├── .ansible-lint ├── .ansible-lint-rules ├── EnsureDebugVerbosity.py ├── EnsureImport.py ├── EnsureKubectlContext.py ├── EnsureLowercaseNamedTasks.py └── EnsureNoChange.py ├── .dockerignore ├── .github ├── action-unit-test │ └── action.yaml └── workflows │ ├── dco.yaml │ ├── e2e-test.yaml │ ├── license.yaml │ ├── lint.yaml │ └── unit-test.yaml ├── .gitignore ├── .licenserc.json ├── .yamllint ├── CODE-OF-CONDUCT.md ├── Dockerfile ├── Dockerfile.base ├── LICENSE ├── MAINTAINERS.md ├── Makefile ├── NOTICE ├── README.md ├── ansible.cfg ├── bin └── rpk ├── build └── .keep ├── ci ├── clusters │ ├── aws-cluster-e2e-1.yaml │ ├── aws-iam-policy.json │ ├── azure-cluster-e2e-1.yaml │ ├── kind-cluster-config-unit.yaml │ └── kind-cluster-unit.yaml └── scripts │ ├── entrypoint.sh │ ├── integration-cleanup.sh │ ├── lint-ansible.sh │ ├── lint-directories.sh │ ├── lint-file-extensions.sh │ ├── lint-yaml.sh │ └── make-role.sh ├── docs ├── ARCHITECTURE.md ├── COMPONENTS.md ├── CONTRIBUTING.md ├── DNS.md ├── PIPELINE.md ├── QUICKSTART.md ├── VALIDATION.md ├── dns │ ├── NetworkManager.md │ ├── dnsmasq.md │ ├── internal.md │ ├── nip.io.md │ ├── route53.md │ └── setting-dns-resolvers.md ├── images │ ├── admission-control-ra-architecture.png │ ├── application-monitoring.png │ ├── calico-components.png │ ├── calico-datastore-k8s.png │ ├── calico-ip-in-ip-packet.png │ ├── calico-multi-subnet.png │ ├── calico-node.png │ ├── calico-route-table-ipinip.png │ ├── contour-flow.png │ ├── contour-ingress-patterns-http.png │ ├── contour-ingress-patterns-https-redirect.png │ ├── contour-ingress-patterns-https-to-backend.png │ ├── contour-ingress-patterns-https.png │ ├── contour-ingress-patterns-tcp-proxying-passthrough.png │ ├── contour-ingress-patterns-tcp-proxying.png │ ├── custom-subdomain.png │ ├── dex-flow.png │ ├── dex-login.png │ ├── dynamic-storage-provisioning.png │ ├── envoy-config-sync.png │ ├── gangway-sequence-diagram.png │ ├── grafana-compute.png │ ├── harbor-member.png │ ├── harbor-users.png │ ├── k8s-admission-flow-opa.png │ ├── kubernetes-platform-composition.png │ ├── mutating-webhook-flow.png │ ├── ns-creator-flow.png │ ├── out-of-tree-provider-and-csi.png │ ├── personas.png │ ├── platform-monitoring.svg │ ├── rpk-app-monitoring.png │ ├── rpk-overview.jpg │ ├── rpk-play.png │ ├── secret-encryption-at-rest.png │ ├── tanzu-network-01.png │ ├── tanzu-network-02.png │ ├── tanzu-network-03.png │ └── vault-agent-injection.png ├── providers │ ├── aws.md │ ├── azure.md │ ├── kind.md │ └── vmware.md └── tls │ └── tls.md ├── examples ├── aws-inventory.yaml ├── azure-inventory.yaml ├── kind-inventory.yaml ├── kind │ ├── calico.yaml │ └── config.yaml ├── multi-cluster-inventory.yaml └── vmware-inventory.yaml ├── hack ├── code-marker.go.txt ├── code-marker.py.txt ├── code-marker.sh.txt └── code-marker.yaml.txt ├── lib ├── ansible │ └── plugins │ │ ├── callback │ │ └── profile_tasks.py │ │ ├── filters │ │ └── filters.py │ │ └── modules │ │ ├── carvel_install.py │ │ ├── kapp.py │ │ └── ytt.py └── ytt │ ├── base │ └── examples │ │ └── ansible-job.yaml │ ├── overlays │ ├── change-groups.yaml │ └── examples │ │ ├── app-components.yaml │ │ └── set-namespace.yaml │ └── templates │ ├── kapp-config.yaml │ └── namespace.yaml ├── profiles ├── advanced.yaml ├── components.yaml ├── platform.yaml └── single.yaml ├── requirements.txt ├── requirements.yaml ├── roles ├── common │ ├── cluster-cni │ │ └── tasks │ │ │ └── main.yaml │ ├── cluster-info │ │ └── tasks │ │ │ └── main.yaml │ ├── dns-zone │ │ └── tasks │ │ │ └── main.yaml │ ├── etc-hosts │ │ └── tasks │ │ │ └── main.yaml │ ├── ingress-ip │ │ └── tasks │ │ │ └── main.yaml │ ├── kapp │ │ ├── clean │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── tasks │ │ │ └── main.yaml │ │ └── vars │ │ │ └── main.yaml │ ├── manifest-file-with-wait │ │ └── tasks │ │ │ ├── main.yaml │ │ │ ├── wait-for-job.yaml │ │ │ └── wait-for.yaml │ ├── manifest-file │ │ └── tasks │ │ │ └── main.yaml │ ├── namespace │ │ ├── clean │ │ │ ├── meta │ │ │ │ └── main.yaml │ │ │ └── tasks │ │ │ │ ├── clean.yaml │ │ │ │ └── main.yaml │ │ └── tasks │ │ │ └── main.yaml │ ├── pre-flight │ │ ├── defaults │ │ │ └── main.yaml │ │ └── tasks │ │ │ ├── post-components.yaml │ │ │ └── pre-components.yaml │ ├── staging-directory │ │ └── tasks │ │ │ └── main.yaml │ ├── tkg-version │ │ └── tasks │ │ │ └── main.yaml │ ├── tls-certificate │ │ ├── tasks │ │ │ ├── cert-manager.yaml │ │ │ ├── main.yaml │ │ │ └── wildcard.yaml │ │ └── templates │ │ │ ├── certificate.yaml.j2 │ │ │ └── secret-wildcard.yaml.j2 │ ├── tmc-namespace-labels │ │ └── tasks │ │ │ └── main.yaml │ ├── vault-secrets │ │ └── tasks │ │ │ └── main.yaml │ ├── wait-for-dns │ │ └── tasks │ │ │ └── main.yaml │ ├── wait-for-job │ │ └── tasks │ │ │ └── main.yaml │ └── ytt │ │ ├── README.md │ │ ├── tasks │ │ └── main.yaml │ │ └── vars │ │ └── main.yaml ├── components │ ├── core │ │ ├── admission-control │ │ │ ├── .dependencies.yaml │ │ │ ├── README.md │ │ │ ├── clean │ │ │ │ └── tasks │ │ │ │ │ ├── main.yaml │ │ │ │ │ └── main.yaml.kapp │ │ │ ├── common │ │ │ │ └── defaults │ │ │ │ │ └── main.yaml │ │ │ ├── defaults │ │ │ │ └── main.yaml │ │ │ ├── demo │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── pre-flight │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── tasks │ │ │ │ └── main.yaml │ │ │ └── templates │ │ │ │ ├── gatekeeper-app.yaml.j2 │ │ │ │ ├── gatekeeper-crds.yaml.j2 │ │ │ │ ├── gatekeeper-rbac.yaml.j2 │ │ │ │ ├── gatekeeper-webhook.yaml.j2 │ │ │ │ ├── mutator-app.yaml.j2 │ │ │ │ ├── mutator-webhook.yaml.j2 │ │ │ │ ├── opa-policy-constraint-labels.yaml.j2 │ │ │ │ ├── opa-policy-constraint-limits.yaml.j2 │ │ │ │ ├── opa-policy-constraint-ratio.yaml.j2 │ │ │ │ ├── opa-policy-constraint-users.yaml.j2 │ │ │ │ ├── opa-policy-template-labels.yaml.j2 │ │ │ │ ├── opa-policy-template-limits.yaml.j2 │ │ │ │ ├── opa-policy-template-ratio.yaml.j2 │ │ │ │ ├── opa-policy-template-users.yaml.j2 │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ ├── application-pipeline │ │ │ ├── .dependencies.yaml │ │ │ ├── README.md │ │ │ ├── clean │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── common │ │ │ │ └── defaults │ │ │ │ │ └── main.yaml │ │ │ ├── defaults │ │ │ │ └── main.yaml │ │ │ ├── demo │ │ │ │ ├── files │ │ │ │ │ └── nexus │ │ │ │ │ │ ├── allow_anonymous.groovy │ │ │ │ │ │ └── create_hosted_repositories.groovy │ │ │ │ ├── tasks │ │ │ │ │ ├── gitea.yaml │ │ │ │ │ ├── jenkins.yaml │ │ │ │ │ ├── main.yaml │ │ │ │ │ ├── sonarqube.yaml │ │ │ │ │ └── sonatype-nexus.yaml │ │ │ │ └── templates │ │ │ │ │ ├── config-jenkins-cac.yaml.j2 │ │ │ │ │ ├── config-jenkins-kaniko.yaml.j2 │ │ │ │ │ ├── config-jenkins-nexus.yaml.j2 │ │ │ │ │ ├── job-gitea-user.yaml.j2 │ │ │ │ │ ├── rbac-jenkins-prod.yaml.j2 │ │ │ │ │ ├── rbac-jenkins-sit.yaml.j2 │ │ │ │ │ ├── tanzu-namespace-jenkins-prod.yaml.j2 │ │ │ │ │ └── tanzu-namespace-jenkins-sit.yaml.j2 │ │ │ ├── pre-flight │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── tasks │ │ │ │ ├── gitea.yaml │ │ │ │ ├── jenkins.yaml │ │ │ │ ├── main.yaml │ │ │ │ ├── sonarqube.yaml │ │ │ │ └── sonatype-nexus.yaml │ │ │ └── templates │ │ │ │ ├── app-gitea-mariadb.yaml.j2 │ │ │ │ ├── app-gitea.yaml.j2 │ │ │ │ ├── app-jenkins.yaml.j2 │ │ │ │ ├── app-sonarqube-postgresql.yaml.j2 │ │ │ │ ├── app-sonarqube.yaml.j2 │ │ │ │ ├── app-sonatype-nexus.yaml.j2 │ │ │ │ ├── psp-gitea.yaml.j2 │ │ │ │ ├── psp-sonarqube.yaml.j2 │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ ├── application-stack │ │ │ ├── .dependencies.yaml │ │ │ ├── README.md │ │ │ ├── clean │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── common │ │ │ │ └── defaults │ │ │ │ │ └── main.yaml │ │ │ ├── defaults │ │ │ │ └── main.yaml │ │ │ ├── demo │ │ │ │ ├── files │ │ │ │ │ ├── README.md │ │ │ │ │ └── test-data │ │ │ │ │ │ ├── department_01.json │ │ │ │ │ │ ├── employee_01.json │ │ │ │ │ │ ├── employee_02.json │ │ │ │ │ │ └── organization_01.json │ │ │ │ ├── tasks │ │ │ │ │ ├── main.yaml │ │ │ │ │ └── populate-app-data.yaml │ │ │ │ └── templates │ │ │ │ │ ├── post-data-configmap.yaml.j2 │ │ │ │ │ ├── post-data-job.yaml.j2 │ │ │ │ │ ├── traffic-department-job.yaml.j2 │ │ │ │ │ ├── traffic-employee-job.yaml.j2 │ │ │ │ │ └── traffic-organization-job.yaml.j2 │ │ │ ├── pre-flight │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── tasks │ │ │ │ ├── build-images.yaml │ │ │ │ ├── department.yaml │ │ │ │ ├── employee.yaml │ │ │ │ ├── gateway.yaml │ │ │ │ ├── main.yaml │ │ │ │ ├── mongodb.yaml │ │ │ │ ├── monitoring.yaml │ │ │ │ └── organization.yaml │ │ │ └── templates │ │ │ │ ├── app │ │ │ │ ├── cluster-role.yaml.j2 │ │ │ │ ├── department │ │ │ │ │ ├── department-configmap.yaml.j2 │ │ │ │ │ ├── department-deployment.yaml.j2 │ │ │ │ │ ├── department-hpa.yaml.j2 │ │ │ │ │ ├── department-rbac.yaml.j2 │ │ │ │ │ ├── department-secret.yaml.j2 │ │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ │ │ ├── employee │ │ │ │ │ ├── employee-configmap.yaml.j2 │ │ │ │ │ ├── employee-deployment.yaml.j2 │ │ │ │ │ ├── employee-hpa.yaml.j2 │ │ │ │ │ ├── employee-rbac.yaml.j2 │ │ │ │ │ ├── employee-secret.yaml.j2 │ │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ │ │ ├── gateway │ │ │ │ │ ├── gateway-configmap.yaml.j2 │ │ │ │ │ ├── gateway-deployment.yaml.j2 │ │ │ │ │ ├── gateway-hpa.yaml.j2 │ │ │ │ │ ├── gateway-ingress.yaml.j2 │ │ │ │ │ ├── gateway-rbac.yaml.j2 │ │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ │ │ └── organization │ │ │ │ │ ├── organization-configmap.yaml.j2 │ │ │ │ │ ├── organization-deployment.yaml.j2 │ │ │ │ │ ├── organization-hpa.yaml.j2 │ │ │ │ │ ├── organization-rbac.yaml.j2 │ │ │ │ │ ├── organization-secret.yaml.j2 │ │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ │ │ ├── db │ │ │ │ ├── mongodb-configmap.yaml.j2 │ │ │ │ ├── mongodb-deployment.yaml.j2 │ │ │ │ ├── mongodb-rbac.yaml.j2 │ │ │ │ ├── mongodb-secret-job.yaml.j2 │ │ │ │ ├── mongodb-secret.yaml.j2 │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ │ │ └── monitoring │ │ │ │ ├── monitoring-app.yaml.j2 │ │ │ │ ├── monitoring-ingress.yaml.j2 │ │ │ │ ├── monitoring-rbac.yaml.j2 │ │ │ │ ├── monitoring-rules.yaml.j2 │ │ │ │ ├── monitoring-service-monitors.yaml.j2 │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ ├── autoscaling │ │ │ ├── .dependencies.yaml │ │ │ ├── README.md │ │ │ ├── clean │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── common │ │ │ │ └── defaults │ │ │ │ │ └── main.yaml │ │ │ ├── demo │ │ │ │ ├── tasks │ │ │ │ │ └── main.yaml │ │ │ │ └── templates │ │ │ │ │ ├── nginx-app.yaml.j2 │ │ │ │ │ ├── nginx-vpa.yaml.j2 │ │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ │ ├── pre-flight │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── tasks │ │ │ │ └── main.yaml │ │ │ ├── templates │ │ │ │ ├── tanzu-namespace.yaml.j2 │ │ │ │ ├── vpa-app.yaml.j2 │ │ │ │ ├── vpa-crds.yaml.j2 │ │ │ │ ├── vpa-rbac.yaml.j2 │ │ │ │ └── vpa-webhook.yaml.j2 │ │ │ └── validate │ │ │ │ ├── Dockerfile │ │ │ │ ├── go.mod │ │ │ │ ├── go.sum │ │ │ │ ├── main.go │ │ │ │ └── sonobuoy-plugin.yaml │ │ ├── container-registry │ │ │ ├── .dependencies.yaml │ │ │ ├── README.md │ │ │ ├── clean │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── common │ │ │ │ └── defaults │ │ │ │ │ └── main.yaml │ │ │ ├── defaults │ │ │ │ └── main.yaml │ │ │ ├── demo │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── pre-flight │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── tasks │ │ │ │ └── main.yaml │ │ │ └── templates │ │ │ │ ├── harbor-api.yaml.j2 │ │ │ │ ├── harbor-app.yaml.j2 │ │ │ │ ├── harbor-config.yaml.j2 │ │ │ │ ├── harbor-persistence.yaml.j2 │ │ │ │ ├── harbor-podsecuritypolicy.yaml.j2 │ │ │ │ ├── harbor-web-ingress.yaml.j2 │ │ │ │ ├── harbor-web.yaml.j2 │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ ├── identity │ │ │ ├── .dependencies.yaml │ │ │ ├── README.md │ │ │ ├── clean │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── common │ │ │ │ └── defaults │ │ │ │ │ └── main.yaml │ │ │ ├── defaults │ │ │ │ └── main.yaml │ │ │ ├── demo │ │ │ │ ├── tasks │ │ │ │ │ └── main.yaml │ │ │ │ └── templates │ │ │ │ │ └── ldap-config-demo.yaml.j2 │ │ │ ├── pre-flight │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── tasks │ │ │ │ ├── main.yaml │ │ │ │ └── reconfigure-api-server.yaml │ │ │ └── templates │ │ │ │ ├── app-dex.yaml.j2 │ │ │ │ ├── app-gangway.yaml.j2 │ │ │ │ ├── app-ldap.yaml.j2 │ │ │ │ ├── config-ldap.yaml.j2 │ │ │ │ ├── ingress-dex.yaml.j2 │ │ │ │ ├── ingress-gangway.yaml.j2 │ │ │ │ ├── job-kube-apiserver.yaml.j2 │ │ │ │ ├── psp-for-job-kube-apiserver.yaml.j2 │ │ │ │ ├── psp-ldap.yaml.j2 │ │ │ │ ├── rbac-ldap.yaml.j2 │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ ├── ingress │ │ │ ├── .dependencies.yaml │ │ │ ├── README.md │ │ │ ├── clean │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── common │ │ │ │ └── defaults │ │ │ │ │ └── main.yaml │ │ │ ├── defaults │ │ │ │ └── main.yaml │ │ │ ├── demo │ │ │ │ ├── tasks │ │ │ │ │ └── main.yaml │ │ │ │ └── templates │ │ │ │ │ ├── app-kuard.yaml.j2 │ │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ │ ├── pre-flight │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── tasks │ │ │ │ ├── external-dns-active-directory.yaml │ │ │ │ ├── external-dns-azure.yaml │ │ │ │ ├── external-dns-internal.yaml │ │ │ │ ├── external-dns-route53.yaml │ │ │ │ └── main.yaml │ │ │ ├── templates │ │ │ │ ├── app-contour.yaml.j2 │ │ │ │ ├── app-envoy.yaml.j2 │ │ │ │ ├── app-external-dns-azure.yaml.j2 │ │ │ │ ├── app-external-dns-internal.yaml.j2 │ │ │ │ ├── app-external-dns-route53.yaml.j2 │ │ │ │ ├── app-load-balancer.yaml.j2 │ │ │ │ ├── certs-self-signed.yaml.j2 │ │ │ │ ├── config-bind.yaml.j2 │ │ │ │ ├── config-contour.yaml.j2 │ │ │ │ ├── crds-contour.yaml.j2 │ │ │ │ ├── patch-envoy-kind.yaml.j2 │ │ │ │ ├── rbac-contour.yaml.j2 │ │ │ │ ├── rbac-external-dns.yaml.j2 │ │ │ │ ├── rbac-load-balancer.yaml.j2 │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ │ └── validate │ │ │ │ ├── Dockerfile │ │ │ │ ├── go.mod │ │ │ │ ├── go.sum │ │ │ │ ├── main.go │ │ │ │ └── sonobuoy-plugin.yaml │ │ ├── logging │ │ │ ├── .dependencies.yaml │ │ │ ├── README.md │ │ │ ├── clean │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── common │ │ │ │ └── defaults │ │ │ │ │ └── main.yaml │ │ │ ├── defaults │ │ │ │ └── main.yaml │ │ │ ├── demo │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── pre-flight │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── tasks │ │ │ │ └── main.yaml │ │ │ └── templates │ │ │ │ ├── app-elasticsearch.yaml.j2 │ │ │ │ ├── app-fluent-bit.yaml.j2 │ │ │ │ ├── app-kibana.yaml.j2 │ │ │ │ ├── app-operator.yaml.j2 │ │ │ │ ├── config-elastic.yaml.j2 │ │ │ │ ├── psp-elasticsearch.yaml.j2 │ │ │ │ ├── psp-fluent-bit.yaml.j2 │ │ │ │ ├── resource-quota-ephemeral.yaml.j2 │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ ├── monitoring │ │ │ ├── .dependencies.yaml │ │ │ ├── README.md │ │ │ ├── clean │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── common │ │ │ │ └── defaults │ │ │ │ │ └── main.yaml │ │ │ ├── defaults │ │ │ │ └── main.yaml │ │ │ ├── demo │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── pre-flight │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── tasks │ │ │ │ └── main.yaml │ │ │ └── templates │ │ │ │ ├── app-adapter.yaml.j2 │ │ │ │ ├── app-alertmanager.yaml.j2 │ │ │ │ ├── app-grafana.yaml.j2 │ │ │ │ ├── app-kube-state-metrics.yaml.j2 │ │ │ │ ├── app-node-exporter.yaml.j2 │ │ │ │ ├── app-operator.yaml.j2 │ │ │ │ ├── app-prometheus.yaml.j2 │ │ │ │ ├── datasources.json.j2 │ │ │ │ ├── psp-node-exporter.yaml.j2 │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ ├── networking │ │ │ ├── .dependencies.yaml │ │ │ ├── README.md │ │ │ ├── clean │ │ │ │ └── tasks │ │ │ │ │ ├── antrea.yaml │ │ │ │ │ ├── calico.yaml │ │ │ │ │ └── main.yaml │ │ │ ├── common │ │ │ │ └── defaults │ │ │ │ │ └── main.yaml │ │ │ ├── defaults │ │ │ │ └── main.yaml │ │ │ ├── demo │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── pre-flight │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── tasks │ │ │ │ ├── antrea.yaml │ │ │ │ ├── calico.yaml │ │ │ │ └── main.yaml │ │ │ └── templates │ │ │ │ ├── antrea-cluster-network-policy.yaml.j2 │ │ │ │ ├── antrea-configmap-enable-cnp.yaml.j2 │ │ │ │ ├── calico-global-network-policy.yaml.j2 │ │ │ │ ├── ippool-default-patch.yaml.j2 │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ ├── secret-management │ │ │ ├── etcd-encryption │ │ │ │ ├── .dependencies.yaml │ │ │ │ ├── README.md │ │ │ │ ├── clean │ │ │ │ │ └── tasks │ │ │ │ │ │ ├── main.yaml │ │ │ │ │ │ ├── remove-encryption-provider-kacp.yaml │ │ │ │ │ │ └── remove-encryption.yaml │ │ │ │ ├── common │ │ │ │ │ └── defaults │ │ │ │ │ │ └── main.yaml │ │ │ │ ├── defaults │ │ │ │ │ └── main.yaml │ │ │ │ ├── pre-flight │ │ │ │ │ └── tasks │ │ │ │ │ │ └── main.yaml │ │ │ │ ├── tasks │ │ │ │ │ ├── insert-encryption-provider-kacp.yaml │ │ │ │ │ ├── main.yaml │ │ │ │ │ ├── reconfigure-api-server.yaml │ │ │ │ │ └── restart_pods.yaml │ │ │ │ └── templates │ │ │ │ │ ├── encryption-config.yaml.j2 │ │ │ │ │ ├── job-kube-apiserver.yaml.j2 │ │ │ │ │ ├── job-reorder-encryption-provider.yaml.j2 │ │ │ │ │ ├── psp-for-job-kube-apiserver.yaml.j2 │ │ │ │ │ ├── remove-encryption-config-kacp.yaml.j2 │ │ │ │ │ └── values.yaml.j2 │ │ │ └── hashicorp-vault │ │ │ │ ├── .dependencies.yaml │ │ │ │ ├── README.md │ │ │ │ ├── clean │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ │ ├── common │ │ │ │ └── defaults │ │ │ │ │ └── main.yaml │ │ │ │ ├── defaults │ │ │ │ └── main.yaml │ │ │ │ ├── demo │ │ │ │ ├── tasks │ │ │ │ │ └── main.yaml │ │ │ │ └── templates │ │ │ │ │ └── demo-app.yaml.j2 │ │ │ │ ├── pre-flight │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ │ ├── tasks │ │ │ │ └── main.yaml │ │ │ │ └── templates │ │ │ │ ├── injector-app.yaml.j2 │ │ │ │ ├── injector-mutating-webhook.yaml.j2 │ │ │ │ ├── injector-rbac.yaml.j2 │ │ │ │ ├── server-app.yaml.j2 │ │ │ │ ├── server-config-job.yaml.j2 │ │ │ │ ├── server-config.yaml.j2 │ │ │ │ ├── server-ingress.yaml.j2 │ │ │ │ ├── server-rbac.yaml.j2 │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ ├── security │ │ │ ├── .dependencies.yaml │ │ │ ├── README.md │ │ │ ├── clean │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── common │ │ │ │ └── defaults │ │ │ │ │ └── main.yaml │ │ │ ├── defaults │ │ │ │ └── main.yaml │ │ │ ├── demo │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── pre-flight │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── tasks │ │ │ │ ├── deliver-ca-cp.yaml │ │ │ │ ├── deliver-ca-dp.yaml │ │ │ │ ├── deliver-ca.yaml │ │ │ │ └── main.yaml │ │ │ └── templates │ │ │ │ ├── app-cert-manager.yaml.j2 │ │ │ │ ├── cluster-issuers-ca-cert.yaml.j2 │ │ │ │ ├── cluster-issuers-ca-secret.yaml.j2 │ │ │ │ ├── cluster-issuers-ca.yaml.j2 │ │ │ │ ├── cluster-issuers-letsencrypt-prod.yaml.j2 │ │ │ │ ├── cluster-issuers-letsencrypt-stage.yaml.j2 │ │ │ │ ├── cluster-issuers-self.yaml.j2 │ │ │ │ ├── cluster-issuers-wildcard.yaml.j2 │ │ │ │ ├── crds-cert-manager.yaml.j2 │ │ │ │ ├── job-deliver-ca.yaml.j2 │ │ │ │ ├── psp-for-ca-jobs.yaml.j2 │ │ │ │ ├── rbac-cert-manager.yaml.j2 │ │ │ │ ├── root-ca-certs-extra.yaml.j2 │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ ├── service-mesh │ │ │ └── istio │ │ │ │ ├── .dependencies.yaml │ │ │ │ ├── README.md │ │ │ │ ├── clean │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ │ ├── common │ │ │ │ └── vars │ │ │ │ │ └── main.yaml │ │ │ │ ├── defaults │ │ │ │ └── main.yaml │ │ │ │ ├── demo │ │ │ │ ├── tasks │ │ │ │ │ └── main.yaml │ │ │ │ └── templates │ │ │ │ │ ├── 01-demo-app.yaml.j2 │ │ │ │ │ ├── 02-demo-ingress.yaml.j2 │ │ │ │ │ └── 03-demo-dest-rule-all-mtls.yaml.j2 │ │ │ │ ├── pre-flight │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ │ ├── tasks │ │ │ │ └── main.yaml │ │ │ │ └── templates │ │ │ │ ├── istio-operator.yaml.j2 │ │ │ │ ├── istio-profile.yaml.j2 │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ ├── storage │ │ │ ├── .dependencies.yaml │ │ │ ├── README.md │ │ │ ├── clean │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── common │ │ │ │ └── defaults │ │ │ │ │ └── main.yaml │ │ │ ├── defaults │ │ │ │ └── main.yaml │ │ │ ├── demo │ │ │ │ ├── tasks │ │ │ │ │ └── main.yaml │ │ │ │ └── templates │ │ │ │ │ ├── demo-app-aws.yaml.j2 │ │ │ │ │ ├── demo-app-azure.yaml.j2 │ │ │ │ │ ├── demo-app-ephemeral.yaml.j2 │ │ │ │ │ └── demo-app-vmware.yaml.j2 │ │ │ ├── pre-flight │ │ │ │ └── tasks │ │ │ │ │ └── main.yaml │ │ │ ├── tasks │ │ │ │ ├── aws.yaml │ │ │ │ ├── azure.yaml │ │ │ │ ├── ephemeral.yaml │ │ │ │ ├── kind.yaml │ │ │ │ ├── main.yaml │ │ │ │ └── vmware.yaml │ │ │ └── templates │ │ │ │ ├── app-csi-ephemeral.yaml.j2 │ │ │ │ ├── app-snapshot-controller.yaml.j2 │ │ │ │ ├── crds-snapshot-controller.yaml.j2 │ │ │ │ ├── rbac-csi-ephemeral.yaml.j2 │ │ │ │ ├── rbac-snapshot-controller.yaml.j2 │ │ │ │ ├── storage-class-aws.yaml.j2 │ │ │ │ ├── storage-class-azure.yaml.j2 │ │ │ │ ├── storage-class-ephemeral.yaml.j2 │ │ │ │ ├── storage-class-kind.yaml.j2 │ │ │ │ ├── storage-class-vmware-v7wk8s.yaml.j2 │ │ │ │ ├── storage-class-vmware.yaml.j2 │ │ │ │ ├── storage-config-vmware.yaml.j2 │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ └── workload-tenancy │ │ │ ├── .dependencies.yaml │ │ │ ├── README.md │ │ │ ├── clean │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ │ ├── common │ │ │ └── defaults │ │ │ │ └── main.yaml │ │ │ ├── defaults │ │ │ └── main.yaml │ │ │ ├── demo │ │ │ ├── tasks │ │ │ │ └── main.yaml │ │ │ └── templates │ │ │ │ ├── defaults-from-limit-range.yaml.j2 │ │ │ │ ├── exceed-limit-range-cpu.yaml.j2 │ │ │ │ ├── exceed-limit-range-mem.yaml.j2 │ │ │ │ └── tanzu-namespace.yaml.j2 │ │ │ ├── pre-flight │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ │ ├── tasks │ │ │ └── main.yaml │ │ │ ├── templates │ │ │ ├── app-namespace-operator.yaml.j2 │ │ │ ├── crds-namespace-operator.yaml.j2 │ │ │ ├── default-resource-constraints.yaml.j2 │ │ │ ├── namespace.yaml.j2 │ │ │ └── rbac-namespace-operator.yaml.j2 │ │ │ └── validate │ │ │ ├── Dockerfile │ │ │ ├── go.mod │ │ │ ├── go.sum │ │ │ ├── main.go │ │ │ └── sonobuoy-plugin.yaml │ └── extensions │ │ ├── avi │ │ ├── .dependencies.yaml │ │ ├── README.md │ │ ├── clean │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── common │ │ │ └── defaults │ │ │ │ └── main.yaml │ │ ├── defaults │ │ │ └── main.yaml │ │ ├── demo │ │ │ ├── tasks │ │ │ │ └── main.yaml │ │ │ └── templates │ │ │ │ └── app-nginx.yaml.j2 │ │ ├── infra │ │ │ ├── meta │ │ │ │ └── main.yaml │ │ │ └── tasks │ │ │ │ ├── create-workload.yaml │ │ │ │ ├── install-controllers.yaml │ │ │ │ └── main.yaml │ │ ├── pre-flight │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── tasks │ │ │ ├── install-ako.yaml │ │ │ └── main.yaml │ │ └── templates │ │ │ ├── app-avi-ako.yaml.j2 │ │ │ ├── crds-avi-ako.yaml.j2 │ │ │ ├── job-avi-controller-install.yaml.j2 │ │ │ ├── secret-license.yaml.j2 │ │ │ ├── secret-vars.yaml.j2 │ │ │ └── tanzu-namespace.yaml.j2 │ │ ├── octant │ │ ├── .dependencies.yaml │ │ ├── README.md │ │ ├── clean │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── common │ │ │ └── defaults │ │ │ │ └── main.yaml │ │ ├── defaults │ │ │ └── main.yaml │ │ ├── demo │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── pre-flight │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── tasks │ │ │ └── main.yaml │ │ └── templates │ │ │ ├── app-octant.yaml.j2 │ │ │ ├── rbac-octant.yaml.j2 │ │ │ └── tanzu-namespace.yaml.j2 │ │ ├── spring-cloud-data-flow │ │ ├── .dependencies.yaml │ │ ├── README.md │ │ ├── clean │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── common │ │ │ └── defaults │ │ │ │ └── main.yaml │ │ ├── defaults │ │ │ └── main.yaml │ │ ├── demo │ │ │ ├── tasks │ │ │ │ ├── deploy-stream-task.yaml │ │ │ │ └── main.yaml │ │ │ └── templates │ │ │ │ └── job-deploy-stream.yaml.j2 │ │ ├── images │ │ │ ├── dashboard-about.jpeg │ │ │ └── dashboard-apps.jpeg │ │ ├── pre-flight │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── tasks │ │ │ ├── main.yaml │ │ │ └── migrate-image-task.yaml │ │ └── templates │ │ │ ├── app-postgresql.yaml.j2 │ │ │ ├── app-rabbitmq.yaml.j2 │ │ │ ├── app-skipper.yaml.j2 │ │ │ ├── app-spring-cloud-data-flow.yaml.j2 │ │ │ ├── job-image-migrate.yaml.j2 │ │ │ ├── psp-spring-cloud-data-flow.yaml.j2 │ │ │ ├── secret-spring-cloud-data-flow.yaml.j2 │ │ │ └── tanzu-namespace.yaml.j2 │ │ ├── spring-cloud-gateway │ │ ├── .dependencies.yaml │ │ ├── README.md │ │ ├── clean │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── common │ │ │ └── defaults │ │ │ │ └── main.yaml │ │ ├── defaults │ │ │ └── main.yaml │ │ ├── demo │ │ │ ├── tasks │ │ │ │ └── main.yaml │ │ │ └── templates │ │ │ │ └── test-gateway.yaml.j2 │ │ ├── pre-flight │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── tasks │ │ │ ├── main.yaml │ │ │ └── migrate-image-task.yaml │ │ └── templates │ │ │ ├── job-image-migrate.yaml.j2 │ │ │ ├── spring-cloud-gateway-crd.yaml.j2 │ │ │ ├── spring-cloud-gateway-deployment.yaml.j2 │ │ │ ├── spring-cloud-gateway-rbac.yaml.j2 │ │ │ ├── spring-cloud-gateway-sa.yaml.j2 │ │ │ ├── spring-cloud-gateway-secret.yaml.j2 │ │ │ ├── spring-cloud-gateway-service.yaml.j2 │ │ │ └── tanzu-namespace.yaml.j2 │ │ ├── tanzu-application-catalog │ │ ├── .dependencies.yaml │ │ ├── README.md │ │ ├── clean │ │ │ └── tasks │ │ │ │ ├── main.yaml │ │ │ │ └── remove-replications.yaml │ │ ├── common │ │ │ └── defaults │ │ │ │ └── main.yaml │ │ ├── defaults │ │ │ └── main.yaml │ │ ├── demo │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── pre-flight │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── tasks │ │ │ ├── create-replication.yaml │ │ │ ├── find-registry.yaml │ │ │ ├── get-chart-list.yaml │ │ │ ├── get-image-list.yaml │ │ │ ├── main.yaml │ │ │ └── replicate-chart.yaml │ │ └── templates │ │ │ └── tanzu-namespace.yaml.j2 │ │ ├── tanzu-build-service │ │ ├── .dependencies.yaml │ │ ├── README.md │ │ ├── clean │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── common │ │ │ └── defaults │ │ │ │ └── main.yaml │ │ ├── defaults │ │ │ └── main.yaml │ │ ├── demo │ │ │ ├── tasks │ │ │ │ └── main.yaml │ │ │ └── templates │ │ │ │ ├── image.yaml.j2 │ │ │ │ └── ivy-registry-secret.yaml.j2 │ │ ├── pre-flight │ │ │ └── tasks │ │ │ │ ├── check-eula.yaml │ │ │ │ ├── main.yaml │ │ │ │ └── pre-check-eula.yaml │ │ ├── tasks │ │ │ ├── main.yaml │ │ │ └── migrate_image_task.yaml │ │ └── templates │ │ │ ├── buildservice-pod-webhook.yaml.j2 │ │ │ ├── buildservice-rbac.yaml.j2 │ │ │ ├── buildservice-secret-syncer.yaml.j2 │ │ │ ├── buildservice-secret.yaml.j2 │ │ │ ├── buildservice-smart-warmer.yaml.j2 │ │ │ ├── cluster-builder.yaml.j2 │ │ │ ├── cluster-stack.yaml.j2 │ │ │ ├── cluster-store.yaml.j2 │ │ │ ├── job-tbs-image-migrate.yaml.j2 │ │ │ ├── kpack-crd.yaml.j2 │ │ │ ├── kpack-rbac.yaml.j2 │ │ │ ├── kpack-release.yaml.j2 │ │ │ ├── kpack-secret.yaml.j2 │ │ │ ├── stack-operator-rbac.yaml.j2 │ │ │ ├── stack-operator-release.yaml.j2 │ │ │ ├── stack-operator-secret.yaml.j2 │ │ │ ├── tanzu-build-service-psp.yaml.j2 │ │ │ ├── tanzu-namespace-kpack.yaml.j2 │ │ │ ├── tanzu-namespace-stack-operator-system.yaml.j2 │ │ │ └── tanzu-namespace.yaml.j2 │ │ ├── tanzu-mission-control │ │ ├── .dependencies.yaml │ │ ├── README.md │ │ ├── clean │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── common │ │ │ └── defaults │ │ │ │ └── main.yaml │ │ ├── defaults │ │ │ └── main.yaml │ │ ├── demo │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── pre-flight │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ └── tasks │ │ │ └── main.yaml │ │ ├── tanzu-observability │ │ ├── .dependencies.yaml │ │ ├── README.md │ │ ├── clean │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── common │ │ │ └── defaults │ │ │ │ └── main.yaml │ │ ├── defaults │ │ │ └── main.yaml │ │ ├── demo │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── pre-flight │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── tasks │ │ │ └── main.yaml │ │ └── templates │ │ │ ├── app-wavefront.yaml.j2 │ │ │ └── tanzu-namespace.yaml.j2 │ │ ├── tanzu-service-mesh │ │ ├── .dependencies.yaml │ │ ├── README.md │ │ ├── clean │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── common │ │ │ └── defaults │ │ │ │ └── main.yaml │ │ ├── defaults │ │ │ └── main.yaml │ │ ├── demo │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── pre-flight │ │ │ └── tasks │ │ │ │ └── main.yaml │ │ ├── tasks │ │ │ ├── check_onboard.yaml │ │ │ ├── check_tsm_install.yaml │ │ │ └── main.yaml │ │ └── templates │ │ │ ├── tanzu-namespace-istio.yaml.j2 │ │ │ ├── tanzu-namespace-tsm.yaml.j2 │ │ │ ├── tanzu-service-mesh-cluster-token.yaml.j2 │ │ │ └── tanzu-service-mesh-operator-deployment.yaml.j2 │ │ └── tanzu-sql │ │ ├── .dependencies.yaml │ │ ├── README.md │ │ ├── clean │ │ └── tasks │ │ │ └── main.yaml │ │ ├── common │ │ └── defaults │ │ │ └── main.yaml │ │ ├── defaults │ │ └── main.yaml │ │ ├── demo │ │ ├── tasks │ │ │ └── main.yaml │ │ └── templates │ │ │ └── pg-small-instance.yaml.j2 │ │ ├── pre-flight │ │ └── tasks │ │ │ └── main.yaml │ │ ├── tasks │ │ └── main.yaml │ │ └── templates │ │ ├── job-tanzu-sql-image-migrate.yaml.j2 │ │ ├── tanzu-namespace.yaml.j2 │ │ ├── tanzu-sql-crd.yaml.j2 │ │ ├── tanzu-sql-rbac.yaml.j2 │ │ ├── tanzu-sql-release.yaml.j2 │ │ └── tanzu-sql-secret.yaml.j2 └── support │ ├── build-docs │ ├── README.md │ ├── defaults │ │ └── main.yaml │ ├── pre-flight │ │ └── tasks │ │ │ └── main.yaml │ ├── tasks │ │ ├── main.yaml │ │ └── toc.yaml │ └── templates │ │ ├── aws.md.j2 │ │ ├── azure.md.j2 │ │ ├── kind.md.j2 │ │ ├── sections │ │ ├── common │ │ │ ├── additional_vars.md │ │ │ ├── build.md │ │ │ ├── common_vars.md │ │ │ ├── deploy.md │ │ │ ├── inventory.md │ │ │ ├── super_quick_start.md │ │ │ └── tmc_clusters.md │ │ └── main │ │ │ ├── additional_vars.md.j2 │ │ │ ├── aws.md.j2 │ │ │ ├── azure.md.j2 │ │ │ ├── kind.md.j2 │ │ │ └── vmware.md.j2 │ │ ├── toc │ │ └── toc.md.j2 │ │ └── vmware.md.j2 │ ├── build-profiles │ ├── pre-flight │ │ └── tasks │ │ │ └── main.yaml │ ├── tasks │ │ └── main.yaml │ └── templates │ │ └── profile.yaml.j2 │ └── role-skeleton │ ├── .dependencies.yaml │ ├── README.md │ ├── README.md.j2 │ ├── clean │ └── tasks │ │ └── main.yaml │ ├── common │ └── defaults │ │ └── main.yaml │ ├── defaults │ └── main.yaml │ ├── demo │ └── tasks │ │ └── main.yaml │ ├── pre-flight │ └── tasks │ │ └── main.yaml │ ├── tasks │ └── main.yaml │ └── templates │ └── tanzu-namespace.yaml.j2 └── site.yaml /.ansible-lint: -------------------------------------------------------------------------------- 1 | # 2 | # molucule defaults 3 | # 4 | # ansible-lint config for functional testing, used to bypass expected metadata 5 | # errors in molecule-generated roles. Loaded via the metadata_lint_update 6 | # pytest helper. For reference, see "E7xx - metadata" in: 7 | # https://docs.ansible.com/ansible-lint/rules/default_rules.html 8 | skip_list: 9 | # metadata/106 - Name Pattern 10 | - '106' 11 | # metadata/204 - Line Length = 120 12 | - '204' 13 | # metadata/602 - Compare to empty string 14 | - '602' 15 | # metadata/701 - Role info should contain platforms 16 | - '701' 17 | # metadata/703 - Should change default metadata: 18 | - '703' 19 | # See https://github.com/ansible/ansible/issues/63734 20 | -------------------------------------------------------------------------------- /.ansible-lint-rules/EnsureDebugVerbosity.py: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | import ansiblelint.utils 4 | from ansiblelint import AnsibleLintRule 5 | 6 | class EnsureDebugVerbosity(AnsibleLintRule): 7 | id = 'RPK004' 8 | shortdesc = 'ensure the verbosity flag is defined when debugging' 9 | description = 'ensure the verbosity flag is defined when debugging' 10 | tags = ['consistency','readability'] 11 | 12 | def matchtask(self, file, task): 13 | target_modules = ['debug'] 14 | 15 | # check for relevant modules and ensure they use the changed when 16 | if task["action"]["__ansible_module__"] in target_modules: 17 | if task['action'].get('verbosity') is None: 18 | return True 19 | 20 | return False 21 | -------------------------------------------------------------------------------- /.ansible-lint-rules/EnsureLowercaseNamedTasks.py: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | import ansiblelint.utils 4 | from ansiblelint import AnsibleLintRule 5 | 6 | class EnsureLowercaseNamedTasks(AnsibleLintRule): 7 | id = 'RPK001' 8 | shortdesc = 'Named tasks must be all lowercase' 9 | description = 'Named tasks must be all lowercase' 10 | tags = ['consistency','readability'] 11 | 12 | def matchtask(self, file, task): 13 | # Task names should be lowercase 14 | if task.get('name'): 15 | if not task.get('name').islower(): 16 | return True 17 | 18 | return False 19 | -------------------------------------------------------------------------------- /.ansible-lint-rules/EnsureNoChange.py: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | import ansiblelint.utils 4 | from ansiblelint import AnsibleLintRule 5 | 6 | class EnsureNoChange(AnsibleLintRule): 7 | id = 'RPK003' 8 | shortdesc = 'only report changes on k8s and infrastructure providers' 9 | description = 'modules which modify files should not report a change; only kubernetes changes or other api changes should report a change' 10 | tags = ['consistency','readability'] 11 | 12 | def matchtask(self, file, task): 13 | target_modules = ['template','file','lineinfile'] 14 | 15 | # check for relevant modules and ensure they use the changed when 16 | if task["action"]["__ansible_module__"] in target_modules: 17 | if task.get('changed_when') is None: 18 | return True 19 | if task.get('changed_when') is not False: 20 | return True 21 | 22 | return False 23 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | # ignore git directories 2 | .git 3 | .gitignore 4 | 5 | # ignore ci dependencies 6 | .yamllint 7 | .ansible-lint 8 | .ansible-lint-rules/ 9 | ci/ 10 | 11 | # ignore inventory files 12 | inventory.yaml 13 | lab.yaml 14 | 15 | # ignore cache 16 | .cache 17 | 18 | # ignore documentation 19 | README.md 20 | images/ 21 | docs/ 22 | 23 | # ignore local dev virtualenv 24 | ansible-virtualenv 25 | -------------------------------------------------------------------------------- /.github/workflows/dco.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: "Commit Check" 3 | on: 4 | - "pull_request" 5 | 6 | jobs: 7 | check-commits: 8 | runs-on: "ubuntu-latest" 9 | name: "Check Commits" 10 | steps: 11 | - name: "Get PR Commits" 12 | id: "get-pr-commits" 13 | uses: "tim-actions/get-pr-commits@master" 14 | with: 15 | token: ${{ secrets.GITHUB_TOKEN }} 16 | - name: "DCO Check" 17 | uses: "tim-actions/dco@master" 18 | with: 19 | commits: ${{ steps.get-pr-commits.outputs.commits }} 20 | -------------------------------------------------------------------------------- /.github/workflows/license.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: "License Check" 3 | on: 4 | - "push" 5 | - "pull_request" 6 | jobs: 7 | check-license-lines: 8 | runs-on: "ubuntu-latest" 9 | name: "Check License Lines" 10 | steps: 11 | - uses: "actions/checkout@master" 12 | - name: "Check License Lines" 13 | uses: "kt3k/license_checker@v1.0.6" 14 | -------------------------------------------------------------------------------- /.github/workflows/lint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: "Lint" 3 | on: 4 | - "push" 5 | - "pull_request" 6 | jobs: 7 | 8 | lint-dirs: 9 | name: "Lint Directories" 10 | runs-on: "ubuntu-latest" 11 | steps: 12 | - name: "Checkout Code" 13 | uses: "actions/checkout@master" 14 | - run: "make lint.dirs" 15 | 16 | lint-files: 17 | name: "Lint Files" 18 | runs-on: "ubuntu-latest" 19 | steps: 20 | - name: "Checkout Code" 21 | uses: "actions/checkout@master" 22 | - run: "make lint.files" 23 | 24 | lint-ansible: 25 | name: "Lint Ansible" 26 | runs-on: "ubuntu-latest" 27 | steps: 28 | - name: "Checkout Code" 29 | uses: "actions/checkout@master" 30 | - run: "make lint.ansible" 31 | 32 | lint-yaml: 33 | name: "Lint YAML" 34 | runs-on: "ubuntu-latest" 35 | steps: 36 | - name: "Checkout Code" 37 | uses: "actions/checkout@master" 38 | - run: "make lint.yaml" 39 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # ignore virtual environments created by project users 2 | ansible-virtualenv/ 3 | 4 | # ignore ansible external dependencies 5 | roles/external/ 6 | modules/external/ 7 | 8 | # ignore any logging or ansible retries 9 | *.retry 10 | *.log 11 | 12 | # ignore python cache 13 | **/__pycache__/* 14 | 15 | # ignore ide directory 16 | .DS_Store 17 | 18 | # ignore inventories built from makefile 19 | build/inventory.yaml 20 | 21 | # ignore custom local settings 22 | .vscode/settings.json 23 | build/hosts 24 | build/manifests/* 25 | 26 | # ignore temp built doc templates 27 | roles/support/build-docs/templates/built 28 | -------------------------------------------------------------------------------- /.licenserc.json: -------------------------------------------------------------------------------- 1 | { 2 | "**/*.go": [ 3 | "// Copyright 2006-2021 VMware, Inc.", 4 | "// SPDX-License-Identifier: MIT" 5 | ], 6 | "**/*.yml": [ 7 | "# Copyright 2006-2021 VMware, Inc.", 8 | "# SPDX-License-Identifier: MIT" 9 | ], 10 | "**/*.yaml": [ 11 | "# Copyright 2006-2021 VMware, Inc.", 12 | "# SPDX-License-Identifier: MIT" 13 | ], 14 | "**/*.yaml.j2": [ 15 | "# Copyright 2006-2021 VMware, Inc.", 16 | "# SPDX-License-Identifier: MIT" 17 | ], 18 | "**/*.sh": [ 19 | "# Copyright 2006-2021 VMware, Inc.", 20 | "# SPDX-License-Identifier: MIT" 21 | ], 22 | "ignore": [ 23 | ".github", 24 | "ci", 25 | "build" 26 | ] 27 | } 28 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Reference Platform for Kubernetes 2 | Copyright 2021 VMware, Inc. 3 | 4 | This product is licensed to you under the MIT license (the "License"). You may not use this product except in compliance with the MIT License. 5 | 6 | This product may include a number of subcomponents with separate copyright notices and license terms. Your use of these subcomponents is subject to the terms and conditions of the subcomponent's license, as noted in the LICENSE file. 7 | -------------------------------------------------------------------------------- /build/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/build/.keep -------------------------------------------------------------------------------- /ci/scripts/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Copyright 2006-2021 VMware, Inc. 3 | # SPDX-License-Identifier: MIT 4 | 5 | echo "Please use the 'rpk' binary found in ../bin" 6 | exit 1 -------------------------------------------------------------------------------- /ci/scripts/lint-ansible.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Copyright 2006-2021 VMware, Inc. 3 | # SPDX-License-Identifier: MIT 4 | 5 | # set the exit code and adjust if there are failures 6 | EXIT_CODE=0 7 | BASE_PLAYBOOK_LIST="site.yaml" 8 | 9 | echo 'linting ansible using ansible-lint rules at .ansible-lint' 10 | 11 | # lint each role independently 12 | for ROLE in $BASE_PLAYBOOK_LIST `find roles/ -mindepth 1 -maxdepth 2 -type d`; do 13 | ansible-lint "${ROLE}/" -vvvvvvvvvvvvvv -R -r ./.ansible-lint-rules 14 | RC=$? 15 | if [ $RC -ne 0 ]; then 16 | EXIT_CODE=$RC 17 | fi 18 | done 19 | 20 | echo "exiting with code: ${EXIT_CODE}" 21 | 22 | exit ${EXIT_CODE} 23 | -------------------------------------------------------------------------------- /ci/scripts/lint-directories.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Copyright 2006-2021 VMware, Inc. 3 | # SPDX-License-Identifier: MIT 4 | 5 | LINT_DIRECTORY_EXCLUSIONS=" 6 | ./.git 7 | ./roles/support/role-skeleton 8 | ./ansible-virtualenv 9 | ./.ansible-lint-rules/__pycache__ 10 | ./build" 11 | 12 | EXCLUSION_SYNTAX="" 13 | for DIR in ${LINT_DIRECTORY_EXCLUSIONS}; do 14 | EXCLUSION_SYNTAX="${EXCLUSION_SYNTAX} -and -path ${DIR} -prune" 15 | done 16 | 17 | VIOLATIONS=`find . -name "*_*" -type d ${EXCLUSION_SYNTAX}` 18 | 19 | if [[ ${VIOLATIONS} == "" ]]; then 20 | echo "no directories with underscores detected" 21 | exit 0 22 | else 23 | echo "the following directories have underscores and do not meet validation criteria: ${VIOLATIONS}" 24 | exit 1 25 | fi 26 | -------------------------------------------------------------------------------- /ci/scripts/lint-file-extensions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Copyright 2006-2021 VMware, Inc. 3 | # SPDX-License-Identifier: MIT 4 | 5 | LINT_EXTENSION_EXCLUSIONS="./ansible_virtualenv" 6 | 7 | EXCLUSION_SYNTAX="" 8 | for EXT in ${LINT_EXTENSION_EXCLUSIONS}; do 9 | EXCLUSION_SYNTAX="${EXCLUSION_SYNTAX} -and -path ${EXT} -prune" 10 | done 11 | 12 | VIOLATIONS=`find . -name "*.yml*" -type f ${EXCLUSION_SYNTAX}` 13 | 14 | if [[ ${VIOLATIONS} == "" ]]; then 15 | echo "no yaml versus yml violations detected" 16 | exit 0 17 | else 18 | echo "the following files have use a .yml extension as opposed to a .yaml extension and do not meet validation criteria: ${VIOLATIONS}" 19 | exit 1 20 | fi 21 | -------------------------------------------------------------------------------- /ci/scripts/lint-yaml.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Copyright 2006-2021 VMware, Inc. 3 | # SPDX-License-Identifier: MIT 4 | 5 | echo 'linting yaml using yamllint rules at .yamllint' 6 | yamllint . --strict 7 | -------------------------------------------------------------------------------- /ci/scripts/make-role.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Copyright 2006-2021 VMware, Inc. 3 | # SPDX-License-Identifier: MIT 4 | 5 | if [ -z $RPK_ANSIBLE_ROLE ]; then 6 | echo "No role name was provided." 7 | echo "Usage is: ./make-role.sh " 8 | else 9 | ansible-galaxy init --role-skeleton=/ansible/roles/support/role-skeleton $RPK_ANSIBLE_ROLE 10 | mv $RPK_ANSIBLE_ROLE /ansible/roles/$RPK_ANSIBLE_ROLE 11 | fi 12 | -------------------------------------------------------------------------------- /docs/dns/setting-dns-resolvers.md: -------------------------------------------------------------------------------- 1 | # Setting DNS Resolvers 2 | 3 | ## MacOS 4 | ### Via UI 5 | 6 | See: [Specify a DNS server on Mac](https://support.apple.com/en-is/guide/mac-help/mchlp2720/mac) 7 | 8 | ### Using /etc/resolver Configurations 9 | 10 | 1. Replacing `yourdomain.com` with the domain you set in `tanzu_ingress_domain`: 11 | ```bash 12 | cd /etc/resolver 13 | sudo touch yourdomain.com 14 | ``` 15 | 16 | 2. Edit the file replacing `yourdomain.com` with the domain you set as the `tanzu_ingress_domain`, and the `1.2.3.4` IP Address with that of your DNS server: `sudo vi /etc/resolver/yourdomain.com`: 17 | ```bash 18 | search yourdomain.com 19 | nameserver 1.2.3.4 20 | ``` 21 | 22 | 23 | ## Linux 24 | 1. Edit `/etc/resolv.conf`: 25 | ```bash 26 | sudo vi /etc/resolv.conf 27 | ``` 28 | 29 | 2. Replacing `yourdomain.com` with the domain you set as the `tanzu_ingress_domain`, and the `1.2.3.4` IP Address with that of your DNS server: 30 | ```bash 31 | search yourdomain.com 32 | nameserver 1.2.3.4 33 | ``` 34 | -------------------------------------------------------------------------------- /docs/images/admission-control-ra-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/admission-control-ra-architecture.png -------------------------------------------------------------------------------- /docs/images/application-monitoring.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/application-monitoring.png -------------------------------------------------------------------------------- /docs/images/calico-components.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/calico-components.png -------------------------------------------------------------------------------- /docs/images/calico-datastore-k8s.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/calico-datastore-k8s.png -------------------------------------------------------------------------------- /docs/images/calico-ip-in-ip-packet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/calico-ip-in-ip-packet.png -------------------------------------------------------------------------------- /docs/images/calico-multi-subnet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/calico-multi-subnet.png -------------------------------------------------------------------------------- /docs/images/calico-node.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/calico-node.png -------------------------------------------------------------------------------- /docs/images/calico-route-table-ipinip.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/calico-route-table-ipinip.png -------------------------------------------------------------------------------- /docs/images/contour-flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/contour-flow.png -------------------------------------------------------------------------------- /docs/images/contour-ingress-patterns-http.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/contour-ingress-patterns-http.png -------------------------------------------------------------------------------- /docs/images/contour-ingress-patterns-https-redirect.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/contour-ingress-patterns-https-redirect.png -------------------------------------------------------------------------------- /docs/images/contour-ingress-patterns-https-to-backend.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/contour-ingress-patterns-https-to-backend.png -------------------------------------------------------------------------------- /docs/images/contour-ingress-patterns-https.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/contour-ingress-patterns-https.png -------------------------------------------------------------------------------- /docs/images/contour-ingress-patterns-tcp-proxying-passthrough.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/contour-ingress-patterns-tcp-proxying-passthrough.png -------------------------------------------------------------------------------- /docs/images/contour-ingress-patterns-tcp-proxying.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/contour-ingress-patterns-tcp-proxying.png -------------------------------------------------------------------------------- /docs/images/custom-subdomain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/custom-subdomain.png -------------------------------------------------------------------------------- /docs/images/dex-flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/dex-flow.png -------------------------------------------------------------------------------- /docs/images/dex-login.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/dex-login.png -------------------------------------------------------------------------------- /docs/images/dynamic-storage-provisioning.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/dynamic-storage-provisioning.png -------------------------------------------------------------------------------- /docs/images/envoy-config-sync.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/envoy-config-sync.png -------------------------------------------------------------------------------- /docs/images/gangway-sequence-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/gangway-sequence-diagram.png -------------------------------------------------------------------------------- /docs/images/grafana-compute.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/grafana-compute.png -------------------------------------------------------------------------------- /docs/images/harbor-member.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/harbor-member.png -------------------------------------------------------------------------------- /docs/images/harbor-users.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/harbor-users.png -------------------------------------------------------------------------------- /docs/images/k8s-admission-flow-opa.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/k8s-admission-flow-opa.png -------------------------------------------------------------------------------- /docs/images/kubernetes-platform-composition.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/kubernetes-platform-composition.png -------------------------------------------------------------------------------- /docs/images/mutating-webhook-flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/mutating-webhook-flow.png -------------------------------------------------------------------------------- /docs/images/ns-creator-flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/ns-creator-flow.png -------------------------------------------------------------------------------- /docs/images/out-of-tree-provider-and-csi.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/out-of-tree-provider-and-csi.png -------------------------------------------------------------------------------- /docs/images/personas.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/personas.png -------------------------------------------------------------------------------- /docs/images/rpk-app-monitoring.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/rpk-app-monitoring.png -------------------------------------------------------------------------------- /docs/images/rpk-overview.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/rpk-overview.jpg -------------------------------------------------------------------------------- /docs/images/rpk-play.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/rpk-play.png -------------------------------------------------------------------------------- /docs/images/secret-encryption-at-rest.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/secret-encryption-at-rest.png -------------------------------------------------------------------------------- /docs/images/tanzu-network-01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/tanzu-network-01.png -------------------------------------------------------------------------------- /docs/images/tanzu-network-02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/tanzu-network-02.png -------------------------------------------------------------------------------- /docs/images/tanzu-network-03.