Skip to content

Instantly share code, notes, and snippets.

@pichuang

pichuang/sample-tmc-deployment.yaml

Created November 12, 2021 03:09
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save pichuang/eb50ee49e4cdb64549df335216cc5290 to your computer and use it in GitHub Desktop.
Save pichuang/eb50ee49e4cdb64549df335216cc5290 to your computer and use it in GitHub Desktop.
Download ZIP
Tanzu Mission Control Agent Deployment
Raw
sample-tmc-deployment.yaml
apiVersion: v1
kind: Namespace
metadata:
labels:
control-plane: extension-manager
tmc-extension: "true"
controller-tools.k8s.io: "1.0"
name: vmware-system-tmc
---
apiVersion: v1
kind: ConfigMap
metadata:
name: stack-config
namespace: vmware-system-tmc
labels:
tmc.cloud.vmware.com/managed: "true"
data:
resource_uid: "c:ww"
org_id: "oo-ffda-xx-xx-xx"
management_cluster_name: "attached"
provisioner_name: "attached"
cluster_name: "homecloud-cluster"
cluster_rid: "rid:c:oo-xx-zz-xx-xx:attached:attached:homecloud-cluster"
tmc_url: https://mapbuapj.tmc.cloud.vmware.com
tmc_host: mapbuapj.tmc.cloud.vmware.com
tls.crt: |+
-----BEGIN CERTIFICATE-----
MVFVsSlJrWnFRME5CZGpablFYZEpRa0ZuU1ZKQlNrVnlRMFZ5VUVSQ2FXNVZMMkpYVEdsWGJsZ3hiM2RFVVZsS1MyOWFTV2gyWTA1QlVVVk1RbEZCZHdv1VwVFVUWmFkZ29nSUNBZ1RXeGtiRlJVUzBJemVtaFVhRll4SzFoWFdYQTJjbXBrTlVwWE1YcGlWbGRGYTB4T2VFVTNSMHBVYUVWVlJ6TnplbWRDVmtkUU4zQlRWMVJWVkhOeFdBb2dJQ0FnYmt4U1luZElUMjl4TjJoSWQyYzlQUT09
-----END CERTIFICATE-----
---
apiVersion: v1
kind: Secret
metadata:
name: tmc-access-secret
namespace: vmware-system-tmc
labels:
tmc.cloud.vmware.com/managed: "true"
type: Opaque
data:
access_token_info : "MVFVsSlJrWnFRME5CZGpablFYZEpRa0ZuU1ZKQlNrVnlRMFZ5VUVSQ2FXNVZMMkpYVEdsWGJsZ3hiM2RFVVZsS1MyOWFTV2gyWTA1QlVVVk1RbEZCZHdv1VwVFVUWmFkZ29nSUNBZ1RXeGtiRlJVUzBJemVtaFVhRll4SzFoWFdYQTJjbXBrTlVwWE1YcGlWbGRGYTB4T2VFVTNSMHBVYUVWVlJ6TnplbWRDVmtkUU4zQlRWMVJWVkhOeFdBb2dJQ0FnYmt4U1luZElUMjl4TjJoSWQyYzlQUT09"
---
---
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0
tmc.cloud.vmware.com/do-not-delete: "true"
tmc.cloud.vmware.com/orphan-resource: "true"
creationTimestamp: null
labels:
tmc-extension-name: extension-manager
tmc.cloud.vmware.com/managed: "true"
name: agents.clusters.tmc.cloud.vmware.com
spec:
group: clusters.tmc.cloud.vmware.com
names:
kind: Agent
listKind: AgentList
plural: agents
singular: agent
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.status
name: Status
type: integer
- jsonPath: .status.health
name: Health
type: integer
name: v1alpha1
schema:
openAPIV3Schema:
description: Agent is the Schema for the agents API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AgentSpec defines the desired state of Agent
properties:
detach:
type: boolean
extensions:
items:
type: string
type: array
namespace:
type: string
type: object
status:
description: AgentStatus defines the observed state of Agent
properties:
clusterHealth:
description: AggregatedClusterHealth defines the observed state of
the cluster.
properties:
controllerManagerHealth:
description: ComponentHealth defines the health of a component.
properties:
health:
format: int32
type: integer
message:
type: string
name:
type: string
required:
- name
type: object
etcdHealth:
items:
description: ComponentHealth defines the health of a component.
properties:
health:
format: int32
type: integer
message:
type: string
name:
type: string
required:
- name
type: object
type: array
message:
type: string
schedulerHealth:
description: ComponentHealth defines the health of a component.
properties:
health:
format: int32
type: integer
message:
type: string
name:
type: string
required:
- name
type: object
timestamp:
description: Timestamp is a struct that is equivalent to Time,
but intended for protobuf marshalling/unmarshalling. It is generated
into a serialization that matches Time. Do not use in Go structs.
properties:
nanos:
description: Non-negative fractions of a second at nanosecond
resolution. Negative second values with fractions must still
have non-negative nanos values that count forward in time.
