From c07f1851b36d8f45cc215d3b854d535d6208151a Mon Sep 17 00:00:00 2001 From: "M. Mert Yildiran" Date: Tue, 27 Jun 2023 01:22:30 +0300 Subject: [PATCH] :fire: Delete the manifests and add `complete.yaml` instead --- Makefile | 3 + manifests/00-namespace.yaml | 11 - manifests/01-service-account.yaml | 11 - manifests/02-cluster-role.yaml | 27 -- manifests/03-cluster-role-binding.yaml | 19 -- manifests/04-hub-pod.yaml | 47 ---- manifests/05-hub-service.yaml | 20 -- manifests/06-front-pod.yaml | 49 ---- manifests/07-front-service.yaml | 20 -- manifests/08-persistent-volume-claim.yaml | 19 -- manifests/09-worker-daemon-set.yaml | 92 ------- manifests/10-ingress-class.yaml | 13 - manifests/11-ingress.yaml | 36 --- manifests/complete.yaml | 307 ++++++++++++++++++++++ 14 files changed, 310 insertions(+), 364 deletions(-) delete mode 100644 manifests/00-namespace.yaml delete mode 100644 manifests/01-service-account.yaml delete mode 100644 manifests/02-cluster-role.yaml delete mode 100644 manifests/03-cluster-role-binding.yaml delete mode 100644 manifests/04-hub-pod.yaml delete mode 100644 manifests/05-hub-service.yaml delete mode 100644 manifests/06-front-pod.yaml delete mode 100644 manifests/07-front-service.yaml delete mode 100644 manifests/08-persistent-volume-claim.yaml delete mode 100644 manifests/09-worker-daemon-set.yaml delete mode 100644 manifests/10-ingress-class.yaml delete mode 100644 manifests/11-ingress.yaml create mode 100644 manifests/complete.yaml diff --git a/Makefile b/Makefile index ac6977fdf..0c2331eda 100644 --- a/Makefile +++ b/Makefile @@ -68,3 +68,6 @@ kubectl-view-all-resources: ## This command outputs all Kubernetes resources usi kubectl-view-kubeshark-resources: ## This command outputs all Kubernetes resources in "kubeshark" namespace using YAML format and pipes it to VS Code ./kubectl.sh view-kubeshark-resources + +generate-manifests: ## Generate the manifests from the Helm chart using default configuration + helm template ./helm-chart > ./manifests/complete.yaml diff --git a/manifests/00-namespace.yaml b/manifests/00-namespace.yaml deleted file mode 100644 index 4a6fafc66..000000000 --- a/manifests/00-namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - creationTimestamp: null - labels: - kubeshark-created-by: kubeshark - kubeshark-managed-by: kubeshark - name: kubeshark -spec: {} -status: {} diff --git a/manifests/01-service-account.yaml b/manifests/01-service-account.yaml deleted file mode 100644 index 6c99b5271..000000000 --- a/manifests/01-service-account.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - kubeshark-cli-version: v1 - kubeshark-created-by: kubeshark - kubeshark-managed-by: kubeshark - name: kubeshark-service-account - namespace: kubeshark diff --git a/manifests/02-cluster-role.yaml b/manifests/02-cluster-role.yaml deleted file mode 100644 index 23f7944ba..000000000 --- a/manifests/02-cluster-role.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - kubeshark-cli-version: v1 - kubeshark-created-by: kubeshark - kubeshark-managed-by: kubeshark - name: kubeshark-cluster-role - namespace: kubeshark -rules: - - apiGroups: - - "" - - extensions - - apps - - networking.k8s.io - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - ingresses - verbs: - - list - - get - - watch diff --git a/manifests/03-cluster-role-binding.yaml b/manifests/03-cluster-role-binding.yaml deleted file mode 100644 index f585d71d0..000000000 --- a/manifests/03-cluster-role-binding.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - kubeshark-cli-version: v1 - kubeshark-created-by: kubeshark - kubeshark-managed-by: kubeshark - name: kubeshark-cluster-role-binding - namespace: kubeshark -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubeshark-cluster-role -subjects: - - kind: ServiceAccount - name: kubeshark-service-account - namespace: kubeshark diff --git a/manifests/04-hub-pod.yaml b/manifests/04-hub-pod.yaml deleted file mode 100644 index d9f6d28e0..000000000 --- a/manifests/04-hub-pod.yaml +++ /dev/null @@ -1,47 +0,0 @@ ---- -apiVersion: v1 -kind: Pod -metadata: - creationTimestamp: null - labels: - app: kubeshark-hub - kubeshark-created-by: kubeshark - kubeshark-managed-by: kubeshark - name: kubeshark-hub - namespace: kubeshark -spec: - containers: - - command: - - ./hub - env: - - name: POD_REGEX - value: .* - - name: NAMESPACES - - name: LICENSE - - name: SCRIPTING_ENV - value: '{}' - - name: SCRIPTING_SCRIPTS - value: '[]' - - name: AUTH_APPROVED_DOMAINS - image: docker.io/kubeshark/hub:latest - imagePullPolicy: Always - name: kubeshark-hub - ports: - - containerPort: 80 - hostPort: 8898 - resources: - limits: - cpu: 750m - memory: 1Gi - requests: - cpu: 50m - memory: 50Mi - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: kubeshark-service-account - terminationGracePeriodSeconds: 0 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists -status: {} diff --git a/manifests/05-hub-service.yaml b/manifests/05-hub-service.yaml deleted file mode 100644 index 87acf0807..000000000 --- a/manifests/05-hub-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - kubeshark-created-by: kubeshark - kubeshark-managed-by: kubeshark - name: kubeshark-hub - namespace: kubeshark -spec: - ports: - - name: kubeshark-hub - port: 80 - targetPort: 80 - selector: - app: kubeshark-hub - type: NodePort -status: - loadBalancer: {} diff --git a/manifests/06-front-pod.yaml b/manifests/06-front-pod.yaml deleted file mode 100644 index e4cdafbeb..000000000 --- a/manifests/06-front-pod.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: v1 -kind: Pod -metadata: - creationTimestamp: null - labels: - app: kubeshark-front - kubeshark-created-by: kubeshark - kubeshark-managed-by: kubeshark - name: kubeshark-front - namespace: kubeshark -spec: - containers: - - env: - - name: REACT_APP_DEFAULT_FILTER - value: ' ' - - name: REACT_APP_HUB_HOST - value: ' ' - - name: REACT_APP_HUB_PORT - value: "8898" - image: docker.io/kubeshark/front:latest - imagePullPolicy: Always - name: kubeshark-front - ports: - - containerPort: 80 - hostPort: 8899 - readinessProbe: - failureThreshold: 3 - periodSeconds: 1 - successThreshold: 1 - tcpSocket: - port: 80 - timeoutSeconds: 1 - resources: - limits: - cpu: 750m - memory: 1Gi - requests: - cpu: 50m - memory: 50Mi - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: kubeshark-service-account - terminationGracePeriodSeconds: 0 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists -status: {} diff --git a/manifests/07-front-service.yaml b/manifests/07-front-service.yaml deleted file mode 100644 index 004a4ca43..000000000 --- a/manifests/07-front-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - kubeshark-created-by: kubeshark - kubeshark-managed-by: kubeshark - name: kubeshark-front - namespace: kubeshark -spec: - ports: - - name: kubeshark-front - port: 80 - targetPort: 80 - selector: - app: kubeshark-front - type: NodePort -status: - loadBalancer: {} diff --git a/manifests/08-persistent-volume-claim.yaml b/manifests/08-persistent-volume-claim.yaml deleted file mode 100644 index 7863440fd..000000000 --- a/manifests/08-persistent-volume-claim.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - creationTimestamp: null - labels: - kubeshark-cli-version: v1 - kubeshark-created-by: kubeshark - kubeshark-managed-by: kubeshark - name: kubeshark-persistent-volume-claim - namespace: kubeshark -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 200Mi - storageClassName: standard -status: {} diff --git a/manifests/09-worker-daemon-set.yaml b/manifests/09-worker-daemon-set.yaml deleted file mode 100644 index bf087504f..000000000 --- a/manifests/09-worker-daemon-set.yaml +++ /dev/null @@ -1,92 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - app: kubeshark-worker-daemon-set - kubeshark-created-by: kubeshark - kubeshark-managed-by: kubeshark - name: kubeshark-worker-daemon-set - namespace: kubeshark -spec: - selector: - matchLabels: - app: kubeshark-worker-daemon-set - kubeshark-created-by: kubeshark - kubeshark-managed-by: kubeshark - template: - metadata: - creationTimestamp: null - labels: - app: kubeshark-worker-daemon-set - kubeshark-created-by: kubeshark - kubeshark-managed-by: kubeshark - name: kubeshark-worker-daemon-set - namespace: kubeshark - spec: - containers: - - command: - - ./worker - - -i - - any - - -port - - "8897" - - -packet-capture - - libpcap - - -servicemesh - - -tls - - -procfs - - /hostproc - image: docker.io/kubeshark/worker:latest - imagePullPolicy: Always - name: kubeshark-worker-daemon-set - ports: - - containerPort: 8897 - hostPort: 8897 - resources: - limits: - cpu: 750m - memory: 1Gi - requests: - cpu: 50m - memory: 50Mi - securityContext: - capabilities: - add: - - NET_RAW - - NET_ADMIN - - SYS_ADMIN - - SYS_PTRACE - - DAC_OVERRIDE - - SYS_RESOURCE - drop: - - ALL - volumeMounts: - - mountPath: /hostproc - name: proc - readOnly: true - - mountPath: /sys - name: sys - readOnly: true - - mountPath: /app/data - name: kubeshark-persistent-volume - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - serviceAccountName: kubeshark-service-account - terminationGracePeriodSeconds: 0 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: /proc - name: proc - - hostPath: - path: /sys - name: sys - - name: kubeshark-persistent-volume - persistentVolumeClaim: - claimName: kubeshark-persistent-volume-claim diff --git a/manifests/10-ingress-class.yaml b/manifests/10-ingress-class.yaml deleted file mode 100644 index a35a39d55..000000000 --- a/manifests/10-ingress-class.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - creationTimestamp: null - labels: - kubeshark-cli-version: v1 - kubeshark-created-by: kubeshark - kubeshark-managed-by: kubeshark - name: kubeshark-ingress-class - namespace: kubeshark -spec: - controller: k8s.io/ingress-nginx diff --git a/manifests/11-ingress.yaml b/manifests/11-ingress.yaml deleted file mode 100644 index 1db0c2a2b..000000000 --- a/manifests/11-ingress.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - certmanager.k8s.io/cluster-issuer: letsencrypt-prod - nginx.ingress.kubernetes.io/rewrite-target: /$2 - creationTimestamp: null - labels: - kubeshark-cli-version: v1 - kubeshark-created-by: kubeshark - kubeshark-managed-by: kubeshark - name: kubeshark-ingress - namespace: kubeshark -spec: - ingressClassName: kubeshark-ingress-class - rules: - - host: ks.svc.cluster.local - http: - paths: - - backend: - service: - name: kubeshark-hub - port: - number: 80 - path: /api(/|$)(.*) - pathType: Prefix - - backend: - service: - name: kubeshark-front - port: - number: 80 - path: /()(.*) - pathType: Prefix -status: - loadBalancer: {} diff --git a/manifests/complete.yaml b/manifests/complete.yaml new file mode 100644 index 000000000..ac806b24e --- /dev/null +++ b/manifests/complete.yaml @@ -0,0 +1,307 @@ +--- +# Source: kubeshark/templates/00-namespace.yaml +apiVersion: v1 +kind: Namespace +metadata: + creationTimestamp: null + labels: + kubeshark-cli-version: v1 + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: 'kubeshark' +spec: {} +status: {} +--- +# Source: kubeshark/templates/01-service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + labels: + kubeshark-cli-version: v1 + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark-service-account + namespace: 'kubeshark' +--- +# Source: kubeshark/templates/02-cluster-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + kubeshark-cli-version: v1 + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark-cluster-role + namespace: 'kubeshark' +rules: + - apiGroups: + - "" + - extensions + - apps + - networking.k8s.io + resources: + - pods + - services + - endpoints + - persistentvolumeclaims + - ingresses + verbs: + - list + - get + - watch +--- +# Source: kubeshark/templates/03-cluster-role-binding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + labels: + kubeshark-cli-version: v1 + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark-cluster-role-binding + namespace: 'kubeshark' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeshark-cluster-role +subjects: + - kind: ServiceAccount + name: kubeshark-service-account + namespace: 'kubeshark' +--- +# Source: kubeshark/templates/05-hub-service.yaml +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + kubeshark-cli-version: v1 + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark-hub + namespace: 'kubeshark' +spec: + ports: + - name: kubeshark-hub + port: 80 + targetPort: 80 + selector: + app: kubeshark-hub + type: NodePort +status: + loadBalancer: {} +--- +# Source: kubeshark/templates/07-front-service.yaml +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + kubeshark-cli-version: v1 + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark-front + namespace: 'kubeshark' +spec: + ports: + - name: kubeshark-front + port: 80 + targetPort: 80 + selector: + app: kubeshark-front + type: NodePort +status: + loadBalancer: {} +--- +# Source: kubeshark/templates/09-worker-daemon-set.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + creationTimestamp: null + labels: + app: kubeshark-worker-daemon-set + kubeshark-cli-version: v1 + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark-worker-daemon-set + namespace: 'kubeshark' +spec: + selector: + matchLabels: + app: kubeshark-worker-daemon-set + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + template: + metadata: + creationTimestamp: null + labels: + app: kubeshark-worker-daemon-set + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark-worker-daemon-set + namespace: kubeshark + spec: + containers: + - command: + - './worker' + - -i + - any + - -port + - '8897' + - -packet-capture + - 'libpcap' + - -servicemesh + - -tls + - -procfs + - /hostproc + image: 'docker.io/kubeshark/worker:latest' + imagePullPolicy: 'Always' + name: kubeshark-worker-daemon-set + ports: + - containerPort: 8897 + hostPort: 8897 + resources: + limits: + cpu: '750m' + memory: '1Gi' + requests: + cpu: '50m' + memory: '50Mi' + securityContext: + capabilities: + add: + - NET_RAW + - NET_ADMIN + - SYS_ADMIN + - SYS_PTRACE + - DAC_OVERRIDE + - SYS_RESOURCE + drop: + - ALL + volumeMounts: + - mountPath: /hostproc + name: proc + readOnly: true + - mountPath: /sys + name: sys + readOnly: true + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + serviceAccountName: kubeshark-service-account + terminationGracePeriodSeconds: 0 + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists + volumes: + - hostPath: + path: /proc + name: proc + - hostPath: + path: /sys + name: sys +--- +# Source: kubeshark/templates/04-hub-pod.yaml +apiVersion: v1 +kind: Pod +metadata: + creationTimestamp: null + labels: + app: kubeshark-hub + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark-hub + namespace: 'kubeshark' +spec: + containers: + - command: + - './hub' + env: + - name: POD_REGEX + value: '.*' + - name: NAMESPACES + value: '' + - name: LICENSE + value: '' + - name: SCRIPTING_ENV + value: '{}' + - name: SCRIPTING_SCRIPTS + value: '[]' + - name: AUTH_APPROVED_DOMAINS + value: '' + image: 'docker.io/kubeshark/hub:latest' + imagePullPolicy: 'Always' + name: kubeshark-hub + ports: + - containerPort: 80 + hostPort: 8898 + resources: + limits: + cpu: '750m' + memory: '1Gi' + requests: + cpu: '50m' + memory: '50Mi' + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: kubeshark-service-account + terminationGracePeriodSeconds: 0 + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists +status: {} +--- +# Source: kubeshark/templates/06-front-pod.yaml +apiVersion: v1 +kind: Pod +metadata: + creationTimestamp: null + labels: + app: kubeshark-front + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark-front + namespace: 'kubeshark' +spec: + containers: + - env: + - name: REACT_APP_DEFAULT_FILTER + value: ' ' + - name: REACT_APP_HUB_HOST + value: ' ' + - name: REACT_APP_HUB_PORT + value: '8898' + image: 'docker.io/kubeshark/front:latest' + imagePullPolicy: 'Always' + name: kubeshark-front + ports: + - containerPort: 80 + hostPort: 8899 + readinessProbe: + failureThreshold: 3 + periodSeconds: 1 + successThreshold: 1 + tcpSocket: + port: 80 + timeoutSeconds: 1 + resources: + limits: + cpu: 750m + memory: 1Gi + requests: + cpu: 50m + memory: 50Mi + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: kubeshark-service-account + terminationGracePeriodSeconds: 0 + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists +status: {}