | minioEndpoint = "http://devtron-minio.devtroncd:9000"; 165 | 166 | if cloudProvider=="AZURE" { 167 | azureAccountNameEncoded = base64EncoderPrefix + `echo "` + azureAccountName + `" | tr -d ':\n' ` + base64EncoderSuffix; 168 | azureAccountNameEncoded = shellScript azureAccountNameEncoded; 169 | kubeYamlEdit(minio, "data.accesskey", azureAccountNameEncoded, `/Secret//devtron-minio`); 170 | kubeYamlEdit(minio, "data.secretkey", azureAccountKey, `/Secret//devtron-minio`); 171 | minio = kubectl apply -n devtroncd minio; 172 | log("executed minio setup"); 173 | } else if cloudProvider=="MINIO" && !hasMinio { 174 | log("no minio"); 175 | minioAccesskey = shellScript passwordGen; 176 | minioSecretkey = shellScript passwordGen; 177 | kubeYamlEdit(minioStorage, "data.accesskey", minioAccesskey, `/Secret//devtron-minio`); 178 | kubeYamlEdit(minioStorage, "data.secretkey", minioSecretkey, `/Secret//devtron-minio`); 179 | minioStorage = kubectl apply -n devtroncd minioStorage ; 180 | 181 | } else if cloudProvider=="MINIO" && hasMinio { 182 | log("has minio"); 183 | minioSecret = kubectl get secret devtron-minio -n devtroncd; 184 | minioAccesskey = jsonSelect(minioSecret, "data.accesskey"); 185 | minioSecretkey = jsonSelect(minioSecret, "data.secretkey"); 186 | log(minioSecret); 187 | log("===================="); 188 | } 189 | 190 | if cloudProvider=="MINIO"{ 191 | kubeYamlEdit(devtron, "data.MINIO_ACCESS_KEY", minioAccesskey, `/Secret//devtron-secret`); 192 | kubeYamlEdit(devtron, "data.MINIO_SECRET_KEY", minioSecretkey, `/Secret//devtron-secret`); 193 | kubeYamlEdit(devtron, "data.MINIO_ENDPOINT", minioEndpoint, `/ConfigMap//devtron-cm`); 194 | } 195 | 196 | # minio end 197 | 198 | #grafana 199 | grafanaSecret = kubectl get -n devtroncd secret devtron-grafana-cred-secret; 200 | hasgrafana = kubectl get -n devtroncd deployment devtron-grafana; 201 | grafanaPassword = jsonSelect(grafanaSecret, "data.admin-password"); 202 | if !grafanaPassword { 203 | log ("not found"); 204 | grafanaPassword = shellScript passwordGen; 205 | } 206 | grafanaPasswordPlain = base64DecoderPrefix + `echo "` + grafanaPassword + `" | tr -d ':\n' ` + base64DecoderSuffix; 207 | grafanaPasswordPlain = shellScript grafanaPasswordPlain; 208 | kubeYamlEdit(grafana, "data.admin-password", grafanaPassword, `/Secret//devtron-grafana-cred-secret`); 209 | grafanaUrl = baseURLScheme + "://%s:%s@" + baseURL + "/grafana"; 210 | grafanaUrlWithPwd = baseURLScheme + "://admin:"+ grafanaPasswordPlain + "@" + baseURL + "/grafana"; 211 | 212 | grafanaIni = `[analytics] 213 | check_for_updates = true 214 | [auth.anonymous] 215 | enabled = true 216 | org_name = devtron-metrics-view 217 | org_role = Viewer 218 | [grafana_net] 219 | url = https://grafana.net 220 | [log] 221 | mode = console 222 | [paths] 223 | data = /var/lib/grafana/data 224 | logs = /var/log/grafana 225 | plugins = /var/lib/grafana/plugins 226 | provisioning = /etc/grafana/provisioning 227 | [security] 228 | allow_embedding = true 229 | [server] 230 | root_url = ` + baseURLScheme + "://" + baseURL + `/grafana 231 | serve_from_sub_path = true 232 | [users] 233 | allow_org_create = true 234 | `; 235 | kubeYamlEdit(grafana, `data.grafana\.ini`, grafanaIni, `/ConfigMap/devtroncd/devtron-grafana`); 