Must be from 0 to 999,999,999 inclusive. This field may
be limited in precision depending on context.
format: int32
type: integer
seconds:
description: Represents seconds of UTC time since Unix epoch
1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z
to 9999-12-31T23:59:59Z inclusive.
format: int64
type: integer
required:
- nanos
- seconds
type: object
type: object
deploymentLink:
type: string
extensions:
items:
type: string
type: array
health:
format: int32
type: integer
metadata:
properties:
cloudProvider:
format: int32
type: integer
clusterCPU:
description: ResourceAllocation defines the resource utilisation
and availability.
properties:
allocatable:
anyOf:
- type: integer
- type: string
description: Allocatable is the quantity of compute resources
that can be allocated by the user excluding reserved resources.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
allocatedPercentage:
anyOf:
- type: integer
- type: string
description: Represents allocated percentage.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
capacity:
anyOf:
- type: integer
- type: string
description: Capacity is the total quantity of compute resources
available including reserved resources.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
requests:
anyOf:
- type: integer
- type: string
description: Requested is the requested quantity of compute
resources.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
units:
description: Units is the unit on which resource can be measured
e.g. mb, millicores etc.
type: string
required:
- allocatable
- allocatedPercentage
- requests
- units
type: object
clusterMemory:
description: ResourceAllocation defines the resource utilisation
and availability.
properties:
allocatable:
anyOf:
- type: integer
- type: string
description: Allocatable is the quantity of compute resources
that can be allocated by the user excluding reserved resources.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
allocatedPercentage:
anyOf:
- type: integer
- type: string
description: Represents allocated percentage.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
capacity:
anyOf:
- type: integer
- type: string
description: Capacity is the total quantity of compute resources
available including reserved resources.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
requests:
anyOf:
- type: integer
- type: string
description: Requested is the requested quantity of compute
resources.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
units:
description: Units is the unit on which resource can be measured
e.g. mb, millicores etc.
type: string
required:
- allocatable
- allocatedPercentage
- requests
- units
type: object
kubeServerVersion:
type: string
kubernetesProvider:
properties:
type:
format: int32
type: integer
version:
type: string
type: object
lastUpdate:
description: Timestamp is a struct that is equivalent to Time,
but intended for protobuf marshalling/unmarshalling. It is generated
into a serialization that matches Time. Do not use in Go structs.
properties:
nanos:
description: Non-negative fractions of a second at nanosecond
resolution. Negative second values with fractions must still
have non-negative nanos values that count forward in time.
Must be from 0 to 999,999,999 inclusive. This field may
be limited in precision depending on context.
format: int32
type: integer
seconds:
description: Represents seconds of UTC time since Unix epoch
1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z
to 9999-12-31T23:59:59Z inclusive.
format: int64
type: integer
required:
- nanos
- seconds
type: object
masterNodeCount:
format: int64
type: integer
namespacesCount:
format: int64
type: integer
physicalMemory:
format: int64
type: integer
podCount:
format: int64
type: integer
region:
type: string
vcpuCount:
format: int64
type: integer
workerNodeCount:
format: int64
type: integer
type: object
status:
format: int32
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0
tmc.cloud.vmware.com/do-not-delete: "true"
tmc.cloud.vmware.com/orphan-resource: "true"
creationTimestamp: null
labels:
tmc-extension-name: extension-manager
tmc.cloud.vmware.com/managed: "true"
name: extensionconfigs.intents.tmc.cloud.vmware.com
spec:
group: intents.tmc.cloud.vmware.com
names:
kind: ExtensionConfig
listKind: ExtensionConfigList
plural: extensionconfigs
singular: extensionconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ExtensionConfig is the Schema for the extensionconfigs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ExtensionConfigSpec defines the desired state of ExtensionConfig
properties:
configMaps:
description: ConfigMaps are the configMaps of the extension
items:
description: ConfigMap holds configuration data for pods to consume.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
binaryData:
additionalProperties:
format: byte
type: string
description: BinaryData contains the binary data. Each key must
consist of alphanumeric characters, '-', '_' or '.'. BinaryData
can contain byte sequences that are not in the UTF-8 range.