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/tanzu-network-03.png -------------------------------------------------------------------------------- /docs/images/vault-agent-injection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/docs/images/vault-agent-injection.png -------------------------------------------------------------------------------- /hack/code-marker.go.txt: -------------------------------------------------------------------------------- 1 | // Copyright 2006-2021 VMware, Inc. 2 | // SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /hack/code-marker.py.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /hack/code-marker.sh.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /hack/code-marker.yaml.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /lib/ytt/overlays/change-groups.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | #@ load("@ytt:overlay", "overlay") 4 | #@ load("@ytt:data", "data") 5 | 6 | #@overlay/match by=overlay.all,expects="1+" 7 | --- 8 | metadata: 9 | #@overlay/match missing_ok=True 10 | annotations: 11 | #@overlay/match missing_ok=True 12 | kapp.k14s.io/change-group.component: #@ "extensions.tanzu.vmware.com/" + data.values.component_values.component 13 | #! process dependendies and place them here ... 14 | #! kapp.k14s.io/change-rule.component: "upsert after upserting extensions.tanzu.vmware.com/dependency-name" 15 | -------------------------------------------------------------------------------- /lib/ytt/overlays/examples/set-namespace.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # 5 | # DO NOT DELETE: KEEP AS AN EXAMPLE 6 | # 7 | 8 | #@ load("@ytt:overlay", "overlay") 9 | #@ load("@ytt:data", "data") 10 | 11 | # 12 | # set namespace for all components 13 | # 14 | 15 | #@overlay/match by=overlay.all,expects="1+" 16 | --- 17 | metadata: 18 | #@overlay/match missing_ok=True 19 | namespace: #@ component_values.namespace 20 | 21 | #@ for app_component in data.values.common_values.app_components: 22 | 23 | #@overlay/match by=overlay.subset({"kind":"ClusterRoleBinding"}),expects="1+" 24 | --- 25 | subjects: 26 | #@overlay/match by=overlay.all,expects="1+" 27 | - namespace: #@ component_values.namespace 28 | 29 | #@ end 30 | -------------------------------------------------------------------------------- /profiles/advanced.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | rpk_components: 5 | - name: "networking" 6 | enabled: true 7 | - name: "container-registry" 8 | enabled: true 9 | - name: "tanzu-mission-control" 10 | enabled: true 11 | - name: "avi" 12 | enabled: false 13 | - name: "spring-cloud-gateway" 14 | enabled: true 15 | - name: "spring-cloud-data-flow" 16 | enabled: true 17 | - name: "tanzu-application-catalog" 18 | enabled: true 19 | - name: "tanzu-build-service" 20 | enabled: true 21 | - name: "tanzu-observability" 22 | enabled: true 23 | - name: "tanzu-service-mesh" 24 | enabled: false 25 | - name: "tanzu-sql" 26 | enabled: true 27 | -------------------------------------------------------------------------------- /profiles/platform.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | rpk_components: 5 | - name: "workload-tenancy" 6 | enabled: true 7 | - name: "networking" 8 | enabled: true 9 | - name: "security" 10 | enabled: true 11 | - name: "admission-control" 12 | enabled: true 13 | - name: "storage" 14 | enabled: true 15 | - name: "ingress" 16 | enabled: true 17 | - name: "identity" 18 | enabled: true 19 | - name: "monitoring" 20 | enabled: true 21 | - name: "container-registry" 22 | enabled: true 23 | - name: "logging" 24 | enabled: true 25 | - name: "autoscaling" 26 | enabled: true 27 | - name: "secret-management/hashicorp-vault" 28 | enabled: true 29 | - name: "secret-management/etcd-encryption" 30 | enabled: false 31 | - name: "application-stack" 32 | enabled: true 33 | - name: "application-pipeline" 34 | enabled: true 35 | - name: "service-mesh/istio" 36 | enabled: false 37 | -------------------------------------------------------------------------------- /profiles/single.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | rpk_components: 5 | - name: "{{ rpk_role_name }}" 6 | enabled: true 7 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | # base version of ansible 2 | ansible==2.9.20 3 | 4 | # required for k8s ansible module 5 | openshift==0.11.1 6 | 7 | # required for vmware automation 8 | pyvim==3.0.2 9 | pyvmomi==7.0 10 | git+https://github.com/vmware/vsphere-automation-sdk-python.git#v6.9.1 11 | 12 | # required for aws automation 13 | boto==2.49.0 14 | boto3==1.14.5 15 | 16 | # required for hashicorp vault automation 17 | ansible-modules-hashivault==4.5.2 18 | hvac==0.10.4 19 | 20 | # required for dns lookups 21 | dnspython==1.16.0 22 | 23 | # required for application-pipeline 24 | python-jenkins>=0.4.12 25 | 26 | # required for linting 27 | yamllint==1.25.0 28 | ansible-lint==4.3.4 29 | 30 | # required for avi 31 | avisdk==20.1.2 32 | netaddr==0.8.0 33 | requests_toolbelt==0.9.1 34 | 35 | # required for tanzu-application-catalog 36 | docker>=1.20 37 | -------------------------------------------------------------------------------- /requirements.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # ansible requirements 5 | - src: "avinetworks.avisdk" 6 | name: "avi-sdk" 7 | version: "20.1.2-beta" 8 | -------------------------------------------------------------------------------- /roles/common/cluster-info/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # 5 | # RETRIEVE CLUSTER INFO 6 | # 7 | - name: "retrieve the kubeconfig" 8 | shell: "kubectl config view --context={{ tanzu_kubectl_context }}" 9 | changed_when: false 10 | register: kubeconfig 11 | tags: 12 | - skip_ansible_lint 13 | 14 | - name: "set the kubectl cluster name" 15 | set_fact: 16 | tanzu_kubectl_cluster_name: "{{ tanzu_kubectl_context.split('@')[-1] }}" 17 | 18 | - name: "set the kube apiserver address" 19 | set_fact: 20 | tanzu_apiserver_url: "{{ ((kubeconfig.stdout | from_yaml).clusters | selectattr('name', 'equalto', tanzu_kubectl_cluster_name) | list)[0].cluster.server }}" 21 | -------------------------------------------------------------------------------- /roles/common/etc-hosts/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # NOTE: we do this to workaround strange caching issues with Route53 when working inside a container 5 | # NOTE: /etc/hosts is a mounted file from build/hosts during make *deploy 6 | - name: "ensure a local /etc/hosts entry exists for host: <{{ fqdn }}> with ip: <{{ ip }}>" 7 | lineinfile: 8 | dest: "/etc/hosts" 9 | regexp: ".*{{ fqdn }}$" 10 | line: "{{ ip }} {{ fqdn }}" 11 | state: "present" 12 | unsafe_writes: true 13 | changed_when: false 14 | become: true 15 | tags: 16 | - update_local_etc_hosts 17 | -------------------------------------------------------------------------------- /roles/common/kapp/clean/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "ensure kapp component {{ component }} does not exist" 5 | kapp: 6 | state: "absent" 7 | context: "{{ tanzu_kubectl_context }}" 8 | namespace: "{{ rpk_extension_namespace }}" 9 | name: "{{ component }}" 10 | wait_timeout: "{{ wait_timeout | default('300s') }}" 11 | -------------------------------------------------------------------------------- /roles/common/kapp/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "ensure kapp component '{{ component }}' exists" 5 | kapp: 6 | state: "present" 7 | context: "{{ tanzu_kubectl_context }}" 8 | src: 9 | - "{{ staging_dir }}/manifests" 10 | namespace: "{{ rpk_extension_namespace }}" 11 | name: "{{ component }}" 12 | wait_timeout: "{{ wait_timeout | default('300s') }}" 13 | register: _resource_status 14 | -------------------------------------------------------------------------------- /roles/common/kapp/vars/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | staging_dir: "{{ rpk_staging_dir }}/{{ component }}" 5 | -------------------------------------------------------------------------------- /roles/common/manifest-file-with-wait/tasks/wait-for-job.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "ensure {{ _wait_for.result.metadata.name }} completed successfully" 5 | k8s_info: 6 | api_version: "batch/v1" 7 | kind: "Job" 8 | namespace: "{{ _wait_for.result.metadata.namespace }}" 9 | name: "{{ _wait_for.result.metadata.name }}" 10 | context: "{{ tanzu_kubectl_context }}" 11 | register: _job 12 | until: _job.resources[0].status.succeeded | default("False") | bool 13 | retries: "{{ retries | default('30') }}" 14 | delay: "{{ delay | default('1') }}" 15 | failed_when: false 16 | 17 | - name: "error if {{ _wait_for.result.metadata.name }} job failed" 18 | fail: 19 | msg: "job {{ _wait_for.result.metadata.name }} in {{ _wait_for.result.metadata.namespace }} failed to run" 20 | when: 21 | - (not _job.resources[0].status.succeeded | default("False") | bool) 22 | - (not ignore_failure | default("False") | bool) 23 | -------------------------------------------------------------------------------- /roles/common/manifest-file-with-wait/tasks/wait-for.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # 5 | # JOBS 6 | # 7 | - name: "wait for job {{ _wait_for.result.metadata.name }} to complete" 8 | include_tasks: "wait-for-job.yaml" 9 | vars: 10 | when: _wait_for.result.kind == "Job" 11 | -------------------------------------------------------------------------------- /roles/common/manifest-file/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "write {{ manifest_description | lower }} manifest file" 5 | template: 6 | src: "{{ manifest_template }}" 7 | dest: "{{ manifest_staging_dir }}/{{ manifest_template.split('.j2') | first | basename }}" 8 | mode: "0440" 9 | # allow for different templating strings 10 | variable_start_string: "{{ manifest_variable_start_string | default(omit) }}" 11 | variable_end_string: "{{ manifest_variable_end_string | default(omit) }}" 12 | changed_when: false 13 | 14 | - name: "ensure {{ manifest_description | lower }} is present" 15 | k8s: 16 | state: "present" 17 | context: "{{ tanzu_kubectl_context }}" 18 | src: "{{ manifest_staging_dir }}/{{ manifest_template.split('.j2') | first | basename }}" 19 | register: _resource_status 20 | until: not _resource_status.failed 21 | retries: 30 22 | delay: 1 23 | -------------------------------------------------------------------------------- /roles/common/namespace/clean/meta/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: 5 | # vars 6 | - role: "workload-tenancy/common" 7 | -------------------------------------------------------------------------------- /roles/common/namespace/clean/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "check if the {{ namespace }} namespace exists" 5 | k8s_info: 6 | kind: "Namespace" 7 | context: "{{ tanzu_kubectl_context }}" 8 | name: "{{ namespace }}" 9 | register: _namespace_status 10 | 11 | - name: remove the namespace if it exists 12 | import_tasks: clean.yaml 13 | when: _namespace_status.resources | length > 0 14 | -------------------------------------------------------------------------------- /roles/common/staging-directory/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "ensure manifest staging directory exists" 5 | file: 6 | path: "{{ staging_dir }}" 7 | state: "directory" 8 | mode: "0700" 9 | changed_when: false 10 | -------------------------------------------------------------------------------- /roles/common/tkg-version/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "get the tkg metadata configmap" 5 | k8s_info: 6 | kind: "ConfigMap" 7 | context: "{{ tanzu_kubectl_context }}" 8 | api_version: "v1" 9 | name: "tkg-metadata" 10 | namespace: "tkg-system-public" 11 | register: _tkg_metadata 12 | 13 | - name: "assume cluster is not a tkg cluster" 14 | set_fact: 15 | _tkg_cluster: false 16 | 17 | - name: "check cluster is a tkg cluster" 18 | set_fact: 19 | _tkg_cluster: true 20 | when: (_tkg_metadata.resources | length) > 0 21 | 22 | - name: "set fact for tkg version" 23 | set_fact: 24 | _tkg_release: "{{ (_tkg_metadata.resources[0].data['metadata.yaml'] | from_yaml).cluster.tkgVersion | regex_replace ('v') }}" 25 | when: 26 | - _tkg_cluster | bool 27 | -------------------------------------------------------------------------------- /roles/common/tls-certificate/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "ensure manifest staging directory exists" 5 | import_role: 6 | name: "common/staging-directory" 7 | vars: 8 | staging_dir: "{{ tanzu_security.staging_dir }}/certificates" 9 | 10 | - name: "create certificate using existing wildcard" 11 | import_tasks: wildcard.yaml 12 | when: tls_provider | default(tanzu_security.default_tls_provider) == "wildcard" 13 | 14 | - name: "create certificate using cert-manager" 15 | import_tasks: cert-manager.yaml 16 | when: tls_provider | default(tanzu_security.default_tls_provider) != "wildcard" 17 | -------------------------------------------------------------------------------- /roles/common/tls-certificate/tasks/wildcard.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "ensure wildcard tls secret exists {{ namespace }}/{{ secret }}" 5 | import_role: 6 | name: "common/manifest-file" 7 | vars: 8 | manifest_description: "wildcard certificate" 9 | manifest_template: "secret-wildcard.yaml.j2" 10 | manifest_file: "secret-wildcard.yaml" 11 | manifest_staging_dir: "{{ tanzu_security.staging_dir }}/certificates" 12 | -------------------------------------------------------------------------------- /roles/common/tls-certificate/templates/certificate.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: cert-manager.io/v1alpha2 5 | kind: Certificate 6 | metadata: 7 | name: "{{ fqdn | replace(".", "-") }}" 8 | namespace: "{{ namespace }}" 9 | spec: 10 | secretName: "{{ secret }}" 11 | commonName: "{{ commonName | default(fqdn) }}" 12 | dnsNames: 13 | - "{{ fqdn }}" 14 | {% for name in dns %} 15 | {% if name != fqdn %} 16 | - "{{ name }}" 17 | {% endif %} 18 | {% endfor %} 19 | {% if (ip | default([]) | type_debug == "list") and (ip | default([]) | length) > 0 %} 20 | ipAddresses: 21 | {% for address in ip %} 22 | - "{{ address }}" 23 | {% endfor %} 24 | {% endif %} 25 | duration: "2160h0m0s" 26 | renewBefore: "360h0m0s" 27 | organization: 28 | - "vmware" 29 | keySize: 4096 30 | keyAlgorithm: "rsa" 31 | keyEncoding: "pkcs1" 32 | issuerRef: 33 | name: "{{ tls_provider }}" 34 | kind: "ClusterIssuer" 35 | -------------------------------------------------------------------------------- /roles/common/tls-certificate/templates/secret-wildcard.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: "{{ secret }}" 8 | namespace: "{{ namespace }}" 9 | type: kubernetes.io/tls 10 | data: 11 | {% if tanzu_security.wildcard.tls_root_ca_cert != "" %} 12 | ca.crt: "{{ tanzu_security.wildcard.tls_root_ca_cert }}" 13 | {% endif %} 14 | tls.crt: "{{ tanzu_security.wildcard.tls_cert }}" 15 | tls.key: "{{ tanzu_security.wildcard.tls_key }}" 16 | -------------------------------------------------------------------------------- /roles/common/tmc-namespace-labels/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "ensure vmware-system-tmc namespace exists with proper labels" 5 | k8s: 6 | state: "present" 7 | context: "{{ tanzu_kubectl_context }}" 8 | definition: 9 | apiVersion: "v1" 10 | kind: "Namespace" 11 | metadata: 12 | name: "vmware-system-tmc" 13 | labels: 14 | name: "vmware-system-tmc" 15 | -------------------------------------------------------------------------------- /roles/common/ytt/vars/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | staging_dir: "{{ rpk_staging_dir }}/{{ component }}" 5 | output_dir: "{{ staging_dir }}/manifests" 6 | discovered_values: "{{ rpk_staging_dir }}/discovered-values.yaml" 7 | component_base: "{{ staging_dir }}/base" 8 | component_overlays: "{{ staging_dir }}/overlays" 9 | component_templates: "{{ staging_dir }}/templates" 10 | component_values: "{{ staging_dir }}/values" 11 | common_files: 12 | - "{{ playbook_dir }}/lib/ytt/templates/kapp-config.yaml" # use common kapp configuration 13 | - "{{ playbook_dir }}/lib/ytt/overlays/change-groups.yaml" # configure the change groups 14 | - "{{ playbook_dir }}/lib/ytt/templates/namespace.yaml" # inject the namespace 15 | -------------------------------------------------------------------------------- /roles/components/core/admission-control/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: 5 | - component: "security" 6 | priority: 100 7 | -------------------------------------------------------------------------------- /roles/components/core/admission-control/clean/tasks/main.yaml.kapp: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "clean manifests with kapp" 3 | kapp: 4 | state: "absent" 5 | context: "{{ tanzu_kubectl_context }}" 6 | namespace: "{{ rpk_extension_namespace }}" 7 | name: "{{ tanzu_admission_control.component }}" 8 | wait_timeout: "{{ wait_timeout | default('300s') }}" 9 | -------------------------------------------------------------------------------- /roles/components/core/admission-control/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/core/admission-control/demo/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | -------------------------------------------------------------------------------- /roles/components/core/admission-control/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | -------------------------------------------------------------------------------- /roles/components/core/admission-control/templates/mutator-webhook.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: admissionregistration.k8s.io/v1beta1 5 | kind: MutatingWebhookConfiguration 6 | metadata: 7 | name: mutating-webhook-configuration 8 | annotations: 9 | cert-manager.io/inject-ca-from: {{ tanzu_admission_control.namespace }}/sac 10 | webhooks: 11 | - clientConfig: 12 | service: 13 | name: sac 14 | namespace: {{ tanzu_admission_control.namespace }} 15 | path: /mutate-v1-pod 16 | namespaceSelector: 17 | matchExpressions: 18 | - key: name 19 | operator: NotIn 20 | values: ["kube-system","{{ tanzu_admission_control.namespace }}"] 21 | failurePolicy: Fail 22 | name: sac.{{ tanzu_admission_control.namespace }}.svc 23 | rules: 24 | - apiGroups: 25 | - "" 26 | apiVersions: 27 | - v1 28 | operations: 29 | - CREATE 30 | - UPDATE 31 | resources: 32 | - pods 33 | -------------------------------------------------------------------------------- /roles/components/core/admission-control/templates/opa-policy-constraint-labels.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: constraints.gatekeeper.sh/v1beta1 5 | kind: K8sRequiredLabels 6 | metadata: 7 | name: require-app-label 8 | spec: 9 | match: 10 | # NOTE: TKG deploys with pods which do not contain the app label, so we want to exclude them 11 | excludedNamespaces: 12 | - "kube-system" 13 | # TODO: elasticsearch and kibana are managed via the elastic operator. the kibana resource 14 | # fails to add the app label in the PodTemplate spec. find out why. 15 | - "tanzu-logging" 16 | - "istio-system" 17 | - "tanzu-spring-cloud-gateway" 18 | # KIND specific 19 | - "local-path-provisioner" 20 | - "local-path-storage" 21 | kinds: 22 | - apiGroups: ["extension", "apps"] 23 | kinds: 24 | - Deployment 25 | - apiGroups: [""] 26 | kinds: 27 | - Pod 28 | parameters: 29 | labels: ["app.kubernetes.io/name"] 30 | -------------------------------------------------------------------------------- /roles/components/core/admission-control/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_admission_control.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_admission_control.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "50m" 12 | tanzuLimitRangeDefaultMemoryLimit: "64Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "50m" 14 | tanzuLimitRangeDefaultMemoryRequest: "64Mi" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "4" 18 | tanzuResourceQuotaMemoryRequests: "4Gi" 19 | tanzuResourceQuotaCpuLimits: "4" 20 | tanzuResourceQuotaMemoryLimits: "4Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/application-pipeline/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: 5 | - component: "storage" 6 | priority: 100 7 | - component: "security" 8 | priority: 200 9 | - component: "ingress" 10 | priority: 400 11 | - component: "container-registry" 12 | priority: 500 13 | -------------------------------------------------------------------------------- /roles/components/core/application-pipeline/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/core/application-pipeline/demo/files/nexus/allow_anonymous.groovy: -------------------------------------------------------------------------------- 1 | import groovy.json.JsonSlurper 2 | 3 | parsed_args = new JsonSlurper().parseText(args) 4 | 5 | security.setAnonymousAccess(Boolean.valueOf(parsed_args.anonymous_access)) 6 | -------------------------------------------------------------------------------- /roles/components/core/application-pipeline/demo/tasks/sonarqube.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "wait for dns" 5 | import_role: 6 | name: "common/wait-for-dns" 7 | vars: 8 | hostname: "{{ tanzu_app_pipeline.code_analyzer.dns }}" 9 | -------------------------------------------------------------------------------- /roles/components/core/application-pipeline/demo/templates/config-jenkins-kaniko.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: docker-config 8 | namespace: {{ tanzu_app_pipeline.namespace }} 9 | data: 10 | # echo -n username:docker-access-token | base64 11 | ## consideration to use internal registry 12 | ## {{ tanzu_container_registry.core.dns }} 13 | ## {{ tanzu_container_registry.registry.resource_name }} 14 | ## https://index.docker.io/v1/ 15 | config.json: |- 16 | { 17 | "auths": { 18 | "{{ tanzu_container_registry.core.dns }}": { 19 | "auth": "{{ (tanzu_container_registry.admin_username + ':' + tanzu_container_registry.admin_password) | b64encode }}" 20 | } 21 | }, 22 | "HttpHeaders": { 23 | "User-Agent": "Docker-Client/18.09.7 (linux)" 24 | } 25 | } 26 | 27 | 28 | -------------------------------------------------------------------------------- /roles/components/core/application-pipeline/demo/templates/tanzu-namespace-jenkins-prod.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_app_pipeline.ci.demo.prod_namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_app_pipeline.ci.demo.prod_namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "1000m" 12 | tanzuLimitRangeDefaultMemoryLimit: "1Gi" 13 | tanzuLimitRangeDefaultCpuRequest: "100m" 14 | tanzuLimitRangeDefaultMemoryRequest: "256Mi" 15 | tanzuLimitRangeMaxCpuLimit: "2000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "6" 18 | tanzuResourceQuotaMemoryRequests: "10Gi" 19 | tanzuResourceQuotaCpuLimits: "8" 20 | tanzuResourceQuotaMemoryLimits: "16Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/application-pipeline/demo/templates/tanzu-namespace-jenkins-sit.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_app_pipeline.ci.demo.sit_namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_app_pipeline.ci.demo.sit_namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "1000m" 12 | tanzuLimitRangeDefaultMemoryLimit: "1Gi" 13 | tanzuLimitRangeDefaultCpuRequest: "100m" 14 | tanzuLimitRangeDefaultMemoryRequest: "256Mi" 15 | tanzuLimitRangeMaxCpuLimit: "2000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "6" 18 | tanzuResourceQuotaMemoryRequests: "10Gi" 19 | tanzuResourceQuotaCpuLimits: "8" 20 | tanzuResourceQuotaMemoryLimits: "16Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/application-pipeline/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/components/core/application-pipeline/tasks/jenkins.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "ensure jenkins exists" 5 | import_role: 6 | name: "common/manifest-file-with-wait" 7 | vars: 8 | manifest_description: "jenkins" 9 | manifest_template: "app-jenkins.yaml.j2" 10 | manifest_file: "app-jenkins.yaml" 11 | manifest_staging_dir: "{{ tanzu_app_pipeline.staging_dir }}" 12 | 13 | - name: "ensure dns resolvability for jenkins" 14 | import_role: 15 | name: "common/etc-hosts" 16 | vars: 17 | ip: "{{ ingress_ip }}" 18 | fqdn: "{{ tanzu_app_pipeline.ci.dns }}" 19 | -------------------------------------------------------------------------------- /roles/components/core/application-pipeline/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # 5 | # NAMESPACE 6 | # 7 | - name: "ensure manifest staging directory exists" 8 | import_role: 9 | name: "common/staging-directory" 10 | vars: 11 | staging_dir: "{{ tanzu_app_pipeline.staging_dir }}" 12 | 13 | - name: "create namespace" 14 | import_role: 15 | name: "common/namespace" 16 | vars: 17 | namespace: "{{ tanzu_app_pipeline.namespace }}" 18 | namespace_template_file: "tanzu-namespace.yaml.j2" 19 | namespace_file: "{{ tanzu_app_pipeline.staging_dir }}/tanzu-namespace.yaml" 20 | 21 | # 22 | # DEPLOY TOOLCHAINS 23 | # 24 | - name: "get the ingress ip" 25 | import_role: 26 | name: "common/ingress-ip" 27 | 28 | - name: "deploy toolchains" 29 | include_tasks: "{{ item }}.yaml" 30 | with_items: 31 | - gitea 32 | - sonatype-nexus 33 | - sonarqube 34 | - jenkins 35 | -------------------------------------------------------------------------------- /roles/components/core/application-pipeline/tasks/sonatype-nexus.