236 | grafana = kubectl apply -n devtroncd grafana -u grafanaOverride; 237 | log("setup grafana"); 238 | 239 | if !hasgrafana { 240 | createOrgScript = shebang + ` 241 | sleep 50 242 | ORG_ID=$( curl -d '{"name":"devtron-metrics-view"}' -H "Content-Type: application/json" -X POST '` + grafanaUrlWithPwd + `/api/orgs' ) 243 | echo $ORG_ID 244 | `; 245 | createOrg = shellScript createOrgScript; 246 | log("created org " + createOrg); 247 | 248 | orgId = jsonSelect(createOrg, "orgId"); 249 | if !orgId { 250 | orgId = "2"; 251 | } 252 | 253 | activeOrgScript = shebang + ` 254 | curl -X POST '` + grafanaUrlWithPwd + `/api/user/using/` + orgId +`'`; 255 | activeOrg = shellScript activeOrgScript; 256 | log("activated org"); 257 | 258 | setPreferenceScript = shebang + ` 259 | curl -X PUT -H "Content-Type: application/json" -d '{"homeDashboardId":0,"theme":"light","timezone":"browser"}' '`+ grafanaUrlWithPwd + `/api/org/preferences'`; 260 | setPreference = shellScript setPreferenceScript; 261 | log("set preference"); 262 | 263 | prometheusDatasourceScript = shebang + ` 264 | curl '` + grafanaUrlWithPwd + `/api/datasources' \ 265 | -H 'content-type: application/json' \ 266 | -H 'x-grafana-org-id: ` + orgId + `' \ 267 | --data-raw '{"name":"Prometheus-devtron","type":"prometheus","access":"proxy","isDefault":true}' 268 | `; 269 | prometheusDatasource = shellScript prometheusDatasourceScript; 270 | log("data source setup step 1"); 271 | 272 | datasourceId = jsonSelect(prometheusDatasource, "datasource.id"); 273 | log("datasource id " + datasourceId); 274 | 275 | prometheusDatasourceScriptUpdate = shebang + ` 276 | curl '` + grafanaUrlWithPwd + `/api/datasources/` + datasourceId + `' -X PUT \ 277 | -H 'content-type: application/json' \ 278 | -H 'x-grafana-org-id: ` + orgId + `' \ 279 | --data-raw '{"id":` + datasourceId +` , 280 | "orgId":` + orgId + `, 281 | "name":"Prometheus-devtron","type":"prometheus","access":"proxy", 282 | "url":"` + prometheusUrl + `", 283 | "basicAuth":true,"jsonData":{},"version":1}' 284 | `; 285 | prometheusDatasourceUpdate = shellScript prometheusDatasourceScriptUpdate; 286 | log("data source setup step 2"); 287 | 288 | grafanaDashboardProvider = ` 289 | apiVersion: 1 290 | providers: 291 | - disableDeletion: true 292 | editable: false 293 | folder: "" 294 | name: devtron-provider 295 | options: 296 | path: /var/lib/grafana/dashboards/devtron-provider 297 | orgId: `+ orgId + ` 298 | type: file 299 | `; 300 | 301 | grafanaCm = kubectl get -n devtroncd cm devtron-grafana; 302 | jsonEdit(grafanaCm, `data.dashboardproviders\.yaml`, grafanaDashboardProvider); 303 | grafanaCm = kubectl apply -n devtroncd grafanaCm; 304 | log("setup up grafana cm with provider yaml"); 305 | 306 | allDevtroncdPo = kubectl get po -n devtroncd; 307 | grafanaPodnamePattern = `items.#(metadata.name%"devtron-grafana*").metadata.name`; 308 | grafanaPodname = jsonSelect(allDevtroncdPo, grafanaPodnamePattern); 309 | grafanaPoddelete = kubectl delete -n devtroncd po grafanaPodname; 310 | log("deleted grafana pod to reload configmap"); 311 | } 312 | 313 | namespaces = kubectl apply namespace; 314 | log("created namespaces"); 315 | sa = kubectl apply serviceAccount; 316 | log("created service account"); 317 | 318 | #externalSecret 319 | externalSecretAmazonRegion = base64EncoderPrefix + `echo "` + externalSecretAmazonRegion + `" | tr -d ':\n' ` + base64EncoderSuffix; 320 | externalSecretAmazonRegion = shellScript externalSecretAmazonRegion; 321 | kubeYamlEdit(externalSecret, "data.AWS_REGION", externalSecretAmazonRegion, `/Secret//devtron-kubernetes-external-secret`); 322 | externalSecret = kubectl apply -n devtroncd externalSecret -u externalSecretOverride; 323 | log("created external secret"); 324 | 325 | #postgresql 326 | # if postgres already installed skip installation 327 | hasPostgresql = kubectl get sts postgresql-postgresql -n devtroncd; 328 | if !hasPostgresql { 329 | kubeYamlEdit(postgresql, "data.postgresql-password", postgresqlPassword, `/Secret//postgresql-postgresql`); 330 | postgresql = kubectl apply -n devtroncd postgresql -u postgresqlOverride; 331 | log("created postgresql"); 332 | } 333 | #argocd 334 | hasArgocd = kubectl get deployment argocd-server -n devtroncd; 335 | 336 | helmRepo = `- name: incubator 337 | type: helm 338 | url: https://charts.helm.sh/incubator 339 | - name: devtron-charts 340 | type: helm 341 | url: https://devtron-charts.s3.us-east-2.amazonaws.com/charts 342 | - name: stable 343 | type: helm 344 | url: https://charts.helm.sh/stable`; 345 | 346 | kubeYamlEdit(argocd, `data.repositories`, helmRepo, `/ConfigMap//argocd-cm` ); 347 | kubeYamlEdit(argocd, "data.url", baseURLScheme + "://" + baseURL, `/ConfigMap//argocd-cm`); 348 | if dexConfig { 349 | kubeYamlEdit(argocd, `data.dex\.config`, dexConfig, `/ConfigMap//argocd-cm`); 350 | } 351 | 352 | kubeYamlEdit(argocd, `data.policy\.default`, `role:admin`, `/ConfigMap//argocd-rbac-cm`); 353 | # patchLoad = '{"data":{"url":"' + baseURL + '", "dex.config:"' + dexConfig + '}}'; 354 | # pa = kubectl patch -n devtroncd cm/argocd-cm --type "application/merge-patch+json" -p patchLoad; 355 | 356 | kubeYamlEdit(argocd, `subjects.0.namespace`, "devtroncd", `rbac.authorization.k8s.io/ClusterRoleBinding//argocd-application-controller`); 357 | kubeYamlEdit(argocd, `subjects.0.namespace`, "devtroncd", `rbac.authorization.k8s.io/ClusterRoleBinding//argocd-server`); 358 | if hasArgocd { 359 | kubeYamlDelete(argocd, filter=`/ConfigMap//argocd-cm`); 360 | kubeYamlDelete(argocd, filter=`/ConfigMap//argocd-rbac-cm`); 361 | kubeYamlDelete(argocd, filter=`/Secret//argocd-secret`); 362 | kubeYamlDelete(argocd, filter=`/ConfigMap//argocd-ssh-known-hosts-cm`); 363 | kubeYamlDelete(argocd, filter=`/ConfigMap//argocd-tls-certs-cm`); 364 | } 365 | argocd = kubectl apply -n devtroncd argocd -u argocdOverride; 366 | #patchLoad = '{"data":{"url":"' + baseURL + '", "dex.config:"' + dexConfig + '}}'; 367 | #pa = kubectl patch -n devtroncd cm/argocd-cm --type "application/merge-patch+json" -p patchLoad; 368 | log("executed argocd setup command"); 369 | 370 | #rollout 371 | rollout = kubectl apply -n devtroncd rollout -u rolloutOverride; 372 | log("executed rollout setup command"); 373 | 374 | #git-sensor 375 | kubeYamlEdit(gitSensor, "data.PG_PASSWORD", postgresqlPassword, `/Secret//git-sensor-secret`); 376 | 377 | #notifier 378 | kubeYamlEdit(notifier, "data.DB_PWD", postgresqlPassword, `/Secret//notifier-secret`); 