The keys stored in BinaryData must not overlap with the ones
in the Data field, this is enforced during validation process.
Using this field will require 1.10+ apiserver and kubelet.
type: object
data:
additionalProperties:
type: string
description: Data contains the configuration data. Each key
must consist of alphanumeric characters, '-', '_' or '.'.
Values with non-UTF-8 byte sequences must use the BinaryData
field. The keys stored in Data must not overlap with the keys
in the BinaryData field, this is enforced during validation
process.
type: object
immutable:
description: Immutable, if set to true, ensures that data stored
in the ConfigMap cannot be updated (only object metadata can
be modified). If not set to true, the field can be modified
at any time. Defaulted to nil. This is an alpha field enabled
by ImmutableEphemeralVolumes feature gate.
type: boolean
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
properties:
annotations:
additionalProperties:
type: string
type: object
finalizers:
items:
type: string
type: array
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
type: object
type: array
type: object
status:
description: ExtensionConfigStatus defines the observed state of ExtensionConfig
properties:
state:
description: State indicates the state of the ExtensionConfig
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
tmc.cloud.vmware.com/do-not-delete: "true"
tmc.cloud.vmware.com/orphan-resource: "true"
creationTimestamp: null
labels:
tmc-extension-name: extension-manager
tmc.cloud.vmware.com/managed: "true"
name: extensionintegrations.clusters.tmc.cloud.vmware.com
spec:
group: clusters.tmc.cloud.vmware.com
names:
kind: ExtensionIntegration
listKind: ExtensionIntegrationList
plural: extensionintegrations
singular: extensionintegration
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ExtensionIntegration is the Schema for the extensionintegrations
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ExtensionIntegrationSpec defines the desired state of ExtensionIntegration
properties:
extensionHealth:
description: Health of the Extension Workload that is managing the
underlying Application
format: int32
type: integer
extensionState:
description: Status of the Extension Workload that is managing the
underlying Application
format: int32
type: integer
type: object
status:
description: ExtensionIntegrationStatus defines the observed state of
ExtensionIntegration
properties:
applicationConditions:
description: Conditions of the Extension that is integrated with TMC
items:
description: Conditions captures readiness and health conditions
for an underlying Application mapping to an extension. Collectively
they capture the set of conditions that define the state and health
of application.
properties:
lastTransitionTime:
description: LastTransitionTime is the last time the condition
transitioned from one status to another.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
severity:
description: Severity with which to treat failures of this type
of condition. When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
required:
- status
- type
type: object
type: array
applicationVersion:
description: Version of the WorkLoad Managed by the Operator TMC
type: string
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0
tmc.cloud.vmware.com/do-not-delete: "true"
tmc.cloud.vmware.com/orphan-resource: "true"
creationTimestamp: null
labels:
tmc-extension-name: extension-manager
tmc.cloud.vmware.com/managed: "true"
name: extensionresourceowners.clusters.tmc.cloud.vmware.com
spec:
group: clusters.tmc.cloud.vmware.com
names:
kind: ExtensionResourceOwner
listKind: ExtensionResourceOwnerList
plural: extensionresourceowners
singular: extensionresourceowner
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ExtensionResourceOwner is the Schema for the extensionresourceowners
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ExtensionResourceOwnerSpec defines the desired state of ExtensionResourceOwner
type: object
status:
description: ExtensionResourceOwnerStatus defines the observed state of
ExtensionResourceOwner
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0
tmc.cloud.vmware.com/do-not-delete: "true"
tmc.cloud.vmware.com/orphan-resource: "true"
creationTimestamp: null
labels:
tmc-extension-name: extension-manager
tmc.cloud.vmware.com/managed: "true"
name: extensions.clusters.tmc.cloud.vmware.com
spec:
group: clusters.tmc.cloud.vmware.com
names:
kind: Extension
listKind: ExtensionList
plural: extensions
singular: extension
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.state
name: State
type: integer
- jsonPath: .status.health
name: Health
type: integer
- jsonPath: .status.version
name: Version
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: Extension is the Schema for the extensions API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ExtensionSpec defines the desired state of Extension
properties:
deploymentStrategy:
description: Deployment strategy of an extension.
properties:
extensionLifecycleOwner:
description: Component Owning Deployment Strategy of the Extension.
