Skip to content

Commit

Permalink
Sync
Browse files Browse the repository at this point in the history
  • Loading branch information
tnozicka committed Jul 26, 2024
1 parent 748e189 commit 8513810
Show file tree
Hide file tree
Showing 26 changed files with 226 additions and 52 deletions.
14 changes: 7 additions & 7 deletions assets/monitoring/grafana/v1alpha1/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -123,9 +123,9 @@ spec:
securityContext:
allowPrivilegeEscalation: false
privileged: false
runAsNonRoot: true
runAsUser: 472
runAsGroup: 472
# runAsNonRoot: true
# runAsUser: 472
# runAsGroup: 472
capabilities:
drop:
- ALL
Expand Down Expand Up @@ -158,9 +158,9 @@ spec:
emptyDir:
sizeLimit: 100Mi
securityContext:
runAsNonRoot: true
runAsUser: 472
runAsGroup: 472
fsGroup: 472
# runAsNonRoot: true
# runAsUser: 472
# runAsGroup: 472
# fsGroup: 472
seccompProfile:
type: RuntimeDefault
6 changes: 6 additions & 0 deletions deploy/manager/dev/50_scyllacluster.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,9 @@ spec:
requests:
cpu: 10m
memory: 100Mi
placement:
tolerations:
- key: role
operator: Equal
value: scylla-clusters
effect: NoSchedule
6 changes: 6 additions & 0 deletions deploy/manager/prod/50_scyllacluster.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,9 @@ spec:
requests:
cpu: 1
memory: 200Mi
placement:
tolerations:
- key: role
operator: Equal
value: scylla-clusters
effect: NoSchedule
41 changes: 29 additions & 12 deletions deploy/operator.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,12 @@ rules:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -96,6 +102,7 @@ rules:
resources:
- statefulsets
- daemonsets
- daemonsets/finalizers
- deployments
verbs:
- create
Expand All @@ -115,7 +122,9 @@ rules:
- scylla.scylladb.com
resources:
- scyllaclusters
- scyllaclusters/finalizers
- scylladbmonitorings
- scylladbmonitorings/finalizers
verbs:
- create
- delete
Expand All @@ -139,6 +148,7 @@ rules:
- ""
resources:
- configmaps
- configmaps/finalizers
verbs:
- create
- delete
Expand Down Expand Up @@ -175,6 +185,8 @@ rules:
- scylla.scylladb.com
resources:
- nodeconfigs
- nodeconfigs/status
- nodeconfigs/finalizers
verbs:
- create
- delete
Expand Down Expand Up @@ -210,18 +222,6 @@ rules:
- patch
- update
- watch
- apiGroups:
- scylla.scylladb.com
resources:
- nodeconfigs/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- batch
resources:
Expand Down Expand Up @@ -284,6 +284,14 @@ rules:
- patch
- update
- delete
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use

---
apiVersion: v1
Expand Down Expand Up @@ -5094,6 +5102,7 @@ rules:
- ""
resources:
- configmaps
- configmaps/finalizers
verbs:
- get
- list
Expand Down Expand Up @@ -5123,6 +5132,14 @@ rules:
- scyllaclusters
verbs:
- get
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use

---
apiVersion: rbac.authorization.k8s.io/v1
Expand Down
32 changes: 20 additions & 12 deletions deploy/operator/00_clusterrole_def.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,12 @@ rules:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -86,6 +92,7 @@ rules:
resources:
- statefulsets
- daemonsets
- daemonsets/finalizers
- deployments
verbs:
- create
Expand All @@ -105,7 +112,9 @@ rules:
- scylla.scylladb.com
resources:
- scyllaclusters
- scyllaclusters/finalizers
- scylladbmonitorings
- scylladbmonitorings/finalizers
verbs:
- create
- delete
Expand All @@ -129,6 +138,7 @@ rules:
- ""
resources:
- configmaps
- configmaps/finalizers
verbs:
- create
- delete
Expand Down Expand Up @@ -165,6 +175,8 @@ rules:
- scylla.scylladb.com
resources:
- nodeconfigs
- nodeconfigs/status
- nodeconfigs/finalizers
verbs:
- create
- delete
Expand Down Expand Up @@ -200,18 +212,6 @@ rules:
- patch
- update
- watch
- apiGroups:
- scylla.scylladb.com
resources:
- nodeconfigs/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- batch
resources:
Expand Down Expand Up @@ -274,3 +274,11 @@ rules:
- patch
- update
- delete
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use
9 changes: 9 additions & 0 deletions deploy/operator/00_scyllacluster_member_clusterrole_def.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ rules:
- ""
resources:
- configmaps
- configmaps/finalizers
verbs:
- get
- list
Expand Down Expand Up @@ -53,3 +54,11 @@ rules:
- scyllaclusters
verbs:
- get
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use
2 changes: 1 addition & 1 deletion examples/eks/nodeconfig-alpha.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ spec:
type: xfs
mounts:
- device: /dev/md/nvmes
mountPoint: /mnt/persistent-volumes
mountPoint: /var/mnt/persistent-volumes
unsupportedOptions:
- prjquota
raids:
Expand Down
2 changes: 1 addition & 1 deletion examples/gke/nodeconfig-alpha.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ spec:
type: xfs
mounts:
- device: /dev/md/nvmes
mountPoint: /mnt/persistent-volumes
mountPoint: /var/mnt/persistent-volumes
unsupportedOptions:
- prjquota
raids:
Expand Down
13 changes: 13 additions & 0 deletions examples/third-party/haproxy-ingress/10_haproxy-ingress.role.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: haproxy-ingress
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: haproxy-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: haproxy-ingress
subjects:
- kind: ServiceAccount
name: haproxy-ingress
namespace: haproxy-ingress
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,13 @@ spec:
volumeMounts:
- mountPath: /etc/prometheus/config
name: prometheus-cfg
- name: prometheus
mountPath: /prometheus
serviceAccountName: prometheus
volumes:
- configMap:
name: prometheus-cfg
name: prometheus-cfg
- name: prometheus
emptyDir:
sizeLimit: 10Mi
Original file line number Diff line number Diff line change
Expand Up @@ -64,12 +64,12 @@ spec:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 65532
# runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
# runAsUser: 65532
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
runAsUser: 65534
# runAsUser: 65534
serviceAccountName: prometheus-operator
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,14 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: scylladb:csi-external-provisioner
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use
- apiGroups:
- ""
resources:
Expand Down
10 changes: 7 additions & 3 deletions hack/ci-deploy.sh
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ cp ./examples/third-party/haproxy-ingress/*.yaml "${DEPLOY_DIR}/haproxy-ingress"
cp ./examples/common/cert-manager.yaml "${DEPLOY_DIR}/"

for f in $( find "${DEPLOY_DIR}"/ -type f -name '*.yaml' ); do
sed -i -E -e "s~docker.io/scylladb/scylla-operator(:|@sha256:)[^ ]*~${OPERATOR_IMAGE_REF}~" "${f}"
sed -i -E -e "s~docker\.io/scylladb/scylla-operator:[^ @]+$~${OPERATOR_IMAGE_REF}~" "${f}"
done

yq e --inplace '.spec.template.spec.containers[0].args += ["--qps=200", "--burst=400"]' "${DEPLOY_DIR}/operator/50_operator.deployment.yaml"
Expand All @@ -41,8 +41,8 @@ if [[ -n ${SCYLLA_OPERATOR_FEATURE_GATES+x} ]]; then
yq e --inplace '.spec.template.spec.containers[0].args += "--feature-gates="+ strenv(SCYLLA_OPERATOR_FEATURE_GATES)' "${DEPLOY_DIR}/operator/50_operator.deployment.yaml"
fi

kubectl_create -n prometheus-operator -f "${DEPLOY_DIR}/prometheus-operator"
kubectl_create -n haproxy-ingress -f "${DEPLOY_DIR}/haproxy-ingress"
kubectl_create -n=prometheus-operator -f="${DEPLOY_DIR}/prometheus-operator"
kubectl_create -n=haproxy-ingress -f="${DEPLOY_DIR}/haproxy-ingress"
kubectl_create -f "${DEPLOY_DIR}"/cert-manager.yaml

# Wait for cert-manager
Expand All @@ -69,6 +69,7 @@ if [[ -z "${SO_CSI_DRIVER_PATH:-}" ]]; then
echo "Skipping CSI driver creation"
else
kubectl_create -n=local-csi-driver -f="${SO_CSI_DRIVER_PATH}"
kubectl -n=local-csi-driver rollout status -f="${SO_CSI_DRIVER_PATH}"
fi

if [[ -n "${SO_SCYLLACLUSTER_STORAGECLASS_NAME}" ]]; then
Expand All @@ -90,3 +91,6 @@ kubectl wait --for condition=established crd/nodeconfigs.scylla.scylladb.com
kubectl wait --for condition=established crd/scyllaoperatorconfigs.scylla.scylladb.com
kubectl wait --for condition=established crd/scylladbmonitorings.scylla.scylladb.com
kubectl wait --for condition=established $( find "${DEPLOY_DIR}/prometheus-operator/" -name '*.crd.yaml' -printf '-f=%p\n' )

kubectl -n=haproxy-ingress rollout status deploy/haproxy-ingress deploy/ingress-default-backend deploy/prometheus
kubectl -n=prometheus-operator rollout status deploy/prometheus-operator
12 changes: 12 additions & 0 deletions hack/run-e2e-remote.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
# Copyright (C) 2024 ScyllaDB
#

set -euExo pipefail
shopt -s inherit_errexit

source "$( dirname "${BASH_SOURCE[0]}" )/.ci/lib/e2e.sh"

KUBECONFIG="${KUBECONFIGS[0]}" apply-e2e-workarounds
KUBECONFIG="${KUBECONFIGS[0]}" run-e2e
Loading

0 comments on commit 8513810

Please sign in to comment.