379 | kubeYamlEdit(notifier, "data.BASE_URL", baseURLScheme + "://" + baseURL, `/ConfigMap//notifier-cm`); 380 | 381 | #image-scanner 382 | kubeYamlEdit(imageScanner, "data.PG_PASSWORD", postgresqlPassword, `/Secret//image-scanner-secret`); 383 | 384 | #lens 385 | kubeYamlEdit(lens, "data.PG_PASSWORD", postgresqlPassword, `/Secret//lens-secret`); 386 | 387 | #migrator 388 | #delete migrator job 389 | migDelete = kubectl delete -n devtroncd job postgresql-migrate-devtron postgresql-migrate-casbin postgresql-migrate-gitsensor postgresql-migrate-lens; 390 | if !migDelete { 391 | log("migration job deletion failed"); 392 | } 393 | kubeYamlEdit(migrator, "data.DB_PASSWORD", postgresqlPassword, `/Secret//postgresql-migrator`); 394 | migrator = kubectl apply -n devtroncd migrator -u migratorOverride; 395 | log("executed migrator setup command"); 396 | 397 | #nats 398 | natsOperator = kubectl apply -n devtroncd natsOperator -u natsOperatorOverride; 399 | log("executed nats operator setup"); 400 | ignore = shellScript sleep50; 401 | natsServer = kubectl apply -n devtroncd natsServer -u natsServerOverride; 402 | log("executed nats server setup"); 403 | natsStreaming = kubectl apply -n devtroncd natsStreaming -u natsStreamingOverride; 404 | log("executed nats streaming setup"); 405 | 406 | #guard 407 | makeCertsDir = `#!/bin/bash 408 | mkdir -p /tmp/certs`; 409 | makeCertsDir = shellScript makeCertsDir; 410 | 411 | ######Generating raw urls 412 | certGen_raw = REPO_RAW_URL + LTAG + "/generate_certificate.sh"; 413 | grumpyConfig_raw = REPO_RAW_URL + LTAG + "/grumpy_config.txt"; 414 | caConfig_raw = REPO_RAW_URL + LTAG + "/ca_config.txt"; 415 | 416 | ######Downloading the manifests 417 | certGen = download(certGen_raw); 418 | grumpyConfig = download(grumpyConfig_raw, "/tmp/certs/grumpy_config.txt"); 419 | caConfig = download(caConfig_raw, "/tmp/certs/ca_config.txt"); 420 | 421 | certs = shellScript certGen; 422 | crt = base64EncoderPrefix + "cat /tmp/certs/grumpy-crt.pem" + base64EncoderSuffix; 423 | crt = shellScript crt; 424 | key = base64EncoderPrefix + "cat /tmp/certs/grumpy-key.pem" + base64EncoderSuffix; 425 | key = shellScript key; 426 | cacrt = base64EncoderPrefix + "cat /tmp/certs/ca.crt" + base64EncoderSuffix; 427 | cacrt = shellScript cacrt; 428 | kubeYamlEdit(guard, `data.cert\.pem`, crt, `/Secret//guard-secret`); 429 | kubeYamlEdit(guard, `data.key\.pem`, key, `/Secret//guard-secret`); 430 | kubeYamlEdit(guard, "webhooks.0.clientConfig.caBundle", cacrt, `admissionregistration.k8s.io/ValidatingWebhookConfiguration//grumpy`); 431 | 432 | # devtron 433 | hasDevtron = kubectl get deployment "devtron" -n devtroncd; 434 | orchToken = shellScript passwordGen; 435 | webHookToken = shellScript passwordGen; 436 | dexSecret = shellScript passwordGen; 437 | dexJwtKey = shellScript passwordGen; 438 | dexCStoreKey = shellScript passwordGen; 439 | externalCIAPISecret = shellScript passwordGen; 440 | 441 | kubeYamlEdit(devtron, "data.PG_PASSWORD", postgresqlPassword, `/Secret//devtron-secret`); 442 | if cloudProvider=="AZURE" { 443 | kubeYamlEdit(devtron, "data.AZURE_ACCOUNT_KEY", azureAccountKey, `/Secret//devtron-secret`); 444 | } 445 | 446 | #fix this, as this will result in fields getting changed, if exists then we need to pull existing values and apply again 447 | 448 | # populate acd password 449 | allDevtroncdPo = kubectl get po -n devtroncd; 450 | argocdPodNameSelector = `items.#(metadata.labels.app\.kubernetes\.io/name=="argocd-server").metadata.name`; 451 | acdPassword = jsonSelect(allDevtroncdPo, argocdPodNameSelector); 452 | acdPassword = base64EncoderPrefix + `echo "` + acdPassword + `" | tr -d ':\n' ` + base64EncoderSuffix; 453 | acdPassword = shellScript acdPassword; 454 | 455 | if hasDevtron { 456 | devtronSecret = kubectl get secret -n devtroncd devtron-secret; 457 | texternalCIAPISecret = jsonSelect(devtronSecret, "data.EXTERNAL_CI_API_SECRET"); 458 | if texternalCIAPISecret { 459 | externalCIAPISecret = texternalCIAPISecret; 460 | } 461 | twebHookToken = jsonSelect(devtronSecret, "data.WEBHOOK_TOKEN"); 462 | if twebHookToken { 463 | webHookToken = twebHookToken; 464 | } 465 | torchToken = jsonSelect(devtronSecret, "data.ORCH_TOKEN"); 466 | if torchToken { 467 | orchToken = torchToken; 468 | } 469 | tdexSecret = jsonSelect(devtronSecret, "data.DEX_SECRET"); 470 | if tdexSecret { 471 | dexSecret = tdexSecret; 472 | } 473 | tdexJwtKey = jsonSelect(devtronSecret, "data.DEX_JWTKEY"); 474 | if tdexJwtKey { 475 | dexJwtKey = tdexJwtKey; 476 | } 477 | tdexCStoreKey = jsonSelect(devtronSecret, "data.DEX_CSTOREKEY"); 478 | if tdexCStoreKey { 479 | dexCStoreKey = tdexCStoreKey; 480 | } 481 | tacdPassword = jsonSelect(devtronSecret, "data.ACD_PASSWORD"); 482 | if tacdPassword { 483 | acdPassword = tacdPassword; 484 | } 485 | } 486 | 487 | 488 | kubeYamlEdit(devtron, "data.EXTERNAL_CI_API_SECRET", externalCIAPISecret, `/Secret//devtron-secret`); 489 | kubeYamlEdit(devtron, "data.WEBHOOK_TOKEN", webHookToken, `/Secret//devtron-secret`); 490 | kubeYamlEdit(devtron, "data.ORCH_TOKEN", orchToken, `/Secret//devtron-secret`); 491 | kubeYamlEdit(devtron, "data.DEX_SECRET", dexSecret, `/Secret//devtron-secret`); 492 | kubeYamlEdit(devtron, "data.DEX_JWTKEY", dexJwtKey, `/Secret//devtron-secret`); 493 | kubeYamlEdit(devtron, "data.DEX_CSTOREKEY", dexCStoreKey, `/Secret//devtron-secret`); 494 | kubeYamlEdit(devtron, "data.ACD_PASSWORD", acdPassword, `/Secret//devtron-secret`); 495 | kubeYamlEdit(devtron, "data.GRAFANA_PASSWORD", grafanaPassword, `/Secret//devtron-secret`); 496 | 497 | 498 | kubeYamlEdit(devtron, "data.EXTERNAL_CI_WEB_HOOK_URL", baseURLScheme + "://" + baseURL+"/orchestrator/webhook/ext-ci", `/ConfigMap//devtron-cm`); 499 | kubeYamlEdit(devtron, "data.DEFAULT_CD_LOGS_BUCKET_REGION", defaultCDLogsBucketRegion, `/ConfigMap//devtron-cm`); 500 | kubeYamlEdit(devtron, "data.DEFAULT_CACHE_BUCKET", defaultCacheBucket, `/ConfigMap//devtron-cm`); 501 | kubeYamlEdit(devtron, "data.DEFAULT_CACHE_BUCKET_REGION", defaultCacheBucketRegion, `/ConfigMap//devtron-cm`); 502 | kubeYamlEdit(devtron, "data.DEFAULT_BUILD_LOGS_BUCKET", defaultBuildLogsBucket, `/ConfigMap//devtron-cm`); 503 | kubeYamlEdit(devtron, "data.GRAFANA_URL", grafanaUrl, `/ConfigMap//devtron-cm`); 504 | 505 | # set default cloud provider 506 | if !cloudProvider { 507 | cloudProvider="S3"; 508 | } 509 | kubeYamlEdit(devtron, "data.BLOB_STORAGE_PROVIDER", cloudProvider, `/ConfigMap//devtron-cm`); 510 | 511 | if cloudProvider=="AZURE" { 512 | kubeYamlEdit(devtron, "data.AZURE_ACCOUNT_NAME", azureAccountName, `/ConfigMap//devtron-cm`); 513 | kubeYamlEdit(devtron, "data.AZURE_BLOB_CONTAINER_CI_LOG", azureBlobContainerCiLog, `/ConfigMap//devtron-cm`); 514 | kubeYamlEdit(devtron, "data.AZURE_BLOB_CONTAINER_CI_CACHE", azureBlobContainerCiCache, `/ConfigMap//devtron-cm`); 515 | } 516 | 517 | 518 | externaSecretRegion = `env: 519 | AWS_REGION: ` + externalSecretAmazonRegion; 520 | 521 | kubeYamlEdit(devtron, `data.dt-k8s-external-secrets\.yaml`, externaSecretRegion, `/ConfigMap//devtron-cluster-components`); 522 | 523 | if !setupDevtronIngress { 524 | kubeYamlEdit(devtron, "spec.type", "LoadBalancer", `/Service//devtron-service`); 525 | } 526 | 527 | devtron = kubectl apply -n devtroncd devtron -u devtronOverride; 528 | log("executed devtron setup"); 529 | 530 | if devtronIngressAnnotations { 531 | log("editing ingress"); 532 | kubeYamlEdit(devtronDexIngress, "metadata.annotations", devtronIngressAnnotations, `extensions/Ingress//devtron-ingress`, "asObject"); 533 | } 534 | 535 | if setupDevtronIngress { 536 | log("fetch ingress"); 537 | existingIngress = kubectl get -n devtroncd ing devtron-ingress; 538 | } 539 | 540 | if existingIngress { 541 | annotations = jsonSelect(existingIngress, "metadata.annotations"); 542 | } 543 | 544 | if annotations { 545 | kubeYamlEdit(devtronDexIngress, "metadata.annotations", annotations, `extensions/Ingress//devtron-ingress`, "asObject"); 546 | } 547 | 548 | if setupDevtronIngress { 549 | log("setup ingress"); 550 | devtronDexIngress = kubectl apply -n devtroncd devtronDexIngress -u devtronDexIngressOverride; 551 | } 552 | 553 | log("executed devtron ingress setup"); 554 | guard = kubectl apply -n devtroncd guard -u guardOverride; 555 | log("executed guard setup"); 556 | dashboard = kubectl apply -n devtroncd dashboard -u dashboardOverride; 557 | log("executed dashboard setup"); 558 | gitSensor = kubectl apply -n devtroncd gitSensor -u gitSensorOverride; 559 | log("executed git sensor setup"); 560 | imageScanner = kubectl apply -n devtroncd imageScanner -u imageScannerOverride; 561 | log("executed image scanner setup"); 562 | kubewatch = kubectl apply -n devtroncd kubewatch -u kubewatchOverride; 563 | log("executed kubewatch setup"); 564 | lens = kubectl apply -n devtroncd lens -u lensOverride; 565 | log("executed lens setup"); 566 | notifier = kubectl apply -n devtroncd notifier -u notifierOverride; 567 | log("executed notifier setup"); 568 | 569 | if cloudProvider=="AZURE" { 570 | # ---------------- workflow secret start 571 | workflowSecret = ` 572 | apiVersion: v1 573 | data: 574 | accessKey: `; 575 | workflowSecret = workflowSecret + azureAccountNameEncoded; 576 | workflowSecret = workflowSecret + ` 577 | secretKey: `; 578 | workflowSecret = workflowSecret + azureAccountKey; 579 | workflowSecret = workflowSecret + ` 580 | kind: Secret 581 | metadata: 582 | name: workflow-minio-cred 583 | namespace: devtron-ci 584 | type: Opaque 585 | `; 586 | #----------------- workflow secret end 587 | 588 | workflowSecret = kubectl apply workflowSecret; 589 | } 590 | 591 | if cloudProvider=="MINIO" { 592 | # ---------------- workflow secret start 593 | workflowSecret = ` 594 | apiVersion: v1 595 | data: 596 | accessKey: `; 597 | workflowSecret = workflowSecret + minioAccesskey; 598 | workflowSecret = workflowSecret + ` 599 | secretKey: `; 600 | workflowSecret = workflowSecret + minioSecretkey; 601 | workflowSecret = workflowSecret + ` 602 | kind: Secret 603 | metadata: 604 | name: workflow-minio-cred 605 | namespace: devtron-ci 606 | type: Opaque 607 | `; 608 | #----------------- workflow secret end 609 | 610 | workflowSecret = kubectl apply workflowSecret; 611 | } 612 | 613 | workflowConfig = `parallelism: 50 614 | artifactRepository: 615 | archiveLogs: true 616 | s3:`; 617 | 618 | if cloudProvider=="S3" { 619 | workflowConfig = workflowConfig +` 620 | endpoint: s3.amazonaws.com 621 | bucket: `; 622 | workflowConfig = workflowConfig + defaultBuildLogsBucket; 623 | workflowConfig = workflowConfig + ` 624 | region: `; 625 | workflowConfig = workflowConfig + defaultCacheBucketRegion; 626 | } else if cloudProvider=="AZURE"{ 627 | 628 | workflowConfig = workflowConfig +` 629 | bucket: `; 630 | workflowConfig = workflowConfig + azureBlobContainerCiLog; 631 | workflowConfig = workflowConfig +` 632 | insecure: true #omit for S3/GCS. Needed when minio runs without TLS 633 | accessKeySecret: #omit if accessing via AWS IAM 634 | name: workflow-minio-cred 635 | key: accessKey 636 | secretKeySecret: #omit if accessing via AWS IAM 637 | name: workflow-minio-cred 638 | key: secretKey 639 | endpoint: devtron-minio.devtroncd:9000`; 640 | }else if cloudProvider=="MINIO"{ 641 | 642 | workflowConfig = workflowConfig +` 643 | bucket: `; 644 | workflowConfig = workflowConfig + defaultBuildLogsBucket; 645 | workflowConfig = workflowConfig +` 646 | insecure: true #omit for S3/GCS. Needed when minio runs without TLS 647 | accessKeySecret: #omit if accessing via AWS IAM 648 | name: workflow-minio-cred 649 | key: accessKey 650 | secretKeySecret: #omit if accessing via AWS IAM 651 | name: workflow-minio-cred 652 | key: secretKey 653 | endpoint: devtron-minio.devtroncd:9000`; 654 | } 655 | 656 | 657 | workflowConfig = workflowConfig + ` 658 | keyFormat: devtron/{{workflow.name}} 659 | containerRuntimeExecutor: pns 660 | executor: 661 | imagePullPolicy: Always`; 662 | kubeYamlEdit(workflow, "data.config", workflowConfig, `/ConfigMap//workflow-controller-configmap`); 663 | workflow = kubectl apply -n argo workflow -u workflowOverride; 664 | log("executed workflow setup"); 665 | postgresPlainPwd = base64DecoderPrefix + `echo "` + postgresqlPassword + `" | tr -d ':\n' ` + base64DecoderSuffix; 666 | postgresPlainPwd = shellScript postgresPlainPwd; 667 | clairPosrgresUrl = "postgres://postgres:"+ postgresPlainPwd +"@postgresql-postgresql.devtroncd:5432/clair?sslmode=disable"; 668 | yamlEdit(clairConfig, "clair.database.options.source", clairPosrgresUrl, 0); 669 | clairEncodedConfig = base64EncoderPrefix + `echo "` + clairConfig + `"` + base64EncoderSuffix; 670 | clairEncodedConfig = shellScript clairEncodedConfig; 671 | kubeYamlEdit(clair, `data.config\.yaml`, clairEncodedConfig, `/Secret//clair`); 672 | clair = kubectl apply -n devtroncd clair -u clairOverride; 673 | log("executed clair setup"); 674 | --------------------------------------------------------------------------------