In case this field is empty it is assumed that Owner of Deployment
Strategy is Extension Manager
type: string
overlapTimePeriod:
description: Time-Period within which an extension maybe rolled-back
to previous version in case the extension becomes unhealthy
after the new version is updated successfully. After this time-period
elapses, Extensions will not be rolled back to previous versions
if they become unhealthy. If the value is zero this field will
not be used during Extension Lifecycle Management.
format: int64
type: integer
processingTimeout:
description: Timeout Value for Processing(Creating/Updating/Deleting/RollingBack)
an Extension.
format: int64
type: integer
type:
description: Type of deployment for extension resource.
type: string
required:
- type
type: object
description:
type: string
imageRegistry:
description: Image registry where the extension images resides.
type: string
name:
type: string
objects:
description: Raw JSON/YAML of extension equivalent to kubernetes
'Unstructured' type.
type: string
version:
type: string
required:
- deploymentStrategy
- name
- objects
- version
type: object
status:
description: ExtensionStatus defines the observed state of Extension
properties:
applicationStatus:
properties:
conditions:
items:
properties:
lastTransitionTime:
format: date-time
type: string
message:
description: A human readable message indicating details
about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
severity:
description: Severity with which to treat failures of this
type of condition. When this is not specified, it defaults
to Error.
type: string
status:
description: Status of the condition, one of True, False,
Unknown.
type: string
type:
description: Type of condition.
type: string
required:
- status
- type
type: object
type: array
version:
type: string
required:
- version
type: object
health:
format: int32
type: integer
previousVersion:
type: string
state:
format: int32
type: integer
status:
format: int32
type: integer
version:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
labels:
app: extension-manager
tmc-extension-name: extension-manager
tmc.cloud.vmware.com/managed: "true"
name: extension-manager
namespace: 'vmware-system-tmc'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
creationTimestamp: null
labels:
app: extension-manager
tmc-extension-name: extension-manager
tmc.cloud.vmware.com/managed: "true"
name: extension-manager-role
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
creationTimestamp: null
labels:
app: extension-manager
tmc-extension-name: extension-manager
tmc.cloud.vmware.com/managed: "true"
name: extension-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: extension-manager-role
subjects:
- kind: ServiceAccount
name: extension-manager
namespace: 'vmware-system-tmc'
---
apiVersion: v1
kind: Service
metadata:
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
labels:
app: extension-manager
control-plane: extension-manager
controller-tools.k8s.io: "1.0"
tmc-extension: "true"
tmc-extension-name: extension-manager
tmc.cloud.vmware.com/managed: "true"
name: extension-manager-service
namespace: 'vmware-system-tmc'
spec:
ports:
- port: 443
selector:
control-plane: extension-manager
controller-tools.k8s.io: "1.0"
tmc-extension: "true"
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
labels:
app: extension-manager
control-plane: extension-manager
controller-tools.k8s.io: "1.0"
tmc-extension: "true"
tmc-extension-name: extension-manager
tmc.cloud.vmware.com/managed: "true"
name: extension-manager
namespace: 'vmware-system-tmc'
spec:
minReadySeconds: 30
progressDeadlineSeconds: 600
replicas: 1
selector:
matchLabels:
control-plane: extension-manager
controller-tools.k8s.io: "1.0"
tmc-extension: "true"
strategy:
rollingUpdate:
maxSurge: 100%
template:
metadata:
labels:
control-plane: extension-manager
controller-tools.k8s.io: "1.0"
tmc-extension: "true"
tmc-extension-name: extension-manager
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
- matchExpressions:
- key: beta.kubernetes.io/os
operator: In
values:
- linux
containers:
- command:
- /usr/local/bin/manager
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: 'extensions.vmware-cloud.tmc.cloud.vmware.com/extensions/extension-manager/extension-manager@sha256:2e3b44d4b1a4185c071b20e4dbc45bad322baba0704f4856e77be0f5b71aaf67'
imagePullPolicy: Always
name: extension-manager
ports:
- containerPort: 9876
name: webhook-server
protocol: TCP
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
cpu: 100m
memory: 128Mi
securityContext:
runAsGroup: 1000
runAsUser: 10000
serviceAccountName: extension-manager
tolerations:
- operator: Exists
---
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
labels:
app: extension-updater
tmc-extension-name: extension-updater
tmc.cloud.vmware.com/managed: "true"
name: extension-updater-serviceaccount
namespace: 'vmware-system-tmc'
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default
tmc.cloud.vmware.com/orphan-resource: "true"
labels:
app: extension-updater
tmc-extension-name: extension-updater
tmc.cloud.vmware.com/managed: "true"
name: vmware-system-tmc-agent-restricted
spec:
allowPrivilegeEscalation: false
fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs
hostIPC: false
hostNetwork: false
hostPID: false
privileged: false
readOnlyRootFilesystem: false
requiredDropCapabilities:
- ALL
runAsUser:
rule: MustRunAsNonRoot
seLinux:
rule: RunAsAny
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
- persistentVolumeClaim
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
labels:
app: extension-updater
tmc-extension-name: extension-updater
tmc.cloud.vmware.com/managed: "true"
name: extension-updater-clusterrole
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- nonroot
resources:
- securitycontextconstraints
verbs:
- use
- apiGroups:
- clusters.tmc.cloud.vmware.com
resources:
- '*'
verbs:
- '*'
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- nodes
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- create
- get
- list
- watch
- delete
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- list
- update
- watch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
labels:
app: extension-updater
tmc-extension-name: extension-updater
tmc.cloud.vmware.com/managed: "true"
name: vmware-system-tmc-psp-agent-restricted
rules:
- apiGroups:
- policy
resourceNames:
- vmware-system-tmc-agent-restricted
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
labels:
app: extension-updater
tmc-extension-name: extension-updater
tmc.cloud.vmware.com/managed: "true"
name: extension-updater-clusterrolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: extension-updater-clusterrole
subjects:
- kind: ServiceAccount
name: extension-updater-serviceaccount
namespace: 'vmware-system-tmc'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
labels:
app: extension-updater
tmc-extension-name: extension-updater
tmc.cloud.vmware.com/managed: "true"
name: vmware-system-tmc-psp-agent-restricted
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: vmware-system-tmc-psp-agent-restricted
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts:vmware-system-tmc
---
apiVersion: v1
kind: Service
metadata:
labels:
app: extension-updater
tmc-extension-name: extension-updater
tmc.cloud.vmware.com/managed: "true"
name: extension-updater
namespace: 'vmware-system-tmc'
spec:
ports:
- name: validate-grpc
port: 9988
protocol: TCP
targetPort: 9988
selector:
app: extension-updater
component: extension-updater
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
labels:
app: extension-updater
tmc-extension-name: extension-updater
tmc.cloud.vmware.com/managed: "true"
name: extension-updater
namespace: 'vmware-system-tmc'
spec:
minReadySeconds: 30
progressDeadlineSeconds: 600
replicas: 1
selector:
matchLabels:
app: extension-updater
component: extension-updater
strategy:
rollingUpdate:
maxSurge: 100%
template:
metadata:
labels:
app: extension-updater
component: extension-updater
tmc-extension-name: extension-updater
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
- matchExpressions:
- key: beta.kubernetes.io/os
operator: In
values:
- linux
containers:
- args:
- --server=$(TMC_HOST):443
- --server-name=$(TMC_HOST)
- --tmc-ca=/etc/tmc/ca.crt
- --cluster-id=$(CLUSTER_RESOURCE_ID)
- --cluster-name=$(CLUSTER_NAME)
- --connect-timeout=100s
- --poll-interval=5m
- --poll-jitter=0.3
- --agent-heart-beat-interval=90s
- --validation-grpc-port=9988
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: TMC_HOST
valueFrom:
configMapKeyRef:
key: tmc_host
name: stack-config
- name: CLUSTER_RESOURCE_ID
valueFrom:
configMapKeyRef:
key: cluster_rid
name: stack-config
- name: CLUSTER_NAME
valueFrom:
configMapKeyRef:
key: cluster_name
name: stack-config
