apiVersion: v1 kind: Namespace metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: agent-operator control-plane: controller-manager name: resiliency-system --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.1 labels: app.kubernetes.io/name: agent-operator name: agentinstances.core.resiliency.io spec: group: core.resiliency.io names: kind: AgentInstance listKind: AgentInstanceList plural: agentinstances singular: agentinstance scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .status.state name: Status type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1alpha1 schema: openAPIV3Schema: description: AgentInstance is the Schema for the agentinstances API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: AgentInstanceSpec defines the desired state of AgentInstance properties: api: type: string aws: properties: regions: items: type: string type: array secretName: type: string required: - regions - secretName type: object azure: properties: secretName: type: string servicePrincipalCredential: properties: secretName: type: string required: - secretName type: object subscriptionID: type: string workloadIdentity: properties: managedIdentity: type: string serviceAccount: type: string required: - managedIdentity type: object required: - secretName - subscriptionID type: object focusAzure: properties: containerName: type: string path: type: string secretName: type: string servicePrincipalCredential: properties: secretName: type: string required: - secretName type: object storageAccountName: type: string subscriptionID: type: string workloadIdentity: properties: managedIdentity: type: string serviceAccount: type: string required: - managedIdentity type: object required: - containerName - path - secretName - storageAccountName - subscriptionID type: object gcp: properties: projectID: type: string secretName: type: string required: - projectID - secretName type: object httpRequestSize: type: integer insecureSkipVerify: type: boolean kubernetes: properties: secretName: type: string required: - secretName type: object openshift: properties: secretName: type: string required: - secretName type: object resources: description: ResourceRequirements describes the compute resource requirements. properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object required: - api type: object status: description: AgentInstanceStatus defines the observed state of AgentInstance properties: attempts: format: int32 type: integer conditions: items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array state: type: string required: - attempts - state type: object type: object served: true storage: true subresources: status: {} --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: agent-operator name: agent-operator-controller-manager namespace: resiliency-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: agent-operator name: agent-operator-leader-election-role namespace: resiliency-system rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: agent-operator name: agent-operator-agentinstance-editor-role rules: - apiGroups: - core.resiliency.io resources: - agentinstances verbs: - create - delete - get - list - patch - update - watch - apiGroups: - core.resiliency.io resources: - agentinstances/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: agent-operator name: agent-operator-agentinstance-viewer-role rules: - apiGroups: - core.resiliency.io resources: - agentinstances verbs: - get - list - watch - apiGroups: - core.resiliency.io resources: - agentinstances/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/name: agent-operator name: agent-operator-manager-role rules: - apiGroups: - '*' resources: - '*' verbs: - get - list - watch - apiGroups: - apps resources: - deployments verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - configmaps - serviceaccounts verbs: - create - delete - get - list - patch - update - watch - apiGroups: - core.resiliency.io resources: - agentinstances verbs: - create - delete - get - list - patch - update - watch - apiGroups: - core.resiliency.io resources: - agentinstances/finalizers verbs: - update - apiGroups: - core.resiliency.io resources: - agentinstances/status verbs: - get - patch - update - apiGroups: - rbac.authorization.k8s.io resources: - clusterrolebindings - clusterroles verbs: - create - delete - get - list - patch - update - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/name: agent-operator name: agent-operator-metrics-auth-role rules: - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/name: agent-operator name: agent-operator-metrics-reader rules: - nonResourceURLs: - /metrics verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: agent-operator name: agent-operator-leader-election-rolebinding namespace: resiliency-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: agent-operator-leader-election-role subjects: - kind: ServiceAccount name: agent-operator-controller-manager namespace: resiliency-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: agent-operator name: agent-operator-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: agent-operator-manager-role subjects: - kind: ServiceAccount name: agent-operator-controller-manager namespace: resiliency-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/name: agent-operator name: agent-operator-metrics-auth-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: agent-operator-metrics-auth-role subjects: - kind: ServiceAccount name: agent-operator-controller-manager namespace: resiliency-system --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: agent-operator control-plane: controller-manager name: agent-operator-controller-manager-metrics-service namespace: resiliency-system spec: ports: - name: https port: 8443 protocol: TCP targetPort: 8443 selector: app.kubernetes.io/name: agent-operator control-plane: controller-manager --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: agent-operator control-plane: controller-manager name: agent-operator-controller-manager namespace: resiliency-system spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: agent-operator control-plane: controller-manager template: metadata: annotations: kubectl.kubernetes.io/default-container: manager labels: app.kubernetes.io/name: agent-operator control-plane: controller-manager spec: containers: - args: - --metrics-bind-address=:8443 - --leader-elect - --health-probe-bind-address=:8081 command: - /manager image: quay.io/resiliency-dev/agent-operator:v1.4.13 livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 name: manager readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 resources: limits: cpu: 500m memory: 128Mi requests: cpu: 10m memory: 64Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL securityContext: runAsNonRoot: true serviceAccountName: agent-operator-controller-manager terminationGracePeriodSeconds: 10 --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: agent-operator control-plane: controller-manager name: agent-operator-controller-manager-metrics-monitor namespace: resiliency-system spec: endpoints: - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token path: /metrics port: https scheme: https tlsConfig: insecureSkipVerify: true selector: matchLabels: app.kubernetes.io/name: agent-operator control-plane: controller-manager