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "ensure sonatype nexus exists" 5 | import_role: 6 | name: "common/manifest-file-with-wait" 7 | vars: 8 | manifest_description: "sonatype nexus" 9 | manifest_template: "app-sonatype-nexus.yaml.j2" 10 | manifest_file: "app-sonatype-nexus.yaml" 11 | manifest_staging_dir: "{{ tanzu_app_pipeline.staging_dir }}" 12 | 13 | - name: "ensure dns resolvability for sonatype nexus" 14 | import_role: 15 | name: "common/etc-hosts" 16 | vars: 17 | ip: "{{ ingress_ip }}" 18 | fqdn: "{{ tanzu_app_pipeline.artifact_repo.dns }}" 19 | -------------------------------------------------------------------------------- /roles/components/core/application-pipeline/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_app_pipeline.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_app_pipeline.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "200m" 12 | tanzuLimitRangeDefaultMemoryLimit: "512Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "100m" 14 | tanzuLimitRangeDefaultMemoryRequest: "256Mi" 15 | tanzuLimitRangeMaxCpuLimit: "3000m" 16 | tanzuLimitRangeMaxMemoryLimit: "2048Mi" 17 | tanzuResourceQuotaCpuRequests: "6" 18 | tanzuResourceQuotaMemoryRequests: "10Gi" 19 | tanzuResourceQuotaCpuLimits: "8" 20 | tanzuResourceQuotaMemoryLimits: "16Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: 5 | - component: "storage" 6 | priority: 100 7 | - component: "security" 8 | priority: 200 9 | - component: "ingress" 10 | priority: 400 11 | - component: "monitoring" 12 | priority: 500 13 | - component: "secret-management/hashicorp-vault" 14 | priority: 600 15 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/demo/files/README.md: -------------------------------------------------------------------------------- 1 | store manifests and configs in this directory 2 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/demo/files/test-data/department_01.json: -------------------------------------------------------------------------------- 1 | { "employees": [ { "age": 25, "id": 1, "name": "Smith", "position": "engineer" }, { "age": 45, "id": 2, "name": "Johns", "position": "manager" } ], "id": "1", "name": "RD Dept.", "organizationId": 1} -------------------------------------------------------------------------------- /roles/components/core/application-stack/demo/files/test-data/employee_01.json: -------------------------------------------------------------------------------- 1 | { "age": 25, "departmentId": 1, "id": "1", "name": "Smith", "organizationId": 1, "position": "engineer"} -------------------------------------------------------------------------------- /roles/components/core/application-stack/demo/files/test-data/employee_02.json: -------------------------------------------------------------------------------- 1 | { "age": 45, "departmentId": 1, "id": "2", "name": "Johns", "organizationId": 1, "position": "manager"} -------------------------------------------------------------------------------- /roles/components/core/application-stack/demo/files/test-data/organization_01.json: -------------------------------------------------------------------------------- 1 | { "address": "Main Street", "departments": [ { "employees": [ { "age": 25, "id": 1, "name": "Smith", "position": "engineer" } ], "id": 1, "name": "Smith" } ], "employees": [ { "age": 25, "id": 1, "name": "Smith", "position": "engineer" } ], "id": "1", "name": "MegaCorp"} -------------------------------------------------------------------------------- /roles/components/core/application-stack/demo/templates/post-data-job.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: batch/v1 5 | kind: Job 6 | metadata: 7 | name: post-data 8 | namespace: {{ tanzu_app_stack.gateway.namespace }} 9 | labels: 10 | app.kubernetes.io/name: "{{ tanzu_app_stack.demo.traffic_app_name }}" 11 | spec: 12 | template: 13 | metadata: 14 | labels: 15 | app.kubernetes.io/name: "{{ tanzu_app_stack.demo.traffic_app_name }}" 16 | spec: 17 | containers: 18 | - name: post-data 19 | image: demyx/utilities 20 | command: ["/bin/bash", "/script/post-data.sh"] 21 | volumeMounts: 22 | - name: script 23 | mountPath: "/script" 24 | restartPolicy: OnFailure 25 | volumes: 26 | - name: script 27 | configMap: 28 | name: post-data 29 | defaultMode: 0777 30 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/demo/templates/traffic-department-job.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: batch/v1 5 | kind: Job 6 | metadata: 7 | name: traffic-department 8 | namespace: {{ tanzu_app_stack.gateway.namespace }} 9 | labels: 10 | app.kubernetes.io/name: "{{ tanzu_app_stack.demo.traffic_app_name }}" 11 | spec: 12 | template: 13 | metadata: 14 | labels: 15 | app.kubernetes.io/name: "{{ tanzu_app_stack.demo.traffic_app_name }}" 16 | spec: 17 | containers: 18 | - name: vegeta 19 | image: peterevans/vegeta:6.9 20 | command: ["/bin/sh"] 21 | args: 22 | - "-c" 23 | - "echo 'GET http://gateway/{{ tanzu_app_stack.gateway.app_prefix }}/department/' | vegeta attack -rate={{ tanzu_app_stack.demo.traffic_rate }} -duration={{ tanzu_app_stack.demo.traffic_duration }} | tee results.bin | vegeta report --type json" 24 | restartPolicy: OnFailure 25 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/demo/templates/traffic-employee-job.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: batch/v1 5 | kind: Job 6 | metadata: 7 | name: traffic-employee 8 | namespace: {{ tanzu_app_stack.gateway.namespace }} 9 | labels: 10 | app.kubernetes.io/name: "{{ tanzu_app_stack.demo.traffic_app_name }}" 11 | spec: 12 | template: 13 | metadata: 14 | labels: 15 | app.kubernetes.io/name: "{{ tanzu_app_stack.demo.traffic_app_name }}" 16 | spec: 17 | containers: 18 | - name: vegeta 19 | image: peterevans/vegeta:6.9 20 | command: ["/bin/sh"] 21 | args: 22 | - "-c" 23 | - "echo 'GET http://gateway/{{ tanzu_app_stack.gateway.app_prefix }}/employee/' | vegeta attack -rate={{ tanzu_app_stack.demo.traffic_rate }} -duration={{ tanzu_app_stack.demo.traffic_duration }} | tee results.bin | vegeta report --type json" 24 | restartPolicy: OnFailure 25 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/demo/templates/traffic-organization-job.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: batch/v1 5 | kind: Job 6 | metadata: 7 | name: traffic-organization 8 | namespace: {{ tanzu_app_stack.gateway.namespace }} 9 | labels: 10 | app.kubernetes.io/name: "{{ tanzu_app_stack.demo.traffic_app_name }}" 11 | spec: 12 | template: 13 | metadata: 14 | labels: 15 | app.kubernetes.io/name: "{{ tanzu_app_stack.demo.traffic_app_name }}" 16 | spec: 17 | containers: 18 | - name: vegeta 19 | image: peterevans/vegeta:6.9 20 | command: ["/bin/sh"] 21 | args: 22 | - "-c" 23 | - "echo 'GET http://gateway/{{ tanzu_app_stack.gateway.app_prefix }}/organization/1/with-employees' | vegeta attack -rate={{ tanzu_app_stack.demo.traffic_rate }} -duration={{ tanzu_app_stack.demo.traffic_duration }} | tee results.bin | vegeta report --type json" 24 | restartPolicy: OnFailure 25 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/app/cluster-role.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | kind: ClusterRole 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | metadata: 7 | name: {{ tanzu_app_stack.resource_name }} 8 | labels: 9 | app.kubernetes.io/name: "{{ tanzu_app_stack.resource_name }}" 10 | rules: 11 | - apiGroups: 12 | - "" 13 | resources: 14 | - configmaps 15 | - pods 16 | - services 17 | - endpoints 18 | - secrets 19 | verbs: 20 | - get 21 | - list 22 | - watch 23 | - use 24 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/app/department/department-hpa.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: autoscaling/v1 5 | kind: HorizontalPodAutoscaler 6 | metadata: 7 | name: department 8 | namespace: {{ tanzu_app_stack.department.namespace }} 9 | spec: 10 | scaleTargetRef: 11 | apiVersion: apps/v1 12 | kind: Deployment 13 | name: department 14 | minReplicas: {{ tanzu_app_stack.department.min_replicas }} 15 | maxReplicas: {{ tanzu_app_stack.department.max_replicas }} 16 | targetCPUUtilizationPercentage: {{ tanzu_app_stack.department.target_utilization }} 17 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/app/department/department-rbac.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: ServiceAccount 6 | metadata: 7 | name: "{{ tanzu_app_stack.service_account }}" 8 | namespace: "{{ tanzu_app_stack.department.namespace }}" 9 | --- 10 | apiVersion: rbac.authorization.k8s.io/v1 11 | kind: ClusterRoleBinding 12 | metadata: 13 | name: {{ tanzu_app_stack.department.resource_name }} 14 | labels: 15 | app.kubernetes.io/name: "{{ tanzu_app_stack.resource_name }}" 16 | roleRef: 17 | apiGroup: rbac.authorization.k8s.io 18 | kind: ClusterRole 19 | name: {{ tanzu_app_stack.resource_name }} 20 | subjects: 21 | - kind: ServiceAccount 22 | name: {{ tanzu_app_stack.service_account }} 23 | namespace: {{ tanzu_app_stack.department.namespace }} 24 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/app/department/department-secret.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: department 8 | namespace: {{ tanzu_app_stack.department.namespace }} 9 | labels: 10 | app.kubernetes.io/name: "{{ tanzu_app_stack.department.resource_name }}" 11 | type: Opaque 12 | data: 13 | spring.data.mongodb.username: bW9uZ28tYWRtaW4= 14 | spring.data.mongodb.password: bW9uZ28tYWRtaW4tcGFzc3dvcmQ= 15 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/app/department/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_app_stack.department.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_app_stack.department.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "50m" 12 | tanzuLimitRangeDefaultMemoryLimit: "64Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "50m" 14 | tanzuLimitRangeDefaultMemoryRequest: "64Mi" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "4" 18 | tanzuResourceQuotaMemoryRequests: "4Gi" 19 | tanzuResourceQuotaCpuLimits: "4" 20 | tanzuResourceQuotaMemoryLimits: "4Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/app/employee/employee-hpa.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: autoscaling/v1 5 | kind: HorizontalPodAutoscaler 6 | metadata: 7 | name: employee 8 | namespace: {{ tanzu_app_stack.employee.namespace }} 9 | spec: 10 | scaleTargetRef: 11 | apiVersion: apps/v1 12 | kind: Deployment 13 | name: employee 14 | minReplicas: {{ tanzu_app_stack.employee.min_replicas }} 15 | maxReplicas: {{ tanzu_app_stack.employee.max_replicas }} 16 | targetCPUUtilizationPercentage: {{ tanzu_app_stack.employee.target_utilization }} 17 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/app/employee/employee-rbac.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: ServiceAccount 6 | metadata: 7 | name: "{{ tanzu_app_stack.service_account }}" 8 | namespace: "{{ tanzu_app_stack.employee.namespace }}" 9 | --- 10 | apiVersion: rbac.authorization.k8s.io/v1 11 | kind: ClusterRoleBinding 12 | metadata: 13 | name: {{ tanzu_app_stack.employee.resource_name }} 14 | labels: 15 | app.kubernetes.io/name: "{{ tanzu_app_stack.resource_name }}" 16 | roleRef: 17 | apiGroup: rbac.authorization.k8s.io 18 | kind: ClusterRole 19 | name: {{ tanzu_app_stack.resource_name }} 20 | subjects: 21 | - kind: ServiceAccount 22 | name: {{ tanzu_app_stack.service_account }} 23 | namespace: {{ tanzu_app_stack.employee.namespace }} 24 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/app/employee/employee-secret.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: employee 8 | namespace: {{ tanzu_app_stack.employee.namespace }} 9 | labels: 10 | app.kubernetes.io/name: "{{ tanzu_app_stack.employee.resource_name }}" 11 | type: Opaque 12 | data: 13 | spring.data.mongodb.username: bW9uZ28tYWRtaW4= 14 | spring.data.mongodb.password: bW9uZ28tYWRtaW4tcGFzc3dvcmQ= 15 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/app/employee/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_app_stack.employee.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_app_stack.employee.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "50m" 12 | tanzuLimitRangeDefaultMemoryLimit: "64Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "50m" 14 | tanzuLimitRangeDefaultMemoryRequest: "64Mi" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "4" 18 | tanzuResourceQuotaMemoryRequests: "4Gi" 19 | tanzuResourceQuotaCpuLimits: "4" 20 | tanzuResourceQuotaMemoryLimits: "4Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/app/gateway/gateway-hpa.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: autoscaling/v1 5 | kind: HorizontalPodAutoscaler 6 | metadata: 7 | name: gateway 8 | namespace: {{ tanzu_app_stack.gateway.namespace }} 9 | spec: 10 | scaleTargetRef: 11 | apiVersion: apps/v1 12 | kind: Deployment 13 | name: gateway 14 | minReplicas: {{ tanzu_app_stack.gateway.min_replicas }} 15 | maxReplicas: {{ tanzu_app_stack.gateway.max_replicas }} 16 | targetCPUUtilizationPercentage: {{ tanzu_app_stack.gateway.target_utilization }} 17 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/app/gateway/gateway-ingress.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: networking.k8s.io/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: gateway-ingress 8 | namespace: {{ tanzu_app_stack.gateway.namespace }} 9 | annotations: 10 | external-dns.alpha.kubernetes.io/target: "{{ tanzu_ingress.dns }}" 11 | labels: 12 | app.kubernetes.io/name: "{{ tanzu_app_stack.resource_name }}" 13 | spec: 14 | rules: 15 | - host: {{ tanzu_app_stack.gateway.dns }} 16 | http: 17 | paths: 18 | - backend: 19 | serviceName: gateway 20 | servicePort: 80 21 | path: / 22 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/app/gateway/gateway-rbac.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: ServiceAccount 6 | metadata: 7 | name: "{{ tanzu_app_stack.service_account }}" 8 | namespace: "{{ tanzu_app_stack.gateway.namespace }}" 9 | --- 10 | apiVersion: rbac.authorization.k8s.io/v1 11 | kind: ClusterRoleBinding 12 | metadata: 13 | name: {{ tanzu_app_stack.gateway.resource_name }} 14 | labels: 15 | app.kubernetes.io/name: "{{ tanzu_app_stack.resource_name }}" 16 | roleRef: 17 | apiGroup: rbac.authorization.k8s.io 18 | kind: ClusterRole 19 | name: {{ tanzu_app_stack.resource_name }} 20 | subjects: 21 | - kind: ServiceAccount 22 | name: {{ tanzu_app_stack.service_account }} 23 | namespace: {{ tanzu_app_stack.gateway.namespace }} 24 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/app/gateway/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_app_stack.gateway.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_app_stack.gateway.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "50m" 12 | tanzuLimitRangeDefaultMemoryLimit: "64Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "50m" 14 | tanzuLimitRangeDefaultMemoryRequest: "64Mi" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "4" 18 | tanzuResourceQuotaMemoryRequests: "4Gi" 19 | tanzuResourceQuotaCpuLimits: "4" 20 | tanzuResourceQuotaMemoryLimits: "4Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/app/organization/organization-hpa.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: autoscaling/v1 5 | kind: HorizontalPodAutoscaler 6 | metadata: 7 | name: organization 8 | namespace: {{ tanzu_app_stack.organization.namespace }} 9 | spec: 10 | scaleTargetRef: 11 | apiVersion: apps/v1 12 | kind: Deployment 13 | name: organization 14 | minReplicas: {{ tanzu_app_stack.organization.min_replicas }} 15 | maxReplicas: {{ tanzu_app_stack.organization.max_replicas }} 16 | targetCPUUtilizationPercentage: {{ tanzu_app_stack.organization.target_utilization }} 17 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/app/organization/organization-rbac.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: ServiceAccount 6 | metadata: 7 | name: "{{ tanzu_app_stack.service_account }}" 8 | namespace: "{{ tanzu_app_stack.organization.namespace }}" 9 | --- 10 | apiVersion: rbac.authorization.k8s.io/v1 11 | kind: ClusterRoleBinding 12 | metadata: 13 | name: {{ tanzu_app_stack.organization.resource_name }} 14 | labels: 15 | app.kubernetes.io/name: "{{ tanzu_app_stack.resource_name }}" 16 | roleRef: 17 | apiGroup: rbac.authorization.k8s.io 18 | kind: ClusterRole 19 | name: {{ tanzu_app_stack.resource_name }} 20 | subjects: 21 | - kind: ServiceAccount 22 | name: {{ tanzu_app_stack.service_account }} 23 | namespace: {{ tanzu_app_stack.organization.namespace }} 24 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/app/organization/organization-secret.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: organization 8 | namespace: {{ tanzu_app_stack.organization.namespace }} 9 | labels: 10 | app.kubernetes.io/name: "{{ tanzu_app_stack.organization.resource_name }}" 11 | type: Opaque 12 | data: 13 | spring.data.mongodb.username: bW9uZ28tYWRtaW4= 14 | spring.data.mongodb.password: bW9uZ28tYWRtaW4tcGFzc3dvcmQ= 15 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/app/organization/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_app_stack.organization.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_app_stack.organization.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "50m" 12 | tanzuLimitRangeDefaultMemoryLimit: "64Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "50m" 14 | tanzuLimitRangeDefaultMemoryRequest: "64Mi" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "4" 18 | tanzuResourceQuotaMemoryRequests: "4Gi" 19 | tanzuResourceQuotaCpuLimits: "4" 20 | tanzuResourceQuotaMemoryLimits: "4Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/db/mongodb-configmap.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: mongodb 8 | namespace: {{ tanzu_app_stack.mongodb.namespace }} 9 | labels: 10 | app.kubernetes.io/name: "{{ tanzu_app_stack.mongodb.resource_name }}" 11 | data: 12 | database-name: admin 13 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/db/mongodb-rbac.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: ServiceAccount 6 | metadata: 7 | name: "{{ tanzu_app_stack.service_account }}" 8 | namespace: "{{ tanzu_app_stack.mongodb.namespace }}" 9 | --- 10 | apiVersion: rbac.authorization.k8s.io/v1 11 | kind: ClusterRoleBinding 12 | metadata: 13 | name: {{ tanzu_app_stack.mongodb.resource_name }} 14 | labels: 15 | app.kubernetes.io/name: "{{ tanzu_app_stack.resource_name }}" 16 | roleRef: 17 | apiGroup: rbac.authorization.k8s.io 18 | kind: ClusterRole 19 | name: {{ tanzu_app_stack.resource_name }} 20 | subjects: 21 | - kind: ServiceAccount 22 | name: {{ tanzu_app_stack.service_account }} 23 | namespace: {{ tanzu_app_stack.mongodb.namespace }} 24 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/db/mongodb-secret.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: mongodb 8 | namespace: {{ tanzu_app_stack.mongodb.namespace }} 9 | labels: 10 | app.kubernetes.io/name: "{{ tanzu_app_stack.mongodb.resource_name }}" 11 | type: Opaque 12 | data: 13 | database-user: bW9uZ28tYWRtaW4= 14 | database-password: bW9uZ28tYWRtaW4tcGFzc3dvcmQ= 15 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/db/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_app_stack.mongodb.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_app_stack.mongodb.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "50m" 12 | tanzuLimitRangeDefaultMemoryLimit: "64Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "50m" 14 | tanzuLimitRangeDefaultMemoryRequest: "64Mi" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "4" 18 | tanzuResourceQuotaMemoryRequests: "4Gi" 19 | tanzuResourceQuotaCpuLimits: "4" 20 | tanzuResourceQuotaMemoryLimits: "4Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/monitoring/monitoring-ingress.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: networking.k8s.io/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: "{{ tanzu_app_stack.monitoring.resource_name }}" 8 | namespace: "{{ tanzu_app_stack.monitoring.namespace }}" 9 | annotations: 10 | external-dns.alpha.kubernetes.io/target: "{{ tanzu_ingress.dns }}" 11 | spec: 12 | rules: 13 | - http: 14 | paths: 15 | - path: / 16 | backend: 17 | serviceName: {{ tanzu_app_stack.monitoring.resource_name }} 18 | servicePort: 9090 19 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/monitoring/monitoring-rules.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: monitoring.coreos.com/v1 5 | kind: PrometheusRule 6 | metadata: 7 | labels: 8 | prometheus: "{{ tanzu_app_stack.monitoring.resource_name }}" 9 | app.kubernetes.io/name: prometheus 10 | role: alert-rules 11 | name: {{ tanzu_app_stack.monitoring.resource_name }} 12 | namespace: "{{ tanzu_app_stack.monitoring.namespace }}" 13 | spec: 14 | groups: 15 | - name: app-stack.rules 16 | rules: [] 17 | -------------------------------------------------------------------------------- /roles/components/core/application-stack/templates/monitoring/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_app_stack.monitoring.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_app_stack.monitoring.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "50m" 12 | tanzuLimitRangeDefaultMemoryLimit: "64Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "50m" 14 | tanzuLimitRangeDefaultMemoryRequest: "64Mi" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "4" 18 | tanzuResourceQuotaMemoryRequests: "4Gi" 19 | tanzuResourceQuotaCpuLimits: "4" 20 | tanzuResourceQuotaMemoryLimits: "4Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/autoscaling/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: 5 | - component: "security" 6 | priority: 100 7 | - component: "monitoring" 8 | priority: 200 9 | 10 | -------------------------------------------------------------------------------- /roles/components/core/autoscaling/common/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | tanzu_autoscaling: 5 | # common vars 6 | namespace: "tanzu-autoscaling" 7 | demo_namespace: "tanzu-demo" 8 | staging_dir: "{{ rpk_staging_dir }}/tanzu-autoscaling" 9 | 10 | # vertical pod autoscaler vars 11 | vpa: 12 | version: "0.9.0" 13 | -------------------------------------------------------------------------------- /roles/components/core/autoscaling/demo/templates/nginx-app.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: apps/v1 5 | kind: Deployment 6 | metadata: 7 | name: nginx 8 | labels: 9 | app.kubernetes.io/name: nginx 10 | namespace: {{ tanzu_autoscaling.demo_namespace }} 11 | spec: 12 | replicas: 1 13 | selector: 14 | matchLabels: 15 | app.kubernetes.io/name: nginx 16 | template: 17 | metadata: 18 | labels: 19 | app.kubernetes.io/name: nginx 20 | spec: 21 | containers: 22 | - name: nginx 23 | image: nginx:1.19 24 | ports: 25 | - containerPort: 80 26 | --- 27 | apiVersion: v1 28 | kind: Service 29 | metadata: 30 | name: nginx 31 | namespace: {{ tanzu_autoscaling.demo_namespace }} 32 | spec: 33 | ports: 34 | - port: 80 35 | selector: 36 | app.kubernetes.io/name: nginx 37 | 38 | -------------------------------------------------------------------------------- /roles/components/core/autoscaling/demo/templates/nginx-vpa.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | apiVersion: autoscaling.k8s.io/v1 4 | kind: VerticalPodAutoscaler 5 | metadata: 6 | name: nginx 7 | namespace: {{ tanzu_autoscaling.demo_namespace }} 8 | spec: 9 | targetRef: 10 | apiVersion: "apps/v1" 11 | kind: Deployment 12 | name: nginx 13 | updatePolicy: 14 | updateMode: "Initial" 15 | 16 | -------------------------------------------------------------------------------- /roles/components/core/autoscaling/demo/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | # see https://github.com/vmware-tanzu-labs/namespace-operator 4 | --- 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_workload_tenancy.demo_namespace }} 9 | spec: 10 | tanzuNamespaceName: {{ tanzu_workload_tenancy.demo_namespace }} 11 | tanzuLimitRangeDefaultCpuLimit: "50m" 12 | tanzuLimitRangeDefaultMemoryLimit: "64Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "50m" 14 | tanzuLimitRangeDefaultMemoryRequest: "64Mi" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "2" 18 | tanzuResourceQuotaMemoryRequests: "4Gi" 19 | tanzuResourceQuotaCpuLimits: "2" 20 | tanzuResourceQuotaMemoryLimits: "4Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/autoscaling/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | -------------------------------------------------------------------------------- /roles/components/core/autoscaling/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_autoscaling.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_autoscaling.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "50m" 12 | tanzuLimitRangeDefaultMemoryLimit: "64Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "50m" 14 | tanzuLimitRangeDefaultMemoryRequest: "64Mi" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "8" 18 | tanzuResourceQuotaMemoryRequests: "8Gi" 19 | tanzuResourceQuotaCpuLimits: "8" 20 | tanzuResourceQuotaMemoryLimits: "8Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/autoscaling/templates/vpa-webhook.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: admissionregistration.k8s.io/v1 5 | kind: MutatingWebhookConfiguration 6 | metadata: 7 | name: vpa-webhook-config 8 | annotations: 9 | cert-manager.io/inject-ca-from: {{ tanzu_autoscaling.namespace }}/vpa-webhook 10 | webhooks: 11 | - name: vpa.k8s.io 12 | admissionReviewVersions: 13 | - v1beta1 14 | rules: 15 | - operations: ["CREATE"] 16 | apiGroups: [""] 17 | apiVersions: ["v1"] 18 | resources: ["pods"] 19 | - operations: ["CREATE", "UPDATE"] 20 | apiGroups: ["autoscaling.k8s.io"] 21 | apiVersions: ["*"] 22 | resources: ["verticalpodautoscalers"] 23 | failurePolicy: "Ignore" 24 | clientConfig: 25 | service: 26 | namespace: {{ tanzu_autoscaling.namespace }} 27 | name: vpa-webhook 28 | sideEffects: None 29 | timeoutSeconds: 5 30 | 31 | -------------------------------------------------------------------------------- /roles/components/core/autoscaling/validate/Dockerfile: -------------------------------------------------------------------------------- 1 | # must match spec.volumeMounts[0].mountPath in sonobuoy config 2 | ARG resultsDir="/tmp/results" 3 | 4 | # build 5 | FROM golang:1.15 AS builder 6 | WORKDIR /test 7 | COPY . /test/ 8 | RUN CGO_ENABLED=0 go build -o /bin/run ./main.go 9 | 10 | # runtime 11 | FROM alpine:3.12 12 | WORKDIR /test 13 | 14 | RUN addgroup -S nonroot && adduser -S nonroot -G nonroot 15 | 16 | COPY --from=builder --chown=nonroot:nonroot /bin/run /test/run 17 | 18 | USER nonroot:nonroot 19 | CMD ["/test/run"] 20 | 21 | -------------------------------------------------------------------------------- /roles/components/core/autoscaling/validate/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/vmware-tanzu-labs/reference-platform-for-kubernetes/roles/components/core/autoscaling/validate 2 | 3 | go 1.15 4 | 5 | require ( 6 | gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 7 | k8s.io/api v0.19.2 8 | k8s.io/apimachinery v0.19.2 9 | k8s.io/autoscaler/vertical-pod-autoscaler v0.9.0 10 | k8s.io/client-go v0.19.2 11 | ) 12 | -------------------------------------------------------------------------------- /roles/components/core/autoscaling/validate/sonobuoy-plugin.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | sonobuoy-config: 5 | driver: Job 6 | plugin-name: rpk-autoscaling 7 | result-format: manual 8 | spec: 9 | image: cloudnativereadiness/rpk-autoscaling-validate:0.1 10 | name: plugin 11 | resources: {} 12 | # mountPath must match resultsDir build arg for docker image 13 | volumeMounts: 14 | - mountPath: /tmp/results 15 | name: results 16 | 17 | -------------------------------------------------------------------------------- /roles/components/core/container-registry/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: 5 | - component: "storage" 6 | priority: 100 7 | - component: "security" 8 | priority: 200 9 | - component: "ingress" 10 | priority: 400 11 | -------------------------------------------------------------------------------- /roles/components/core/container-registry/clean/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "ensure the pod security policy is removed" 5 | k8s: 6 | state: "absent" 7 | context: "{{ tanzu_kubectl_context }}" 8 | kind: "PodSecurityPolicy" 9 | name: "harbor-psp" 10 | api_version: "policy/v1beta1" 11 | 12 | - name: "ensure the cluster-wide rbac resources are removed" 13 | k8s: 14 | state: "absent" 15 | context: "{{ tanzu_kubectl_context }}" 16 | kind: "{{ item.kind }}" 17 | name: "{{ item.name }}" 18 | with_items: 19 | - name: "harbor-psp" 20 | kind: "ClusterRole" 21 | - name: "harbor-psp" 22 | kind: "ClusterRoleBinding" 23 | 24 | - name: "ensure the namespace is removed" 25 | import_role: 26 | name: "common/namespace/clean" 27 | vars: 28 | namespace: "{{ tanzu_container_registry.namespace }}" 29 | -------------------------------------------------------------------------------- /roles/components/core/container-registry/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | 6 | -------------------------------------------------------------------------------- /roles/components/core/container-registry/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/components/core/container-registry/templates/harbor-podsecuritypolicy.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: policy/v1beta1 5 | kind: PodSecurityPolicy 6 | metadata: 7 | name: harbor-psp 8 | spec: 9 | seLinux: 10 | rule: RunAsAny 11 | supplementalGroups: 12 | rule: RunAsAny 13 | runAsUser: 14 | rule: RunAsAny 15 | fsGroup: 16 | rule: RunAsAny 17 | volumes: 18 | - '*' 19 | --- 20 | apiVersion: rbac.authorization.k8s.io/v1 21 | kind: ClusterRole 22 | metadata: 23 | name: harbor-psp 24 | rules: 25 | - apiGroups: ['policy'] 26 | resources: ['podsecuritypolicies'] 27 | verbs: ['use'] 28 | resourceNames: 29 | - harbor-psp 30 | --- 31 | apiVersion: rbac.authorization.k8s.io/v1 32 | kind: ClusterRoleBinding 33 | metadata: 34 | name: harbor-psp 35 | roleRef: 36 | kind: ClusterRole 37 | name: harbor-psp 38 | apiGroup: rbac.authorization.k8s.io 39 | subjects: 40 | - kind: ServiceAccount 41 | name: default 42 | namespace: "{{ tanzu_container_registry.namespace }}" 43 | -------------------------------------------------------------------------------- /roles/components/core/identity/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: 5 | - component: "security" 6 | priority: 200 7 | - component: "ingress" 8 | priority: 400 9 | -------------------------------------------------------------------------------- /roles/components/core/identity/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/core/identity/demo/templates/ldap-config-demo.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | {% for user in tanzu_identity.demo_users %} 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1beta1 6 | kind: ClusterRoleBinding 7 | metadata: 8 | name: {{ user.clusterrolebinding }} 9 | namespace: {{ tanzu_identity.namespace }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: {{ user.clusterrole }} 14 | subjects: 15 | - kind: User 16 | name: {{ user.email }} 17 | {% endfor %} 18 | -------------------------------------------------------------------------------- /roles/components/core/identity/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/components/core/identity/templates/ingress-dex.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | kind: Ingress 5 | apiVersion: extensions/v1beta1 6 | metadata: 7 | name: dex 8 | namespace: "{{ tanzu_identity.namespace }}" 9 | annotations: 10 | external-dns.alpha.kubernetes.io/target: "{{ tanzu_ingress.dns }}" 11 | spec: 12 | rules: 13 | - host: "{{ tanzu_identity.dex.dns }}" 14 | http: 15 | paths: 16 | - path: / 17 | backend: 18 | serviceName: dex 19 | servicePort: 80 20 | tls: 21 | - hosts: 22 | - "{{ tanzu_identity.dex.dns }}" 23 | secretName: dex-cert-tls 24 | -------------------------------------------------------------------------------- /roles/components/core/identity/templates/ingress-gangway.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: networking.k8s.io/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: gangway 8 | namespace: "{{ tanzu_identity.namespace }}" 9 | annotations: 10 | external-dns.alpha.kubernetes.io/target: "{{ tanzu_ingress.dns }}" 11 | spec: 12 | rules: 13 | - host: "{{ tanzu_identity.gangway.dns }}" 14 | http: 15 | paths: 16 | - path: / 17 | backend: 18 | serviceName: gangway 19 | servicePort: 80 20 | tls: 21 | - hosts: 22 | - "{{ tanzu_identity.gangway.dns }}" 23 | secretName: gangway-cert-tls 24 | -------------------------------------------------------------------------------- /roles/components/core/identity/templates/rbac-ldap.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | kind: ClusterRole 6 | metadata: 7 | name: tanzu-admin 8 | rules: 9 | - apiGroups: 10 | - '*' 11 | resources: 12 | - '*' 13 | verbs: 14 | - '*' 15 | - nonResourceURLs: 16 | - '*' 17 | verbs: 18 | - '*' 19 | --- 20 | apiVersion: rbac.authorization.k8s.io/v1beta1 21 | kind: ClusterRoleBinding 22 | metadata: 23 | name: tanzu-admin 24 | namespace: {{ tanzu_identity.namespace }} 25 | roleRef: 26 | apiGroup: rbac.authorization.k8s.io 27 | kind: ClusterRole 28 | name: tanzu-admin 29 | subjects: 30 | - kind: User 31 | name: {{ tanzu_identity.ldap.admin_user }} 32 | -------------------------------------------------------------------------------- /roles/components/core/identity/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_identity.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_identity.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "50m" 12 | tanzuLimitRangeDefaultMemoryLimit: "64Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "50m" 14 | tanzuLimitRangeDefaultMemoryRequest: "64Mi" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "6" 18 | tanzuResourceQuotaMemoryRequests: "8Gi" 19 | tanzuResourceQuotaCpuLimits: "6" 20 | tanzuResourceQuotaMemoryLimits: "8Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/ingress/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: 5 | - component: "security" 6 | priority: 200 7 | -------------------------------------------------------------------------------- /roles/components/core/ingress/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/core/ingress/demo/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_ingress.demo.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_ingress.demo.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "{{ tanzu_ingress.default_resources.limits.cpu }}" 12 | tanzuLimitRangeDefaultMemoryLimit: "{{ tanzu_ingress.default_resources.limits.memory }}" 13 | tanzuLimitRangeDefaultCpuRequest: "{{ tanzu_ingress.default_resources.requests.cpu }}" 14 | tanzuLimitRangeDefaultMemoryRequest: "{{ tanzu_ingress.default_resources.requests.memory }}" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "8" 18 | tanzuResourceQuotaMemoryRequests: "16Gi" 19 | tanzuResourceQuotaCpuLimits: "8" 20 | tanzuResourceQuotaMemoryLimits: "16Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/ingress/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "echo unsupported message" 5 | debug: 6 | msg: "DNS Provider {{ tanzu_ingress.external_dns.provider }} is not currently supported" 7 | verbosity: 0 8 | when: tanzu_ingress.external_dns.provider not in tanzu_ingress.external_dns.supported_providers 9 | 10 | - name: "check for aws_secret_key and aws_access_key" 11 | fail: 12 | msg: "must define both of aws_secret_key and aws_access_key for route53 dns provider" 13 | when: 14 | - (tanzu_ingress.aws_secret_key == '') or (tanzu_ingress.aws_access_key == '') 15 | - tanzu_ingress.external_dns.provider == 'route53' 16 | -------------------------------------------------------------------------------- /roles/components/core/ingress/tasks/external-dns-active-directory.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | -------------------------------------------------------------------------------- /roles/components/core/ingress/tasks/external-dns-azure.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "ensure azure external-dns is deployed" 5 | include_role: 6 | name: "common/manifest-file-with-wait" 7 | vars: 8 | manifest_description: "{{ manifest.description }}" 9 | manifest_template: "{{ manifest.template }}" 10 | manifest_staging_dir: "{{ tanzu_ingress.staging_dir }}" 11 | with_items: 12 | - description: "external-dns azure provider" 13 | template: "app-external-dns-azure.yaml.j2" 14 | loop_control: 15 | loop_var: "manifest" 16 | label: "{{ manifest.template }}" 17 | -------------------------------------------------------------------------------- /roles/components/core/ingress/tasks/external-dns-internal.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "ensure internal external-dns provider config map is deployed" 5 | include_role: 6 | name: "common/manifest-file-with-wait" 7 | vars: 8 | manifest_description: "bind config map" 9 | manifest_template: "config-bind.yaml.j2" 10 | manifest_staging_dir: "{{ tanzu_ingress.staging_dir }}" 11 | manifest_variable_start_string: "<<" 12 | manifest_variable_end_string: ">>" 13 | 14 | - name: "ensure internal external-dns provider manifests are deployed" 15 | include_role: 16 | name: "common/manifest-file-with-wait" 17 | vars: 18 | manifest_description: "external-dns internal provider" 19 | manifest_template: "app-external-dns-internal.yaml.j2" 20 | manifest_staging_dir: "{{ tanzu_ingress.staging_dir }}" 21 | -------------------------------------------------------------------------------- /roles/components/core/ingress/tasks/external-dns-route53.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "ensure the aws route53 dns zone exists" 5 | route53_zone: 6 | state: "present" 7 | zone: "{{ tanzu_ingress_domain }}" 8 | comment: "aws route53 zone for tanzu cluster {{ tanzu_cluster_name }}" 9 | aws_access_key: "{{ aws_access_key }}" 10 | aws_secret_key: "{{ aws_secret_key }}" 11 | register: _dns_zone 12 | when: _dns_zone is not defined 13 | 14 | - name: "ensure route53 external-dns is deployed" 15 | include_role: 16 | name: "common/manifest-file-with-wait" 17 | vars: 18 | manifest_description: "{{ manifest.description }}" 19 | manifest_template: "{{ manifest.template }}" 20 | manifest_staging_dir: "{{ tanzu_ingress.staging_dir }}" 21 | with_items: 22 | - description: "external-dns route53 provider" 23 | template: "app-external-dns-route53.yaml.j2" 24 | loop_control: 25 | loop_var: "manifest" 26 | label: "{{ manifest.template }}" 27 | -------------------------------------------------------------------------------- /roles/components/core/ingress/templates/patch-envoy-kind.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: apps/v1 5 | kind: DaemonSet 6 | metadata: 7 | name: envoy 8 | namespace: "{{ tanzu_ingress.namespace }}" 9 | spec: 10 | template: 11 | spec: 12 | containers: 13 | - name: envoy 14 | ports: 15 | - containerPort: 8080 16 | hostPort: 80 17 | name: http 18 | protocol: TCP 19 | - containerPort: 8443 20 | hostPort: 443 21 | name: https 22 | protocol: TCP 23 | -------------------------------------------------------------------------------- /roles/components/core/ingress/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_ingress.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_ingress.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "{{ tanzu_ingress.default_resources.limits.cpu }}" 12 | tanzuLimitRangeDefaultMemoryLimit: "{{ tanzu_ingress.default_resources.limits.memory }}" 13 | tanzuLimitRangeDefaultCpuRequest: "{{ tanzu_ingress.default_resources.requests.cpu }}" 14 | tanzuLimitRangeDefaultMemoryRequest: "{{ tanzu_ingress.default_resources.requests.memory }}" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "8" 18 | tanzuResourceQuotaMemoryRequests: "16Gi" 19 | tanzuResourceQuotaCpuLimits: "8" 20 | tanzuResourceQuotaMemoryLimits: "16Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/ingress/validate/Dockerfile: -------------------------------------------------------------------------------- 1 | # must match spec.volumeMounts[0].mountPath in sonobuoy config 2 | ARG resultsDir="/tmp/results" 3 | 4 | # build 5 | FROM golang:1.15 AS builder 6 | WORKDIR /test 7 | COPY . /test/ 8 | RUN CGO_ENABLED=0 go build -o /bin/run ./main.go 9 | 10 | # runtime 11 | FROM alpine:3.12 12 | WORKDIR /test 13 | 14 | RUN addgroup -S nonroot && adduser -S nonroot -G nonroot 15 | 16 | COPY --from=builder --chown=nonroot:nonroot /bin/run /test/run 17 | 18 | USER nonroot:nonroot 19 | CMD ["/test/run"] 20 | 21 | -------------------------------------------------------------------------------- /roles/components/core/ingress/validate/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/vmware-tanzu-labs/reference-platform-for-kubernetes/roles/components/core/ingress/validate 2 | 3 | go 1.15 4 | 5 | require ( 6 | golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect 7 | gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 8 | k8s.io/api v0.19.2 9 | k8s.io/apimachinery v0.19.2 10 | k8s.io/client-go v0.19.2 11 | k8s.io/klog v1.0.0 // indirect 12 | k8s.io/utils v0.0.0-20201027101359-01387209bb0d // indirect 13 | ) 14 | -------------------------------------------------------------------------------- /roles/components/core/ingress/validate/sonobuoy-plugin.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | sonobuoy-config: 5 | driver: Job 6 | plugin-name: rpk-ingress 7 | result-format: manual 8 | spec: 9 | image: cloudnativereadiness/rpk-ingress-validate:0.1 10 | name: plugin 11 | resources: {} 12 | # mountPath must match resultsDir build arg for docker image 13 | volumeMounts: 14 | - mountPath: /tmp/results 15 | name: results 16 | 17 | -------------------------------------------------------------------------------- /roles/components/core/logging/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: 5 | - component: "storage" 6 | priority: 100 7 | - component: "security" 8 | priority: 200 9 | - component: "ingress" 10 | priority: 400 11 | -------------------------------------------------------------------------------- /roles/components/core/logging/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/core/logging/demo/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "wait for dns" 5 | import_role: 6 | name: "common/wait-for-dns" 7 | vars: 8 | hostname: "{{ tanzu_logging.dns }}" 9 | 10 | - name: "ensure the dashboard is available" 11 | uri: 12 | url: "https://{{ tanzu_logging.dns }}" 13 | validate_certs: false 14 | 15 | - name: "print the dashboard access information" 16 | debug: 17 | msg: 18 | - "User: {{ tanzu_logging.elastic.user }}" 19 | - "Password: {{ tanzu_logging.elastic.password }}" 20 | - "You can access the Kibana Dashboard at URL http://{{ tanzu_logging.dns }}" 21 | verbosity: 0 22 | -------------------------------------------------------------------------------- /roles/components/core/logging/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/components/core/logging/templates/config-elastic.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | data: 6 | elastic: "{{ tanzu_logging.elastic.password | b64encode }}" 7 | kind: Secret 8 | metadata: 9 | name: elasticsearch-es-elastic-user 10 | namespace: "{{ tanzu_logging.namespace }}" 11 | -------------------------------------------------------------------------------- /roles/components/core/logging/templates/psp-fluent-bit.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: policy/v1beta1 5 | kind: PodSecurityPolicy 6 | metadata: 7 | name: fluent-bit-psp 8 | spec: 9 | seLinux: 10 | rule: RunAsAny 11 | supplementalGroups: 12 | rule: RunAsAny 13 | runAsUser: 14 | rule: RunAsAny 15 | fsGroup: 16 | rule: RunAsAny 17 | volumes: 18 | - '*' 19 | --- 20 | apiVersion: rbac.authorization.k8s.io/v1 21 | kind: ClusterRole 22 | metadata: 23 | name: fluent-bit-psp 24 | rules: 25 | - apiGroups: 26 | - policy 27 | resources: 28 | - podsecuritypolicies 29 | verbs: 30 | - use 31 | resourceNames: 32 | - fluent-bit-psp 33 | --- 34 | apiVersion: rbac.authorization.k8s.io/v1 35 | kind: ClusterRoleBinding 36 | metadata: 37 | name: fluent-bit-psp 38 | roleRef: 39 | kind: ClusterRole 40 | name: fluent-bit-psp 41 | apiGroup: rbac.authorization.k8s.io 42 | subjects: 43 | - kind: ServiceAccount 44 | name: fluent-bit 45 | namespace: "{{ tanzu_logging.namespace }}" 46 | -------------------------------------------------------------------------------- /roles/components/core/logging/templates/resource-quota-ephemeral.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: ResourceQuota 6 | metadata: 7 | name: ephemeral-storage 8 | namespace: "{{ tanzu_logging.namespace }}" 9 | spec: 10 | hard: 11 | limits.ephemeral-storage: 4Gi 12 | -------------------------------------------------------------------------------- /roles/components/core/logging/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_logging.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_logging.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "50m" 12 | tanzuLimitRangeDefaultMemoryLimit: "64Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "50m" 14 | tanzuLimitRangeDefaultMemoryRequest: "64Mi" 15 | tanzuLimitRangeMaxCpuLimit: "2000m" 16 | tanzuLimitRangeMaxMemoryLimit: "4096Mi" 17 | tanzuResourceQuotaCpuRequests: "6" 18 | tanzuResourceQuotaMemoryRequests: "8Gi" 19 | tanzuResourceQuotaCpuLimits: "6" 20 | tanzuResourceQuotaMemoryLimits: "8Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/monitoring/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: 5 | - component: "storage" 6 | priority: 100 7 | - component: "security" 8 | priority: 200 9 | - component: "ingress" 10 | priority: 400 11 | -------------------------------------------------------------------------------- /roles/components/core/monitoring/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/core/monitoring/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/components/core/monitoring/templates/datasources.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": 1, 3 | "datasources": [ 4 | { 5 | "access": "proxy", 6 | "editable": false, 7 | "name": "prometheus", 8 | "orgId": 1, 9 | "type": "prometheus", 10 | "url": "http://prometheus-k8s.{{ tanzu_monitoring.namespace }}.svc:9090", 11 | "version": 1 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /roles/components/core/monitoring/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_monitoring.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_monitoring.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "50m" 12 | tanzuLimitRangeDefaultMemoryLimit: "64Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "50m" 14 | tanzuLimitRangeDefaultMemoryRequest: "64Mi" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "2048Mi" 17 | tanzuResourceQuotaCpuRequests: "6" 18 | tanzuResourceQuotaMemoryRequests: "16Gi" 19 | tanzuResourceQuotaCpuLimits: "6" 20 | tanzuResourceQuotaMemoryLimits: "16Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/networking/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: [] 5 | -------------------------------------------------------------------------------- /roles/components/core/networking/clean/tasks/antrea.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "ensure the antrea cluster network policy is removed" 5 | k8s: 6 | state: "absent" 7 | context: "{{ tanzu_kubectl_context }}" 8 | kind: "ClusterNetworkPolicy" 9 | name: "tanzu-global-deny-all" 10 | api_version: "security.antrea.tanzu.vmware.com/v1alpha1" 11 | -------------------------------------------------------------------------------- /roles/components/core/networking/clean/tasks/calico.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "ensure the calico global network policy is removed" 5 | k8s: 6 | state: "absent" 7 | context: "{{ tanzu_kubectl_context }}" 8 | kind: "GlobalNetworkPolicy" 9 | name: "tanzu-global-deny-all" 10 | api_version: "crd.projectcalico.org/v1" 11 | -------------------------------------------------------------------------------- /roles/components/core/networking/clean/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "determine the cluster cni" 5 | import_role: 6 | name: "common/cluster-cni" 7 | 8 | - name: "run only when a global or cluster policy is defined" 9 | block: 10 | - name: "run calico tasks" 11 | import_tasks: "calico.yaml" 12 | when: _cluster_cni == 'calico' 13 | 14 | - name: "run antrea tasks" 15 | import_tasks: "antrea.yaml" 16 | when: _cluster_cni == 'antrea' 17 | when: _cluster_cni is defined 18 | 19 | - name: "ensure the namespace is removed" 20 | import_role: 21 | name: "common/namespace/clean" 22 | vars: 23 | namespace: "{{ tanzu_networking.namespace }}" 24 | -------------------------------------------------------------------------------- /roles/components/core/networking/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/core/networking/demo/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | -------------------------------------------------------------------------------- /roles/components/core/networking/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/components/core/networking/templates/antrea-configmap-enable-cnp.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: "{{ _antrea_configmap_name }}" 8 | namespace: kube-system 9 | data: 10 | antrea-agent.conf: | 11 | serviceCIDR: "{{ _cluster_network_cidr }}" 12 | tunnelType: "{{ _antrea_tunnel_protocol | default(tanzu_networking.antrea_tunnel_protocol) }}" 13 | featureGates: 14 | {{ _antrea_crd_policy | default(tanzu_networking.antrea_crd_policy) }}: true 15 | antrea-controller.conf: | 16 | featureGates: 17 | {{ _antrea_crd_policy | default(tanzu_networking.antrea_crd_policy) }}: true 18 | selfSignedCert: true -------------------------------------------------------------------------------- /roles/components/core/networking/templates/ippool-default-patch.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: crd.projectcalico.org/v1 5 | kind: IPPool 6 | metadata: 7 | name: default-ipv4-ippool 8 | spec: 9 | ipipMode: {{ calico_ipip_mode }} 10 | Vxlan Mode: {{ calico_vxlan_mode }} 11 | -------------------------------------------------------------------------------- /roles/components/core/networking/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | # see https://github.com/vmware-tanzu-labs/namespace-operator 4 | --- 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_networking.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_networking.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "50m" 12 | tanzuLimitRangeDefaultMemoryLimit: "64Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "50m" 14 | tanzuLimitRangeDefaultMemoryRequest: "64Mi" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "2" 18 | tanzuResourceQuotaMemoryRequests: "4Gi" 19 | tanzuResourceQuotaCpuLimits: "2" 20 | tanzuResourceQuotaMemoryLimits: "4Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/secret-management/etcd-encryption/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: [] 5 | -------------------------------------------------------------------------------- /roles/components/core/secret-management/etcd-encryption/common/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | tanzu_secrets: 5 | namespace: "tanzu-secrets" 6 | workload_cluster_namespace: "default" 7 | etcd_encryption_conf_path: "/etc/kubernetes/pki/secrets/encryption-config.yaml" 8 | staging_dir: "{{ rpk_staging_dir }}/tanzu-secrets" 9 | -------------------------------------------------------------------------------- /roles/components/core/secret-management/etcd-encryption/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | k8s_apiserver_manifest_path: "/etc/kubernetes/manifests/kube-apiserver.yaml" 5 | etcd_cert_dir: "/etc/kubernetes/pki/etcd" 6 | -------------------------------------------------------------------------------- /roles/components/core/secret-management/etcd-encryption/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/components/core/secret-management/etcd-encryption/templates/remove-encryption-config-kacp.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | 4 | #@ load("@ytt:overlay", "overlay") 5 | 6 | #@ def is_encryption_config(i, left, right): 7 | #@ path = dict(left)["path"] 8 | #@ return path == "{{ tanzu_secrets.etcd_encryption_conf_path }}" 9 | #@ end 10 | 11 | #@overlay/match by=overlay.subset({"kind":"KubeadmControlPlane"}) 12 | --- 13 | spec: 14 | kubeadmConfigSpec: 15 | #@overlay/match missing_ok=True 16 | files: 17 | #@overlay/match by=is_encryption_config 18 | #@overlay/remove 19 | - (this value is ignored) 20 | -------------------------------------------------------------------------------- /roles/components/core/secret-management/etcd-encryption/templates/values.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | 4 | #@data/values 5 | #@overlay/match-child-defaults missing_ok=True 6 | --- 7 | secret_name: {{ secret_name }} 8 | secret_key: {{ secret_key }} 9 | -------------------------------------------------------------------------------- /roles/components/core/secret-management/hashicorp-vault/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: 5 | - component: "storage" 6 | priority: 100 7 | - component: "security" 8 | priority: 200 9 | - component: "ingress" 10 | priority: 400 11 | -------------------------------------------------------------------------------- /roles/components/core/secret-management/hashicorp-vault/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/core/secret-management/hashicorp-vault/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "retrieve the hashicorp vault root token and unseal keys" 5 | import_role: 6 | name: "common/vault-secrets" 7 | 8 | - name: "obtain kubernetes port 443 tcp address" 9 | k8s_info: 10 | kind: "Service" 11 | namespace: "default" 12 | context: "{{ tanzu_kubectl_context }}" 13 | name: "kubernetes" 14 | register: _kubernetes_tcp_address_lookup 15 | changed_when: false 16 | 17 | - name: "set kubernetes port 443 tcp address" 18 | set_fact: 19 | _kubernetes_tcp_address: "{{ _kubernetes_tcp_address_lookup.resources[0].spec.clusterIP }}" 20 | changed_when: false 21 | -------------------------------------------------------------------------------- /roles/components/core/secret-management/hashicorp-vault/templates/injector-mutating-webhook.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: admissionregistration.k8s.io/v1beta1 5 | kind: MutatingWebhookConfiguration 6 | metadata: 7 | name: {{ tanzu_secrets.hashicorp_vault_injector.resource_name }} 8 | labels: 9 | app.kubernetes.io/name: {{ tanzu_secrets.hashicorp_vault_injector.resource_name }} 10 | app.kubernetes.io/instance: hashicorp 11 | webhooks: 12 | - name: vault.hashicorp.com 13 | clientConfig: 14 | service: 15 | name: {{ tanzu_secrets.hashicorp_vault_injector.resource_name }} 16 | namespace: {{ tanzu_secrets.namespace }} 17 | path: "/mutate" 18 | caBundle: 19 | rules: 20 | - operations: ["CREATE", "UPDATE"] 21 | apiGroups: [""] 22 | apiVersions: ["v1"] 23 | resources: ["pods"] 24 | -------------------------------------------------------------------------------- /roles/components/core/secret-management/hashicorp-vault/templates/server-ingress.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: networking.k8s.io/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: hashicorp-vault 8 | namespace: "{{ tanzu_secrets.namespace }}" 9 | annotations: 10 | external-dns.alpha.kubernetes.io/target: "{{ tanzu_ingress.dns }}" 11 | spec: 12 | rules: 13 | - host: "{{ tanzu_secrets.dns }}" 14 | http: 15 | paths: 16 | - path: / 17 | backend: 18 | serviceName: hashicorp-vault 19 | servicePort: 8200 20 | # 21 | # HTTPS 22 | # 23 | # - host: {{ tanzu_secrets.dns }} 24 | # http: 25 | # paths: 26 | # - path: / 27 | # backend: 28 | # serviceName: hashicorp-vault 29 | # servicePort: 8201 30 | -------------------------------------------------------------------------------- /roles/components/core/secret-management/hashicorp-vault/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_secrets.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_secrets.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "50m" 12 | tanzuLimitRangeDefaultMemoryLimit: "64Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "50m" 14 | tanzuLimitRangeDefaultMemoryRequest: "64Mi" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "2" 18 | tanzuResourceQuotaMemoryRequests: "4Gi" 19 | tanzuResourceQuotaCpuLimits: "2" 20 | tanzuResourceQuotaMemoryLimits: "4Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/security/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: [] 5 | -------------------------------------------------------------------------------- /roles/components/core/security/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/core/security/demo/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/components/core/security/tasks/deliver-ca.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # 5 | # PSP 6 | # 7 | - name: "ensure psp for certificate jobs exists" 8 | import_role: 9 | name: "common/manifest-file-with-wait" 10 | vars: 11 | manifest_description: "psp for certificate jobs" 12 | manifest_template: "psp-for-ca-jobs.yaml.j2" 13 | manifest_staging_dir: "{{ tanzu_security.staging_dir }}" 14 | 15 | # 16 | # CONTROL PLANE 17 | # 18 | - name: "deliver ca to control plane" 19 | include_tasks: deliver-ca-cp.yaml 20 | with_items: "{{ _control_plane_nodes.resources }}" 21 | 22 | # 23 | # DATA PLANE 24 | # 25 | - name: "deliver ca to data plane" 26 | include_tasks: "deliver-ca-dp.yaml" 27 | with_items: "{{ _worker_nodes.resources }}" 28 | -------------------------------------------------------------------------------- /roles/components/core/security/templates/cluster-issuers-ca-cert.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: cert-manager.io/v1alpha2 5 | kind: Certificate 6 | metadata: 7 | name: root-ca 8 | namespace: "{{ tanzu_security.namespace }}" 9 | spec: 10 | secretName: ca-keypair 11 | commonName: ca 12 | isCA: true 13 | issuerRef: 14 | name: self 15 | kind: ClusterIssuer 16 | -------------------------------------------------------------------------------- /roles/components/core/security/templates/cluster-issuers-ca-secret.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: ca-keypair 8 | namespace: "{{ tanzu_security.namespace }}" 9 | data: 10 | tls.crt: "{{ tanzu_security.ca.tls_root_ca_cert }}" 11 | tls.key: "{{ tanzu_security.ca.tls_root_ca_key }}" 12 | -------------------------------------------------------------------------------- /roles/components/core/security/templates/cluster-issuers-ca.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: cert-manager.io/v1alpha2 5 | kind: ClusterIssuer 6 | metadata: 7 | name: ca 8 | namespace: "{{ tanzu_security.namespace }}" 9 | spec: 10 | ca: 11 | secretName: ca-keypair 12 | -------------------------------------------------------------------------------- /roles/components/core/security/templates/cluster-issuers-letsencrypt-prod.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: cert-manager.io/v1alpha2 5 | kind: ClusterIssuer 6 | metadata: 7 | # This issuer has low thresholds for rate limits, 8 | # so only use once bugs have been worked out for ingress stanzas 9 | name: letsencrypt-prod 10 | spec: 11 | acme: 12 | server: https://acme-v02.api.letsencrypt.org/directory 13 | email: root@{{ tanzu_ingress_domain }} 14 | privateKeySecretRef: 15 | name: letsencrypt-prod 16 | # Enable the HTTP-01 challenge provider 17 | solvers: 18 | - selector: {} 19 | http01: 20 | ingress: 21 | podTemplate: 22 | metadata: 23 | creationTimestamp: null 24 | labels: 25 | app.kubernetes.io/name: cluster-issuer 26 | spec: {} 27 | class: {{ tanzu_ingress.class }} 28 | -------------------------------------------------------------------------------- /roles/components/core/security/templates/cluster-issuers-self.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: cert-manager.io/v1alpha2 5 | kind: ClusterIssuer 6 | metadata: 7 | name: self 8 | spec: 9 | selfSigned: {} -------------------------------------------------------------------------------- /roles/components/core/security/templates/cluster-issuers-wildcard.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: wildcard-tls 8 | namespace: "{{ tanzu_security.namespace }}" 9 | type: kubernetes.io/tls 10 | data: 11 | {% if tanzu_security.wildcard.tls_root_ca_cert != "" %} 12 | ca.crt: "{{ tanzu_security.wildcard.tls_root_ca_cert }}" 13 | {% endif %} 14 | tls.crt: "{{ tanzu_security.wildcard.tls_cert }}" 15 | tls.key: "{{ tanzu_security.wildcard.tls_key }}" 16 | -------------------------------------------------------------------------------- /roles/components/core/security/templates/root-ca-certs-extra.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: extra-root-ca-certs 8 | namespace: "{{ tanzu_security.namespace }}" 9 | data: 10 | wildcard-ca.crt: "{{ tanzu_security.wildcard.tls_root_ca_cert | default('') }}" 11 | le-stage-ca.crt: "{{ tanzu_security.letsencrypt_stage.tls_root_ca_cert | default('') }}" 12 | -------------------------------------------------------------------------------- /roles/components/core/security/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_security.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_security.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "50m" 12 | tanzuLimitRangeDefaultMemoryLimit: "64Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "50m" 14 | tanzuLimitRangeDefaultMemoryRequest: "64Mi" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "2" 18 | tanzuResourceQuotaMemoryRequests: "4Gi" 19 | tanzuResourceQuotaCpuLimits: "2" 20 | tanzuResourceQuotaMemoryLimits: "4Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/service-mesh/istio/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: [] 5 | -------------------------------------------------------------------------------- /roles/components/core/service-mesh/istio/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/core/service-mesh/istio/demo/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "print unimplemented message" 5 | debug: 6 | msg: "unimplemented" 7 | verbosity: 0 8 | -------------------------------------------------------------------------------- /roles/components/core/service-mesh/istio/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/components/core/service-mesh/istio/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_mesh.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_mesh.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "125m" 12 | tanzuLimitRangeDefaultMemoryLimit: "100Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "125m" 14 | tanzuLimitRangeDefaultMemoryRequest: "100Mi" 15 | tanzuLimitRangeMaxCpuLimit: "2" 16 | tanzuLimitRangeMaxMemoryLimit: "2Gi" 17 | tanzuResourceQuotaCpuRequests: "4" 18 | tanzuResourceQuotaMemoryRequests: "4Gi" 19 | tanzuResourceQuotaCpuLimits: "5" 20 | tanzuResourceQuotaMemoryLimits: "4Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/storage/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: [] 5 | -------------------------------------------------------------------------------- /roles/components/core/storage/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/core/storage/demo/templates/demo-app-aws.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: PersistentVolumeClaim 6 | metadata: 7 | name: demo-aws-pvc 8 | namespace: "{{ tanzu_storage.namespace }}" 9 | spec: 10 | accessModes: 11 | - ReadWriteOnce 12 | resources: 13 | requests: 14 | storage: 1Gi 15 | --- 16 | kind: Pod 17 | apiVersion: v1 18 | metadata: 19 | name: demo-storage-app-aws 20 | namespace: "{{ tanzu_storage.namespace }}" 21 | labels: 22 | app.kubernetes.io/name: demo-storage-app-aws 23 | spec: 24 | containers: 25 | - name: my-demo 26 | image: busybox 27 | volumeMounts: 28 | - mountPath: "/data" 29 | name: my-csi-volume-inline 30 | command: ["sleep", "3600"] 31 | volumes: 32 | - name: my-csi-volume-inline 33 | persistentVolumeClaim: 34 | claimName: demo-aws-pvc 35 | -------------------------------------------------------------------------------- /roles/components/core/storage/demo/templates/demo-app-azure.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: PersistentVolumeClaim 6 | metadata: 7 | name: demo-azure-pvc 8 | namespace: "{{ tanzu_storage.namespace }}" 9 | spec: 10 | accessModes: 11 | - ReadWriteOnce 12 | resources: 13 | requests: 14 | storage: 1Gi 15 | --- 16 | kind: Pod 17 | apiVersion: v1 18 | metadata: 19 | name: demo-storage-app-azure 20 | namespace: "{{ tanzu_storage.namespace }}" 21 | labels: 22 | app.kubernetes.io/name: demo-storage-app-azure 23 | spec: 24 | containers: 25 | - name: my-demo 26 | image: busybox 27 | volumeMounts: 28 | - mountPath: "/data" 29 | name: my-csi-volume-inline 30 | command: ["sleep", "3600"] 31 | volumes: 32 | - name: my-csi-volume-inline 33 | persistentVolumeClaim: 34 | claimName: demo-azure-pvc 35 | -------------------------------------------------------------------------------- /roles/components/core/storage/demo/templates/demo-app-ephemeral.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: PersistentVolumeClaim 6 | metadata: 7 | name: {{ tanzu_storage.ephemeral.name }} 8 | namespace: "{{ tanzu_storage.namespace }}" 9 | spec: 10 | accessModes: 11 | - ReadWriteOnce 12 | resources: 13 | requests: 14 | storage: 5Gi 15 | storageClassName: {{ tanzu_storage.ephemeral.name }} 16 | --- 17 | kind: Pod 18 | apiVersion: v1 19 | metadata: 20 | name: demo-storage-app-ephemeral 21 | namespace: "{{ tanzu_storage.namespace }}" 22 | labels: 23 | app.kubernetes.io/name: demo-storage-app-ephemeral 24 | spec: 25 | containers: 26 | - name: my-demo 27 | image: busybox 28 | volumeMounts: 29 | - mountPath: "/data" 30 | name: my-csi-volume 31 | command: ["sleep", "3600"] 32 | volumes: 33 | - name: my-csi-volume 34 | persistentVolumeClaim: 35 | claimName: {{ tanzu_storage.ephemeral.name }} 36 | -------------------------------------------------------------------------------- /roles/components/core/storage/demo/templates/demo-app-vmware.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: PersistentVolumeClaim 6 | metadata: 7 | name: demo-vmware-pvc 8 | namespace: "{{ tanzu_storage.namespace }}" 9 | spec: 10 | accessModes: 11 | - ReadWriteOnce 12 | resources: 13 | requests: 14 | storage: 1Gi 15 | --- 16 | kind: Pod 17 | apiVersion: v1 18 | metadata: 19 | name: demo-storage-app-vmware 20 | namespace: "{{ tanzu_storage.namespace }}" 21 | labels: 22 | app.kubernetes.io/name: demo-storage-app-vmware 23 | spec: 24 | containers: 25 | - name: my-demo 26 | image: busybox 27 | volumeMounts: 28 | - mountPath: "/data" 29 | name: my-csi-volume 30 | command: ["sleep", "3600"] 31 | volumes: 32 | - name: my-csi-volume 33 | persistentVolumeClaim: 34 | claimName: demo-vmware-pvc 35 | -------------------------------------------------------------------------------- /roles/components/core/storage/tasks/aws.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # 5 | # STORAGE CLASS 6 | # 7 | - name: "ensure aws storage classes exist" 8 | import_role: 9 | name: "common/manifest-file" 10 | vars: 11 | manifest_description: "aws storage classes" 12 | manifest_template: "storage-class-aws.yaml.j2" 13 | manifest_file: "storage-class-aws.yaml" 14 | manifest_staging_dir: "{{ tanzu_storage.staging_dir }}" 15 | -------------------------------------------------------------------------------- /roles/components/core/storage/tasks/azure.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # 5 | # STORAGE CLASS 6 | # 7 | - name: "ensure azure storage classes exist" 8 | import_role: 9 | name: "common/manifest-file" 10 | vars: 11 | manifest_description: "azure storage classes" 12 | manifest_template: "storage-class-azure.yaml.j2" 13 | manifest_file: "storage-class-azure.yaml" 14 | manifest_staging_dir: "{{ tanzu_storage.staging_dir }}" 15 | -------------------------------------------------------------------------------- /roles/components/core/storage/tasks/kind.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "kind storage classes" 5 | debug: 6 | msg: "kind storage classes do not need to be modified from defaults" 7 | verbosity: 2 8 | -------------------------------------------------------------------------------- /roles/components/core/storage/templates/storage-class-ephemeral.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: storage.k8s.io/v1 5 | kind: StorageClass 6 | metadata: 7 | name: {{ tanzu_storage.ephemeral.name }} 8 | provisioner: {{ tanzu_storage.ephemeral.provisioner }} 9 | reclaimPolicy: Delete 10 | allowVolumeExpansion: true 11 | volumeBindingMode: Immediate 12 | -------------------------------------------------------------------------------- /roles/components/core/storage/templates/storage-class-kind.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | {% for storage_class in tanzu_storage_classes_kind %} 4 | --- 5 | kind: StorageClass 6 | apiVersion: storage.k8s.io/v1 7 | metadata: 8 | name: "{{ storage_class.name }}" 9 | annotations: 10 | storageclass.kubernetes.io/is-default-class: "{{ storage_class.default_storage_class | default(tanzu_storage_class_defaults.default_storage_class) | string | lower }}" 11 | allowVolumeExpansion: {{ storage_class.expandable | default(tanzu_storage_class_defaults.expandable) }} 12 | provisioner: "{{ storage_class.provisioner | default(kind_storage_class_provisioner) }}" 13 | reclaimPolicy: "{{ storage_class.reclaim_policy | default(tanzu_storage_class_defaults.reclaim_policy) }}" 14 | mountOptions: {{ storage_class.mount_options | default(tanzu_storage_class_defaults.mount_options) }} 15 | {% endfor %} 16 | -------------------------------------------------------------------------------- /roles/components/core/storage/templates/storage-class-vmware-v7wk8s.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | {% for storage_class in _vmware_storage_classes %} 4 | --- 5 | kind: StorageClass 6 | apiVersion: storage.k8s.io/v1 7 | metadata: 8 | name: "{{ storage_class.name }}" 9 | {% if not (_cluster_has_default_class | default(false)) %} 10 | annotations: 11 | storageclass.kubernetes.io/is-default-class: "{{ storage_class.default | default(tanzu_storage.storage_class_defaults.default) | string | lower }}" 12 | {% endif %} 13 | allowVolumeExpansion: {{ storage_class.expandable | default(tanzu_storage.storage_class_defaults.expandable) }} 14 | provisioner: "{{ tanzu_storage.vmware.provisioner }}" 15 | reclaimPolicy: "{{ storage_class.reclaim_policy | default(tanzu_storage.storage_class_defaults.reclaim_policy) }}" 16 | parameters: 17 | svStorageClass: "{{ storage_class.name }}" 18 | mountOptions: {{ storage_class.mount_options | default(tanzu_storage.storage_class_defaults.mount_options) }} 19 | {% endfor %} 20 | -------------------------------------------------------------------------------- /roles/components/core/storage/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_storage.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_storage.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "50m" 12 | tanzuLimitRangeDefaultMemoryLimit: "64Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "50m" 14 | tanzuLimitRangeDefaultMemoryRequest: "64Mi" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "2" 18 | tanzuResourceQuotaMemoryRequests: "4Gi" 19 | tanzuResourceQuotaCpuLimits: "2" 20 | tanzuResourceQuotaMemoryLimits: "4Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/workload-tenancy/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: [] 5 | -------------------------------------------------------------------------------- /roles/components/core/workload-tenancy/common/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | tanzu_workload_tenancy: 5 | # common vars 6 | namespace: "tanzu-workload-tenancy" 7 | demo_namespace: "tanzu-demo" 8 | staging_dir: "{{ rpk_staging_dir }}/tanzu-workload-tenancy" 9 | 10 | # namespace operator vars 11 | namespace_operator: 12 | # rbac 13 | service_account: "namespace-operator" 14 | clusterrole: "namespace-operator-clusterrole" 15 | clusterrolebinding: "namespace-operator-clusterrolebinding" 16 | 17 | # app 18 | image: "projects.registry.vmware.com/rpk/namespace-operator" 19 | image_tag: "v1.2.10" 20 | replicas: 2 21 | app_name: "namespace-operator" 22 | resources: 23 | requests: 24 | memory: "16Mi" 25 | cpu: "10m" 26 | limits: 27 | memory: "64Mi" 28 | cpu: "40m" 29 | -------------------------------------------------------------------------------- /roles/components/core/workload-tenancy/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/core/workload-tenancy/demo/templates/defaults-from-limit-range.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: Pod 6 | metadata: 7 | labels: 8 | run: demo-default-resources 9 | app.kubernetes.io/name: demo-default-resources 10 | name: demo-default-resources 11 | namespace: {{ tanzu_workload_tenancy.demo_namespace }} 12 | spec: 13 | containers: 14 | - image: projects.registry.vmware.com/rpk/nginx:1.19.5-debian-10-r8 15 | name: demo-default-resources 16 | resources: {} 17 | securityContext: 18 | runAsUser: 101 19 | dnsPolicy: ClusterFirst 20 | restartPolicy: Always 21 | -------------------------------------------------------------------------------- /roles/components/core/workload-tenancy/demo/templates/exceed-limit-range-cpu.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: Pod 6 | metadata: 7 | labels: 8 | run: demo-exceed-max-cpu 9 | app.kubernetes.io/name: demo-exceed-max-cpu 10 | name: demo-exceed-max-cpu 11 | namespace: {{ tanzu_workload_tenancy.demo_namespace }} 12 | spec: 13 | containers: 14 | - image: projects.registry.vmware.com/rpk/nginx:1.19.5-debian-10-r8 15 | name: demo-exceed-max-cpu 16 | resources: 17 | requests: 18 | cpu: 4 19 | limits: 20 | cpu: 4 21 | securityContext: 22 | runAsUser: 101 23 | dnsPolicy: ClusterFirst 24 | restartPolicy: Always 25 | -------------------------------------------------------------------------------- /roles/components/core/workload-tenancy/demo/templates/exceed-limit-range-mem.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: Pod 6 | metadata: 7 | labels: 8 | run: demo-exceed-max-mem 9 | app.kubernetes.io/name: demo-exceed-max-mem 10 | name: demo-exceed-max-mem 11 | namespace: {{ tanzu_workload_tenancy.demo_namespace }} 12 | spec: 13 | containers: 14 | - image: projects.registry.vmware.com/rpk/nginx:1.19.5-debian-10-r8 15 | name: demo-exceed-max-mem 16 | resources: 17 | requests: 18 | memory: 6Gi 19 | cpu: 500m 20 | limits: 21 | memory: 6Gi 22 | cpu: 500m 23 | securityContext: 24 | runAsUser: 101 25 | dnsPolicy: ClusterFirst 26 | restartPolicy: Always 27 | -------------------------------------------------------------------------------- /roles/components/core/workload-tenancy/demo/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | # see https://github.com/vmware-tanzu-labs/namespace-operator 4 | --- 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_workload_tenancy.demo_namespace }} 9 | spec: 10 | tanzuNamespaceName: {{ tanzu_workload_tenancy.demo_namespace }} 11 | tanzuLimitRangeDefaultCpuLimit: "50m" 12 | tanzuLimitRangeDefaultMemoryLimit: "64Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "50m" 14 | tanzuLimitRangeDefaultMemoryRequest: "64Mi" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "2" 18 | tanzuResourceQuotaMemoryRequests: "4Gi" 19 | tanzuResourceQuotaCpuLimits: "2" 20 | tanzuResourceQuotaMemoryLimits: "4Gi" 21 | -------------------------------------------------------------------------------- /roles/components/core/workload-tenancy/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | -------------------------------------------------------------------------------- /roles/components/core/workload-tenancy/templates/default-resource-constraints.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: LimitRange 6 | metadata: 7 | name: tanzu-default-limit-range 8 | spec: 9 | limits: 10 | - default: 11 | cpu: "50m" 12 | memory: "64Mi" 13 | defaultRequest: 14 | cpu: "50m" 15 | memory: "64Mi" 16 | max: 17 | cpu: "1" 18 | memory: "1Gi" 19 | type: Container 20 | --- 21 | apiVersion: v1 22 | kind: ResourceQuota 23 | metadata: 24 | name: tanzu-default-resource-quota 25 | spec: 26 | hard: 27 | requests.cpu: "4" 28 | requests.memory: 4Gi 29 | limits.cpu: "4" 30 | limits.memory: 4Gi 31 | -------------------------------------------------------------------------------- /roles/components/core/workload-tenancy/templates/namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: Namespace 6 | metadata: 7 | name: {{ tanzu_workload_tenancy.namespace }} 8 | labels: 9 | name: {{ tanzu_workload_tenancy.namespace }} 10 | -------------------------------------------------------------------------------- /roles/components/core/workload-tenancy/validate/Dockerfile: -------------------------------------------------------------------------------- 1 | # must match spec.volumeMounts[0].mountPath in sonobuoy config 2 | ARG resultsDir="/tmp/results" 3 | 4 | # build 5 | FROM golang:1.15 AS builder 6 | WORKDIR /test 7 | COPY . /test/ 8 | RUN CGO_ENABLED=0 go build -o /bin/run ./main.go 9 | 10 | # runtime 11 | FROM alpine:3.12 12 | WORKDIR /test 13 | 14 | RUN addgroup -S nonroot && adduser -S nonroot -G nonroot 15 | 16 | COPY --from=builder --chown=nonroot:nonroot /bin/run /test/run 17 | 18 | USER nonroot:nonroot 19 | CMD ["/test/run"] 20 | 21 | -------------------------------------------------------------------------------- /roles/components/core/workload-tenancy/validate/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/vmware-tanzu-labs/reference-platform-for-kubernetes/roles/components/core/workload-tenancy/validate 2 | 3 | go 1.15 4 | 5 | require ( 6 | golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect 7 | gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 8 | k8s.io/apimachinery v0.19.2 9 | k8s.io/client-go v0.19.2 10 | k8s.io/klog v1.0.0 // indirect 11 | k8s.io/utils v0.0.0-20201015054608-420da100c033 // indirect 12 | ) 13 | -------------------------------------------------------------------------------- /roles/components/core/workload-tenancy/validate/sonobuoy-plugin.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | sonobuoy-config: 5 | driver: Job 6 | plugin-name: rpk-workload-tenancy 7 | result-format: manual 8 | spec: 9 | image: cloudnativereadiness/rpk-workload-tenancy-validate:0.1.3 10 | name: plugin 11 | resources: {} 12 | # mountPath must match resultsDir build arg for docker image 13 | volumeMounts: 14 | - mountPath: /tmp/results 15 | name: results 16 | 17 | -------------------------------------------------------------------------------- /roles/components/extensions/avi/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: [] 5 | -------------------------------------------------------------------------------- /roles/components/extensions/avi/clean/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "ensure the namespaces are removed" 5 | include_role: 6 | name: "common/namespace/clean" 7 | vars: 8 | namespace: "{{ avi.namespace }}" 9 | 10 | - name: "ensure the cluster-wide rbac resources are removed" 11 | k8s: 12 | state: "absent" 13 | context: "{{ tanzu_kubectl_context }}" 14 | kind: "{{ item.kind }}" 15 | name: "{{ item.name }}" 16 | with_items: 17 | - name: "ako-cr" 18 | kind: "ClusterRole" 19 | - name: "ako-crb" 20 | kind: "ClusterRoleBinding" 21 | 22 | - name: "ensure the custom resource definitions are removed" 23 | k8s: 24 | state: "absent" 25 | context: "{{ tanzu_kubectl_context }}" 26 | kind: "CustomResourceDefinition" 27 | name: "{{ item }}" 28 | api_version: "apiextensions.k8s.io/v1" 29 | with_items: 30 | - "hostrules.ako.vmware.com" 31 | - "httprules.ako.vmware.com" 32 | -------------------------------------------------------------------------------- /roles/components/extensions/avi/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/extensions/avi/demo/templates/app-nginx.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: apps/v1 5 | kind: Deployment 6 | metadata: 7 | name: my-deployment 8 | namespace: avi-system 9 | spec: 10 | selector: 11 | matchLabels: 12 | app: products 13 | department: sales 14 | replicas: 1 15 | template: 16 | metadata: 17 | labels: 18 | app: products 19 | department: sales 20 | spec: 21 | containers: 22 | - name: nginx 23 | image: nginx 24 | --- 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: my-lb-service 29 | namespace: avi-system 30 | spec: 31 | type: LoadBalancer 32 | selector: 33 | app: products 34 | department: sales 35 | ports: 36 | - protocol: TCP 37 | port: 80 38 | targetPort: 80 39 | -------------------------------------------------------------------------------- /roles/components/extensions/avi/infra/meta/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: 5 | # vars 6 | - role: "extensions/avi/common" 7 | -------------------------------------------------------------------------------- /roles/components/extensions/avi/infra/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # 5 | # INSTALL CONTROLLER: VMWARE ONLY 6 | # 7 | - when: tanzu_provider == 'vmware' 8 | block: 9 | - name: "install control plane" 10 | import_tasks: "install-controllers.yaml" 11 | 12 | # 13 | # CREATE WORKLOAD: VMWARE ONLY 14 | # 15 | - when: tanzu_provider == 'vmware' 16 | block: 17 | - name: "create avi workload domain" 18 | import_tasks: "create-workload.yaml" 19 | -------------------------------------------------------------------------------- /roles/components/extensions/avi/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/components/extensions/avi/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # 5 | # NAMESPACES 6 | # 7 | - name: "ensure manifest staging directory exists" 8 | import_role: 9 | name: "common/staging-directory" 10 | vars: 11 | staging_dir: "{{ avi.staging_dir }}" 12 | 13 | - name: "create namespace" 14 | import_role: 15 | name: "common/namespace" 16 | vars: 17 | namespace: "{{ avi.namespace }}" 18 | namespace_template_file: "tanzu-namespace.yaml.j2" 19 | namespace_file: "{{ avi.staging_dir }}/tanzu-namespace.yaml" 20 | 21 | # 22 | # INSTALL AKO 23 | # 24 | - name: "install avi kubernetes operator" 25 | import_tasks: "install-ako.yaml" 26 | -------------------------------------------------------------------------------- /roles/components/extensions/avi/templates/secret-license.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | kind: Secret 5 | apiVersion: v1 6 | metadata: 7 | name: avi-controller-license 8 | namespace: {{ avi.namespace }} 9 | labels: 10 | app.kubernetes.io/name: avi 11 | data: 12 | {{ avi.controller.license_file }}: | 13 | {{ avi.controller.license_data | b64encode }} 14 | -------------------------------------------------------------------------------- /roles/components/extensions/avi/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ avi.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ avi.namespace }}" 11 | -------------------------------------------------------------------------------- /roles/components/extensions/octant/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: 5 | - component: "security" 6 | priority: 200 7 | - component: "ingress" 8 | priority: 400 9 | -------------------------------------------------------------------------------- /roles/components/extensions/octant/clean/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "ensure the tanzu-dashboard namespace is removed" 5 | include_role: 6 | name: "common/namespace/clean" 7 | vars: 8 | namespace: "{{ tanzu_dashboard.namespace }}" 9 | 10 | - name: "ensure the cluster-wide rbac resources are removed" 11 | k8s: 12 | state: "absent" 13 | context: "{{ tanzu_kubectl_context }}" 14 | kind: "{{ item.kind }}" 15 | name: "{{ item.name }}" 16 | with_items: 17 | - name: "{{ tanzu_dashboard.clusterrole }}" 18 | kind: "ClusterRole" 19 | - name: "{{ tanzu_dashboard.clusterrolebinding }}" 20 | kind: "ClusterRoleBinding" 21 | -------------------------------------------------------------------------------- /roles/components/extensions/octant/common/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | tanzu_dashboard: 5 | # common vars 6 | namespace: "tanzu-dashboard" 7 | staging_dir: "{{ rpk_staging_dir }}/tanzu-dashboard" 8 | 9 | # rbac vars 10 | service_account: "octant" 11 | clusterrole: "octant" 12 | clusterrolebinding: "octant" 13 | resources: 14 | requests: 15 | cpu: "150m" 16 | memory: "64Mi" 17 | limits: 18 | cpu: "500m" 19 | memory: "128Mi" 20 | 21 | # app vars 22 | image: "projects.registry.vmware.com/rpk/octant" 23 | image_tag: "latest" # TODO: once this image supports versions, switch to version 24 | 25 | # expose vars 26 | dns: "dashboard.{{ tanzu_ingress_domain }}" 27 | 28 | # use namespace operator or not 29 | workload_tenancy: 30 | enabled: false 31 | -------------------------------------------------------------------------------- /roles/components/extensions/octant/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/extensions/octant/demo/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "wait for dns" 5 | import_role: 6 | name: "common/wait-for-dns" 7 | vars: 8 | hostname: "{{ tanzu_dashboard.dns }}" 9 | 10 | - name: "ensure the dashboard is available" 11 | uri: 12 | url: "http://{{ tanzu_dashboard.dns }}" 13 | 14 | - name: "print the dashboard access information" 15 | debug: 16 | msg: "You can access the Octant Dashboard at URL http://{{ tanzu_dashboard.dns }}" 17 | verbosity: 0 18 | -------------------------------------------------------------------------------- /roles/components/extensions/octant/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/components/extensions/octant/templates/rbac-octant.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: ServiceAccount 6 | metadata: 7 | name: "{{ tanzu_dashboard.service_account }}" 8 | namespace: "{{ tanzu_dashboard.namespace }}" 9 | --- 10 | apiVersion: rbac.authorization.k8s.io/v1 11 | kind: ClusterRole 12 | metadata: 13 | annotations: 14 | rbac.authorization.kubernetes.io/autoupdate: "true" 15 | name: "{{ tanzu_dashboard.clusterrole }}" 16 | rules: 17 | - apiGroups: 18 | - "*" 19 | resources: 20 | - "*" 21 | verbs: 22 | - get 23 | - list 24 | - watch 25 | --- 26 | kind: ClusterRoleBinding 27 | apiVersion: rbac.authorization.k8s.io/v1 28 | metadata: 29 | name: "{{ tanzu_dashboard.clusterrolebinding }}" 30 | subjects: 31 | - kind: ServiceAccount 32 | name: "{{ tanzu_dashboard.service_account }}" 33 | namespace: "{{ tanzu_dashboard.namespace }}" 34 | roleRef: 35 | kind: ClusterRole 36 | name: "{{ tanzu_dashboard.clusterrole }}" 37 | apiGroup: rbac.authorization.k8s.io 38 | -------------------------------------------------------------------------------- /roles/components/extensions/octant/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_dashboard.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_dashboard.namespace }}" 11 | -------------------------------------------------------------------------------- /roles/components/extensions/spring-cloud-data-flow/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: 5 | - component: "storage" 6 | priority: 100 7 | - component: "security" 8 | priority: 200 9 | - component: "ingress" 10 | priority: 400 11 | - component: "container-registry" 12 | priority: 500 13 | -------------------------------------------------------------------------------- /roles/components/extensions/spring-cloud-data-flow/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/extensions/spring-cloud-data-flow/demo/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "wait for dns" 5 | import_role: 6 | name: "common/wait-for-dns" 7 | vars: 8 | hostname: "{{ tanzu_spring_cloud_data_flow.dns }}" 9 | 10 | - name: "ensure the dashboard is available" 11 | uri: 12 | url: "http://{{ tanzu_spring_cloud_data_flow.dns }}/dashboard/#/apps" 13 | 14 | - name: "initiate stream deployment" 15 | include_tasks: "deploy-stream-task.yaml" 16 | 17 | - name: "print the dashboard access information" 18 | debug: 19 | msg: "You can access the Spring Cloud Data Flow Dashboard at URL http://{{ tanzu_spring_cloud_data_flow.dns }}/dashboard/#/streams/runtime" 20 | verbosity: 0 21 | -------------------------------------------------------------------------------- /roles/components/extensions/spring-cloud-data-flow/images/dashboard-about.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/roles/components/extensions/spring-cloud-data-flow/images/dashboard-about.jpeg -------------------------------------------------------------------------------- /roles/components/extensions/spring-cloud-data-flow/images/dashboard-apps.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-tanzu-labs/reference-platform-for-kubernetes/d9b0128c628b10d44deac443864e9a352cd88873/roles/components/extensions/spring-cloud-data-flow/images/dashboard-apps.jpeg -------------------------------------------------------------------------------- /roles/components/extensions/spring-cloud-data-flow/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/components/extensions/spring-cloud-data-flow/templates/secret-spring-cloud-data-flow.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: scdf-image-regcred 8 | namespace: {{ tanzu_spring_cloud_data_flow.namespace }} 9 | labels: 10 | rpk.heritage: "true" 11 | rpk.module: "{{ tanzu_spring_cloud_data_flow.module }}" 12 | rpk.resource: "spring-cloud-data-flow-secret" 13 | type: kubernetes.io/dockerconfigjson 14 | data: 15 | .dockerconfigjson: {{('{"auths":{"'+tanzu_container_registry.core.dns+'":{"auth":"'+( tanzu_container_registry.admin_username + ':' + tanzu_container_registry.admin_password ) | b64encode +'"}}}') | b64encode}} 16 | -------------------------------------------------------------------------------- /roles/components/extensions/spring-cloud-data-flow/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_spring_cloud_data_flow.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_spring_cloud_data_flow.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "2000m" 12 | tanzuLimitRangeDefaultMemoryLimit: "4Gi" 13 | tanzuLimitRangeDefaultCpuRequest: "100m" 14 | tanzuLimitRangeDefaultMemoryRequest: "256Mi" 15 | tanzuLimitRangeMaxCpuLimit: "3000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "12" 18 | tanzuResourceQuotaMemoryRequests: "24Gi" 19 | tanzuResourceQuotaCpuLimits: "12" 20 | tanzuResourceQuotaMemoryLimits: "24Gi" 21 | -------------------------------------------------------------------------------- /roles/components/extensions/spring-cloud-gateway/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: 5 | - component: "security" 6 | priority: 200 7 | - component: "ingress" 8 | priority: 400 9 | - component: "container-registry" 10 | priority: 500 11 | -------------------------------------------------------------------------------- /roles/components/extensions/spring-cloud-gateway/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/extensions/spring-cloud-gateway/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/components/extensions/spring-cloud-gateway/templates/spring-cloud-gateway-sa.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: ServiceAccount 6 | metadata: 7 | name: spring-cloud-gateway 8 | namespace: {{ tanzu_spring_cloud_gateway.namespace }} 9 | labels: 10 | app.kubernetes.io/name: spring-cloud-gateway 11 | app.kubernetes.io/instance: spring-cloud-gateway 12 | app.kubernetes.io/version: "v1.0.0" 13 | app.kubernetes.io/part-of: spring-cloud-gateway 14 | -------------------------------------------------------------------------------- /roles/components/extensions/spring-cloud-gateway/templates/spring-cloud-gateway-secret.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: spring-cloud-gateway-image-pull-secret 8 | namespace: {{ tanzu_spring_cloud_gateway.namespace }} 9 | labels: 10 | app.kubernetes.io/name: spring-cloud-gateway 11 | app.kubernetes.io/instance: spring-cloud-gateway 12 | app.kubernetes.io/version: "v1.0.0" 13 | app.kubernetes.io/part-of: spring-cloud-gateway 14 | type: kubernetes.io/dockerconfigjson 15 | data: 16 | .dockerconfigjson: {{('{"auths":{"'+tanzu_container_registry.core.dns+'":{"auth":"'+( tanzu_container_registry.admin_username + ':' + tanzu_container_registry.admin_password ) | b64encode +'"}}}') | b64encode}} 17 | -------------------------------------------------------------------------------- /roles/components/extensions/spring-cloud-gateway/templates/spring-cloud-gateway-service.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: Service 6 | metadata: 7 | name: scg-operator 8 | namespace: {{ tanzu_spring_cloud_gateway.namespace }} 9 | labels: 10 | app.kubernetes.io/name: spring-cloud-gateway 11 | app.kubernetes.io/instance: spring-cloud-gateway 12 | app.kubernetes.io/version: "v1.0.0" 13 | app.kubernetes.io/part-of: spring-cloud-gateway 14 | spec: 15 | type: ClusterIP 16 | selector: 17 | app: scg-operator 18 | ports: 19 | - port: 80 20 | targetPort: 8080 21 | name: http 22 | -------------------------------------------------------------------------------- /roles/components/extensions/spring-cloud-gateway/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_spring_cloud_gateway.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_spring_cloud_gateway.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "2000m" 12 | tanzuLimitRangeDefaultMemoryLimit: "4Gi" 13 | tanzuLimitRangeDefaultCpuRequest: "100m" 14 | tanzuLimitRangeDefaultMemoryRequest: "256Mi" 15 | tanzuLimitRangeMaxCpuLimit: "3000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "12" 18 | tanzuResourceQuotaMemoryRequests: "24Gi" 19 | tanzuResourceQuotaCpuLimits: "12" 20 | tanzuResourceQuotaMemoryLimits: "24Gi" 21 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-application-catalog/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: 5 | - component: "storage" 6 | priority: 100 7 | - component: "security" 8 | priority: 200 9 | - component: "ingress" 10 | priority: 400 11 | - component: "container-registry" 12 | priority: 500 13 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-application-catalog/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-application-catalog/demo/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "display the application catalog registry info" 5 | debug: 6 | msg: | 7 | You can view the TAC images at: https://{{ tanzu_application_catalog.registry_endpoint }} 8 | Admin Username: {{ tanzu_container_registry.admin_username }} 9 | Admin Password: {{ tanzu_container_registry.admin_password }} 10 | verbosity: 0 11 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-application-catalog/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-application-catalog/tasks/find-registry.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "check if the registry exists" 5 | uri: 6 | url: "https://{{ tanzu_application_catalog.registry_endpoint }}/api/v2.0/registries?name={{ registry_name }}" 7 | url_username: "{{ tanzu_container_registry.admin_username }}" 8 | url_password: "{{ tanzu_container_registry.admin_password }}" 9 | method: "GET" 10 | follow_redirects: true 11 | force_basic_auth: true 12 | validate_certs: false 13 | register: _get_registry_response 14 | 15 | - name: "get registry id if it exists" 16 | set_fact: 17 | _harbor_registry_id: "{{ _get_registry_response.json[0].id }}" 18 | when: _get_registry_response.json 19 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-application-catalog/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_application_catalog.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_application_catalog.namespace }}" 11 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-build-service/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: 5 | - component: "storage" 6 | priority: 100 7 | - component: "security" 8 | priority: 200 9 | - component: "ingress" 10 | priority: 400 11 | - component: "container-registry" 12 | priority: 500 13 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-build-service/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-build-service/demo/templates/image.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | apiVersion: kpack.io/v1alpha1 4 | kind: Image 5 | metadata: 6 | name: sample-app-nodejs 7 | namespace: {{ tanzu_build_service.namespace_kpack }} 8 | spec: 9 | builder: 10 | kind: ClusterBuilder 11 | name: {{ tanzu_build_service.demo.builder.name }} 12 | cacheSize: 2G 13 | failedBuildHistoryLimit: 10 14 | imageTaggingStrategy: BuildNumber 15 | serviceAccountName: canonical-registry-serviceaccount 16 | source: 17 | git: 18 | revision: master 19 | url: https://github.com/robinfoe/sample-app-nodejs 20 | successBuildHistoryLimit: 10 21 | tag: {{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/sample-app-nodejs' }} 22 | 23 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-build-service/demo/templates/ivy-registry-secret.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: rpk-registry-secret 7 | namespace: {{ tanzu_build_service.namespace_kpack }} 8 | labels: 9 | rpk.heritage: "true" 10 | rpk.module : "{{ tanzu_build_service.module }}" 11 | rpk.resource: "build-service-secret" 12 | type: kubernetes.io/dockerconfigjson 13 | data: 14 | .dockerconfigjson: {{('{"auths":{"'+tanzu_container_registry.core.dns+'":{"auth":"'+( tanzu_container_registry.admin_username + ':' + tanzu_container_registry.admin_password ) | b64encode +'"}}}') | b64encode}} 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-build-service/pre-flight/tasks/pre-check-eula.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - debug: 5 | msg: "checking eula for {{ item.name }}" 6 | 7 | - name: "retrieve releases for {{ item.name }}" 8 | uri: 9 | url: "{{ item._links.releases.href }}" 10 | method: "GET" 11 | status_code: [200] 12 | validate_certs: false 13 | register: _releases 14 | 15 | - name: "retrieve product info for {{ item.name }}" 16 | uri: 17 | url: "{{ _releases.json.releases[0]._links.product_files.href }}" 18 | method: "GET" 19 | status_code: [200] 20 | validate_certs: false 21 | register: _product_files 22 | 23 | - name: "initialize retry_count" 24 | set_fact: 25 | _retry_count: 0 26 | 27 | - name: "check eula acceptance" 28 | include_tasks: "check-eula.yaml" 29 | vars: 30 | _product_name: "{{ item.name }}" 31 | _product_url: "{{ _product_files.json.product_files[0]._links.download.href }}" 32 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-build-service/templates/buildservice-secret.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: canonical-registry-secret 8 | namespace: {{ tanzu_build_service.namespace }} 9 | labels: 10 | rpk.heritage: "true" 11 | rpk.module : "{{ tanzu_build_service.module }}" 12 | rpk.resource: "build-service-secret" 13 | type: kubernetes.io/dockerconfigjson 14 | data: 15 | .dockerconfigjson: {{('{"auths":{"'+tanzu_container_registry.core.dns+'":{"auth":"'+( tanzu_container_registry.admin_username + ':' + tanzu_container_registry.admin_password ) | b64encode +'"}}}') | b64encode}} 16 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-build-service/templates/cluster-builder.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | apiVersion: kpack.io/v1alpha1 4 | kind: ClusterBuilder 5 | metadata: 6 | name: {{ tanzu_build_service.demo.builder.name }} 7 | spec: 8 | order: 9 | - group: 10 | - id: tanzu-buildpacks/nodejs 11 | serviceAccountRef: 12 | name: canonical-registry-serviceaccount 13 | namespace: {{ tanzu_build_service.namespace_kpack }} 14 | stack: 15 | kind: ClusterStack 16 | name: {{ tanzu_build_service.demo.stack.name }} 17 | store: 18 | kind: ClusterStore 19 | name: {{ tanzu_build_service.demo.store.name }} 20 | tag: {{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/rpk-cb-nodejs' }} 21 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-build-service/templates/cluster-stack.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | 4 | apiVersion: kpack.io/v1alpha1 5 | kind: ClusterStack 6 | metadata: 7 | name: {{ tanzu_build_service.demo.stack.name }} 8 | spec: 9 | id: "io.buildpacks.stacks.bionic" 10 | buildImage: 11 | image: "{{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/build-full:' + tanzu_build_service.registry.destination_tag }}" 12 | runImage: 13 | image: "{{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/run-full:' + tanzu_build_service.registry.destination_tag }}" 14 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-build-service/templates/cluster-store.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | apiVersion: kpack.io/v1alpha1 4 | kind: ClusterStore 5 | metadata: 6 | name: {{ tanzu_build_service.demo.store.name }} 7 | spec: 8 | sources: 9 | - image: "{{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name +'/nodejs:'+ tanzu_build_service.registry.destination_tag }}" 10 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-build-service/templates/stack-operator-secret.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: canonical-registry-secret 9 | namespace: {{ tanzu_build_service.namespace_stack_operator_system }} 10 | labels: 11 | rpk.heritage: "true" 12 | rpk.module : "{{ tanzu_build_service.module }}" 13 | rpk.resource: "build-service-secret" 14 | type: kubernetes.io/dockerconfigjson 15 | data: 16 | .dockerconfigjson: {{('{"auths":{"'+tanzu_container_registry.core.dns+'":{"auth":"'+( tanzu_container_registry.admin_username + ':' + tanzu_container_registry.admin_password ) | b64encode +'"}}}') | b64encode}} 17 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-build-service/templates/tanzu-namespace-kpack.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_build_service.namespace_kpack }} 9 | labels: 10 | com.vmware.tanzu.buildservice: "" 11 | spec: 12 | tanzuNamespaceName: "{{ tanzu_build_service.namespace_kpack }}" 13 | tanzuLimitRangeDefaultCpuLimit: "2000m" 14 | tanzuLimitRangeDefaultMemoryLimit: "4Gi" 15 | tanzuLimitRangeDefaultCpuRequest: "100m" 16 | tanzuLimitRangeDefaultMemoryRequest: "256Mi" 17 | tanzuLimitRangeMaxCpuLimit: "3000m" 18 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 19 | tanzuResourceQuotaCpuRequests: "6" 20 | tanzuResourceQuotaMemoryRequests: "10Gi" 21 | tanzuResourceQuotaCpuLimits: "8" 22 | tanzuResourceQuotaMemoryLimits: "16Gi" 23 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-build-service/templates/tanzu-namespace-stack-operator-system.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_build_service.namespace_stack_operator_system }} 9 | labels: 10 | com.vmware.tanzu.buildservice: "" 11 | spec: 12 | tanzuNamespaceName: "{{ tanzu_build_service.namespace_stack_operator_system }}" 13 | tanzuLimitRangeDefaultCpuLimit: "2000m" 14 | tanzuLimitRangeDefaultMemoryLimit: "4Gi" 15 | tanzuLimitRangeDefaultCpuRequest: "100m" 16 | tanzuLimitRangeDefaultMemoryRequest: "256Mi" 17 | tanzuLimitRangeMaxCpuLimit: "3000m" 18 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 19 | tanzuResourceQuotaCpuRequests: "6" 20 | tanzuResourceQuotaMemoryRequests: "10Gi" 21 | tanzuResourceQuotaCpuLimits: "8" 22 | tanzuResourceQuotaMemoryLimits: "16Gi" 23 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-build-service/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ namespace }} 9 | labels: 10 | com.vmware.tanzu.buildservice: "" 11 | spec: 12 | tanzuNamespaceName: "{{ namespace }}" 13 | tanzuLimitRangeDefaultCpuLimit: "2000m" 14 | tanzuLimitRangeDefaultMemoryLimit: "4Gi" 15 | tanzuLimitRangeDefaultCpuRequest: "100m" 16 | tanzuLimitRangeDefaultMemoryRequest: "256Mi" 17 | tanzuLimitRangeMaxCpuLimit: "3000m" 18 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 19 | tanzuResourceQuotaCpuRequests: "12" 20 | tanzuResourceQuotaMemoryRequests: "24Gi" 21 | tanzuResourceQuotaCpuLimits: "12" 22 | tanzuResourceQuotaMemoryLimits: "24Gi" 23 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-mission-control/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: [] 5 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-mission-control/common/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | tanzu_mission_control: 5 | namespace: "vmware-system-tmc" 6 | staging_dir: "{{ rpk_staging_dir }}/tanzu_mission_control" 7 | access_token_url: "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize" 8 | org_url: "https://{{ tanzu_mission_control_org_name }}.tmc.cloud.vmware.com" 9 | api_version: "v1alpha1" 10 | owner_label: "tanzu-rpk.{{ tanzu_cluster_name }}" 11 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-mission-control/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-mission-control/demo/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-mission-control/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-observability/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: [] 5 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-observability/common/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | tanzu_observability: 5 | # common vars 6 | namespace: "tanzu-observability" 7 | staging_dir: "{{ rpk_staging_dir }}/tanzu-observability" 8 | tmc_access_token_url: "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize" 9 | tmc_org_url: "https://{{ tanzu_mission_control_org_name }}.tmc.cloud.vmware.com" 10 | tmc_api_version: "v1alpha1" 11 | use_tmc: false 12 | 13 | # collector vars 14 | collector: 15 | image: "wavefronthq/wavefront-kubernetes-collector" 16 | image_tag: "1.2.3" 17 | 18 | # proxy vars 19 | proxy: 20 | image: "wavefronthq/proxy" 21 | image_tag: "9.2" 22 | replicas: 1 23 | 24 | # use namespace operator or not 25 | workload_tenancy: 26 | enabled: false 27 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-observability/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-observability/demo/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "print the dashboard access information" 5 | debug: 6 | msg: "You can access the Tanzu Observability Dashboard at URL https://{{ tanzu_observability_org_name }}.wavefront.com" 7 | verbosity: 0 8 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-observability/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-observability/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_observability.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_observability.namespace }}" 11 | tanzuResourceQuotaCpuRequests: "12" 12 | tanzuResourceQuotaMemoryRequests: "24Gi" 13 | tanzuResourceQuotaCpuLimits: "12" 14 | tanzuResourceQuotaMemoryLimits: "24Gi" 15 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-service-mesh/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: [] 5 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-service-mesh/common/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | tanzu_service_mesh: 5 | namespaces: 6 | tsm: "vmware-system-tsm" 7 | istio: "istio-system" 8 | staging_dir: "{{ rpk_staging_dir }}/tanzu-service-mesh" 9 | tmc_access_token_url: "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize" 10 | tmc_org_url: "https://{{ tanzu_mission_control_org_name }}.tmc.cloud.vmware.com" 11 | tmc_api_version: "v1alpha1" 12 | use_tmc: false 13 | connection_pause: "180" 14 | images: 15 | tsm_agent_operator: 16 | image: "284299419820.dkr.ecr.us-west-2.amazonaws.com/tsm-agent-operator" 17 | image_tag: "v1.2.7" 18 | operator_ecr: 19 | image: "docker.io/vmwareallspark/photon-kubectl" 20 | image_tag: "1.15.0" 21 | 22 | # use namespace operator or not 23 | workload_tenancy: 24 | enabled: false 25 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-service-mesh/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-service-mesh/demo/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "print the dashboard access information" 5 | debug: 6 | msg: "You can access the Tanzu Service Mesh Dashboard at URL https://console.cloud.vmware.com" 7 | verbosity: 0 8 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-service-mesh/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-service-mesh/templates/tanzu-namespace-istio.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_service_mesh.namespaces.istio }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_service_mesh.namespaces.istio }}" 11 | tanzuResourceQuotaCpuRequests: "25" 12 | tanzuResourceQuotaMemoryRequests: "30Gi" 13 | tanzuResourceQuotaCpuLimits: "25" 14 | tanzuResourceQuotaMemoryLimits: "30Gi" 15 | tanzuLimitRangeDefaultCpuLimit: "500m" 16 | tanzuLimitRangeDefaultCpuRequest: "125m" 17 | tanzuLimitRangeDefaultMemoryLimit: "2Gi" 18 | tanzuLimitRangeDefaultMemoryRequest: "512Mi" 19 | tanzuLimitRangeMaxCpuLimit: "8" 20 | tanzuLimitRangeMaxMemoryLimit: "4Gi" 21 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-service-mesh/templates/tanzu-namespace-tsm.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_service_mesh.namespaces.tsm }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_service_mesh.namespaces.tsm }}" 11 | tanzuResourceQuotaCpuRequests: "4" 12 | tanzuResourceQuotaMemoryRequests: "4Gi" 13 | tanzuResourceQuotaCpuLimits: "4" 14 | tanzuResourceQuotaMemoryLimits: "4Gi" 15 | tanzuLimitRangeDefaultCpuLimit: "250m" 16 | tanzuLimitRangeDefaultCpuRequest: "125m" 17 | tanzuLimitRangeDefaultMemoryLimit: "1024Mi" 18 | tanzuLimitRangeDefaultMemoryRequest: "512Mi" 19 | tanzuLimitRangeMaxCpuLimit: "2" 20 | tanzuLimitRangeMaxMemoryLimit: "4Gi" 21 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-service-mesh/templates/tanzu-service-mesh-cluster-token.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: cluster-token 8 | namespace: {{ tanzu_service_mesh.namespaces.tsm }} 9 | labels: 10 | app.kubernetes.io/name: tanzu-service-mesh 11 | data: 12 | token: {{ _tsm_cluster_token | b64encode }} 13 | type: Opaque 14 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-sql/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: 5 | - component: "storage" 6 | priority: 100 7 | - component: "security" 8 | priority: 200 9 | - component: "ingress" 10 | priority: 400 11 | - component: "container-registry" 12 | priority: 500 13 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-sql/common/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | tanzu_sql: 5 | # common vars 6 | namespace: "tanzu-sql" 7 | staging_dir: "{{ rpk_staging_dir }}/tanzu-sql" 8 | module: "tanzu-sql" 9 | demo: 10 | storage_class: "gp2-test" 11 | 12 | registry: 13 | project: 14 | project_name: "sql" 15 | metadata: 16 | auto_scan: "false" 17 | public: "true" 18 | source_url: "dev.registry.pivotal.io" # to be defined 19 | destination_tag: "rpk-1.0" 20 | sql_images: 21 | - name: "postgres-operator" 22 | tag: "v1.0.0-c1" 23 | - name: "postgres-instance" 24 | tag: "v1.0.0-c1" 25 | 26 | # use namespace operator or not 27 | workload_tenancy: 28 | enabled: false 29 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-sql/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-sql/demo/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "deploy small postgresql instance" 5 | import_role: 6 | name: "common/manifest-file-with-wait" 7 | vars: 8 | manifest_description: "rpk-postgres-small" 9 | manifest_template: "pg-small-instance.yaml.j2" 10 | manifest_file: "pg-small-instance.yaml" 11 | manifest_staging_dir: "{{ tanzu_sql.staging_dir }}" 12 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-sql/demo/templates/pg-small-instance.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: "postgres.pivotal.io/v1" 5 | kind: "PostgresInstance" 6 | metadata: 7 | name: rpk-postgres-small 8 | namespace: {{ tanzu_sql.namespace }} 9 | spec: 10 | memory: "800Mi" 11 | cpu: "1" 12 | storageClassName: {{ tanzu_sql.demo.storage_class }} 13 | storageSize: 1G 14 | pgConfig: 15 | dbname: rpk-postgres-demo 16 | username: rpk -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-sql/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-sql/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_sql.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_sql.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "2000m" 12 | tanzuLimitRangeDefaultMemoryLimit: "4Gi" 13 | tanzuLimitRangeDefaultCpuRequest: "100m" 14 | tanzuLimitRangeDefaultMemoryRequest: "256Mi" 15 | tanzuLimitRangeMaxCpuLimit: "3000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "6" 18 | tanzuResourceQuotaMemoryRequests: "10Gi" 19 | tanzuResourceQuotaCpuLimits: "8" 20 | tanzuResourceQuotaMemoryLimits: "16Gi" 21 | -------------------------------------------------------------------------------- /roles/components/extensions/tanzu-sql/templates/tanzu-sql-secret.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: tanzu-sql-registry-secret 8 | namespace: {{ tanzu_sql.namespace }} 9 | labels: 10 | rpk.heritage: "true" 11 | rpk.module : "{{ tanzu_sql.module }}" 12 | rpk.resource: "registry-secret" 13 | type: kubernetes.io/dockerconfigjson 14 | data: 15 | .dockerconfigjson: {{('{"auths":{"'+tanzu_container_registry.core.dns+'":{"auth":"'+( tanzu_container_registry.admin_username + ':' + tanzu_container_registry.admin_password ) | b64encode +'"}}}') | b64encode}} 16 | -------------------------------------------------------------------------------- /roles/support/build-docs/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | rpk_providers: 5 | - "aws" 6 | - "azure" 7 | - "kind" 8 | - "vmware" 9 | 10 | rpk_supported_profiles: 11 | - "platform" 12 | - "advanced" 13 | -------------------------------------------------------------------------------- /roles/support/build-docs/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/support/build-docs/tasks/toc.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "get provider documentation headings" 5 | command: "grep '^#' /ansible/roles/support/build-docs/templates/built/{{ provider }}.md" 6 | register: "headings" 7 | tags: 8 | - skip_ansible_lint 9 | 10 | - debug: 11 | var: "headings.stdout_lines" 12 | verbosity: 1 13 | 14 | - name: "build table of conentents for {{ provider }}" 15 | template: 16 | src: "toc/toc.md.j2" 17 | dest: "/ansible/roles/support/build-docs/templates/built/{{ provider }}-toc.md" 18 | mode: "0700" 19 | tags: 20 | - skip_ansible_lint 21 | 22 | # ensure we've cleaned out possible headings by setting to empty 23 | - name: "clear {{ provider }} headings" 24 | set_fact: 25 | headings: [] 26 | -------------------------------------------------------------------------------- /roles/support/build-docs/templates/aws.md.j2: -------------------------------------------------------------------------------- 1 | # AWS Provider Documentation 2 | 3 | ## Table of Contents 4 | 5 | {% include 'built/aws-toc.md' %} 6 | 7 | 8 | {% include 'built/aws.md' %} 9 | -------------------------------------------------------------------------------- /roles/support/build-docs/templates/azure.md.j2: -------------------------------------------------------------------------------- 1 | # Azure Provider Documentation 2 | 3 | ## Table of Contents 4 | 5 | {% include 'built/azure-toc.md' %} 6 | 7 | 8 | {% include 'built/azure.md' %} 9 | -------------------------------------------------------------------------------- /roles/support/build-docs/templates/kind.md.j2: -------------------------------------------------------------------------------- 1 | # Kind Provider Documentation 2 | 3 | ## Table of Contents 4 | 5 | {% include 'built/kind-toc.md' %} 6 | 7 | 8 | {% include 'built/kind.md' %} 9 | -------------------------------------------------------------------------------- /roles/support/build-docs/templates/sections/common/build.md: -------------------------------------------------------------------------------- 1 | Build a Docker image to run the Ansible playbooks. This will relieve you of the need to install the Python dependencies locally. To build the Docker image with the latest state of the project locally, run: 2 | 3 | ```bash 4 | make build 5 | ``` 6 | 7 | To build this Docker image with custom image names (default: rpk) and image versions (default: latest), run the 8 | following, being sure to substitute in your desired variables appropriately: 9 | 10 | ```bash 11 | IMAGE=rpk-custom VERSION=v1.0.0 make build 12 | ``` 13 | 14 | > **NOTE:** *If using custom names, ensure that these match during the deploy stage.* 15 | -------------------------------------------------------------------------------- /roles/support/build-docs/templates/sections/common/deploy.md: -------------------------------------------------------------------------------- 1 | #### Deploy RPK 2 | 3 | You can deploy using the docker image with the latest state of the project locally. To do so, run: 4 | 5 | ```bash 6 | make deploy 7 | ``` 8 | 9 | To run when using custom image names, image versions, and/or inventory run the following, being sure to substitute your desired variables appropriately: 10 | 11 | ```bash 12 | INVENTORY=/path/to/my/inventory.yaml IMAGE=rpk-test VERSION=v1.0.0 make deploy 13 | ``` 14 | 15 | > **NOTE:** *If you are deploying RPK to a Tanzu Mission Control provisioned cluster, you must run the following version of the command:* 16 | 17 | ```bash 18 | TMC=true make deploy 19 | ``` 20 | -------------------------------------------------------------------------------- /roles/support/build-docs/templates/sections/common/super_quick_start.md: -------------------------------------------------------------------------------- 1 | ## Super Quick Start 2 | 3 | 1. `make setup.{{ provider }}` - create the inventory file with global variables. 4 | {% if provider == "kind" %} 5 | 6 | 1. `make setup.kind.network` - deploy Calico as a CNI for KIND. 7 | 8 | 1. `kind get kubeconfig --name rpk >> ~/.kube/config` - ensure the KIND kubeconfig and contexts exist in the kubeconfig file. 9 | {% endif %} 10 | 11 | 1. `vim build/inventory.yaml` - edit and update the variables. 12 | 13 | 1. `make build` - build an image for deploying RPK. 14 | 15 | 1. `make deploy` - deploy RPK. 16 | -------------------------------------------------------------------------------- /roles/support/build-docs/templates/sections/common/tmc_clusters.md: -------------------------------------------------------------------------------- 1 | If your cluster is a TMC-provisioned cluster, the following steps need to be performed: 2 | 3 | 1. Install the TMC binary. See https://docs.vmware.com/en/VMware-Tanzu-Mission-Control/services/tanzumc-using/GUID-7EEBDAEF-7868-49EC-8069-D278FD100FD9.html. 4 | 5 | 1. `tmc login` 6 | 7 | 1. When launching the `make deploy` command in the steps following, ensure that you run it with `TMC=true` 8 | 9 | For example: 10 | 11 | ```bash 12 | TMC=true make deploy 13 | ``` 14 | -------------------------------------------------------------------------------- /roles/support/build-docs/templates/toc/toc.md.j2: -------------------------------------------------------------------------------- 1 | {% for h in headings.stdout_lines %} 2 | {# spacing for indentation, link creation, ridding chars that break MD links etc #} 3 | {{ h | regex_replace('^(?P#{2}\s)(?P.*$)', '- [\\g]') | regex_replace('^##','') | regex_replace('#', ' ') | regex_replace('^(?P\s+)(?P.*)', '\\g- [\\g]') }}(#{{ h | regex_replace('[#()./]', '') | regex_replace('(^\s{1})', '') | regex_replace('[\s]', '-') | lower }}) 4 | {% endfor %} 5 | -------------------------------------------------------------------------------- /roles/support/build-docs/templates/vmware.md.j2: -------------------------------------------------------------------------------- 1 | # VMware Provider Documentation 2 | 3 | ## Table of Contents 4 | 5 | {% include 'built/vmware-toc.md' %} 6 | 7 | 8 | {% include 'built/vmware.md' %} 9 | -------------------------------------------------------------------------------- /roles/support/build-profiles/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | -------------------------------------------------------------------------------- /roles/support/build-profiles/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "collect component profiles" 5 | set_fact: 6 | _rpk_components: "{{ (lookup('file', 'profiles/components.yaml') | from_yaml)['rpk_components'] }}" 7 | 8 | - name: "debug the _rpk_components" 9 | debug: 10 | var: _rpk_components 11 | verbosity: 0 12 | 13 | - name: "set component profile list" 14 | set_fact: 15 | _component_profiles: "{{ _rpk_components | json_query('[*].profiles') | flatten | unique }}" 16 | 17 | - name: "debug the _component_profiles" 18 | debug: 19 | var: _component_profiles 20 | verbosity: 0 21 | 22 | - name: "build profiles" 23 | template: 24 | src: "profile.yaml.j2" 25 | dest: "profiles/{{ profile }}.yaml" 26 | mode: "0700" 27 | with_items: "{{ _component_profiles }}" 28 | loop_control: 29 | loop_var: "profile" 30 | tags: 31 | # we want to report changes here 32 | - skip_ansible_lint 33 | -------------------------------------------------------------------------------- /roles/support/build-profiles/templates/profile.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | rpk_components: 5 | {% for component in _rpk_components %} 6 | {% if profile in component.profiles %} 7 | - name: "{{ component.name }}" 8 | enabled: {{ component.enabled | bool | lower }} 9 | {% endif %} 10 | {% endfor %} 11 | -------------------------------------------------------------------------------- /roles/support/role-skeleton/.dependencies.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | dependencies: [] 5 | # NOTE: all dependencies that this role requires need to be defined here (ordered lowest-highest priority) 6 | # child dependencies will NOT be resolved 7 | # EXAMPLE: 8 | # - component: "storage" 9 | # priority: 100 10 | # - component: "security" 11 | # priority: 200 12 | # - component: "dns" 13 | # priority: 300 14 | # - component: "ingress" 15 | # priority: 400 16 | -------------------------------------------------------------------------------- /roles/support/role-skeleton/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Galaxy Role Skeleton 2 | 3 | An example Ansible Galaxy Role Skeleton to help enforce documentation standards. This skeleton has a minimalistic directory structure, and the meta directory has been removed. 4 | 5 | ## Usage 6 | 1. Clone the repository to your development workstation. 7 | 2. Initialize your new role with the following command: 8 | ```bash 9 | ansible-galaxy role init --role-skeleton=/path/to/cloned/role/skeleton/repository 10 | ``` 11 | 12 | ## Author 13 | [Andrew J. Huffman](https://github.com/ahuffman) 14 | -------------------------------------------------------------------------------- /roles/support/role-skeleton/clean/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | - name: "clean manifests with kapp" 5 | kapp: 6 | state: "absent" 7 | context: "{{ tanzu_kubectl_context }}" 8 | namespace: "{{ rpk_extension_namespace }}" 9 | name: "{{ tanzu_role_name.component }}" 10 | wait_timeout: "{{ wait_timeout | default('300s') }}" 11 | -------------------------------------------------------------------------------- /roles/support/role-skeleton/common/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | #@data/values 4 | --- 5 | tanzu_role_name: 6 | # common vars 7 | namespace: "tanzu-{{ role_name }}" 8 | staging_dir: "{{ rpk_staging_dir }}/tanzu-{{ role_name }}" 9 | component: "{{ role_name }}" 10 | 11 | # resources 12 | default_resources: "{{ rpk_default_resources }}" 13 | default_quota: "{{ rpk_default_quota }}" 14 | default_maximums: "{{ rpk_default_maximums }}" 15 | 16 | # app1 (sub-component 1) 17 | # app1: 18 | # resources: 19 | # requests: 20 | # cpu: 21 | # memory: 22 | # limits: 23 | # cpu: 24 | # memory: 25 | # replicas: 1 26 | # resource_name: "app1" 27 | # change_group: "{{ rpk_extension_group }}/app1" 28 | 29 | # app2 (sub-component 2) 30 | # app2: 31 | # resource_name: "app2" 32 | # change_group: "{{ rpk_extension_group }}/app2" 33 | -------------------------------------------------------------------------------- /roles/support/role-skeleton/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see common/defaults 5 | -------------------------------------------------------------------------------- /roles/support/role-skeleton/demo/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | -------------------------------------------------------------------------------- /roles/support/role-skeleton/pre-flight/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | -------------------------------------------------------------------------------- /roles/support/role-skeleton/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # 5 | # NAMESPACES 6 | # 7 | - name: "ensure manifest staging directory exists" 8 | import_role: 9 | name: "common/staging-directory" 10 | vars: 11 | staging_dir: "{{ tanzu_role_name.staging_dir }}" 12 | 13 | - name: "create namespace" 14 | import_role: 15 | name: "common/namespace" 16 | vars: 17 | namespace: "{{ tanzu_role_name.namespace }}" 18 | namespace_template_file: "tanzu-namespace.yaml.j2" 19 | namespace_file: "{{ tanzu_role_name.staging_dir }}/tanzu-namespace.yaml" 20 | -------------------------------------------------------------------------------- /roles/support/role-skeleton/templates/tanzu-namespace.yaml.j2: -------------------------------------------------------------------------------- 1 | # Copyright 2006-2021 VMware, Inc. 2 | # SPDX-License-Identifier: MIT 3 | --- 4 | # see https://github.com/vmware-tanzu-labs/namespace-operator 5 | apiVersion: tenancy.platform.cnr.vmware.com/v1alpha1 6 | kind: TanzuNamespace 7 | metadata: 8 | name: {{ tanzu_role_name.namespace }} 9 | spec: 10 | tanzuNamespaceName: "{{ tanzu_role_name.namespace }}" 11 | tanzuLimitRangeDefaultCpuLimit: "50m" 12 | tanzuLimitRangeDefaultMemoryLimit: "64Mi" 13 | tanzuLimitRangeDefaultCpuRequest: "50m" 14 | tanzuLimitRangeDefaultMemoryRequest: "64Mi" 15 | tanzuLimitRangeMaxCpuLimit: "1000m" 16 | tanzuLimitRangeMaxMemoryLimit: "1024Mi" 17 | tanzuResourceQuotaCpuRequests: "4" 18 | tanzuResourceQuotaMemoryRequests: "4Gi" 19 | tanzuResourceQuotaCpuLimits: "4" 20 | tanzuResourceQuotaMemoryLimits: "4Gi" 21 | --------------------------------------------------------------------------------