image: 'extensions.vmware-cloud.tmc.cloud.vmware.com/extensions/extension-updater/extension-updater@sha256:92e50904c508db2a33165809f224ea14c334bd503ac031bfbf5f897ae0133672'
imagePullPolicy: Always
name: extension-updater
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi
securityContext:
runAsGroup: 1000
runAsUser: 10000
volumeMounts:
- mountPath: /etc/tmc
name: tmc-root-ca
readOnly: true
serviceAccountName: extension-updater-serviceaccount
tolerations:
- operator: Exists
volumes:
- configMap:
items:
- key: tls.crt
path: ca.crt
name: stack-config
name: tmc-root-ca
---
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
labels:
app: agent-updater
tmc-extension-name: agent-updater
tmc.cloud.vmware.com/managed: "true"
name: agent-updater
namespace: 'vmware-system-tmc'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
creationTimestamp: null
labels:
app: agent-updater
tmc-extension-name: agent-updater
tmc.cloud.vmware.com/managed: "true"
name: agent-updater-role
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
creationTimestamp: null
labels:
app: agent-updater
tmc-extension-name: agent-updater
tmc.cloud.vmware.com/managed: "true"
name: agent-updater-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: agent-updater-role
subjects:
- kind: ServiceAccount
name: agent-updater
namespace: 'vmware-system-tmc'
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
labels:
app: agent-updater
component: agent-updater
tmc-extension: "true"
tmc-extension-name: agent-updater
tmc.cloud.vmware.com/managed: "true"
name: agent-updater
namespace: 'vmware-system-tmc'
spec:
minReadySeconds: 30
progressDeadlineSeconds: 600
replicas: 1
selector:
matchLabels:
component: agent-updater
tmc-extension: "true"
tmc-extension-name: agent-updater
strategy:
rollingUpdate:
maxSurge: 100%
template:
metadata:
labels:
app: agent-updater
component: agent-updater
tmc-extension: "true"
tmc-extension-name: agent-updater
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
- matchExpressions:
- key: beta.kubernetes.io/os
operator: In
values:
- linux
containers:
- command:
- /usr/local/bin/manager
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: 'extensions.vmware-cloud.tmc.cloud.vmware.com/extensions/agent-updater/agent-updater@sha256:1e464de02621029b63daab7ed3efcad848ef568bb41dba3dc76353d69ec6d477'
imagePullPolicy: Always
name: agent-updater
ports:
- containerPort: 9876
name: webhook-server
protocol: TCP
resources:
limits:
cpu: 100m
memory: 150Mi
requests:
cpu: 100m
memory: 100Mi
securityContext:
runAsGroup: 1000
runAsUser: 10000
serviceAccountName: agent-updater
tolerations:
- operator: Exists
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
labels:
app: agent-updater
component: agentupdater-workload
tmc-extension: "true"
tmc-extension-name: agent-updater
tmc.cloud.vmware.com/managed: "true"
name: agentupdater-workload
namespace: 'vmware-system-tmc'
spec:
concurrencyPolicy: Forbid
jobTemplate:
metadata:
labels:
component: agentupdater-workload
tmc-extension-name: agent-updater
tmc.cloud.vmware.com/managed: "true"
spec:
template:
metadata:
labels:
tmc-extension-name: agent-updater
tmc.cloud.vmware.com/managed: "true"
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
- matchExpressions:
- key: beta.kubernetes.io/os
operator: In
values:
- linux
containers:
- command:
- /usr/local/bin/agentupdaterworkload
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: 'extensions.vmware-cloud.tmc.tmc.cloud.vmware.comcloud.vmware.com/extensions/agent-updater/agentupdater-workload@sha256:58f5ddebb6a167c814a2145e3001e5d010edfc652fcc94a9a387b4eaf4a93efe'
imagePullPolicy: IfNotPresent
name: agentupdater-workload
ports:
- containerPort: 9876
name: webhook-server
protocol: TCP
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
cpu: 100m
memory: 128Mi
securityContext:
runAsGroup: 1000
runAsUser: 10000
restartPolicy: Never
serviceAccountName: agent-updater
tolerations:
- operator: Exists
schedule: '*/1 * * * *'
startingDeadlineSeconds: 180
---
apiVersion: v1
kind: Secret
metadata:
name: tmc-proxy-secret
namespace: vmware-system-tmc
labels:
tmc.cloud.vmware.com/managed: "true"
type: Opaque
data:
http-url: aHR0cDovL3Byb3h5LnBpY2h1YW5nLmxvY2FsOjMxMjg=
basic-auth-username: aHBoaWxAdm13YXJlLmNvbQ==
basic-auth-password: aHBoaWxAdm13YXJlLmNvbQ==
HTTP_PROXY: aHR0cDovL2xvY2FsaG9zdDozMTI4
HTTPS_PROXY: aHR0cHM6Ly9sb2NhbGhvc3Q6MzEyOA==
---
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment