diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 25b29bca87f4..8db2f529b96c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,18 +2,6 @@ To contribute to this project, follow the rules from the general [CONTRIBUTING.md](https://github.com/kyma-project/community/blob/main/CONTRIBUTING.md) document in the `community` repository. -## Documentation types - -These are the main types of documents used in the project: - -* `NOTES.txt`- This document type is an integral part of Helm charts. Its content displays in the terminal window after installing the chart. It is not mandatory to include `NOTES.txt` documents for sub-charts because the system ignores these documents. Provide `NOTES.txt` documents for the Core components. Use the [template](https://github.com/kyma-project/community/blob/main/templates/resources/NOTES.txt) to create `NOTES.txt` documents. - -* `README.md` - This document type contains information about other files in the directory. Each main directory in this repository, such as `cluster` or `resources`, requires a `README.md` document. Additionally, each chart and sub-chart needs such a document. Add a `README.md` document when you create a new directory or chart. Use the [template](https://github.com/kyma-project/community/blob/main/templates/resources/chart_README.md) to create `README.md` documents. - - > **NOTE:** `README.md` documents imported to Kyma with external charts don't have to follow the template. - - Do not change the names or the order of the main sections in the `README.md` documents. However, you can create subsections to adjust each `README.md` document to the project's or chart's specific requirements. See the example of a [README.md](resources/core/README.md) document. - ## Contribution rules Apart from the general rules described in the `community` repository, every `kyma` repository contributor must follow these basic rules: diff --git a/components/iam-kubeconfig-service/README.md b/components/iam-kubeconfig-service/README.md index a2bacb3e4335..f19654cbda16 100644 --- a/components/iam-kubeconfig-service/README.md +++ b/components/iam-kubeconfig-service/README.md @@ -1,5 +1,4 @@ -# IAM Kubeconfig Service - +# TO BE REMOVED ## Overview This project is a generator of configurations used in Kyma. @@ -11,10 +10,6 @@ The following tools are required to set up the project: - [Go](https://golang.org) - [Docker](https://www.docker.com/) -## Installation - -For installation use the dedicated [Helm chart](../../resources/iam-kubeconfig-service). - ## Usage ### Configuration diff --git a/components/permission-controller/README.md b/components/permission-controller/README.md index f1e39dca3251..1871e4002510 100644 --- a/components/permission-controller/README.md +++ b/components/permission-controller/README.md @@ -1,10 +1,7 @@ -# Permission Controller - +# TO BE REMOVED ## Overview The Permission Controller listens for new Namespaces and creates a RoleBinding for the users of the specified group to the **kyma-admin** role within these Namespaces. The Controller uses a blocking mechanism which defines the Namespaces in which the users of the defined group are not assigned the **kyma-admin** role. When the Controller is deployed in a cluster, it checks all existing Namespaces and assigns the roles accordingly. -Click [here](/resources/permission-controller) to access the Helm chart that defines the component's installation. - ## Prerequisites - working Kubernetes cluster @@ -35,4 +32,3 @@ Use the `run` formula to run the controller using local sources: make run EXCLUDED_NAMESPACES={EXCLUDED_NAMESPACES} SUBJECT_GROUPS={SUBJECT_GROUPS} STATIC_CONNECTOR={STATIC_CONNECTOR} ``` -See [this file](/resources/permission-controller/README.md#configuration) to learn how to use the environment variables. diff --git a/installation/cmd/run.sh b/installation/cmd/run.sh deleted file mode 100755 index ebacca94e219..000000000000 --- a/installation/cmd/run.sh +++ /dev/null @@ -1,75 +0,0 @@ -#!/usr/bin/env bash - -set -o errexit - -echo "The run.sh script is deprecated and will be removed. Use Kyma CLI instead." - -CURRENT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -SCRIPTS_DIR="${CURRENT_DIR}/../scripts" -DOMAIN="kyma.local" - -VM_DRIVER="virtualbox" -if [ `uname -s` = "Darwin" ]; then - VM_DRIVER="hyperkit" -fi - -source $SCRIPTS_DIR/utils.sh - -POSITIONAL=() -while [[ $# -gt 0 ]] -do - - key="$1" - - case ${key} in - --skip-minikube-start) - SKIP_MINIKUBE_START=true - shift # past argument - ;; - --cr) - checkInputParameterValue "$2" - CR_PATH="$2" - shift # past argument - shift # past value - ;; - --vm-driver) - checkInputParameterValue "$2" - VM_DRIVER="$2" - shift - shift - ;; - --password) - checkInputParameterValue "$2" - ADMIN_PASSWORD="${2}" - shift # past argument - shift # past value - ;; - --*) - echo "Unknown flag ${1}" - exit 1 - ;; - *) # unknown option - POSITIONAL+=("$1") # save it in an array for later - shift # past argument - ;; - esac -done -set -- "${POSITIONAL[@]}" # restore positional parameters - -if [[ ! ${SKIP_MINIKUBE_START} ]]; then - bash ${SCRIPTS_DIR}/minikube.sh --domain "${DOMAIN}" --vm-driver "${VM_DRIVER}" -fi - -bash ${SCRIPTS_DIR}/build-kyma-installer.sh --vm-driver "${VM_DRIVER}" - -if [ -z "$CR_PATH" ]; then - TMPDIR=`mktemp -d "${CURRENT_DIR}/../../temp-XXXXXXXXXX"` - CR_PATH="${TMPDIR}/installer-cr-local.yaml" - bash ${SCRIPTS_DIR}/create-cr.sh --output "${CR_PATH}" -fi - -bash ${SCRIPTS_DIR}/installer.sh --cr "${CR_PATH}" --password "${ADMIN_PASSWORD}" - -if [ -z "$CR_PATH" ]; then - rm -rf $TMPDIR -fi diff --git a/installation/resources/installer-config-local.yaml.tpl b/installation/resources/installer-config-local.yaml.tpl deleted file mode 100644 index c136cca2e659..000000000000 --- a/installation/resources/installer-config-local.yaml.tpl +++ /dev/null @@ -1,183 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: application-connector-certificate-overrides - namespace: kyma-installer - labels: - installer: overrides - kyma-project.io/installation: "" -type: Opaque -data: - global.applicationConnectorCa: "" - global.applicationConnectorCaKey: "" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: cluster-certificate-overrides - namespace: kyma-installer - labels: - installer: overrides - kyma-project.io/installation: "" -data: - global.tlsCrt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUU4RENDQXRpZ0F3SUJBZ0lKQUpBKzlrQzZZZnZlTUEwR0NTcUdTSWIzRFFFQkN3VUFNQmN4RlRBVEJnTlYKQkFNTURDb3VhM2x0WVM1c2IyTmhiREFlRncweE9EQTNNVGd3T0RNNE1UTmFGdzB5T0RBM01UVXdPRE00TVROYQpNQmN4RlRBVEJnTlZCQU1NRENvdWEzbHRZUzVzYjJOaGJEQ0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQCkFEQ0NBZ29DZ2dJQkFPZ05XbVROOU1ranlrUjdvQ0JGSFVqL01EcWh5bml3NEJITGo4ZTdDTFV5dFdwVHZXTkoKU1FiaFZDK3c5NkhHbU50MHZGUTR4OExUa3NNUmorcVZrdkcwKzBDTE1WQm14UjBVdnpZR09QRVRKREtsNTZkcQppMEM1Y2dnU3dkNjcveWxRZmQxc3FEVVBHM0pVZlNOSFFRWSs1SkUwaUpjZXhCQ3cvS200UXlUQXB0aEwzdEgxCm1ZRFBBQ0hUdVpsbGc2RVN4Z2RKY20rVmg5UkRvbWlON250ZjBZVG1xV1VIZXhZUkUrcTFGY0VhUHg5L2Q5QUwKZWd1WXZHTkduMVA4K1F3ZE5DKzVaMEVGa1EyS3RtalRBR09La2xJUG5NQkZubXhGSEtNZzNTa3RkYzYzSU5TNwpjSDM3dDNjb2l4N09HcDllcnRvSFZ5K2U5KzdiYnI3Z0lhWHNORVZUcjRGWXJIMlNPeHI1MjVRQUpHTys1dllQCkNYSlJJdXFNZWU3ZTg3aDRIU3JFVVdWTnhOdElBR1ZNYlRtV2F6aDJsSEFoazJjZVIzUkRaQzB3NGFOd3NRU1UKZE1yMmFCaUFobmFNSG40YnZIZnd1OHFRcjF5aVRUNG00SkltRkZTNDN2bGNETDZmVUJnNnF0U2p6QjF0WTFjTwp2Mnl1QXQzR1lKSENVMFd4R1ZEQk80T0ZncEc3aE5SRHoyRzVFMXQvRWU2VDUxdys2K295eXhib01pK09kVWdNCnBZOGlzcDdBTWhtdlZFOUdtNUhwQkpBRjYvcmE1WUNnNDh1SWtybkdZbm85eVNKcGhLU0JsMFRML01PNVFRaUoKb0hFNnV5ZkJXQjlZZ1NBdDl0MjJqU3FSWkpSdEtrbHB6bFJIRkROWTRwZlRraXlPSlFXYlM4RXJBZ01CQUFHagpQekE5TUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQQkFRREFnWGdNQ01HQTFVZEVRUWNNQnFDQ210NWJXRXViRzlqCllXeUNEQ291YTNsdFlTNXNiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUlYYTlwenlyQ2dzMTRTOHUKZVFZdkorNEFzUE9uT1RGcExkaVl5UkVyNXdyNmJuMXUvMjZxc2FKckpxbkkyRk16SmdEQVRwZEtjbXRHYjBUOQp3S2wrYUJHcFFKcThrUWJwakVGTHhaWDJzaUNrRG82WittaUcrRjRKMHpKa3BKK0JHMS92eGZKbk0zK1ptdXQ5Ck9RV2ZjYTN3UHlhTWRDbGIyZjQwYlRFaFo5Mk9kcWlQMzFMbDlHWExSZmhaNTNsUzF0QWdvUGZoR25NbFY4b2MKWmxuSUROK25wS0Nma2tXUDJZUjlRLy9pa01tM01YRm9RSFppaVJseVZHSGFKZWRLMmNOQzlUYk4xNDFTaWZHZQo3V2FsQVBNcWNOQ3F3YStnN2RFSmR3ZjlRMklJTml0SjlDUVprT1dUZElYY2VHK2lZWWUrQXpmK1NkaHBocVdPCllFcDF6ek40dXI5U2VxU3NSaU9WY0RzVUFSa1M0clgrb0Vzb2hHL1Q5OTcrSDhjR2gzczl6TE84emtwRXZKSmEKS05QT0N5ODhVeEFOV2RRejFLMXRKVVQ2c3hkd0FEcXRJQnNPemhYVjlybDRRNStlZExlcmZPcUtCbUFRMUY5Swo2L1l0ZlNyY0JpeXZEU24wdFJ3OHJLRFVQU1hFNDFldXArOURNeThLVGl6T0RPTXVMSnR2dkJrTEFpNGNYQjVBCjQxMjBEdHdZQXNyNzNZYVl2SW8rWjV2OGZ4TjF3M3IwYS9KOVhZQlg3S3p1OFl4MnNUNWtWM2dNTHFCTXBaa3gKY29FTjNSandDMmV4VHl6dGc1ak1ZN2U4VFJ4OFFTeUxkK0pBd2t1Tm01NlNkcHFHNTE3cktJYkVMNDZzbkd0UgpCYUVOK01GeXNqdDU3ejhKQXJDMzhBMFN5dTQ9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" - global.tlsKey: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRG9EVnBremZUSkk4cEUKZTZBZ1JSMUkvekE2b2NwNHNPQVJ5NC9IdXdpMU1yVnFVNzFqU1VrRzRWUXZzUGVoeHBqYmRMeFVPTWZDMDVMRApFWS9xbFpMeHRQdEFpekZRWnNVZEZMODJCamp4RXlReXBlZW5hb3RBdVhJSUVzSGV1LzhwVUgzZGJLZzFEeHR5ClZIMGpSMEVHUHVTUk5JaVhIc1FRc1B5cHVFTWt3S2JZUzk3UjlabUF6d0FoMDdtWlpZT2hFc1lIU1hKdmxZZlUKUTZKb2plNTdYOUdFNXFsbEIzc1dFUlBxdFJYQkdqOGZmM2ZRQzNvTG1MeGpScDlUL1BrTUhUUXZ1V2RCQlpFTgppclpvMHdCamlwSlNENXpBUlo1c1JSeWpJTjBwTFhYT3R5RFV1M0I5KzdkM0tJc2V6aHFmWHE3YUIxY3ZudmZ1CjIyNis0Q0dsN0RSRlU2K0JXS3g5a2pzYStkdVVBQ1JqdnViMkR3bHlVU0xxakhudTN2TzRlQjBxeEZGbFRjVGIKU0FCbFRHMDVsbXM0ZHBSd0laTm5Ia2QwUTJRdE1PR2pjTEVFbEhUSzltZ1lnSVoyakI1K0c3eDM4THZLa0s5YwpvazArSnVDU0poUlV1Tjc1WEF5K24xQVlPcXJVbzh3ZGJXTlhEcjlzcmdMZHhtQ1J3bE5Gc1JsUXdUdURoWUtSCnU0VFVRODlodVJOYmZ4SHVrK2RjUHV2cU1zc1c2REl2am5WSURLV1BJcktld0RJWnIxUlBScHVSNlFTUUJldjYKMnVXQW9PUExpSks1eG1KNlBja2lhWVNrZ1pkRXkvekR1VUVJaWFCeE9yc253VmdmV0lFZ0xmYmR0bzBxa1dTVQpiU3BKYWM1VVJ4UXpXT0tYMDVJc2ppVUZtMHZCS3dJREFRQUJBb0lDQUZDN3ZKUlB0M2QzVlRyb1MvaU9NemNmCldaYzhqT1hhbThwMUtRdlRQWjlWQ2hyNUVXNEdwRHFaa0tHYkR6eWdqTFBsZEZSVkFPTCtteFAwK3o0aFZlTjAKRk9vS3cxaDJ1T042UVdBNVgvdzNyYU5WWnpndThFM1BkeVhwNkx0bWFzcmo3elpuUkVwWmZESVZ4UWZPRllobgp2enZwckEvdnEwVW5YbkJwNUNwWVFIUUdTWHFBMlN3Z1dLcHNNQ2wzVVFsc0w2dC9XU29MT3h1VmdGNmg2clBQCnpXUlFuK1MvYW9wdDNLRU82WWVxYXdXNVltVG1hVXE1aytseU82S0w0OVhjSHpqdlowWU8rcjFjWWtRc0RQbVUKejMxdll4amQzOVZKWWtJNi85Y0Fzdmo5YTVXM3ROYVFDZStTRW56Z05oRDJieHo1NnRKdG0xTGwweXpqYTdEVgp0OW9aQVd6WURMOTVnMDFZWVlQMG51c3A4WWlNOXd0OUtLc2NkcUd3RFN5WHNrWFBrcWFLVjNVcHJYdmhFbFVaCkErMmtjcm9VaDNGbEV4bGpwUmtKVkhOZXJ3NHRLRi9oYTFWRjZPdE10eTVQcXV0N0dGQmIvamtWeUg5cnpueWUKTXQyTWVyTTVPazMwd1NuTThISUdTUXpxYlplekJEZlNaUzRzcWdZZnBIMlhtMEs0SjgrRUowQ2hhMXZVSmVNMAoyZ284d00vaHljdmtqTEgxSmM3OEhpaVBTQ01udkpHemUxc2tWdmtRRFhBSFdldzBTUHpUSTZHYjZCb0Y4aVNECm0wZjR2azNoV3NlUWZBaXVZSnlUeUZXNmRhOGE1K2lpSDN4cVRsUUN1MDN1Nmo0U0l4aThJZlNmd0YwQTBldVAKNGtzalZTZVZyT3ExUnlvNUtpR3hBb0lCQVFEOWZtYnl6aW9QdVhRYzl0QXBxMUpSMzErQzlCdFFzcDg5WkZkSQpQaU5xaTJ3NVlVcTA0OFM2Z3VBb3JGOHNObUI3QjhWa1JlclowQ3hub2NHY0tleWdTYWsvME5qVElndk5weGJwCnBGbkFnRjlmbW1oTEl2SlF2REo2Q0ZidDRCQlZIdkJEWlYyQnZqK0k3NUxkK01jN2RPVDdFek1FRjBXcUdzY2MKTUpyNjRXQi9UMkF5dWR1YXlRT2NobmJFQ25FUmdRcHFlbG54MVBraytqbGNvYUs5QjFYUStVOUgzOHppM0FYNApENUxMY0Nhem9YYWlvS0swckNlNE5Ga2hOVXd0TFV0QXhSTXk2aksyZUZudWczUFRlY3N1WktNMElITktqZ0dCCnpGanZVb2tMcFVFb3BJa3FHM09yc0xmanpHZW9jaVFPUXNEdzlUb3lXL0FSOFhmWkFvSUJBUURxV0s2TThVN3EKUXJPeTYzNnpEZlBaZ2ljeXlsUWVoOFdMclBlbW5NeWdQYzR4eWoybnMrTmVRSnNEUmtPT2tWY250SEFYaTcwWgoyT0NCV3dwZHJuTXlSc3RIMU05bjdFNU5TVHZlZDlkU3YxUzRBb3NzS1hDSmgyUHBjYjV0OE9nL3ZGTlNYUlUyClk2aUorWTdOcDBZNDNxSlJOVnlRemd3YmFzaEpiUVdkVFFoVEVhdEVRS2JsUlZSblhlQWRjOXlhNUpHbkRpaTkKbFQrRWEzdFpvN1dha05oeHJkYjVuTkZ3a0xoNEs3ZkFtT3ZzMVBMQWx0SUZqeURCeDEvY1ZHblpDUDBVQmJqZgpkU2FueXBBdVRuMzd1VUwrcXpPVDlYWEZENllGT0x0NWV4d3RxdnUwSzZCNjcvajFFTlJDRk45RnMzWlV5RFFXClZUaDcybFhWU3NLakFvSUJBUUR6ZE5pdXpTNDhWK0thaHJpNXJGNnRYeGkrRG0vRmV5ZlFzSFBiWUVKbmEyd1AKVjgrR0YxS3p4a28vQmYySjJ0ZWlrWDRVcGNtK1UxNnlVUG8vWDB4eFRRMk55cWpUYmRsa005dWZuVWJOeVB6UQpOdDEvZkJxNVMyWTNLWmREY25SOUsrK1k2dHQ1Wmh4akNhUkdKMDVCWGkwa3JmWExNZ2FvTG51WUtWNVBJUEdxCms3TlNSSW9UQ0llOVpxN2Q3U0ZXckZZeW1UdVZOUFByZlo1bHhwOGphTTRVbTd4MnpReGJ2UERHb3o1YXdHV0wKRThGNncwaEF1UzZValVJazBLbE9vamVxQnh3L1JBcGNrUTNlTXNXbEQwNENTb2tyNFJhWlBmVllrY2ZBWWNaWgpOdWR6ZjBKMC9GU0ZTbjN4L0RoNTROV2NGS1IxUnpBVGVaVUJ4cVZSQW9JQkFRRFlDNmZvVWpOQnJ2ckNFVzkrCkhYZlk1Ni9CbUZ4U3hUTHU0U2h6VncwakViZTltVWljQ2pDc1hQMUwySVJCdEdaWU9YWTVqdDlvSzlSV0RSdVMKWUZqZFdmemduU1lWRmZyZUw0emRQVGlxbGEvQjhMNWptVlNoeGNycmxheE02Uk1FWjFlZGtDa1ZPbTFQdmwzVAo1TW5OZGhySXFWeE1OMWxjRVdiU29vclJpUW9Lb3poMHRQSG9YckZBbG9BZVJ3bHpWeE9jb21ZVzJiaDBHUzdmCjVoaHZoZWUxYmVISnY3UXFoWkU3WUhxSU9iTVBaUWJqWEdnRkxmMnlDRitzM2Jtem1DRFJTN0V6ZVdxSXVDdVMKTlZUYU0rSzZyQlRoN0NLRjZUWlNqQW55SmZoRmRlT1ZKNzlNZDEzYWVJaG0zNTB6UWc3dWZKL2drdkorNUR2TApacC9uQW9JQkFBVlg4WHpFTzdMVk1sbENKZFVUdURTdXNPcDNrQVlFZ2dZNFFRM3FNTlcxRnl5WEM3WjBGOWJFCmtTSEhkalJtU2RUbFZueGN2UW1KTS9WL2tJanpNUHhFT3NCS1BVVkR3N3BhOHdiejlGcTRPOCtJb3lqN1ZXclcKMmExL1FNWXlzSGlpTlBzNy8vWUtvMy9rdkhCWUY2SnNkenkyQkVSTkQ0aTlVOWhDN0RqcGxKR3BSNktMTVBsegpNWFJ3VjVTM2V3cnBXZVcxQW5ONC9EKy9zUGlNQTNnS0swSlBFdGVBV1dndEZHTnNBSkJnaFBoUExxQi9CcDUvCkhOeC96M0w0MWtqRnpqOHNWaHMrVDRZYlhiaGF2R2xxc2h5ZldQbnRhV1VOMG15MjU1RFdQUDhWa24yeFNlV2kKVm1hVW5TSDBTZ2tlUENMRnlra25yQzgxU2pXZkRBMD0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: installation-config-overrides - namespace: kyma-installer - labels: - installer: overrides - kyma-project.io/installation: "" -data: - global.isLocalEnv: "true" - global.domainName: "kyma.local" - global.adminPassword: "" - global.minikubeIP: "" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: helm-broker-overrides - namespace: kyma-installer - labels: - installer: overrides - component: helm-broker - kyma-project.io/installation: "" -data: - global.isDevelopMode: "true" # global, because subcharts also use it ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: dex-overrides - namespace: kyma-installer - labels: - installer: overrides - component: dex - kyma-project.io/installation: "" -data: - telemetry.enabled: "false" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: application-connector-tests - namespace: kyma-installer - labels: - installer: overrides - component: application-connector - kyma-project.io/installation: "" -data: - application-operator.tests.enabled: "false" - application-registry.tests.enabled: "false" - connector-service.tests.enabled: "false" - tests.application_connector_tests.enabled: "false" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: compass-runtime-agent-tests - namespace: kyma-installer - labels: - installer: overrides - component: compass-runtime-agent - kyma-project.io/installation: "" -data: - compassRuntimeAgent.tests.enabled: "false" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: ory-overrides - namespace: kyma-installer - labels: - installer: overrides - component: ory - kyma-project.io/installation: "" -data: - global.ory.hydra.persistence.enabled: "false" - global.ory.hydra.persistence.postgresql.enabled: "false" - hydra.hydra.autoMigrate: "false" - hydra.deployment.resources.requests.cpu: "50m" - hydra.deployment.resources.limits.cpu: "150m" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: tracing-global-overrides - namespace: kyma-installer - labels: - installer: overrides - kyma-project.io/installation: "" -data: - global.tracing.enabled: "false" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: tracing-overrides - namespace: kyma-installer - labels: - installer: overrides - component: tracing - kyma-project.io/installation: "" -data: - jaeger.spec.strategy: "allInOne" - jaeger.spec.storage.type: "memory" - jaeger.spec.storage.options.memory.max-traces: "10000" - jaeger.spec.resources.limits.memory: "150Mi" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: monitoring-overrides - namespace: kyma-installer - labels: - installer: overrides - component: monitoring - kyma-project.io/installation: "" -data: - alertmanager.alertmanagerSpec.resources.limits.cpu: "50m" - alertmanager.alertmanagerSpec.resources.limits.memory: "100Mi" - alertmanager.alertmanagerSpec.resources.requests.cpu: "20m" - alertmanager.alertmanagerSpec.resources.requests.memory: "50Mi" - alertmanager.alertmanagerSpec.retention: "1h" - prometheus.prometheusSpec.resources.limits.cpu: "150m" - prometheus.prometheusSpec.resources.limits.memory: "800Mi" - prometheus.prometheusSpec.resources.requests.cpu: "100m" - prometheus.prometheusSpec.resources.requests.memory: "200Mi" - prometheus.prometheusSpec.retention: "2h" - prometheus.prometheusSpec.retentionSize: "256MB" - prometheus.prometheusSpec.storageSpec.volumeClaimTemplate.spec.resources.requests.storage: "1Gi" - grafana.persistence.enabled: "false" - prometheus-istio.server.resources.limits.memory: "400Mi" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: serverless-overrides - namespace: kyma-installer - labels: - installer: overrides - component: serverless - kyma-project.io/installation: "" -data: - webhook.values.buildJob.resources.defaultPreset: "local-dev" - # TODO: Solve a problem with DNS - tests.enabled: "false" - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: console-overrides - namespace: kyma-installer - labels: - installer: overrides - component: console - kyma-project.io/installation: "" -data: - web.test.acceptance.enabled: "false" diff --git a/installation/resources/installer-cr-cluster-runtime.yaml.tpl b/installation/resources/installer-cr-cluster-runtime.yaml.tpl deleted file mode 100644 index 13f862214070..000000000000 --- a/installation/resources/installer-cr-cluster-runtime.yaml.tpl +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: "installer.kyma-project.io/v1alpha1" -kind: Installation -metadata: - name: kyma-installation - namespace: default - labels: - action: install - kyma-project.io/installation: "" -spec: - version: "__VERSION__" - url: "__URL__" - profile: "" - components: - - name: "cluster-essentials" - namespace: "kyma-system" - - name: "testing" - namespace: "kyma-system" - - name: "istio" - namespace: "istio-system" - - name: "xip-patch" - namespace: "kyma-installer" - - name: "dex" - namespace: "kyma-system" - - name: "ory" - namespace: "kyma-system" - - name: "api-gateway" - namespace: "kyma-system" - - name: "rafter" - namespace: "kyma-system" - - name: "service-catalog" - namespace: "kyma-system" - - name: "service-catalog-addons" - namespace: "kyma-system" - - name: "helm-broker" - namespace: "kyma-system" - - name: "eventing" - namespace: kyma-system - - name: "core" - namespace: "kyma-system" - - name: "cluster-users" - namespace: "kyma-system" - - name: "logging" - namespace: "kyma-system" - - name: "permission-controller" - namespace: "kyma-system" - - name: "apiserver-proxy" - namespace: "kyma-system" - - name: "iam-kubeconfig-service" - namespace: "kyma-system" - - name: "serverless" - namespace: "kyma-system" - - name: "application-connector" - namespace: "kyma-integration" - - name: "tracing" - namespace: "kyma-system" - - name: "monitoring" - namespace: "kyma-system" - - name: "kiali" - namespace: "kyma-system" - - name: "console" - namespace: "kyma-system" - - name: "compass-runtime-agent" - namespace: "compass-system" diff --git a/installation/resources/installer-cr-cluster.yaml.tpl b/installation/resources/installer-cr-cluster.yaml.tpl deleted file mode 100644 index 5be3cf419113..000000000000 --- a/installation/resources/installer-cr-cluster.yaml.tpl +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: "installer.kyma-project.io/v1alpha1" -kind: Installation -metadata: - name: kyma-installation - namespace: default - labels: - action: install - kyma-project.io/installation: "" -spec: - version: "__VERSION__" - url: "__URL__" - profile: "" - components: - - name: "cluster-essentials" - namespace: "kyma-system" - - name: "testing" - namespace: "kyma-system" - - name: "istio" - namespace: "istio-system" - - name: "xip-patch" - namespace: "kyma-installer" - - name: "dex" - namespace: "kyma-system" - - name: "ory" - namespace: "kyma-system" - - name: "api-gateway" - namespace: "kyma-system" - - name: "rafter" - namespace: "kyma-system" - - name: "service-catalog" - namespace: "kyma-system" - - name: "service-catalog-addons" - namespace: "kyma-system" - - name: "helm-broker" - namespace: "kyma-system" - - name: "eventing" - namespace: kyma-system - - name: "core" - namespace: "kyma-system" - - name: "cluster-users" - namespace: "kyma-system" - - name: "logging" - namespace: "kyma-system" - - name: "permission-controller" - namespace: "kyma-system" - - name: "apiserver-proxy" - namespace: "kyma-system" - - name: "iam-kubeconfig-service" - namespace: "kyma-system" - - name: "serverless" - namespace: "kyma-system" - - name: "application-connector" - namespace: "kyma-integration" - - name: "tracing" - namespace: "kyma-system" - - name: "monitoring" - namespace: "kyma-system" - - name: "kiali" - namespace: "kyma-system" - - name: "console" - namespace: "kyma-system" - - #- name: "compass-runtime-agent" - # namespace: "compass-system" diff --git a/installation/resources/installer-cr-with-compass-runtime-agent.yaml.tpl b/installation/resources/installer-cr-with-compass-runtime-agent.yaml.tpl deleted file mode 100644 index 11918ef346ea..000000000000 --- a/installation/resources/installer-cr-with-compass-runtime-agent.yaml.tpl +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: "installer.kyma-project.io/v1alpha1" -kind: Installation -metadata: - name: kyma-installation - namespace: default - labels: - action: install - kyma-project.io/installation: "" -spec: - version: "__VERSION__" - url: "__URL__" - profile: "" - components: - - name: "cluster-essentials" - namespace: "kyma-system" - - name: "testing" - namespace: "kyma-system" - - name: "istio" - namespace: "istio-system" - - name: "xip-patch" - namespace: "kyma-installer" - - name: "dex" - namespace: "kyma-system" - - name: "ory" - namespace: "kyma-system" - - name: "api-gateway" - namespace: "kyma-system" - - name: "rafter" - namespace: "kyma-system" - - name: "service-catalog" - namespace: "kyma-system" - - name: "service-catalog-addons" - namespace: "kyma-system" - - name: "helm-broker" - namespace: "kyma-system" - - name: "core" - namespace: "kyma-system" - - name: "cluster-users" - namespace: "kyma-system" - - name: "logging" - namespace: "kyma-system" - - name: "permission-controller" - namespace: "kyma-system" - - name: "apiserver-proxy" - namespace: "kyma-system" - - name: "iam-kubeconfig-service" - namespace: "kyma-system" - - name: "serverless" - namespace: "kyma-system" - - name: "application-connector" - namespace: "kyma-integration" - - name: "tracing" - namespace: "kyma-system" - - name: "monitoring" - namespace: "kyma-system" - - name: "kiali" - namespace: "kyma-system" - - name: "compass-runtime-agent" - namespace: "compass-system" diff --git a/installation/resources/installer-cr.yaml.tpl b/installation/resources/installer-cr.yaml.tpl deleted file mode 100644 index 52673d315c3b..000000000000 --- a/installation/resources/installer-cr.yaml.tpl +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: "installer.kyma-project.io/v1alpha1" -kind: Installation -metadata: - name: kyma-installation - namespace: default - labels: - action: install - kyma-project.io/installation: "" -spec: - version: "__VERSION__" - url: "__URL__" - profile: "" - components: - - name: "cluster-essentials" - namespace: "kyma-system" - - name: "testing" - namespace: "kyma-system" - - name: "istio" - namespace: "istio-system" - - name: "xip-patch" - namespace: "kyma-installer" - - name: "dex" - namespace: "kyma-system" - - name: "ory" - namespace: "kyma-system" - - name: "api-gateway" - namespace: "kyma-system" - - name: "rafter" - namespace: "kyma-system" - - name: "service-catalog" - namespace: "kyma-system" - - name: "service-catalog-addons" - namespace: "kyma-system" - - name: "helm-broker" - namespace: "kyma-system" - - name: "eventing" - namespace: kyma-system - - name: "core" - namespace: "kyma-system" - - name: "cluster-users" - namespace: "kyma-system" - #- name: "logging" - # namespace: "kyma-system" - - name: "permission-controller" - namespace: "kyma-system" - - name: "apiserver-proxy" - namespace: "kyma-system" - - name: "iam-kubeconfig-service" - namespace: "kyma-system" - - name: "serverless" - namespace: "kyma-system" - - name: "application-connector" - namespace: "kyma-integration" - #- name: "tracing" - # namespace: "kyma-system" - #- name: "monitoring" - # namespace: "kyma-system" - #- name: "kiali" - # namespace: "kyma-system" - - name: "console" - namespace: "kyma-system" - #- name: "compass-runtime-agent" - # namespace: "compass-system" diff --git a/installation/resources/installer-local.yaml b/installation/resources/installer-local.yaml deleted file mode 100644 index d1d98dbb385a..000000000000 --- a/installation/resources/installer-local.yaml +++ /dev/null @@ -1,171 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: kyma-installer - labels: - istio-injection: disabled - kyma-project.io/installation: "" ---- -apiVersion: v1 -kind: LimitRange -metadata: - name: kyma-default - namespace: kyma-installer - labels: - kyma-project.io/installation: "" -spec: - limits: - - max: - memory: 1024Mi # Maximum memory that a container can request - default: - # If a container does not specify memory limit, this default value will be applied. - # If a container tries to allocate more memory, container will be OOM killed. - memory: 256Mi - defaultRequest: - # If a container does not specify memory request, this default value will be applied. - # The scheduler considers this value when scheduling a container to a node. - # If a node has not enough memory, such pod will not be created. - memory: 32Mi - type: Container ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: installations.installer.kyma-project.io - labels: - kyma-project.io/installation: "" -spec: - group: installer.kyma-project.io - version: v1alpha1 - scope: Namespaced - names: - kind: Installation - singular: installation - plural: installations - shortNames: ['installation'] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: releases.release.kyma-project.io - labels: - kyma-project.io/installation: "" -spec: - group: release.kyma-project.io - version: v1alpha1 - scope: Namespaced - names: - kind: Release - singular: release - plural: releases - shortNames: ['release'] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kyma-installer - namespace: kyma-installer - labels: - kyma-project.io/installation: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kyma-installer - namespace: kyma-installer - labels: - name: kyma-installer - kyma-project.io/installation: "" -spec: - selector: - matchLabels: - name: kyma-installer - # Installer is designed to be run as a single instance only - # We enforce it by changing default rolling update to recreate startegy. - # With that k8s will first delete old pod and then provision new one during upgrade. - strategy: - type: Recreate - template: - metadata: - labels: - name: kyma-installer - spec: - serviceAccountName: kyma-installer - containers: - - name: kyma-installer-container - image: eu.gcr.io/kyma-project/develop/kyma-installer:63f27f76 - imagePullPolicy: IfNotPresent - args: - - -overrideLogFile=/app/overrides.txt - securityContext: - allowPrivilegeEscalation: false - privileged: false - runAsGroup: 65534 - runAsUser: 65534 ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: 000-kyma-installer - labels: - release: kyma-installer - kyma-project.io/installation: "kyma-installer" - kyma-project.io/installation: "" -spec: - allowPrivilegeEscalation: false - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - seLinux: - rule: 'RunAsAny' - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - runAsUser: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - hostPorts: - - max: 65535 - min: 1024 - requiredDropCapabilities: - - ALL - volumes: - - "*" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: kyma-installer-reader - labels: - kyma-project.io/installation: "" -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["extensions","policy"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: ["000-kyma-installer"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: kyma-installer - labels: - kyma-project.io/installation: "" -subjects: -- kind: ServiceAccount - name: kyma-installer - namespace: kyma-installer -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kyma-installer-reader diff --git a/installation/resources/installer.yaml b/installation/resources/installer.yaml deleted file mode 100644 index 99fae9f52629..000000000000 --- a/installation/resources/installer.yaml +++ /dev/null @@ -1,184 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: kyma-installer - labels: - istio-injection: disabled - kyma-project.io/installation: "" ---- -apiVersion: v1 -kind: LimitRange -metadata: - name: kyma-default - namespace: kyma-installer - labels: - kyma-project.io/installation: "" -spec: - limits: - - max: - memory: 2048Mi # Maximum memory that a container can request - default: - # If a container does not specify memory limit, this default value will be applied. - # If a container tries to allocate more memory, container will be OOM killed. - memory: 256Mi - defaultRequest: - # If a container does not specify memory request, this default value will be applied. - # The scheduler considers this value when scheduling a container to a node. - # If a node has not enough memory, such pod will not be created. - memory: 32Mi - type: Container ---- -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: kyma-installer -value: 2000050 -globalDefault: false -description: "Default scheduling priority of Kyma installer. Must not be blocked by unschedulable user or Kyma workloads." ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: installations.installer.kyma-project.io - labels: - kyma-project.io/installation: "" -spec: - group: installer.kyma-project.io - version: v1alpha1 - scope: Namespaced - names: - kind: Installation - singular: installation - plural: installations - shortNames: ['installation'] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: releases.release.kyma-project.io - labels: - kyma-project.io/installation: "" -spec: - group: release.kyma-project.io - version: v1alpha1 - scope: Namespaced - names: - kind: Release - singular: release - plural: releases - shortNames: ['release'] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kyma-installer - namespace: kyma-installer - labels: - kyma-project.io/installation: "" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kyma-installer - namespace: kyma-installer - labels: - kyma-project.io/installation: "" -spec: - selector: - matchLabels: - name: kyma-installer - # Installer is designed to be run as a single instance only - # We enforce it by changing default rolling update to recreate startegy. - # With that k8s will first delete old pod and then provision new one during upgrade. - strategy: - type: Recreate - template: - metadata: - labels: - name: kyma-installer - spec: - serviceAccountName: kyma-installer - priorityClassName: kyma-installer - containers: - - name: kyma-installer-container - image: eu.gcr.io/kyma-project/develop/installer:408cb6a6 - imagePullPolicy: IfNotPresent - args: - - -overrideLogFile=/app/overrides.txt - - -helmDebugMode=true - resources: - requests: - memory: 512Mi - limits: - memory: 2Gi - securityContext: - allowPrivilegeEscalation: false - privileged: false - runAsGroup: 65534 - runAsUser: 65534 ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: 000-kyma-installer - labels: - release: kyma-installer - kyma-project.io/installation: "" -spec: - allowPrivilegeEscalation: false - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - seLinux: - rule: 'RunAsAny' - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - runAsUser: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - hostPorts: - - max: 65535 - min: 1024 - requiredDropCapabilities: - - ALL - volumes: - - "*" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: kyma-installer-reader - labels: - kyma-project.io/installation: "" -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["extensions","policy"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: ["000-kyma-installer"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: kyma-installer - labels: - kyma-project.io/installation: "" -subjects: -- kind: ServiceAccount - name: kyma-installer - namespace: kyma-installer -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kyma-installer-reader diff --git a/installation/scripts/concat-yamls.sh b/installation/scripts/concat-yamls.sh deleted file mode 100755 index 79bdc7177158..000000000000 --- a/installation/scripts/concat-yamls.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env bash - -set -o errexit - -for file in "$@" -do - - TMP="" - - if [[ ! -f "${file}" ]]; then - echo "File ${file} not found" - exit 1 - fi - - TMP=$(cat "${file}" | sed '/^\s*$/d') - - FIRST_LINE=$(head -n1 <<< "${TMP}") - if [[ "$FIRST_LINE" == "---" ]]; then - TMP=$(sed '1d' <<< "${TMP}") - fi - - echo "${TMP}" - - LAST_LINE=$(tail -n1 <<< "${TMP}") - if [[ "$LAST_LINE" != "---" ]]; then - echo '---' - fi - -done \ No newline at end of file diff --git a/installation/scripts/create-cr.sh b/installation/scripts/create-cr.sh deleted file mode 100755 index c7d4696e1e49..000000000000 --- a/installation/scripts/create-cr.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash - -set -o errexit - -POSITIONAL=() -while [[ $# -gt 0 ]] -do - key="$1" - - case ${key} in - --url) - URL="$2" - shift # past argument - shift # past value - ;; - --output) - OUTPUT="$2" - shift - shift - ;; - --version) - VERSION="$2" - shift - shift - ;; - --crtpl_path) - CRTPL_PATH="$2" - shift - shift - ;; - *) # unknown option - POSITIONAL+=("$1") # save it in an array for later - shift # past argument - ;; - esac -done -set -- "${POSITIONAL[@]}" # restore positional parameters - -CURRENT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -CRTPL_PATH=${CRTPL_PATH:-"$CURRENT_DIR/../resources/installer-cr.yaml.tpl"} - -cp $CRTPL_PATH $OUTPUT - -case `uname -s` in - Darwin) - sed -i "" "s/__VERSION__/${VERSION}/" "$OUTPUT" - sed -i "" "s;__URL__;${URL};" "$OUTPUT" - ;; - *) - sed -i "s/__VERSION__/${VERSION}/g" "$OUTPUT" - sed -i "s;__URL__;${URL};g" "$OUTPUT" - ;; -esac diff --git a/installation/scripts/installer.sh b/installation/scripts/installer.sh deleted file mode 100755 index 04cf9c2ac23b..000000000000 --- a/installation/scripts/installer.sh +++ /dev/null @@ -1,88 +0,0 @@ -#!/usr/bin/env bash - -set -o errexit - -echo "The installer.sh script is deprecated and will be removed. Use Kyma CLI instead." - -CURRENT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -RESOURCES_DIR="${CURRENT_DIR}/../resources" -INSTALLER="${RESOURCES_DIR}/installer-local.yaml" -INSTALLER_CONFIG="${RESOURCES_DIR}/installer-config-local.yaml.tpl" -AZURE_BROKER_CONFIG="" -HELM_VERSION=$(helm version --short -c | cut -d '.' -f 1) - -source $CURRENT_DIR/utils.sh - -POSITIONAL=() -while [[ $# -gt 0 ]] -do - - key="$1" - - case ${key} in - --cr) - checkInputParameterValue "$2" - CR_PATH="$2" - shift # past argument - shift # past value - ;; - --password) - ADMIN_PASSWORD="$2" - shift - shift - ;; - --*) - echo "Unknown flag ${1}" - exit 1 - ;; - *) # unknown option - POSITIONAL+=("$1") # save it in an array for later - shift # past argument - ;; - esac -done -set -- "${POSITIONAL[@]}" # restore positional parameters - -echo " -################################################################################ -# Kyma Installer setup -################################################################################ -" - -bash ${CURRENT_DIR}/is-ready.sh kube-system k8s-app kube-dns - -if [ $CR_PATH ]; then - - case $CR_PATH in - /*) ;; - *) CR_PATH="$(pwd)/$CR_PATH";; - esac - - if [ ! -f $CR_PATH ]; then - echo "CR file not found in path $CR_PATH" - exit 1 - fi - -fi - -echo -e "\nCreating installation combo yaml" -COMBO_YAML=$(bash ${CURRENT_DIR}/concat-yamls.sh ${INSTALLER} ${INSTALLER_CONFIG} ${AZURE_BROKER_CONFIG}) - -rm -rf ${AZURE_BROKER_CONFIG} - -if [ ${ADMIN_PASSWORD} ]; then - ADMIN_PASSWORD=$(echo ${ADMIN_PASSWORD} | tr -d '\n' | base64) - COMBO_YAML=$(sed 's/global\.adminPassword: .*/global.adminPassword: '"${ADMIN_PASSWORD}"'/g' <<<"$COMBO_YAML") -fi - -MINIKUBE_IP=$(minikube ip) -COMBO_YAML=$(sed 's/\.minikubeIP: .*/\.minikubeIP: '"${MINIKUBE_IP}"'/g' <<<"$COMBO_YAML") - -echo -e "\nConfiguring sub-components" -bash ${CURRENT_DIR}/configure-components.sh - -echo -e "\nStarting installation!" -kubectl apply -f - <<< "$COMBO_YAML" -sleep 15 -kubectl apply -f ${CR_PATH} - diff --git a/installation/scripts/release-generate-kyma-installer-artifacts.sh b/installation/scripts/release-generate-kyma-installer-artifacts.sh deleted file mode 100755 index 7b058918a77f..000000000000 --- a/installation/scripts/release-generate-kyma-installer-artifacts.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/usr/bin/env bash - -### -# Following script generates kyma-installer artifacts for a release. -# -# INPUTS: -# - KYMA_INSTALLER_PUSH_DIR - (optional) directory where kyma-installer docker image is pushed, if specified should ends with a slash (/) -# - KYMA_INSTALLER_VERSION - version (image tag) of kyma-installer -# - ARTIFACTS_DIR - path to directory where artifacts will be stored -# -### - -set -o errexit - -CURRENT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -RESOURCES_DIR="${CURRENT_DIR}/../resources" -INSTALLER_YAML_PATH="${RESOURCES_DIR}/installer.yaml" -COMPONENTS_YAML_PATH="${RESOURCES_DIR}/components.yaml" -INSTALLER_LOCAL_CONFIG_PATH="${RESOURCES_DIR}/installer-config-local.yaml.tpl" -INSTALLER_LOCAL_CR_PATH="${RESOURCES_DIR}/installer-cr.yaml.tpl" -INSTALLER_CLUSTER_CR_PATH="${RESOURCES_DIR}/installer-cr-cluster.yaml.tpl" -INSTALLER_RUNTIME_CLUSTER_CR_PATH="${RESOURCES_DIR}/installer-cr-cluster-runtime.yaml.tpl" - -function generateLocalArtifact() { - TMP_LOCAL_CR=$(mktemp) - - ${CURRENT_DIR}/create-cr.sh --url "" --output "${TMP_LOCAL_CR}" --version 0.0.1 --crtpl_path "${INSTALLER_LOCAL_CR_PATH}" - - ${CURRENT_DIR}/concat-yamls.sh ${INSTALLER_YAML_PATH} ${TMP_LOCAL_CR} \ - | sed -E ";s;image: eu.gcr.io\/kyma-project\/develop\/installer:.+;image: eu.gcr.io/kyma-project/${KYMA_INSTALLER_PUSH_DIR}kyma-installer:${KYMA_INSTALLER_VERSION};" \ - > ${ARTIFACTS_DIR}/kyma-installer-local.yaml - - cp ${INSTALLER_LOCAL_CONFIG_PATH} ${ARTIFACTS_DIR}/kyma-config-local.yaml - cp ${INSTALLER_LOCAL_CR_PATH} ${ARTIFACTS_DIR}/kyma-installer-cr-local.yaml - cp ${INSTALLER_YAML_PATH} ${ARTIFACTS_DIR}/kyma-installer.yaml - cp ${COMPONENTS_YAML_PATH} ${ARTIFACTS_DIR}/kyma-components.yaml - - rm -rf ${TMP_LOCAL_CR} -} - -function generateClusterArtifact() { - TMP_CLUSTER_CR=$(mktemp) - - ${CURRENT_DIR}/create-cr.sh --url "" --output "${TMP_CLUSTER_CR}" --version 0.0.1 --crtpl_path "${INSTALLER_CLUSTER_CR_PATH}" - - ${CURRENT_DIR}/concat-yamls.sh ${INSTALLER_YAML_PATH} ${TMP_CLUSTER_CR} \ - | sed -E ";s;image: eu.gcr.io\/kyma-project\/develop\/installer:.+;image: eu.gcr.io/kyma-project/${KYMA_INSTALLER_PUSH_DIR}kyma-installer:${KYMA_INSTALLER_VERSION};" \ - > ${ARTIFACTS_DIR}/kyma-installer-cluster.yaml - - cp ${INSTALLER_CLUSTER_CR_PATH} ${ARTIFACTS_DIR}/kyma-installer-cr-cluster.yaml - - rm -rf ${TMP_CLUSTER_CR} -} - -function generateRuntimeClusterArtifact() { - TMP_RUNTIME_CLUSTER_CR=$(mktemp) - - ${CURRENT_DIR}/create-cr.sh --url "" --output "${TMP_RUNTIME_CLUSTER_CR}" --version 0.0.1 --crtpl_path "${INSTALLER_RUNTIME_CLUSTER_CR_PATH}" - - ${CURRENT_DIR}/concat-yamls.sh ${INSTALLER_YAML_PATH} ${TMP_RUNTIME_CLUSTER_CR} \ - | sed -E ";s;image: eu.gcr.io\/kyma-project\/develop\/installer:.+;image: eu.gcr.io/kyma-project/${KYMA_INSTALLER_PUSH_DIR}kyma-installer:${KYMA_INSTALLER_VERSION};" \ - > ${ARTIFACTS_DIR}/kyma-installer-cluster-runtime.yaml - - - cp ${INSTALLER_RUNTIME_CLUSTER_CR_PATH} ${ARTIFACTS_DIR}/kyma-installer-cr-cluster-runtime.yaml - - - rm -rf ${TMP_RUNTIME_CLUSTER_CR} -} - -generateLocalArtifact -generateClusterArtifact -generateRuntimeClusterArtifact diff --git a/resources/api-gateway/templates/tests/test.yaml b/resources/api-gateway/templates/tests/test.yaml index c3e9749c2349..4563bfe93cb1 100644 --- a/resources/api-gateway/templates/tests/test.yaml +++ b/resources/api-gateway/templates/tests/test.yaml @@ -20,13 +20,6 @@ spec: app: {{ .Chart.Name }}-tests spec: serviceAccountName: {{ .Chart.Name }}-tests - {{- if .Values.global.isLocalEnv }} - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "oauth2.{{ .Values.global.domainName }}" - - "dex.{{ .Values.global.domainName }}" - {{- end }} containers: - name: tests image: {{ .Values.tests.image.registry }}/api-gateway-integration-tests:{{ .Values.tests.image.version }} @@ -67,10 +60,6 @@ spec: value: {{ .Values.tests.env.gatewayName }} - name: TEST_GATEWAY_NAMESPACE value: {{ .Values.tests.env.gatewayNamespace }} - {{- if .Values.global.isLocalEnv }} - - name: TEST_MINIKUBE_ENV - value: "true" - {{- end }} securityContext: {{- toYaml .Values.tests.securityContext | nindent 12 }} restartPolicy: Never diff --git a/resources/apiserver-proxy/Chart.yaml b/resources/apiserver-proxy/Chart.yaml deleted file mode 100644 index d6578b5ead2e..000000000000 --- a/resources/apiserver-proxy/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: Kyma component 'apiserver-proxy' -name: apiserver-proxy -version: 1.0.0 -home: https://kyma-project.io -icon: https://github.com/kyma-project/kyma/blob/main/logo.png?raw=true diff --git a/resources/apiserver-proxy/OWNERS b/resources/apiserver-proxy/OWNERS deleted file mode 100644 index 8cc5c54efd68..000000000000 --- a/resources/apiserver-proxy/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -approvers: - - Tomasz-Smelcerz-SAP - - strekm - - piotrmsc - - kubadz - - Demonsthere - -labels: -- area/service-mesh -- area/security diff --git a/resources/apiserver-proxy/README.md b/resources/apiserver-proxy/README.md deleted file mode 100644 index 569c166cc738..000000000000 --- a/resources/apiserver-proxy/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# API Server Proxy - -## Overview - -This API Server Proxy is a transparent proxy for the Kubernetes API based on [kube-rbac-proxy](https://github.com/brancz/kube-rbac-proxy). It is exposed for the external communication. - -## Details - -Kyma requires all APIs, including those provided by the Kubernetes API server, to be exposed in a consistent manner through Istio. - -To expose an API through Istio, all of the Pods that run the service containers must contain an Envoy sidecar. You need an additional proxy, as you cannot inject an Envoy sidecar directly into the Kubernetes API server. As a workaround, deploy apiserver-proxy as a proxy for the Kubernetes API server. Istio injects an Envoy sidecar into the Pods that run apiserver-proxy. - -Installing the Helm chart creates a virtual service, which exposes the API server under the `apiserver` subdomain in the configured domain. diff --git a/resources/apiserver-proxy/charts/apiserver-proxy-init/Chart.yaml b/resources/apiserver-proxy/charts/apiserver-proxy-init/Chart.yaml deleted file mode 100644 index d57a98e42ae5..000000000000 --- a/resources/apiserver-proxy/charts/apiserver-proxy-init/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -name: apiserver-proxy-init -version: 0.0.1 -description: Init chart for Kyma apiserver -keywords: -- apiproxy -- apiserver -apiVersion: v1 diff --git a/resources/apiserver-proxy/charts/apiserver-proxy-init/OWNERS b/resources/apiserver-proxy/charts/apiserver-proxy-init/OWNERS deleted file mode 100644 index f397de53f3e4..000000000000 --- a/resources/apiserver-proxy/charts/apiserver-proxy-init/OWNERS +++ /dev/null @@ -1,11 +0,0 @@ -approvers: - - Tomasz-Smelcerz-SAP - - strekm - - piotrmsc - - kubadz - - Demonsthere - - colunira - -labels: -- area/service-mesh -- area/security diff --git a/resources/apiserver-proxy/charts/apiserver-proxy-init/README.md b/resources/apiserver-proxy/charts/apiserver-proxy-init/README.md deleted file mode 100644 index 3db32fd5cd0b..000000000000 --- a/resources/apiserver-proxy/charts/apiserver-proxy-init/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# API Server Proxy Init - -## Overview - -This chart generates certificates required by API Server Proxy. - -## Details - -Service `apiserver-proxy-ssl` is a LoadBalancer. Job, depending on the domain configuration, generates certificates for given IP address and saves them in the `apiserver-proxy-tls-cert` secret, which is later mounted to API Server Proxy deployment. \ No newline at end of file diff --git a/resources/apiserver-proxy/charts/apiserver-proxy-init/files/generate-certs.sh b/resources/apiserver-proxy/charts/apiserver-proxy-init/files/generate-certs.sh deleted file mode 100644 index 649b536550a3..000000000000 --- a/resources/apiserver-proxy/charts/apiserver-proxy-init/files/generate-certs.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/usr/bin/env bash -set -e -# if running on Gardener create Certificate CR -# else proceed 'old' way -{{- if .Values.global.domainName }} -{{- if .Values.global.environment.gardener }} -cat < /tmp/key.pem - echo "{{ .Values.global.tlsCrt }}" | base64 -d > /tmp/cert.pem - kubectl create secret tls {{ template "name" . }}-tls-cert --key /tmp/key.pem --cert /tmp/cert.pem -{{- else }} - echo "Running on xip.io enabled cluster, creating certificate for the domain" - source /app/utils.sh - generateCertificatesForDomain "$DOMAIN" /tmp/key.pem /tmp/cert.pem - kubectl create secret tls {{ template "name" . }}-tls-cert --key /tmp/key.pem --cert /tmp/cert.pem -o yaml --dry-run | kubectl apply -f - -{{- end }} -fi -echo "Done" \ No newline at end of file diff --git a/resources/apiserver-proxy/charts/apiserver-proxy-init/templates/generate-certs-job.yaml b/resources/apiserver-proxy/charts/apiserver-proxy-init/templates/generate-certs-job.yaml deleted file mode 100644 index bfa8054f2a02..000000000000 --- a/resources/apiserver-proxy/charts/apiserver-proxy-init/templates/generate-certs-job.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "name" . }}-certs-job - annotations: - helm.sh/hook-weight: "5" - helm.sh/hook: "post-install,post-upgrade" - helm.sh/hook-delete-policy: "before-hook-creation,hook-succeeded" -spec: - backoffLimit: 1 - template: - metadata: - name: {{ template "name" . }}-certs-job - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: {{ template "name" . }}-certs-job - restartPolicy: Never - volumes: - - name: {{ template "name" . }}-tls-cert - secret: - secretName: {{ template "name" . }}-tls-cert - optional: true - containers: - - name: generate-certs - image: {{ .Values.global.containerRegistry.path }}/{{ .Values.global.xip_patch.dir }}xip-patch:{{ .Values.global.xip_patch.version }} - resources: - limits: - memory: 128Mi - requests: - memory: 32Mi - securityContext: -{{- toYaml .Values.securityContext | nindent 10 }} - envFrom: - - configMapRef: - name: {{ template "name" . }} - optional: true - command: - - bash - - -c - - | -{{ tpl (.Files.Get "files/generate-certs.sh" | printf "%s" | indent 12) . }} - volumeMounts: - - name: {{ template "name" . }}-tls-cert - mountPath: /etc/apiserver-proxy-tls-cert/ - {{- if .Values.global.priorityClassName }} - priorityClassName: {{ .Values.global.priorityClassName }} - {{- end }} diff --git a/resources/apiserver-proxy/charts/apiserver-proxy-init/templates/psp.yaml b/resources/apiserver-proxy/charts/apiserver-proxy-init/templates/psp.yaml deleted file mode 100644 index 0aac3a756eba..000000000000 --- a/resources/apiserver-proxy/charts/apiserver-proxy-init/templates/psp.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "name" . }}-certs-job - labels: - release: {{ .Release.Name }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/name: {{ template "name" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - allowPrivilegeEscalation: false - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - seLinux: - rule: RunAsAny - runAsUser: - rule: 'MustRunAsNonRoot' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - volumes: - - "secret" -{{- end }} \ No newline at end of file diff --git a/resources/apiserver-proxy/charts/apiserver-proxy-init/templates/rbac.yaml b/resources/apiserver-proxy/charts/apiserver-proxy-init/templates/rbac.yaml deleted file mode 100644 index 3895af3b0d35..000000000000 --- a/resources/apiserver-proxy/charts/apiserver-proxy-init/templates/rbac.yaml +++ /dev/null @@ -1,136 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "name" . }}-certs-job - namespace: {{ .Release.Namespace}} - annotations: - helm.sh/hook-weight: "0" - helm.sh/hook-delete-policy: "before-hook-creation" - helm.sh/hook: "post-install, post-upgrade" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "name" . }}-certs-job - namespace: {{ .Release.Namespace}} - annotations: - helm.sh/hook-weight: "0" - helm.sh/hook-delete-policy: "before-hook-creation" - helm.sh/hook: "post-install, post-upgrade" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "name" . }}-certs-job -subjects: -- kind: ServiceAccount - name: {{ template "name" . }}-certs-job - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "name" . }}-certs-job - namespace: {{ .Release.Namespace }} - annotations: - helm.sh/hook-weight: "0" - helm.sh/hook-delete-policy: "before-hook-creation" - helm.sh/hook: "post-install, post-upgrade" -rules: -- apiGroups: [""] - resources: [services] - verbs: [create, list, get, watch] -- apiGroups: [""] - resources: [secrets] - verbs: [create, list, get, update, patch] -- apiGroups: [""] - resources: [configmaps] - verbs: [create, list, get, watch, update, patch] -{{- if .Values.podSecurityPolicy.enabled }} -- apiGroups: ["extensions","policy"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - {{ template "name" . }}-certs-job -{{- end }} ---- -{{ if .Values.global.environment.gardener }} -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: kube-system - name: {{ template "name" . }}-certs-job-kube-system-role - annotations: - helm.sh/hook-weight: "0" - helm.sh/hook-delete-policy: "before-hook-creation" - helm.sh/hook: "post-install, post-upgrade" -rules: -- apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["shoot-info"] - verbs: ["get"] -{{- if .Values.podSecurityPolicy.enabled }} -- apiGroups: ["extensions","policy"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - {{ template "name" . }}-certs-job -{{- end }} ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "name" . }}-certs-job-gardener-certs-role - annotations: - helm.sh/hook-weight: "0" - helm.sh/hook-delete-policy: "before-hook-creation" - helm.sh/hook: "post-install, post-upgrade" -rules: -- apiGroups: ["cert.gardener.cloud"] - resources: ["certificates"] - verbs: ["get", "create", "patch"] -{{- if .Values.podSecurityPolicy.enabled }} -- apiGroups: ["extensions","policy"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - {{ template "name" . }}-certs-job -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "name" . }}-certs-job-gardener-certs-role - namespace: {{ .Release.Namespace}} - annotations: - helm.sh/hook-weight: "0" - helm.sh/hook-delete-policy: "before-hook-creation" - helm.sh/hook: "post-install, post-upgrade" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "name" . }}-certs-job-gardener-certs-role -subjects: -- kind: ServiceAccount - name: {{ template "name" . }}-certs-job - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "name" . }}-certs-job-kube-system-role - namespace: {{ .Release.Namespace}} - annotations: - helm.sh/hook-weight: "0" - helm.sh/hook-delete-policy: "before-hook-creation" - helm.sh/hook: "post-install, post-upgrade" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "name" . }}-certs-job-kube-system-role -subjects: -- kind: ServiceAccount - name: {{ template "name" . }}-certs-job - namespace: {{ .Release.Namespace }} -{{ end }} \ No newline at end of file diff --git a/resources/apiserver-proxy/charts/apiserver-proxy-init/templates/service-ssl.yaml b/resources/apiserver-proxy/charts/apiserver-proxy-init/templates/service-ssl.yaml deleted file mode 100644 index e640f6713186..000000000000 --- a/resources/apiserver-proxy/charts/apiserver-proxy-init/templates/service-ssl.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "name" . }}-ssl - namespace: {{ .Release.Namespace }} -spec: - {{ if .Values.global.isLocalEnv }} - type: NodePort - {{ else }} - type: LoadBalancer - {{ end }} - ports: - - name: https - port: 443 - protocol: TCP - targetPort: {{ .Values.port.secure }} - selector: - app: {{ template "name" . }} diff --git a/resources/apiserver-proxy/charts/apiserver-proxy-init/values.yaml b/resources/apiserver-proxy/charts/apiserver-proxy-init/values.yaml deleted file mode 100644 index 015a16443cab..000000000000 --- a/resources/apiserver-proxy/charts/apiserver-proxy-init/values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -configmapName: oidc-ca -nameOverride: apiserver-proxy - -port: - secure: 9443 - insecure: 8444 - metrics: 2112 - -podSecurityPolicy: - enabled: true - -securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 diff --git a/resources/apiserver-proxy/profile-evaluation.yaml b/resources/apiserver-proxy/profile-evaluation.yaml deleted file mode 100644 index 7f3650f13792..000000000000 --- a/resources/apiserver-proxy/profile-evaluation.yaml +++ /dev/null @@ -1,2 +0,0 @@ -hpa: - enabled: false \ No newline at end of file diff --git a/resources/apiserver-proxy/requirements.yaml b/resources/apiserver-proxy/requirements.yaml deleted file mode 100644 index c42291f04c10..000000000000 --- a/resources/apiserver-proxy/requirements.yaml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - name: apiserver-proxy-init - version: 0.0.1 diff --git a/resources/apiserver-proxy/templates/_helpers.tpl b/resources/apiserver-proxy/templates/_helpers.tpl deleted file mode 100644 index a39afa368a8a..000000000000 --- a/resources/apiserver-proxy/templates/_helpers.tpl +++ /dev/null @@ -1,15 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- printf "%s-%s" .Release.Name .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/resources/apiserver-proxy/templates/autoscale.yaml b/resources/apiserver-proxy/templates/autoscale.yaml deleted file mode 100644 index 05f06e54f2c6..000000000000 --- a/resources/apiserver-proxy/templates/autoscale.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{ if and (not .Values.global.isLocalEnv) (.Capabilities.APIVersions.Has "autoscaling/v2beta1") (.Values.hpa.enabled)}} ---- -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ template "name" . }} - minReplicas: {{ .Values.hpa.minReplicas }} - maxReplicas: {{ .Values.hpa.maxReplicas }} - metrics: -{{ toYaml .Values.hpa.metrics | trim | indent 2 }} -{{ end }} diff --git a/resources/apiserver-proxy/templates/dashboard-configmap.yaml b/resources/apiserver-proxy/templates/dashboard-configmap.yaml deleted file mode 100644 index 05340305e42a..000000000000 --- a/resources/apiserver-proxy/templates/dashboard-configmap.yaml +++ /dev/null @@ -1,1418 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: apiserver-proxy-dashboard - labels: - grafana_dashboard: "1" - app: monitoring-grafana -data: - apiserver-proxy-dashboard.json: |- -{{` { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": 55, - "links": [], - "panels": [ - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 10, - "panels": [], - "title": "Application metrics", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 1 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{service=\"apiserver-proxy-metrics\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ pod }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 1 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_threads{service=\"apiserver-proxy-metrics\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ pod }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Go threads", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 9 - }, - "hiddenSeries": false, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_gc_duration_seconds{service=\"apiserver-proxy-metrics\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "quantile: {{ quantile }} ({{ pod }}) ", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "GC invocations durations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 9 - }, - "hiddenSeries": false, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_memstats_heap_inuse_bytes{job=\"apiserver-proxy-metrics\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Heap in use", - "refId": "A" - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"apiserver-proxy-metrics\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in use", - "refId": "B" - }, - { - "expr": "container_memory_usage_bytes{container=~\"auth-proxy|istio-proxy\", pod=~\"apiserver-proxy.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ container }} (k8s)", - "refId": "C" - }, - { - "expr": "sum(container_memory_usage_bytes{container=~\"auth-proxy|istio-proxy\", pod=~\"apiserver-proxy.*\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Total", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 17 - }, - "id": 4, - "panels": [], - "title": "Network metrics", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 18 - }, - "hiddenSeries": false, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(http_requests_total{service=~\"apiserver-proxy.*\"}[5m])) by (job)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ job }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Req/s", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 18 - }, - "hiddenSeries": false, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(http_requests_total{service=~\"apiserver-proxy-metrics.*\",status_code=~\"5.*\"}[5m]) / rate(http_requests_total[5m])\n\n", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "HTTP Error Rates (5xx)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 26 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (code) (rate(http_requests_total{service=~\"apiserver-proxy.*\"}[5m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ code }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request rate by status code", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 26 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum by (pod) (rate(container_network_receive_bytes_total{pod=~\"apiserver-proxy.*\"}[1m])))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ pod }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 30, - "panels": [], - "title": "Average request durations", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 35 - }, - "hiddenSeries": false, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(authentication_durations_sum[5m])/rate(authentication_durations_count[5m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ pod }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Average authentication durations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 35 - }, - "hiddenSeries": false, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(spdy_negotiation_durations_sum[5m])/rate(spdy_negotiation_durations_count[5m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ pod }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "SPDY average negotiation durations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": null, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 43 - }, - "id": 40, - "panels": [], - "title": "Requests percentiles", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 44 - }, - "hiddenSeries": false, - "id": 41, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.95, rate(authentication_durations_bucket[5m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ pod }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Authentication 95th percentile", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 44 - }, - "hiddenSeries": false, - "id": 42, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, rate(authentication_durations_bucket[5m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ pod }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Authentication 99th percentile", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 52 - }, - "hiddenSeries": false, - "id": 45, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.95, rate(spdy_negotiation_durations_bucket[5m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ pod }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "SPDY negotiation 95th percentile", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 52 - }, - "hiddenSeries": false, - "id": 46, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, rate(spdy_negotiation_durations_bucket[5m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ pod }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "SPDY negotiation 99th percentile", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 21, - "style": "dark", - "tags": [ - "kubernetes", - "kyma" - ], - "templating": { - "list": [] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "refresh": "10s", - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Kyma / API Server Proxy", - "uid": "sdfsdfsdf", - "version": 2 - }`}} diff --git a/resources/apiserver-proxy/templates/deployment.yaml b/resources/apiserver-proxy/templates/deployment.yaml deleted file mode 100644 index 9edb053eeb9a..000000000000 --- a/resources/apiserver-proxy/templates/deployment.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} - labels: - kyma-project.io/component: backend -spec: - selector: - matchLabels: - app: {{ template "name" . }} - replicas: 1 - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - maxSurge: 1 - template: - metadata: - annotations: - sidecar.istio.io/inject: "true" - traffic.sidecar.istio.io/excludeInboundPorts: "{{ .Values.port.secure }}" - prometheus.io/port: "{{ .Values.port.metrics }}" - prometheus.io/path: "/" - prometheus.io/scrape: "true" - labels: - app: {{ template "name" . }} - tlsSecret: ingress-tls-cert - kyma-project.io/component: backend - spec: - serviceAccountName: {{ template "name" . }} - {{- if .Values.global.isLocalEnv }} - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "dex.{{ .Values.global.domainName }}" - {{- end }} - containers: - - image: {{ .Values.global.containerRegistry.path }}/{{ .Values.global.apiserver_proxy.dir }}apiserver-proxy:{{ .Values.global.apiserver_proxy.version }} - name: auth-proxy - {{- if not .Values.global.isLocalEnv }} - resources: - limits: - memory: 256Mi - requests: - memory: 96Mi - {{- end }} - securityContext: -{{- toYaml .Values.securityContext | nindent 10 }} - imagePullPolicy: IfNotPresent - args: - - --insecure-listen-address=0.0.0.0:{{ .Values.port.insecure }} - - --secure-listen-address=0.0.0.0:{{ .Values.port.secure }} - - --tls-cert-file=/etc/tls-cert/tls.crt - - --tls-private-key-file=/etc/tls-cert/tls.key - - --upstream=https://kubernetes.default - - --logtostderr=true - - --v=9 - - --oidc-issuer=https://dex.{{ .Values.global.domainName }} - - --oidc-clientID=kyma-client - {{- if not .Values.global.environment.gardener }} - - --oidc-ca-file=/etc/dex-tls-cert/tls.crt - {{- end }} - - --cors-allow-origin={{ .Values.corsPolicy.allowOrigin | join "," }} - - --cors-allow-headers={{ .Values.corsPolicy.allowHeaders | join "," }} - - --cors-allow-methods={{ .Values.corsPolicy.allowMethods | join "," }} - - --metrics-listen-address=0.0.0.0:{{ .Values.port.metrics }} - ports: - - containerPort: {{ .Values.port.insecure }} - name: insecure - - containerPort: {{ .Values.port.metrics }} - name: metrics - - containerPort: {{ .Values.port.secure }} - name: secure - {{ if .Values.global.isLocalEnv }} - hostPort: {{ .Values.port.secure }} - {{ end }} - volumeMounts: - - name: tls-cert - mountPath: /etc/tls-cert/ - {{- if not .Values.global.environment.gardener }} - - name: dex-tls-cert - mountPath: /etc/dex-tls-cert/ - {{- end }} - volumes: - {{- if not .Values.global.environment.gardener }} - - name: dex-tls-cert - secret: - secretName: ingress-tls-cert - {{- end }} - - name: tls-cert - secret: - secretName: {{ template "name" . }}-tls-cert - {{- if .Values.global.priorityClassName }} - priorityClassName: {{ .Values.global.priorityClassName }} - {{- end }} diff --git a/resources/apiserver-proxy/templates/job.yaml b/resources/apiserver-proxy/templates/job.yaml deleted file mode 100644 index bc9124c68ed8..000000000000 --- a/resources/apiserver-proxy/templates/job.yaml +++ /dev/null @@ -1,93 +0,0 @@ -{{ if .Values.global.environment.gardener }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "name" . }}-ssl-helper-service-account - namespace: {{ .Release.Namespace }} - annotations: - helm.sh/hook-weight: "0" - helm.sh/hook-delete-policy: "before-hook-creation" - "helm.sh/hook": "post-install, post-upgrade" ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: {{.Release.Namespace}} - name: {{ template "name" . }}-ssl-helper-role - annotations: - helm.sh/hook-weight: "0" - helm.sh/hook-delete-policy: "before-hook-creation" - "helm.sh/hook": "post-install, post-upgrade" -rules: - - apiGroups: [""] - resources: ["services"] - resourceNames: ['{{ template "name" . }}-ssl'] - verbs: ["get", "patch"] ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "name" . }}-ssl-helper-role-binding - namespace: {{.Release.Namespace}} - annotations: - helm.sh/hook-weight: "0" - helm.sh/hook-delete-policy: "before-hook-creation" - "helm.sh/hook": "post-install, post-upgrade" -subjects: - - kind: ServiceAccount - name: {{ template "name" . }}-ssl-helper-service-account - namespace: {{.Release.Namespace}} -roleRef: - kind: Role - name: {{ template "name" . }}-ssl-helper-role - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: batch/v1 -kind: Job -metadata: - annotations: - helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation" - "helm.sh/hook": "post-install, post-upgrade" - helm.sh/hook-weight: "1" - name: {{ template "name" . }}-ssl-helper-job -spec: - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - containers: - - - command: - - /bin/bash - - -c - - | - set +e - retry=0 - - while [[ ${retry} -lt 5 ]]; do - result=$(kubectl -n kyma-system annotate service {{ template "name" . }}-ssl dns.gardener.cloud/class='garden' dns.gardener.cloud/dnsnames='apiserver.'{{ trimPrefix "*." .Values.global.domainName }}'' --overwrite) - err=$? - if [[ ${err} -eq 0 ]]; then - echo "${result}" - exit 0 - fi - sleep 5 - (( retry++ )) - done - echo "Maximum retries exceeded" - exit 1 - image: eu.gcr.io/kyma-project/tpi/k8s-tools:20210922-530cfc39 - name: gardener-annotate - env: - - name: HOME - value: /tmp - securityContext: -{{- toYaml .Values.securityContext | nindent 12 }} - restartPolicy: Never - serviceAccountName: {{ template "name" . }}-ssl-helper-service-account -{{ end }} - {{- if .Values.global.priorityClassName }} - priorityClassName: {{ .Values.global.priorityClassName }} - {{- end }} diff --git a/resources/apiserver-proxy/templates/policy.yaml b/resources/apiserver-proxy/templates/policy.yaml deleted file mode 100644 index e285cafc8602..000000000000 --- a/resources/apiserver-proxy/templates/policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: security.istio.io/v1beta1 -kind: PeerAuthentication -metadata: - name: {{ template "name" . }}-ssl -spec: - selector: - matchLabels: - app: {{ template "name" . }} - portLevelMtls: - {{ .Values.port.secure }}: - mode: PERMISSIVE - {{ .Values.port.metrics }}: - mode: PERMISSIVE \ No newline at end of file diff --git a/resources/apiserver-proxy/templates/rbac.yaml b/resources/apiserver-proxy/templates/rbac.yaml deleted file mode 100644 index 2932d3056f7a..000000000000 --- a/resources/apiserver-proxy/templates/rbac.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }} -rules: - - apiGroups: ["*"] - resources: ['*'] - verbs: ['*'] - - nonResourceURLs: ["*"] - verbs: ['*'] diff --git a/resources/apiserver-proxy/templates/service.yaml b/resources/apiserver-proxy/templates/service.yaml deleted file mode 100644 index 6a0d24b338cf..000000000000 --- a/resources/apiserver-proxy/templates/service.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: http - port: {{ .Values.port.insecure }} - protocol: TCP - targetPort: {{ .Values.port.insecure }} - selector: - app: {{ template "name" . }} ---- -# Dedicated Service for metrics endpoint -apiVersion: v1 -kind: Service -metadata: - name: {{ template "name" . }}-metrics - labels: - app: {{ template "name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - ports: - - name: http-metrics - port: {{ .Values.port.metrics }} - selector: - app: {{ template "name" . }} diff --git a/resources/apiserver-proxy/templates/servicemonitor.yaml b/resources/apiserver-proxy/templates/servicemonitor.yaml deleted file mode 100644 index cbea8f66f004..000000000000 --- a/resources/apiserver-proxy/templates/servicemonitor.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Inform Prometheus to scrap the metrics endpoint -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "fullname" . }} - labels: - prometheus: monitoring - app: {{ template "name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - endpoints: - - port: http-metrics - path: / - metricRelabelings: - - sourceLabels: [ __name__ ] - regex: ^(apiserver_client_certificate_expiration_seconds_bucket|authentication_durations_bucket|authentication_durations_count|authorization_durations_bucket|authorization_durations_count|go_gc_duration_seconds|go_goroutines|go_memstats_alloc_bytes|go_memstats_heap_alloc_bytes|go_memstats_heap_inuse_bytes|go_memstats_heap_sys_bytes|go_memstats_stack_inuse_bytes|go_threads|http_requests_total|process_cpu_seconds_total|process_max_fds|process_open_fds|process_resident_memory_bytes|process_start_time_seconds|process_virtual_memory_bytes|spdy_negotiation_durations_bucket|spdy_negotiation_durations_count)$ - action: keep - namespaceSelector: - matchNames: - - "{{ .Release.Namespace }}" - selector: - matchLabels: - app: {{ template "name" . }} diff --git a/resources/apiserver-proxy/templates/tests/test.yaml b/resources/apiserver-proxy/templates/tests/test.yaml deleted file mode 100644 index a8c6fed91c30..000000000000 --- a/resources/apiserver-proxy/templates/tests/test.yaml +++ /dev/null @@ -1,69 +0,0 @@ ---- -{{- if .Values.tests.enabled }} -{{- if .Capabilities.APIVersions.Has "testing.kyma-project.io/v1alpha1" }} - -apiVersion: "testing.kyma-project.io/v1alpha1" -kind: TestDefinition -metadata: - name: {{ .Chart.Name }} - labels: - app: {{ .Chart.Name }}-tests - app.kubernetes.io/name: {{ .Chart.Name }}-tests - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - {{- range $key, $val := .Values.tests.labels }} - kyma-project.io/test.{{ $key }}: {{ $val | quote }} - {{- end }} - -spec: - disableConcurrency: false - template: - metadata: - labels: - app: {{ .Chart.Name }}-tests - annotations: - sidecar.istio.io/inject: "true" - spec: - {{ if .Values.global.isLocalEnv }} - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "configurations-generator.{{ .Values.global.domainName }}" - - "dex.{{ .Values.global.domainName }}" - - "apiserver.{{ .Values.global.domainName }}" - {{ end }} - containers: - - name: tests - image: {{ .Values.global.containerRegistry.path }}/{{ .Values.global.apiserver_proxy_integration_tests.dir }}apiserver-proxy-integration-tests:{{ .Values.global.apiserver_proxy_integration_tests.version }} - imagePullPolicy: Always - command: ["/bin/bash"] - args: ["-c", "sleep 10; ./test.sh; exit_code=$?; curl -XPOST http://127.0.0.1:15020/quitquitquit; sleep 5; exit $exit_code;"] - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DOMAIN - value: {{ .Values.global.domainName }} - - name: USER_EMAIL - valueFrom: - secretKeyRef: - name: admin-user - key: email - - name: USER_PASSWORD - valueFrom: - secretKeyRef: - name: admin-user - key: password - - name: IAM_KUBECONFIG_SVC_FQDN - value: "iam-kubeconfig-service.{{ .Release.Namespace }}.svc.cluster.local" - - name: IAM_KUBECONFIG_SVC_PORT - value: "8000" - - name: MAX_TEST_RETRIES - value: "10" - securityContext: -{{- toYaml .Values.tests.securityContext | nindent 10 }} - restartPolicy: Never -{{- end }} -{{- end }} diff --git a/resources/apiserver-proxy/templates/virtual-service.yaml b/resources/apiserver-proxy/templates/virtual-service.yaml deleted file mode 100644 index da5dc08206fb..000000000000 --- a/resources/apiserver-proxy/templates/virtual-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} -spec: - hosts: - - "apiserver.{{ .Values.global.domainName }}" - gateways: - - {{ .Values.global.istio.gateway.name }} - http: - - match: - - uri: - regex: /.* - route: - - destination: - port: - number: {{ .Values.port.insecure }} - host: {{ template "name" . }} - corsPolicy: -{{ toYaml .Values.corsPolicy | indent 6 }} \ No newline at end of file diff --git a/resources/apiserver-proxy/values.yaml b/resources/apiserver-proxy/values.yaml deleted file mode 100644 index abf2b750307a..000000000000 --- a/resources/apiserver-proxy/values.yaml +++ /dev/null @@ -1,60 +0,0 @@ -configmapName: oidc-ca - -port: - secure: 9443 - insecure: 8444 - metrics: 2112 - -securityContext: - allowPrivilegeEscalation: false - privileged: false - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - -corsPolicy: - allowOrigin: - - "*" - allowHeaders: - - "authorization" - - "content-type" - allowMethods: - - "GET" - - "POST" - - "PUT" - - "DELETE" - -hpa: - enabled: true - minReplicas: 1 - maxReplicas: 3 - metrics: - - type: Resource - resource: - name: memory - targetAverageUtilization: 50 - -tests: - enabled: true - labels: - integration: true - after-upgrade: true - securityContext: - runAsUser: 65534 - runAsNonRoot: true - runAsGroup: 65534 -global: - apiserver_proxy: - dir: - version: "6457fd19" - apiserver_proxy_integration_tests: - dir: - version: "fe9f5885" - istio: - gateway: - name: kyma-gateway - containerRegistry: - path: eu.gcr.io/kyma-project - xip_patch: - dir: - version: fe9f5885 diff --git a/resources/application-connector/charts/application-registry/templates/deployment.yaml b/resources/application-connector/charts/application-registry/templates/deployment.yaml index 643c099d3249..12490e2f3083 100644 --- a/resources/application-connector/charts/application-registry/templates/deployment.yaml +++ b/resources/application-connector/charts/application-registry/templates/deployment.yaml @@ -69,12 +69,6 @@ spec: runAsUser: {{ .Values.global.podSecurityPolicy.runAsUser }} privileged: {{ .Values.global.podSecurityPolicy.privileged }} allowPrivilegeEscalation: {{ .Values.global.podSecurityPolicy.allowPrivilegeEscalation }} - {{ if .Values.global.isLocalEnv }} - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "minio.{{ .Values.global.domainName }}" - {{ end }} {{- if .Values.global.priorityClassName }} priorityClassName: {{ .Values.global.priorityClassName }} {{- end }} diff --git a/resources/application-connector/charts/connector-service/templates/tests/test.yaml b/resources/application-connector/charts/connector-service/templates/tests/test.yaml index aca039a8ed15..372b036d0836 100644 --- a/resources/application-connector/charts/connector-service/templates/tests/test.yaml +++ b/resources/application-connector/charts/connector-service/templates/tests/test.yaml @@ -23,13 +23,6 @@ spec: labels: app: {{ .Chart.Name }}-tests spec: - {{ if .Values.global.isLocalEnv }} - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "connector-service.{{ .Values.global.domainName }}" - - "gateway.{{ .Values.global.domainName }}" - {{ end }} serviceAccountName: {{ .Chart.Name }}-tests containers: - name: tests diff --git a/resources/application-connector/templates/tests/test.yaml b/resources/application-connector/templates/tests/test.yaml index eea38427780d..85f716cc233a 100644 --- a/resources/application-connector/templates/tests/test.yaml +++ b/resources/application-connector/templates/tests/test.yaml @@ -29,13 +29,6 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} spec: serviceAccountName: {{ .Chart.Name }}-tests - {{ if .Values.global.isLocalEnv }} - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "connector-service.{{ .Values.global.domainName }}" - - "gateway.{{ .Values.global.domainName }}" - {{ end }} containers: - name: tests image: {{ include "imageurl" (dict "reg" .Values.global.containerRegistry "img" .Values.global.testImages.application_connector_tests) }} diff --git a/resources/cluster-essentials/values.yaml b/resources/cluster-essentials/values.yaml index e82f368a0d2e..0aa0b9584055 100644 --- a/resources/cluster-essentials/values.yaml +++ b/resources/cluster-essentials/values.yaml @@ -5,7 +5,6 @@ jobs: tag: "20210922-530cfc39" global: - isLocalEnv: false installCRDs: false disableLegacyConnectivity: false podSecurityPolicy: diff --git a/resources/cluster-users/templates/tests/configmap-tests.yaml b/resources/cluster-users/templates/tests/configmap-tests.yaml deleted file mode 100644 index 2d2dc31b772d..000000000000 --- a/resources/cluster-users/templates/tests/configmap-tests.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.tests.enabled}} -{{- if .Capabilities.APIVersions.Has "testing.kyma-project.io/v1alpha1" }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - name: {{ .Chart.Name }} -data: - kyma-test-bindings.yaml: |- -{{ tpl (.Files.Get "files/kyma-test-bindings.yaml" | printf "%s" | indent 4) . }} - sar-test.sh: |- -{{ tpl (.Files.Get "files/sar-test.sh" | printf "%s" | indent 4) . }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/resources/cluster-users/templates/tests/rbac.yaml b/resources/cluster-users/templates/tests/rbac.yaml deleted file mode 100644 index 6957aa8bdf1a..000000000000 --- a/resources/cluster-users/templates/tests/rbac.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.tests.enabled}} -{{- if .Capabilities.APIVersions.Has "testing.kyma-project.io/v1alpha1" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Chart.Name }}-tests - labels: - app: {{ .Chart.Name }}-tests - app.kubernetes.io/name: {{ .Chart.Name }}-tests - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Chart.Name }}-tests - labels: - app: {{ .Chart.Name }}-tests - app.kubernetes.io/name: {{ .Chart.Name }}-tests - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: {{ .Chart.Name }}-tests - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/resources/cluster-users/templates/tests/test.yaml b/resources/cluster-users/templates/tests/test.yaml deleted file mode 100644 index ed2cc78ea8ec..000000000000 --- a/resources/cluster-users/templates/tests/test.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{- if .Values.tests.enabled }} -{{- if .Capabilities.APIVersions.Has "testing.kyma-project.io/v1alpha1" }} -apiVersion: "testing.kyma-project.io/v1alpha1" -kind: TestDefinition -metadata: - name: {{ .Chart.Name }} - labels: - app: {{ .Chart.Name }}-tests - app.kubernetes.io/name: {{ .Chart.Name }}-tests - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - {{- range $key, $val := .Values.tests.labels }} - kyma-project.io/test.{{ $key }}: {{ $val | quote }} - {{- end }} -spec: - disableConcurrency: false - template: - metadata: - labels: - app: {{ .Chart.Name }}-tests - spec: - {{- if .Values.global.isLocalEnv }} - hostNetwork: true - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "configurations-generator.{{ .Values.global.domainName }}" - - "apiserver.{{ .Values.global.domainName }}" - {{- end }} - dnsPolicy: ClusterFirstWithHostNet - serviceAccount: {{ .Chart.Name }}-tests - volumes: - - name: config - configMap: - name: {{ .Chart.Name }} - containers: - - name: tests - image: {{ .Values.tests.image.name }}:{{ .Values.tests.image.version }} - command: - - /bin/bash - - -c - - | - sleep 10 - bash /etc/cluster-users/sar-test.sh - exit_code=$? - curl -XPOST http://127.0.0.1:15020/quitquitquit - sleep 5 - exit $exit_code - volumeMounts: - - name: config - mountPath: /etc/cluster-users/ - readOnly: true - env: - - name: ADMIN_EMAIL - valueFrom: - secretKeyRef: - name: admin-user - key: email - - name: ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: admin-user - key: password - - name: DEVELOPER_EMAIL - valueFrom: - secretKeyRef: - name: test-developer-user - key: email - - name: DEVELOPER_PASSWORD - valueFrom: - secretKeyRef: - name: test-developer-user - key: password - - name: VIEW_EMAIL - valueFrom: - secretKeyRef: - name: test-read-only-user - key: email - - name: VIEW_PASSWORD - valueFrom: - secretKeyRef: - name: test-read-only-user - key: password - - name: NAMESPACE_ADMIN_EMAIL - valueFrom: - secretKeyRef: - name: test-namespace-admin-user - key: email - - name: NAMESPACE_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: test-namespace-admin-user - key: password - - name: SYSTEM_NAMESPACE - value: kyma-system - - name: CUSTOM_NAMESPACE - value: "test-namespace-{{ randAlphaNum 5 | lower }}" - - name: NAMESPACE - value: {{ .Values.tests.env.namespace }} - - name: IAM_KUBECONFIG_SVC_FQDN - value: "https://configurations-generator.{{ .Values.global.domainName }}" - - name: HOME - value: /tmp - securityContext: -{{- toYaml .Values.tests.securityContext | nindent 12 }} - restartPolicy: Never -{{- end }} -{{- end }} diff --git a/resources/cluster-users/values.yaml b/resources/cluster-users/values.yaml index ebd165a9340b..38a1f6172bd3 100644 --- a/resources/cluster-users/values.yaml +++ b/resources/cluster-users/values.yaml @@ -95,7 +95,6 @@ global: operatorGroup: runtimeOperator developerGroup: runtimeDeveloper namespaceAdminGroup: runtimeNamespaceAdmin - isLocalEnv: false containerRegistry: path: "eu.gcr.io/kyma-project" minikubeIP: "" diff --git a/resources/compass-runtime-agent/templates/deployment.yaml b/resources/compass-runtime-agent/templates/deployment.yaml index 3ff070ff9845..16eba0556d45 100644 --- a/resources/compass-runtime-agent/templates/deployment.yaml +++ b/resources/compass-runtime-agent/templates/deployment.yaml @@ -88,13 +88,6 @@ spec: initialDelaySeconds: {{ .Values.compassRuntimeAgent.readinessProbe.initialDelaySeconds }} timeoutSeconds: {{ .Values.compassRuntimeAgent.readinessProbe.timeoutSeconds }} periodSeconds: {{.Values.compassRuntimeAgent.readinessProbe.periodSeconds }} - {{ if .Values.global.isLocalEnv }} - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "compass-gateway.{{ .Values.global.domainName }}" - - "compass-gateway-mtls.{{ .Values.global.domainName }}" - {{ end }} {{- if .Values.global.priorityClassName }} priorityClassName: {{ .Values.global.priorityClassName }} {{- end }} diff --git a/resources/compass-runtime-agent/templates/tests/test-runtime-agent-integration.yaml b/resources/compass-runtime-agent/templates/tests/test-runtime-agent-integration.yaml index f942db2deca9..cfa74d82045a 100644 --- a/resources/compass-runtime-agent/templates/tests/test-runtime-agent-integration.yaml +++ b/resources/compass-runtime-agent/templates/tests/test-runtime-agent-integration.yaml @@ -75,16 +75,6 @@ spec: ports: - containerPort: {{ .Values.compassRuntimeAgent.tests.mockService.port }} name: http - {{ if .Values.global.isLocalEnv }} - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "compass-gateway.{{ .Values.global.domainName }}" - - "compass-gateway-auth-oauth.{{ .Values.global.domainName }}" - - "minio.{{ .Values.global.domainName }}" - - "dex.{{ .Values.global.domainName }}" - - "gateway.{{ .Values.global.domainName }}" - {{ end }} restartPolicy: Never {{- end }} {{ end }} diff --git a/resources/console/.helmignore b/resources/console/.helmignore deleted file mode 100644 index f0c131944441..000000000000 --- a/resources/console/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/resources/console/Chart.yaml b/resources/console/Chart.yaml deleted file mode 100644 index 841ef06cb288..000000000000 --- a/resources/console/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: Kyma component 'console' -name: console -version: 1.0.0 -home: https://kyma-project.io -icon: https://github.com/kyma-project/kyma/blob/main/logo.png?raw=true diff --git a/resources/console/README.md b/resources/console/README.md deleted file mode 100644 index 1b3fa335d21d..000000000000 --- a/resources/console/README.md +++ /dev/null @@ -1,8 +0,0 @@ -# Console - -## Overview - -The Console is a web-based administrative UI for Kyma. It allows administering the Kyma functionality and managing basic Kubernetes resources. The Console chart consists of the following sub-charts: - -- `web` -- `backend` diff --git a/resources/console/charts/backend/.helmignore b/resources/console/charts/backend/.helmignore deleted file mode 100644 index f0c131944441..000000000000 --- a/resources/console/charts/backend/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/resources/console/charts/backend/Chart.yaml b/resources/console/charts/backend/Chart.yaml deleted file mode 100644 index c5f8397548b9..000000000000 --- a/resources/console/charts/backend/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -name: backend -description: GraphQL API for Console UI -version: 0.1.0 -apiVersion: v1 diff --git a/resources/console/charts/backend/OWNERS b/resources/console/charts/backend/OWNERS deleted file mode 100644 index 1bacd1841ff7..000000000000 --- a/resources/console/charts/backend/OWNERS +++ /dev/null @@ -1,5 +0,0 @@ -reviewers: - - console-reviewers - -approvers: - - kwiatekus \ No newline at end of file diff --git a/resources/console/charts/backend/templates/_helpers.tpl b/resources/console/charts/backend/templates/_helpers.tpl deleted file mode 100644 index f0d83d2edba6..000000000000 --- a/resources/console/charts/backend/templates/_helpers.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/resources/console/charts/backend/templates/authorization-policy-manage-all.yaml b/resources/console/charts/backend/templates/authorization-policy-manage-all.yaml deleted file mode 100644 index 2f4dff65fb5b..000000000000 --- a/resources/console/charts/backend/templates/authorization-policy-manage-all.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: all-users--graphql-manage-all - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" -spec: - selector: - matchLabels: - app: {{ template "name" . }} - action: ALLOW - rules: - - from: - - source: - principals: ["*"] - to: - - operation: - paths: ["/graphql"] \ No newline at end of file diff --git a/resources/console/charts/backend/templates/cluster-role-binding.yaml b/resources/console/charts/backend/templates/cluster-role-binding.yaml deleted file mode 100644 index 32f8bca787ba..000000000000 --- a/resources/console/charts/backend/templates/cluster-role-binding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "fullname" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "fullname" . }} diff --git a/resources/console/charts/backend/templates/cluster-role.yaml b/resources/console/charts/backend/templates/cluster-role.yaml deleted file mode 100644 index 4e27fb27aea3..000000000000 --- a/resources/console/charts/backend/templates/cluster-role.yaml +++ /dev/null @@ -1,80 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "name" . }} -rules: - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["*"] - verbs: ["get", "list", "watch"] - - apiGroups: ["rbac.authorization.k8s.io"] - resources: ["roles", "clusterroles"] - verbs: ["get", "list", "watch"] - - apiGroups: ["rbac.authorization.k8s.io"] - resources: ["rolebindings", "clusterrolebindings"] - verbs: ["list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["pods", "services", "configmaps", "secrets", "namespaces"] - verbs: ["get", "list", "watch", "update", "delete"] - - apiGroups: [""] - resources: ["resourcequotas", "limitranges"] - verbs: ["get", "watch", "list", "update", create] - - apiGroups: [""] - resources: ["users", "groups"] - verbs: ["impersonate"] - - apiGroups: ["extensions", "apps"] - resources: ["deployments"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: ["statefulsets"] - verbs: ["list", "watch"] - - apiGroups: ["apps"] - resources: ["replicasets"] - verbs: ["list", "watch", "update", "delete"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["*"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: ["servicecatalog.kyma-project.io"] - resources: ["servicebindingusages"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: ["servicecatalog.kyma-project.io"] - resources: ["usagekinds"] - verbs: ["get", "list", "watch"] - - apiGroups: ["applicationconnector.kyma-project.io"] - resources: ["applications", "applicationmappings", "eventactivations"] - verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: ["gateway.kyma-project.io"] - resources: ["apis", "apirules"] - verbs: ["get", "list", "watch", "create", "update", "delete"] - - apiGroups: ["ui.kyma-project.io"] - resources: ["backendmodules", "microfrontends", "clustermicrofrontends"] - verbs: ["get", "list", "watch"] - - apiGroups: ["rafter.kyma-project.io"] - resources: ["clusterassetgroups", "assetgroups", "clusterbuckets", "clusterassets", "buckets", "assets"] - verbs: ["get", "list", "watch"] - - apiGroups: ["serverless.kyma-project.io"] - resources: ["functions", "gitrepositories"] - verbs: ["get", "list", "create", "delete", "update", "watch"] - - apiGroups: ["*"] - resources: ["*"] - verbs: ["create"] - - apiGroups: ["addons.kyma-project.io"] - resources: ["clusteraddonsconfigurations", "addonsconfigurations"] - verbs: ["*"] - - apiGroups: ["hydra.ory.sh"] - resources: ["oauth2clients"] - verbs: ["list", "get", "create", "update", "delete", "watch"] - - apiGroups: ["eventing.kyma-project.io"] - resources: ["subscriptions"] - verbs: ["list", "create", "update", "delete", "watch"] -{{- if .Values.podSecurityPolicy.enabled }} - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "fullname" . }} -{{- end }} diff --git a/resources/console/charts/backend/templates/deployment.yaml b/resources/console/charts/backend/templates/deployment.yaml deleted file mode 100644 index f1a8e2faa799..000000000000 --- a/resources/console/charts/backend/templates/deployment.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - kyma-project.io/component: backend -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ template "name" . }} - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 0 - template: - metadata: - labels: - app: {{ template "name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - kyma-project.io/component: backend - spec: - serviceAccountName: {{ template "fullname" . }} - {{ if .Values.global.isLocalEnv }} - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "dex.{{ .Values.global.domainName }}" - - "minio.{{ .Values.global.domainName }}" - {{ end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.global.containerRegistry.path }}/{{ .Values.image.name }}:{{ .Values.global.console_backend_service.version }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - privileged: false - resources: - {{- toYaml .Values.resources | nindent 10 }} - env: - - name: APP_PORT - value: "{{ .Values.service.internalPort }}" - - name: APP_HOST - value: "0.0.0.0" - - name: APP_ALLOWED_ORIGINS - value: "https://*.{{ .Values.global.domainName }},*.svc.cluster.local:44134,http://console-dev.{{ .Values.global.domainName }}:*" - - name: APP_VERBOSE - value: "true" - - name: APP_SYSTEM_NAMESPACES - value: {{ .Values.systemNamespaces }} - - name: APP_RAFTER_ADDRESS - value: "rafter-minio.kyma-system.svc.cluster.local:9000" - - name: APP_RAFTER_SECURE - value: "false" - - name: APP_RAFTER_VERIFY_SSL - value: "{{ .Values.verifySSL }}" - - name: APP_APPLICATION_GATEWAY_INTEGRATION_NAMESPACE - value: "kyma-integration" - - name: APP_APPLICATION_GATEWAY_STATUS_REFRESH_PERIOD - value: "15s" - - name: APP_APPLICATION_CONNECTOR_URL - value: "http://connector-service-internal-api.kyma-integration.svc.cluster.local:8080" - - name: APP_APPLICATION_CONNECTOR_HTTP_CALL_TIMEOUT - value: "2s" - - name: APP_OIDC_ISSUER_URL - value: "https://dex.{{ .Values.global.domainName }}" - - name: APP_OIDC_CLIENT_ID - value: "kyma-client" - {{ if not .Values.global.environment.gardener }} - - name: APP_OIDC_CA_FILE - value: "/etc/ingress-tls-cert/tls.crt" - {{ end }} - - name: APP_TRACING_COLLECTOR_URL - value: http://{{ .Values.global.tracing.zipkinAddress }}/api/v1/spans - - name: APP_TRACING_DEBUG - value: "{{ .Values.tracing.debug }}" - - name: APP_TRACING_SERVICE_SPAN_NAME - value: {{ .Values.tracing.serviceSpanName }} - - name: APP_SERVERLESS_USAGE_KIND - value: serverless-function - - name: APP_EVENT_SUBSCRIPTION - value: {{ .Values.global.isBEBEnabled | quote }} - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.internalPortName }} - {{ if not .Values.global.environment.gardener }} - volumeMounts: - - name: ingress-tls-cert - mountPath: /etc/ingress-tls-cert/ - volumes: - - name: ingress-tls-cert - secret: - secretName: ingress-tls-cert - {{ end }} - {{- if .Values.global.priorityClassName }} - priorityClassName: {{ .Values.global.priorityClassName }} - {{- end }} diff --git a/resources/console/charts/backend/templates/psp.yaml b/resources/console/charts/backend/templates/psp.yaml deleted file mode 100644 index 5c6dde7dbd04..000000000000 --- a/resources/console/charts/backend/templates/psp.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - kyma-project.io/component: backend -spec: - allowPrivilegeEscalation: false - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: true - volumes: - - emptyDir - - configMap -{{- end }} \ No newline at end of file diff --git a/resources/console/charts/backend/templates/service-account.yaml b/resources/console/charts/backend/templates/service-account.yaml deleted file mode 100644 index 5e1538b765e6..000000000000 --- a/resources/console/charts/backend/templates/service-account.yaml +++ /dev/null @@ -1,6 +0,0 @@ -kind: ServiceAccount -apiVersion: v1 -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "name" . }} diff --git a/resources/console/charts/backend/templates/service.yaml b/resources/console/charts/backend/templates/service.yaml deleted file mode 100644 index 68b3f58ae8b1..000000000000 --- a/resources/console/charts/backend/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.service.internalPort }} - targetPort: {{ .Values.service.externalPort }} - protocol: TCP - name: http - selector: - app: {{ template "name" . }} - release: {{ .Release.Name }} diff --git a/resources/console/charts/backend/templates/virtualservice.yaml b/resources/console/charts/backend/templates/virtualservice.yaml deleted file mode 100644 index 21734e1039c3..000000000000 --- a/resources/console/charts/backend/templates/virtualservice.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if .Values.virtualservice.enabled }} -{{- $serviceName := include "fullname" . -}} -{{- $servicePort := .Values.service.externalPort -}} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: -{{- if .Values.virtualservice.annotations }} - annotations: -{{ toYaml .Values.virtualservice.annotations | indent 4 }} -{{- end }} - name: {{ template "fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.virtualservice.labels }} -{{ toYaml .Values.virtualservice.labels | indent 4 }} -{{- end }} -spec: - hosts: - - '{{ .Values.virtualservice.host }}.{{ .Values.global.domainName }}' - gateways: - - {{ .Values.global.istio.gateway.name }} - http: - - match: - - uri: - regex: /.* - - headers: - content-type: - exact: application/json - route: - - destination: - port: - number: {{ $servicePort }} - host: {{ $serviceName }} - corsPolicy: - allowOrigins: - - regex: ".*" - allowHeaders: - - "authorization" - - "content-type" - allowMethods: - - "GET" - - "POST" - - "PUT" - - "DELETE" -{{- end }} \ No newline at end of file diff --git a/resources/console/charts/backend/values.yaml b/resources/console/charts/backend/values.yaml deleted file mode 100644 index b7ca80238f6b..000000000000 --- a/resources/console/charts/backend/values.yaml +++ /dev/null @@ -1,35 +0,0 @@ -replicaCount: 1 -image: - name: console-backend-service - pullPolicy: IfNotPresent -service: - internalPort: 3000 - internalPortName: http-cbs - externalPort: 3000 - protocol: TCP -virtualservice: - enabled: true - host: console-backend - annotations: {} -istio: - namespace: istio-system -verifySSL: false -tracing: - debug: false - serviceSpanName: console-backend-service -resources: - requests: - cpu: 5m - memory: 40Mi - limits: - cpu: 50m - memory: 220Mi - -systemNamespaces: "istio-system,kube-public,kube-system,kyma-installer,kyma-integration,kyma-system,natss,compass-system,kube-node-lease,kubernetes-dashboard" - -global: - tracing: - zipkinAddress: zipkin.kyma-system:9411 - -podSecurityPolicy: - enabled: true diff --git a/resources/console/charts/web/.helmignore b/resources/console/charts/web/.helmignore deleted file mode 100644 index f0c131944441..000000000000 --- a/resources/console/charts/web/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/resources/console/charts/web/Chart.yaml b/resources/console/charts/web/Chart.yaml deleted file mode 100644 index 1f837ce9fed0..000000000000 --- a/resources/console/charts/web/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -name: web -description: Console UI for Kyma -version: 0.2.0 -apiVersion: v1 diff --git a/resources/console/charts/web/README.md b/resources/console/charts/web/README.md deleted file mode 100644 index b5120af69e1a..000000000000 --- a/resources/console/charts/web/README.md +++ /dev/null @@ -1,17 +0,0 @@ -# Console - -## Overview - -The Console is a web-based UI for Kyma. -It allows users to manage specific functionality within Kyma along with basic Kubernetes resources. -The Console provides an extensibility mechanism which allows you to seamlessly integrate UI parts to achieve additional functionality. - -## Details - -This section provides details related to the configuration of the Console. - -### Configuration - -The deployment of the Console includes a [ConfigMap](templates/configmap.yaml). -The ConfigMap introduces a `config.js` file that is mounted as the asset of the Console application and injected as a configuration file. -Use this mechanism to overwrite the default configuration with custom values resulting from the Helm chart installation. diff --git a/resources/console/charts/web/templates/_helpers.tpl b/resources/console/charts/web/templates/_helpers.tpl deleted file mode 100644 index f0d83d2edba6..000000000000 --- a/resources/console/charts/web/templates/_helpers.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/resources/console/charts/web/templates/backendmodule.yaml b/resources/console/charts/web/templates/backendmodule.yaml deleted file mode 100644 index 3458302b88f8..000000000000 --- a/resources/console/charts/web/templates/backendmodule.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: ui.kyma-project.io/v1alpha1 -kind: BackendModule -metadata: - name: authentication \ No newline at end of file diff --git a/resources/console/charts/web/templates/configmap.yaml b/resources/console/charts/web/templates/configmap.yaml deleted file mode 100644 index af6d4c407844..000000000000 --- a/resources/console/charts/web/templates/configmap.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- $defaultIdpJwksUri := .Values.cluster.defaultIdpJwksUri | default "http://dex-service.kyma-system.svc.cluster.local:5556/keys" -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Chart.Name }}-config - namespace: {{ .Release.Namespace }} - labels: - app: console - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -data: - config.js: | - window.clusterConfig = { - authRedirectUri: 'https://console.{{ js .Values.global.domainName }}', - apiServerUrl: 'https://apiserver.{{ js .Values.global.domainName }}', - domain: '{{ js .Values.global.domainName }}', - consoleClientId: '{{ js .Values.cluster.consoleClientId }}', - scope: '{{ js .Values.cluster.scope }}', - orgId: '{{ js .Values.cluster.orgId }}', - orgName: '{{ js .Values.cluster.orgName }}', - headerLogoUrl: '{{ js .Values.cluster.headerLogoUrl }}', - headerTitle: '{{ js .Values.cluster.headerTitle }}', - faviconUrl: '{{ js .Values.cluster.faviconUrl }}', - gateway_kyma_cx_api_version: 'v1alpha2', - disabledNavigationNodes: '{{ js .Values.cluster.disabledNavigationNodes }}', - systemNamespaces: '{{ js .Values.cluster.systemNamespaces }}', - graphqlApiUrl: 'https://console-backend.{{ js .Values.global.domainName }}/graphql', - subscriptionsApiUrl: 'wss://console-backend.{{ js .Values.global.domainName }}/graphql', - defaultIdpJwksUri: '{{ js $defaultIdpJwksUri }}', - defaultIdpIssuer: 'https://dex.{{ js .Values.global.domainName }}', - namespaceAdminGroupName: '{{ js .Values.cluster.namespaceAdminGroupName }}', - runtimeAdminGroupName: '{{ js .Values.cluster.runtimeAdminGroupName }}', - bebEnabled: '{{ .Values.global.isBEBEnabled }}', - serverless: { - functionUsageKind: "serverless-function", - restrictedVariables: [ - 'FUNC_RUNTIME', - 'FUNC_HANDLER', - 'FUNC_PORT', - 'MOD_NAME', - 'NODE_PATH', - 'PYTHONPATH' - ], - resources: { - min: { - memory: '16Mi', - cpu: '10m', - }, - }, - }, - }; - - nginx-extended.conf: | - set $kymadomain {{ js .Values.global.domainName }}; diff --git a/resources/console/charts/web/templates/deployment.yaml b/resources/console/charts/web/templates/deployment.yaml deleted file mode 100644 index 6f5d5575fbea..000000000000 --- a/resources/console/charts/web/templates/deployment.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - kyma-project.io/component: frontend -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ template "fullname" . }} - release: {{ .Release.Name }} - # not used anymore but need to stay as the selector is immutable - kyma-alerts: enabled - kyma-component: ui - kyma-grafana: enabled - template: - metadata: - labels: - app: {{ template "fullname" . }} - release: {{ .Release.Name }} - kyma-project.io/component: frontend - # not used anymore but need to stay as it is used in the selector - kyma-alerts: enabled - kyma-component: ui - kyma-grafana: enabled - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: {{ template "fullname" . }} - containers: - - name: console - image: "{{ .Values.global.containerRegistry.path }}/console:{{ .Values.console.image.tag }}" - imagePullPolicy: {{ .Values.console.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - privileged: false - resources: - {{- toYaml .Values.console.resources | nindent 12 }} - livenessProbe: - httpGet: - path: /healthz - port: {{ .Values.console.statusPort }} - initialDelaySeconds: 10 - ports: - - containerPort: {{ .Values.console.statusPort }} - - containerPort: {{ .Values.console.service.internalPort }} - volumeMounts: - - name: config - mountPath: /usr/share/nginx/html/assets/config - - name: nginx - mountPath: /usr/share/nginx-extended/ - - name: core-ui - image: "{{ .Values.global.containerRegistry.path }}/core-ui:{{ .Values.core_ui.image.tag }}" - imagePullPolicy: {{ .Values.core_ui.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - privileged: false - resources: - {{- toYaml .Values.core_ui.resources | nindent 12 }} - livenessProbe: - httpGet: - path: /healthz - port: {{ .Values.core_ui.statusPort }} - initialDelaySeconds: 10 - ports: - - containerPort: {{ .Values.core_ui.statusPort }} - - containerPort: {{ .Values.core_ui.service.internalPort }} - volumeMounts: - - name: config - mountPath: /var/public/config - - name: nginx - mountPath: /usr/share/nginx-extended/ - volumes: - - name: config - configMap: - name: {{ .Chart.Name }}-config - items: - - key: config.js - path: config.js - - name: nginx - configMap: - name: {{ .Chart.Name }}-config - items: - - key: nginx-extended.conf - path: nginx-extended.conf - {{- if .Values.global.priorityClassName }} - priorityClassName: {{ .Values.global.priorityClassName }} - {{- end }} diff --git a/resources/console/charts/web/templates/destination-rule-core-ui.yaml b/resources/console/charts/web/templates/destination-rule-core-ui.yaml deleted file mode 100644 index 0db17a016097..000000000000 --- a/resources/console/charts/web/templates/destination-rule-core-ui.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: "networking.istio.io/v1alpha3" -kind: "DestinationRule" -metadata: - name: {{ template "fullname" . }}-core-ui -spec: - host: {{ template "fullname" . }}-core-ui.{{ .Release.Namespace }}.svc.cluster.local - trafficPolicy: - tls: - mode: DISABLE \ No newline at end of file diff --git a/resources/console/charts/web/templates/destination-rule.yaml b/resources/console/charts/web/templates/destination-rule.yaml deleted file mode 100644 index 26b48a289481..000000000000 --- a/resources/console/charts/web/templates/destination-rule.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: "networking.istio.io/v1alpha3" -kind: "DestinationRule" -metadata: - name: {{ template "fullname" . }} -spec: - host: {{ template "fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - trafficPolicy: - tls: - mode: DISABLE \ No newline at end of file diff --git a/resources/console/charts/web/templates/kubernetes-dashboard-admin.yaml b/resources/console/charts/web/templates/kubernetes-dashboard-admin.yaml deleted file mode 100644 index 59905acd0c24..000000000000 --- a/resources/console/charts/web/templates/kubernetes-dashboard-admin.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubernetes-dashboard-kyma-admin - labels: - app: kyma -subjects: -- kind: ServiceAccount - name: kubernetes-dashboard - namespace: kube-system -roleRef: - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io - name: kyma-admin \ No newline at end of file diff --git a/resources/console/charts/web/templates/psp.yaml b/resources/console/charts/web/templates/psp.yaml deleted file mode 100644 index 683440ef3279..000000000000 --- a/resources/console/charts/web/templates/psp.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - kyma-project.io/component: frontend -spec: - allowPrivilegeEscalation: false - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: true - volumes: - - emptyDir - - configMap -{{- end }} \ No newline at end of file diff --git a/resources/console/charts/web/templates/rbac.yaml b/resources/console/charts/web/templates/rbac.yaml deleted file mode 100644 index a1e5fc17aeac..000000000000 --- a/resources/console/charts/web/templates/rbac.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "fullname" . }} ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "fullname" . }} - namespace: {{ .Release.Namespace }} -rules: -{{- if .Values.podSecurityPolicy.enabled }} - - apiGroups: ["extensions","policy"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - {{ template "fullname" . }} - {{- end }} ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "fullname" . }} - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: {{ template "fullname" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "fullname" . }} \ No newline at end of file diff --git a/resources/console/charts/web/templates/service-core-ui.yaml b/resources/console/charts/web/templates/service-core-ui.yaml deleted file mode 100644 index f63fb72427a1..000000000000 --- a/resources/console/charts/web/templates/service-core-ui.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "fullname" . }}-core-ui - labels: - app: console-{{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.core_ui.service.externalPort }} - name: http2-core-ui - targetPort: {{ .Values.core_ui.service.internalPort }} - - port: {{ .Values.core_ui.statusPort }} - name: status-port-core-ui - targetPort: {{ .Values.core_ui.statusPort }} - selector: - app: console-{{ template "name" . }} - release: {{ .Release.Name }} - diff --git a/resources/console/charts/web/templates/service.yaml b/resources/console/charts/web/templates/service.yaml deleted file mode 100644 index 64528f75de86..000000000000 --- a/resources/console/charts/web/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "fullname" . }} - labels: - app: console-{{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.console.service.externalPort }} - name: http2-console - targetPort: {{ .Values.console.service.internalPort }} - - port: {{ .Values.console.statusPort }} - name: status-port-console - targetPort: {{ .Values.console.statusPort }} - selector: - app: console-{{ template "name" . }} - release: {{ .Release.Name }} - diff --git a/resources/console/charts/web/templates/test/rbac.yaml b/resources/console/charts/web/templates/test/rbac.yaml deleted file mode 100644 index e3a0f8169886..000000000000 --- a/resources/console/charts/web/templates/test/rbac.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if .Values.test.acceptance.enabled }} -kind: ServiceAccount -apiVersion: v1 -metadata: - name: {{ template "fullname" . }}-tests - labels: - app: {{ template "fullname" . }}-tests - app.kubernetes.io/name: {{ .Chart.Name }}-tests - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "fullname" . }}-tests - labels: - app: {{ template "fullname" . }}-tests - app.kubernetes.io/name: {{ template "fullname" . }}-tests - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -rules: - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["list"] - - apiGroups: ["ui.kyma-project.io"] - resources: ["backendmodules"] - verbs: ["list"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "fullname" . }}-tests - labels: - app: {{ template "fullname" . }}-tests - app.kubernetes.io/name: {{ template "fullname" . }}-tests - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -subjects: - - kind: ServiceAccount - name: {{ template "fullname" . }}-tests - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "fullname" . }}-tests -{{- end }} diff --git a/resources/console/charts/web/templates/test/test.yaml b/resources/console/charts/web/templates/test/test.yaml deleted file mode 100644 index edce83c7691d..000000000000 --- a/resources/console/charts/web/templates/test/test.yaml +++ /dev/null @@ -1,87 +0,0 @@ -{{- if and ( .Values.test.acceptance.enabled ) ( .Capabilities.APIVersions.Has "testing.kyma-project.io/v1alpha1" ) }} -apiVersion: "testing.kyma-project.io/v1alpha1" -kind: TestDefinition -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "fullname" . }} - app.kubernetes.io/name: {{ template "fullname" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - {{- range $key, $val := .Values.test.acceptance.labels }} - kyma-project.io/test.{{ $key }}: {{ $val | quote }} - {{- end }} - -spec: - disableConcurrency: false - template: - metadata: - annotations: - sidecar.istio.io/inject: "true" - labels: - purpose: testing - app: {{ template "fullname" . }}-tests - spec: - {{ if .Values.global.isLocalEnv }} - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "apiserver.{{ .Values.global.domainName }}" - - "console.{{ .Values.global.domainName }}" - - "catalog.{{ .Values.global.domainName }}" - - "instances.{{ .Values.global.domainName }}" - - "brokers.{{ .Values.global.domainName }}" - - "dex.{{ .Values.global.domainName }}" - - "lambdas-ui.{{ .Values.global.domainName }}" - - "console-backend.{{ .Values.global.domainName }}" - - "storage.{{ .Values.global.domainName }}" - - "core-ui.{{ .Values.global.domainName }}" - {{ end }} - serviceAccountName: {{ template "fullname" . }}-tests - containers: - - name: tests - image: {{ .Values.global.containerRegistry.path }}/ui-tests:{{ .Values.global.ui_acceptance_tests.version }} - imagePullPolicy: IfNotPresent - resources: - requests: - memory: {{ .Values.test.acceptance.ui.requests.memory }} - cpu: {{ .Values.test.acceptance.ui.requests.cpu }} - limits: - memory: {{ .Values.test.acceptance.ui.limits.memory }} - cpu: {{ .Values.test.acceptance.ui.limits.cpu }} - env: - - name: CYPRESS_DOMAIN - value: {{ .Values.global.domainName }} - - name: CYPRESS_LOGIN - valueFrom: - secretKeyRef: - name: admin-user - key: email - - name: CYPRESS_PASSWORD - valueFrom: - secretKeyRef: - name: admin-user - key: password - - name: CYPRESS_DISABLE_LEGACY_CONNECTIVITY - value: {{ .Values.global.disableLegacyConnectivity | quote }} - - name: CYPRESS_CATALOG_ENABLED - value: {{ .Values.test.acceptance.ui.service_catalog.enabled | quote }} - - name: CYPRESS_FUNCTIONS_ENABLED - value: {{ .Values.test.acceptance.ui.functions.enabled | quote }} - command: - - "/bin/sh" - args: - - "-c" - - | - echo 'TESTING start' - sleep 10 - npm run test:cluster - exit_code=$? - echo "code is $exit_code" - echo 'killing pilot-agent...' - curl -XPOST http://127.0.0.1:15020/quitquitquit - sleep 4 - exit $exit_code - restartPolicy: Never -{{- end}} diff --git a/resources/console/charts/web/templates/virtualservice-console.yaml b/resources/console/charts/web/templates/virtualservice-console.yaml deleted file mode 100644 index 4dbced47b209..000000000000 --- a/resources/console/charts/web/templates/virtualservice-console.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- $serviceName := include "fullname" . -}} -{{- $servicePort := .Values.core_ui.service.externalPort -}} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: {{ template "fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - hosts: - - console.{{ .Values.global.domainName }} - gateways: - - {{ .Values.global.istio.gateway.name }} - http: - - match: - - uri: - regex: /.* - route: - - destination: - port: - number: {{ $servicePort }} - host: {{ $serviceName }} \ No newline at end of file diff --git a/resources/console/charts/web/templates/virtualservice-core-ui.yaml b/resources/console/charts/web/templates/virtualservice-core-ui.yaml deleted file mode 100644 index 78b138bf9228..000000000000 --- a/resources/console/charts/web/templates/virtualservice-core-ui.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- $serviceName := include "fullname" . -}} -{{- $servicePort := .Values.core_ui.service.externalPort -}} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: {{ template "fullname" . }}-core-ui - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - hosts: - - core-ui.{{ .Values.global.domainName }} - gateways: - - {{ .Values.global.istio.gateway.name }} - http: - - match: - - uri: - regex: /.* - route: - - destination: - port: - number: {{ $servicePort }} - host: {{ $serviceName }}-core-ui \ No newline at end of file diff --git a/resources/console/charts/web/values.yaml b/resources/console/charts/web/values.yaml deleted file mode 100644 index 0106b665db69..000000000000 --- a/resources/console/charts/web/values.yaml +++ /dev/null @@ -1,72 +0,0 @@ -cluster: - consoleClientId: console - disabledNavigationNodes: "" - faviconUrl: favicon.ico - headerLogoUrl: assets/logo.svg - headerTitle: "" - namespaceAdminGroupName: runtimeNamespaceAdmin - orgId: my-org-123 - orgName: My Organization - runtimeAdminGroupName: runtimeAdmin - scope: audience:server:client_id:kyma-client audience:server:client_id:console openid - profile email groups - systemNamespaces: istio-system kube-public kube-system - kyma-installer kyma-integration kyma-system natss compass-system kube-node-lease - kubernetes-dashboard -console: - image: - pullPolicy: IfNotPresent - tag: "c60a3c68" - service: - externalPort: 80 - internalPort: 8080 - name: nginx - statusPort: 6080 - resources: - requests: - cpu: 2m - memory: 2Mi - limits: - cpu: 40m - memory: 64Mi -core_ui: - image: - pullPolicy: IfNotPresent - tag: "c60a3c68" - service: - externalPort: 80 - internalPort: 80 - name: nginx - statusPort: 6081 - resources: - requests: - cpu: 2m - memory: 16Mi - limits: - cpu: 40m - memory: 64Mi -managementPlane: {} -replicaCount: 1 -test: - acceptance: - labels: - integration: true - after-upgrade: true - enabled: true - ui: - # tests uses chromium that require more memory - limits: - cpu: 400m - memory: 1.5Gi - requests: - cpu: 350m - memory: 900Mi - service_catalog: - enabled: true - functions: - enabled: true - rafter: - enabled: true - -podSecurityPolicy: - enabled: true diff --git a/resources/console/profile-evaluation.yaml b/resources/console/profile-evaluation.yaml deleted file mode 100644 index 7d1b40a02b38..000000000000 --- a/resources/console/profile-evaluation.yaml +++ /dev/null @@ -1,25 +0,0 @@ -web: - console: - resources: - requests: - cpu: 2m - memory: 2Mi - limits: - cpu: 40m - memory: 16Mi - core_ui: - resources: - requests: - cpu: 2m - memory: 16Mi - limits: - cpu: 40m - memory: 32Mi -backend: - resources: - requests: - cpu: 2m - memory: 40Mi - limits: - cpu: 50m - memory: 80Mi diff --git a/resources/console/requirements.yaml b/resources/console/requirements.yaml deleted file mode 100644 index 47caed271e68..000000000000 --- a/resources/console/requirements.yaml +++ /dev/null @@ -1,5 +0,0 @@ -dependencies: - - name: web - condition: web.enabled - - name: backend - condition: backend.enabled diff --git a/resources/console/values.yaml b/resources/console/values.yaml deleted file mode 100644 index 40de67863056..000000000000 --- a/resources/console/values.yaml +++ /dev/null @@ -1,27 +0,0 @@ -dex: - tls: - createSecret: false - -console: - cluster: - headerLogoUrl: "assets/logo.svg" - headerTitle: "" - faviconUrl: "favicon.ico" - -global: - isLocalEnv: false - isBEBEnabled: true - knative: - false - # Change value below to your own GitHub user name if you want point to documentation sources from your fork - # Example: kymaOrgName: "kyma-incubator" - kymaOrgName: "kyma-project" - containerRegistry: - path: eu.gcr.io/kyma-project - istio: - gateway: - name: kyma-gateway - ui_acceptance_tests: - version: "93bb0fcb" - console_backend_service: - version: "a06e0e38" diff --git a/resources/core/.helmignore b/resources/core/.helmignore deleted file mode 100644 index f0c131944441..000000000000 --- a/resources/core/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/resources/core/Chart.yaml b/resources/core/Chart.yaml deleted file mode 100644 index 0d73522e04ed..000000000000 --- a/resources/core/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: Kyma component 'core' -name: core -version: 1.0.0 -home: https://kyma-project.io -icon: https://github.com/kyma-project/kyma/blob/main/logo.png?raw=true diff --git a/resources/core/README.md b/resources/core/README.md deleted file mode 100644 index 3ac2059a6b5c..000000000000 --- a/resources/core/README.md +++ /dev/null @@ -1,34 +0,0 @@ -# Core - -## Overview - -According to the [Manifesto](https://kyma-project.github.io/community/), Kyma is a product with batteries included. The `core` directory contains all components required to run Kyma. For more details about each core component, see the corresponding README.md files. - -## Details - -This section describes how to add a new core component. It also describes how to configure or disable a component that already exists. - -### Add a new core component - -If you develop a new core component, add a new sub-chart to the `core` directory. -Update the [`requirements.yaml`](requirements.yaml) file by adding the **name** and **condition** attributes for the created component. -To learn more about the **condition** attribute, see the [tags and condition fields in helm charts](https://github.com/kubernetes/helm/blob/release-2.7/docs/charts.md#tags-and-condition-fields-in-requirementsyaml) documentation. - -### Inject sensitive data into a core component - -To inject sensitive data into a core component during the Kyma installation, follow these steps: -1. Create the `secrets.yaml` file locally. In the file, include the name of the component to inject sensitive data to: - - ``` - helm-broker: - config: - basic_auth_password: p4ssw0rd - ``` - - Use the same `secrets.yaml` file for all core components. The structure of the **config** section is different for each component. For more details, see the `values.yaml` files associated with specific components. - -2. Start a container during the [installation](../../docs/04-operation-guides/operations/02-install-kyma.md), and mount the `secrets.yaml` file in the `run.sh` script with the following command: - - ``` - ./run.sh -s ${PATH_TO_DIRECTORY_WITH_THE_SECRET_YAML_FILE}/secrets.yaml - ``` diff --git a/resources/core/charts/gateway/Chart.yaml b/resources/core/charts/gateway/Chart.yaml deleted file mode 100644 index 8293f31f441f..000000000000 --- a/resources/core/charts/gateway/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: Kyma gateway -version: 0.0.1 -description: Gateway for Kyma -keywords: -- gateway -apiVersion: v1 diff --git a/resources/core/charts/gateway/OWNERS b/resources/core/charts/gateway/OWNERS deleted file mode 100644 index 8cc5c54efd68..000000000000 --- a/resources/core/charts/gateway/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -approvers: - - Tomasz-Smelcerz-SAP - - strekm - - piotrmsc - - kubadz - - Demonsthere - -labels: -- area/service-mesh -- area/security diff --git a/resources/core/charts/gateway/templates/gateway.yaml b/resources/core/charts/gateway/templates/gateway.yaml deleted file mode 100644 index fd5dc638456b..000000000000 --- a/resources/core/charts/gateway/templates/gateway.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: {{ .Values.global.istio.gateway.name }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/resource-policy": keep -spec: - selector: - app: istio-ingressgateway - istio: ingressgateway # use istio default ingress gateway - servers: - - port: - number: 443 - name: https - protocol: HTTPS - tls: - mode: SIMPLE - credentialName: {{ .Values.global.istio.gateway.name }}-certs - minProtocolVersion: TLSV1_2 - cipherSuites: - - ECDHE-RSA-CHACHA20-POLY1305 - - ECDHE-RSA-AES256-GCM-SHA384 - - ECDHE-RSA-AES256-SHA - - ECDHE-RSA-AES128-GCM-SHA256 - - ECDHE-RSA-AES128-SHA - hosts: - - "*.{{ .Values.global.domainName }}" - - port: - number: 80 - name: http - protocol: HTTP - tls: - httpsRedirect: true # automatic 301 redirect from http to https - hosts: - - "*.{{ .Values.global.domainName }}" \ No newline at end of file diff --git a/resources/core/charts/gateway/templates/kyma-gateway-certs.yaml b/resources/core/charts/gateway/templates/kyma-gateway-certs.yaml deleted file mode 100644 index 577a04dda72c..000000000000 --- a/resources/core/charts/gateway/templates/kyma-gateway-certs.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{ if not .Values.global.environment.gardener }} -apiVersion: v1 -data: - "key": {{ .Values.global.ingress.tlsKey }} - "cert": {{ .Values.global.ingress.tlsCrt }} -kind: Secret -metadata: - name: {{ .Values.global.istio.gateway.name }}-certs - namespace: istio-system -type: Opaque -{{ end }} diff --git a/resources/core/charts/gateway/values.yaml b/resources/core/charts/gateway/values.yaml deleted file mode 100644 index 4064a0a2c03f..000000000000 --- a/resources/core/charts/gateway/values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -global: - compass: - mtls: - secret: - name: kyma-gateway-certs - host: compass-gateway-mtls \ No newline at end of file diff --git a/resources/core/requirements.yaml b/resources/core/requirements.yaml deleted file mode 100644 index 703955e1f97d..000000000000 --- a/resources/core/requirements.yaml +++ /dev/null @@ -1 +0,0 @@ -dependencies: diff --git a/resources/core/templates/_helpers.tpl b/resources/core/templates/_helpers.tpl deleted file mode 100644 index a39afa368a8a..000000000000 --- a/resources/core/templates/_helpers.tpl +++ /dev/null @@ -1,15 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- printf "%s-%s" .Release.Name .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/resources/core/values.yaml b/resources/core/values.yaml deleted file mode 100644 index 923030d35cd7..000000000000 --- a/resources/core/values.yaml +++ /dev/null @@ -1,50 +0,0 @@ -dex: - tls: - createSecret: false - -global: - isLocalEnv: false - knative: - false - containerRegistry: - path: eu.gcr.io/kyma-project - istio: - gateway: - name: kyma-gateway - api_controller: - dir: - version: 3b88aaaf - namespace_controller: - dir: develop/ - version: 8a10f0ed - test_namespace_controller: - dir: develop/ - version: 6b4c356f - xip_patch: - dir: - version: fe9f5885 - e2e_external_solution: - dir: - version: ab053ac3 - e2e_external_solution_test_service: - dir: - version: 9913ea21 - disableLegacyConnectivity: false - -tests: - application_connector_tests: - connector_service: - central: false - labels: - integration: true - after-upgrade: true - -test: - external_solution: - event_mesh: - enabled: true - testsuite: e2e-event-mesh - labels: - integration: true - after-upgrade: true - diff --git a/resources/dex/Chart.yaml b/resources/dex/Chart.yaml deleted file mode 100644 index e19a676463c1..000000000000 --- a/resources/dex/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -appVersion: "1b1ee80f" -description: Kyma component 'dex' -name: dex -version: 1.0.0 -home: https://kyma-project.io -icon: https://github.com/kyma-project/kyma/blob/main/logo.png?raw=true diff --git a/resources/dex/OWNERS b/resources/dex/OWNERS deleted file mode 100644 index 8cc5c54efd68..000000000000 --- a/resources/dex/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -approvers: - - Tomasz-Smelcerz-SAP - - strekm - - piotrmsc - - kubadz - - Demonsthere - -labels: -- area/service-mesh -- area/security diff --git a/resources/dex/README.md b/resources/dex/README.md deleted file mode 100644 index e0b47c2d2191..000000000000 --- a/resources/dex/README.md +++ /dev/null @@ -1,72 +0,0 @@ -# Dex - -## Overview - -Dex is an identity service that delegates user authentication to external identity providers using [connectors](https://github.com/coreos/dex#connectors). -For more details about Dex, see the [Dex GitHub](https://github.com/coreos/dex) project. - -## Details - -Currently, Dex uses a static user database and authenticates static users by itself, instead of using a fully-integrated authentication solution. Dex also comes with a static list of clients allowed to initiate the OAuth2 flow. - -For the list of static Dex users and clients, as well as the information about the connectors that delegate authentication to external identity providers, see the [dex-config-map.yaml](templates/dex-config-map.yaml) file. - -Dex is exposed using the [Istio VirtualService](https://istio.io/docs/reference/config/networking/virtual-service/) feature. Access Dex at `https://dex.{CLUSTER_DOMAIN}`. - -## Configuration - -This chart allows you to provide configuration for Dex connectors and clients using the Helm overrides mechanism. - ->**TIP:** You can use Go Template expressions in the override value. These expressions are resolved by Helm using the same set of overrides as configured for the entire chart. - -### Connectors - -Configure connectors through the `connectors` override. -Provide the Dex connectors list as a single string in the `yaml` format. See [these](https://github.com/dexidp/dex/blob/master/README.md#connectors) documents for syntax details. - -This is an example of a connector configuration string: -```yaml - connectors: |- - - type: saml - id: iaa - name: IAA - config: - # Issuer for SAML Request - entityIssuer: dex.{{ .Values.global.domainName }} - ssoURL: https://{{ .Values.idp.tenant | default "someDefault" }}.{{ .Values.idp.domain | default "mytenant.mydomain.com" }}/saml2/idp/sso?sp=dex.{{ .Values.global.domainName }} - ca: {{ .Values.idp.caPath}}/ca.pem - redirectURI: https://dex.{{ .Values.global.domainName }}/callback - usernameAttr: mail - emailAttr: mail - groupsAttr: groups -``` - -### Clients - -Configure Dex clients through the `oidc.staticClientsExtra` override. Pass the list of clients as a single string in the `yaml` format. - ->**CAUTION:** The `oidc.staticClientsBase` override defines the basic clients required by Kyma. Do not edit this override. - -This is an example of a client configuration string: -```yaml - oidc.staticClientsExtra: |- - - id: console2 - name: Console2 - redirectURIs: - - 'http://console-dev.{{ .Values.global.domainName }}:4200' - - 'https://console.{{ .Values.global.domainName }}' - secret: a1b2c3d4xyz -``` -### Custom volumes - -Configure additional volumes and mounts required for certificates using the `volumeMountsExtra` and `volumesExtra` overrides. Pass the list of volumes and mounts as a single string in the `yaml` format. - -This is an example of an extra volume and mount pair: -```yaml -volumeMountsExtra: |- - - name: config - mountPath: /foo -volumesExtra: |- - - name: extra-config - emptyDir: {} -``` diff --git a/resources/dex/templates/_helpers.tpl b/resources/dex/templates/_helpers.tpl deleted file mode 100644 index f0d83d2edba6..000000000000 --- a/resources/dex/templates/_helpers.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/resources/dex/templates/dashboard-configmap.yaml b/resources/dex/templates/dashboard-configmap.yaml deleted file mode 100644 index 98f57baa0a29..000000000000 --- a/resources/dex/templates/dashboard-configmap.yaml +++ /dev/null @@ -1,903 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: dex-dashboard - labels: - grafana_dashboard: "1" - app: monitoring-grafana -data: - dex-dashboard.json: |- -{{` { - "annotations":{ - "list":[ - { - "builtIn":1, - "datasource":"-- Grafana --", - "enable":true, - "hide":true, - "iconColor":"rgba(0, 211, 255, 1)", - "name":"Annotations & Alerts", - "type":"dashboard" - } - ] - }, - "editable":false, - "gnetId":null, - "graphTooltip":0, - "links":[ - - ], - "panels":[ - { - "collapsed":false, - "gridPos":{ - "h":1, - "w":24, - "x":0, - "y":0 - }, - "id":10, - "panels":[ - - ], - "title":"Application metrics", - "type":"row" - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"Prometheus", - "fill":1, - "gridPos":{ - "h":8, - "w":12, - "x":0, - "y":1 - }, - "id":6, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "paceLength":10, - "percentage":false, - "pointradius":2, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"go_goroutines{service=\"dex-service\"}", - "format":"time_series", - "intervalFactor":1, - "refId":"A", - "legendFormat":"{{ pod }}" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeRegions":[ - - ], - "timeShift":null, - "title":"Goroutines", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"Prometheus", - "fill":1, - "gridPos":{ - "h":8, - "w":12, - "x":12, - "y":1 - }, - "id":8, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "paceLength":10, - "percentage":false, - "pointradius":2, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"go_threads{service=\"dex-service\"}", - "format":"time_series", - "intervalFactor":1, - "refId":"A", - "legendFormat":"{{ pod }}" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeRegions":[ - - ], - "timeShift":null, - "title":"Go threads", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"Prometheus", - "fill":1, - "gridPos":{ - "h":8, - "w":12, - "x":0, - "y":9 - }, - "id":12, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "paceLength":10, - "percentage":false, - "pointradius":2, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"go_gc_duration_seconds{service=\"dex-service\"}", - "format":"time_series", - "intervalFactor":1, - "refId":"A", - "legendFormat":"quantile: {{ quantile }} ({{ pod }})" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeRegions":[ - - ], - "timeShift":null, - "title":"GC invocations durations", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"Prometheus", - "fill":1, - "gridPos":{ - "h":8, - "w":12, - "x":12, - "y":9 - }, - "id":16, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "paceLength":10, - "percentage":false, - "pointradius":2, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"go_memstats_heap_inuse_bytes{job=\"dex-service\"}", - "format":"time_series", - "intervalFactor":2, - "legendFormat":"Heap in use", - "refId":"A" - }, - { - "expr":"go_memstats_stack_inuse_bytes{job=\"dex-service\"}", - "format":"time_series", - "intervalFactor":2, - "legendFormat":"Stack in use", - "refId":"B" - }, - { - "expr":"container_memory_usage_bytes{container=~\"dex|istio-proxy\", pod_=~\"dex.*\"}", - "format":"time_series", - "intervalFactor":2, - "legendFormat":"{{ container }} (k8s)", - "refId":"C" - }, - { - "expr":"sum(container_memory_usage_bytes{container=~\"dex|istio-proxy\", pod=~\"dex.*\"})", - "format":"time_series", - "intervalFactor":2, - "legendFormat":"Total", - "refId":"D" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeRegions":[ - - ], - "timeShift":null, - "title":"Memory", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"bytes", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "collapsed":false, - "gridPos":{ - "h":1, - "w":24, - "x":0, - "y":17 - }, - "id":4, - "panels":[ - - ], - "title":"Network metrics", - "type":"row" - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"Prometheus", - "fill":1, - "gridPos":{ - "h":8, - "w":12, - "x":0, - "y":18 - }, - "id":20, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "paceLength":10, - "percentage":false, - "pointradius":2, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"sum(rate(http_requests_total{service=~\"dex.*\"}[5m])) by (job)", - "format":"time_series", - "intervalFactor":2, - "refId":"A", - "legendFormat":"{{ job }}" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeRegions":[ - - ], - "timeShift":null, - "title":"Req/s", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"reqps", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"Prometheus", - "fill":1, - "gridPos":{ - "h":8, - "w":12, - "x":12, - "y":18 - }, - "id":18, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "paceLength":10, - "percentage":false, - "pointradius":2, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"rate(http_requests_total{service=~\"dex.*\",code=~\"5.*\"}[5m]) / rate(http_requests_total[5m])\n\n", - "format":"time_series", - "intervalFactor":1, - "refId":"A" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeRegions":[ - - ], - "timeShift":null, - "title":"HTTP Error Rates (5xx)", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"Prometheus", - "fill":1, - "gridPos":{ - "h":8, - "w":12, - "x":0, - "y":26 - }, - "id":2, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "paceLength":10, - "percentage":false, - "pointradius":2, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"sum by (code) (rate(http_requests_total{service=\"dex-service\"}[5m]))", - "format":"time_series", - "intervalFactor":2, - "legendFormat":"{{ code }}", - "refId":"A" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeRegions":[ - - ], - "timeShift":null, - "title":"Request rate by status code", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"reqps", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - }, - { - "aliasColors":{ - - }, - "bars":false, - "dashLength":10, - "dashes":false, - "datasource":"Prometheus", - "fill":1, - "gridPos":{ - "h":8, - "w":12, - "x":12, - "y":26 - }, - "id":14, - "legend":{ - "avg":false, - "current":false, - "max":false, - "min":false, - "show":true, - "total":false, - "values":false - }, - "lines":true, - "linewidth":1, - "links":[ - - ], - "nullPointMode":"null", - "paceLength":10, - "percentage":false, - "pointradius":2, - "points":false, - "renderer":"flot", - "seriesOverrides":[ - - ], - "stack":false, - "steppedLine":false, - "targets":[ - { - "expr":"sort_desc(sum by (pod) (rate(container_network_receive_bytes_total{pod=~\"dex.*\"}[1m])))", - "format":"time_series", - "intervalFactor":2, - "refId":"A", - "legendFormat":"{{ pod }}" - } - ], - "thresholds":[ - - ], - "timeFrom":null, - "timeRegions":[ - - ], - "timeShift":null, - "title":"Network I/O", - "tooltip":{ - "shared":true, - "sort":0, - "value_type":"individual" - }, - "type":"graph", - "xaxis":{ - "buckets":null, - "mode":"time", - "name":null, - "show":true, - "values":[ - - ] - }, - "yaxes":[ - { - "format":"bytes", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - }, - { - "format":"short", - "label":null, - "logBase":1, - "max":null, - "min":null, - "show":true - } - ], - "yaxis":{ - "align":false, - "alignLevel":null - } - } - ], - "schemaVersion":18, - "style":"dark", - "tags":[ - "auth", - "kyma" - ], - "templating":{ - "list":[ - - ] - }, - "time":{ - "from":"now-1h", - "to":"now" - }, - "refresh": "10s", - "timepicker":{ - "refresh_intervals":[ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options":[ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone":"", - "title":"Kyma / Dex", - "uid":"XI29IpoWk", - "version":1 - }`}} diff --git a/resources/dex/templates/destination-rule.yaml b/resources/dex/templates/destination-rule.yaml deleted file mode 100644 index ddcb53642c41..000000000000 --- a/resources/dex/templates/destination-rule.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: dex-service -spec: - host: dex-service.{{ .Release.Namespace }}.svc.cluster.local - trafficPolicy: - tls: - mode: DISABLE \ No newline at end of file diff --git a/resources/dex/templates/dex-config-map.yaml b/resources/dex/templates/dex-config-map.yaml deleted file mode 100644 index 2f3f6bb044cb..000000000000 --- a/resources/dex/templates/dex-config-map.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: dex-config - namespace: {{ .Release.Namespace }} - labels: - app: dex - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -data: - config.yaml: | - issuer: https://dex.{{ .Values.global.domainName }} - # extending it to 15days because apparently Istio does not handle ID token validation properly - expiry: -{{ toYaml .Values.dex.expiry | trim | indent 6 }} - storage: - type: kubernetes - config: - inCluster: true - logger: - level: {{ .Values.dex.logger.level }} - format: {{ .Values.dex.logger.format }} - {{ if .Values.telemetry.enabled }} - telemetry: - http: 0.0.0.0:{{.Values.telemetry.port}} - {{ end }} - web: - http: 0.0.0.0:{{ .Values.containerPort }} - - {{- with .Values.connectors }} - connectors: - {{- tpl . $ | nindent 4 }} - {{- end }} - - oauth2: - skipApprovalScreen: true - responseTypes: ["code", "token", "id_token"] - - staticClients: - {{- with .Values.oidc.staticClientsBase }} - {{- tpl . $ | nindent 4 }} - {{- end -}} - {{- with .Values.oidc.staticClientsExtra }} - {{- tpl . $ | nindent 4 }} - {{- end }} - {{ if .Values.dex.useStaticConnector }} - enablePasswordDB: true - #__STATIC_PASSWORDS__ - {{ end }} diff --git a/resources/dex/templates/dex-deployment.yaml b/resources/dex/templates/dex-deployment.yaml deleted file mode 100644 index 03bf64cfcde9..000000000000 --- a/resources/dex/templates/dex-deployment.yaml +++ /dev/null @@ -1,89 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: dex - namespace: {{ .Release.Namespace }} - labels: - app: dex - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -spec: - selector: - matchLabels: - app: dex - replicas: {{ .Values.replicaCount }} - strategy: - {{- toYaml .Values.deploymentStrategy | nindent 4 }} - template: - metadata: - labels: - app: dex - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/dex-config-map.yaml") . | sha256sum }} - spec: - serviceAccountName: dex-account - nodeSelector: - {{- toYaml .Values.nodeSelector | nindent 8 }} - containers: - - image: {{ .Values.imageRegistry }}/dex:{{ .Chart.AppVersion }} - name: dex - command: ["/usr/local/bin/dex", "serve", "/etc/dex/cfg/config.yaml"] - resources: -{{ toYaml .Values.resources | indent 10 }} - securityContext: -{{ toYaml .Values.securityContext | indent 10 }} - ports: - - name: http - containerPort: {{ .Values.containerPort }} - volumeMounts: - - name: config - mountPath: /etc/dex/cfg - {{- with .Values.volumeMountsExtra }} - {{- tpl . $ | nindent 8 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /healthz - port: {{ .Values.containerPort }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end -}} - {{ if .Values.dex.useStaticConnector }} - initContainers: - - name: dex-users-configurator - image: {{ .Values.global.containerRegistry.path }}/{{ .Values.global.dex_static_user_configurer.dir }}dex-static-user-configurer:{{ .Values.global.dex_static_user_configurer.version }} - volumeMounts: - - name: config - mountPath: /config/dst - - name: config-tpl - mountPath: /config/src - securityContext: -{{ toYaml .Values.securityContext | indent 10 }} - volumes: - - name: config-tpl - configMap: - name: dex-config - items: - - key: config.yaml - path: config.yaml - - name: config - emptyDir: {} - {{ else }} - volumes: - - name: config - configMap: - name: dex-config - items: - - key: config.yaml - path: config.yaml - {{ end }} - {{- with .Values.volumesExtra }} - {{- tpl . $ | nindent 6 }} - {{- end }} - {{- if .Values.global.priorityClassName }} - priorityClassName: {{ .Values.global.priorityClassName }} - {{- end }} diff --git a/resources/dex/templates/dex-rbac-role.yaml b/resources/dex/templates/dex-rbac-role.yaml deleted file mode 100644 index 3f89a15d66d5..000000000000 --- a/resources/dex/templates/dex-rbac-role.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: dex-role - namespace: {{ .Release.Namespace }} - labels: - app: dex - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -rules: - - apiGroups: ["rbac.authorization.k8s.io", "dex.coreos.com"] # API group created by dex - resources: ["*"] - verbs: ["*"] - nonResourceURLs: [] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create"] - {{- if .Values.dex.useStaticConnector }} - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - {{- end }} ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: dex-role - namespace: {{ .Release.Namespace }} - labels: - app: dex - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - annotations: - helm.sh/hook-weight: "1" -subjects: - - kind: ServiceAccount - name: dex-account # Service account assigned to the dex pod. - namespace: {{ .Release.Namespace }} # The namespace dex is running in. -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dex-role diff --git a/resources/dex/templates/dex-service-account.yaml b/resources/dex/templates/dex-service-account.yaml deleted file mode 100644 index 75f7b14fa13f..000000000000 --- a/resources/dex/templates/dex-service-account.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: dex-account - namespace: {{ .Release.Namespace }} - labels: - app: dex - chart: {{ .Chart.Name }}-{{ .Chart.Version }} diff --git a/resources/dex/templates/dex-service.yaml b/resources/dex/templates/dex-service.yaml deleted file mode 100644 index 868c1f329ca4..000000000000 --- a/resources/dex/templates/dex-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: dex-service - namespace: {{ .Release.Namespace }} - labels: - app: dex - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -spec: - ports: - - name: http - port: {{.Values.containerPort}} - targetPort: {{.Values.containerPort}} -{{ if .Values.telemetry.enabled }} - - name: http-metrics - port: {{.Values.telemetry.port}} - targetPort: {{.Values.telemetry.port}} -{{ end }} - selector: - app: dex diff --git a/resources/dex/templates/dex-users-secret.yaml b/resources/dex/templates/dex-users-secret.yaml deleted file mode 100644 index 237ff0ffbf88..000000000000 --- a/resources/dex/templates/dex-users-secret.yaml +++ /dev/null @@ -1,92 +0,0 @@ -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: admin-user - namespace: {{ .Release.Namespace }} - annotations: - helm.sh/hook: "pre-install" - labels: - "dex-user-config": "true" - "user-email": "admin.kyma.cx" -data: - # admin@kyma.cx - email: YWRtaW5Aa3ltYS5jeA== - # admin - username: YWRtaW4= - password: {{ .Values.global.adminPassword | default ( randAlphaNum 12 | b64enc ) }} - ---- -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: test-read-only-user - namespace: {{ .Release.Namespace }} - annotations: - helm.sh/hook: "pre-install" - labels: - "dex-user-config": "true" - "user-email": "read-only-user.kyma.cx" -data: - # read-only-user@kyma.cx - email: cmVhZC1vbmx5LXVzZXJAa3ltYS5jeA== - # read-only-user - username: cmVhZC1vbmx5LXVzZXI= - password: {{ randAlphaNum 12 | b64enc }} - ---- -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: test-no-rights-user - namespace: {{ .Release.Namespace }} - annotations: - helm.sh/hook: "pre-install" - labels: - "dex-user-config": "true" - "user-email": "no-rights-user.kyma.cx" -data: - # no-rights-user@kyma.cx - email: bm8tcmlnaHRzLXVzZXJAa3ltYS5jeA== - # no-rights-user - username: bm8tcmlnaHRzLXVzZXI= - password: {{ randAlphaNum 12 | b64enc }} - ---- -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: test-developer-user - namespace: {{ .Release.Namespace }} - annotations: - helm.sh/hook: "pre-install" - labels: - "dex-user-config": "true" - "user-email": "developer.kyma.cx" -data: - # developer@kyma.cx - email: ZGV2ZWxvcGVyQGt5bWEuY3g= - # developer-user - username: ZGV2ZWxvcGVyLXVzZXI= - password: {{ randAlphaNum 12 | b64enc }} ---- -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: test-namespace-admin-user - namespace: {{ .Release.Namespace }} - annotations: - helm.sh/hook: "pre-install" - labels: - "dex-user-config": "true" - "user-email": "namespace.admin.kyma.cx" -data: - # namespace.admin@kyma.cx - email: bmFtZXNwYWNlLmFkbWluQGt5bWEuY3g= - # namespace-admin-user - username: bmFtZXNwYWNlLWFkbWluLXVzZXI= - password: {{ randAlphaNum 12 | b64enc }} \ No newline at end of file diff --git a/resources/dex/templates/dex-virtual-service.yaml b/resources/dex/templates/dex-virtual-service.yaml deleted file mode 100644 index ce8f410c0a2a..000000000000 --- a/resources/dex/templates/dex-virtual-service.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: dex-virtualservice - namespace: {{ .Release.Namespace }} - labels: - app: dex - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -spec: - hosts: - - "dex.{{ .Values.global.domainName }}" - gateways: - - {{ .Values.global.istio.gateway.namespace }}/{{ .Values.global.istio.gateway.name }} - http: - - match: - - uri: - regex: /.* - route: - - destination: - port: - number: {{ .Values.containerPort }} - host: dex-service - headers: - response: - add: - "Vary": "Origin" - corsPolicy: - allowOrigins: - - regex: ".*" diff --git a/resources/dex/templates/policy.yaml b/resources/dex/templates/policy.yaml deleted file mode 100644 index 495b1b74ae3e..000000000000 --- a/resources/dex/templates/policy.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: security.istio.io/v1beta1 -kind: PeerAuthentication -metadata: - name: dex-service -spec: - selector: - matchLabels: - app: dex - mtls: - mode: "PERMISSIVE" \ No newline at end of file diff --git a/resources/dex/templates/service-monitor.yaml b/resources/dex/templates/service-monitor.yaml deleted file mode 100644 index 6fd32892ec57..000000000000 --- a/resources/dex/templates/service-monitor.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ if .Values.telemetry.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: dex - namespace: {{ .Release.Namespace }} - labels: - prometheus: monitoring -spec: - selector: - matchLabels: - app: dex - endpoints: - - port: http-metrics - metricRelabelings: - - sourceLabels: [ __name__ ] - regex: ^(go_gc_duration_seconds|go_goroutines|go_memstats_alloc_bytes|go_memstats_heap_alloc_bytes|go_memstats_heap_inuse_bytes|go_memstats_heap_sys_bytes|go_memstats_stack_inuse_bytes|go_threads|http_requests_total|process_cpu_seconds_total|process_max_fds|process_open_fds|process_resident_memory_bytes|process_start_time_seconds|process_virtual_memory_bytes)$ - action: keep -{{ end }} diff --git a/resources/dex/templates/tests/test-connection.yaml b/resources/dex/templates/tests/test-connection.yaml deleted file mode 100644 index f9b7a95bddc4..000000000000 --- a/resources/dex/templates/tests/test-connection.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "testing.kyma-project.io/v1alpha1" }} -apiVersion: "testing.kyma-project.io/v1alpha1" -kind: TestDefinition -metadata: - name: {{ .Chart.Name }}-connection - labels: - app: {{ .Chart.Name }}-tests - app.kubernetes.io/name: {{ .Chart.Name }}-tests - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - {{- range $key, $val := .Values.tests.labels }} - kyma-project.io/test.{{ $key }}: {{ $val | quote }} - {{- end }} -spec: - disableConcurrency: false - template: - metadata: - labels: - app: {{ .Chart.Name }}-tests - annotations: - sidecar.istio.io/inject: "false" - spec: - containers: - - name: tests - image: eu.gcr.io/kyma-project/external/curlimages/curl:7.70.0 - command: ["/usr/bin/curl"] - args: [ - "--fail", - "--max-time", "10", - "--retry", "60", - "--retry-delay", "3", - "http://dex-service.{{ .Release.Namespace }}.svc.cluster.local:5556/.well-known/openid-configuration" - ] - securityContext: -{{- toYaml .Values.tests.securityContext | nindent 10 }} - restartPolicy: Never ---- -{{- end }} diff --git a/resources/dex/templates/tests/test-integration.yaml b/resources/dex/templates/tests/test-integration.yaml deleted file mode 100644 index 4e11585c8571..000000000000 --- a/resources/dex/templates/tests/test-integration.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "testing.kyma-project.io/v1alpha1" }} -apiVersion: "testing.kyma-project.io/v1alpha1" -kind: TestDefinition -metadata: - name: {{ .Chart.Name }}-integration - labels: - app: {{ .Chart.Name }}-tests - app.kubernetes.io/name: {{ .Chart.Name }}-tests - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - {{- range $key, $val := .Values.tests.labels }} - kyma-project.io/test.{{ $key }}: {{ $val | quote }} - {{- end }} - -spec: - disableConcurrency: false - template: - metadata: - labels: - app: {{ .Chart.Name }}-tests - annotations: - sidecar.istio.io/inject: "true" - spec: - containers: - - name: tests - image: {{ .Values.global.containerRegistry.path }}/{{ .Values.global.dex_integration_tests.dir }}dex-integration-tests:{{ .Values.global.dex_integration_tests.version }} - env: - - name: DOMAIN_NAME - value: {{ .Values.global.domainName }} - - name: IS_LOCAL_ENV - value: {{ .Values.global.isLocalEnv | toString | quote }} - - name: DEX_USER_EMAIL - valueFrom: - secretKeyRef: - name: admin-user - key: email - - name: DEX_USER_PASSWORD - valueFrom: - secretKeyRef: - name: admin-user - key: password - - name: INGRESSGATEWAY_ADDRESS - value: istio-ingressgateway.istio-system.svc.cluster.local - command: - - "/bin/sh" - args: - - "-c" - - | - echo 'TESTING start' - sleep 20 - /tests/entrypoint.sh - exit_code=$? - echo exit_code is $exit_code - echo 'stopping pilot-agent...' - curl -XPOST http://127.0.0.1:15020/quitquitquit - sleep 4 - exit $exit_code - securityContext: -{{- toYaml .Values.tests.securityContext | nindent 10 }} - restartPolicy: Never -{{- end }} diff --git a/resources/dex/templates/upgrade-job.yaml b/resources/dex/templates/upgrade-job.yaml deleted file mode 100644 index fe4ef26d4378..000000000000 --- a/resources/dex/templates/upgrade-job.yaml +++ /dev/null @@ -1,78 +0,0 @@ -# This job is a kyma custom resource. -# Please take caution during upgrade to not to remove it ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: dex-upgrade-job - annotations: - helm.sh/hook: pre-upgrade - helm.sh/hook-weight: "0" - helm.sh/hook-delete-policy: "before-hook-creation" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: dex-upgrade - namespace: {{ .Release.Namespace }} - annotations: - helm.sh/hook: pre-upgrade - helm.sh/hook-weight: "0" - helm.sh/hook-delete-policy: "before-hook-creation" -rules: -- apiGroups: [""] - resources: ["services"] - verbs: ["get", "delete"] - resourceNames: - - "dex-service" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: dex-upgrade - namespace: {{ .Release.Namespace }} - annotations: - helm.sh/hook: pre-upgrade - helm.sh/hook-weight: "0" - helm.sh/hook-delete-policy: "before-hook-creation" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: dex-upgrade -subjects: -- kind: ServiceAccount - name: dex-upgrade-job ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: dex-upgrade-helper - annotations: - helm.sh/hook-delete-policy: "before-hook-creation, hook-succeeded" - helm.sh/hook: pre-upgrade - helm.sh/hook-weight: "10" -spec: - backoffLimit: 1 - template: - metadata: - name: dex-upgrade-helper - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: dex-upgrade-job - restartPolicy: Never - containers: - - name: job - image: eu.gcr.io/kyma-project/tpi/k8s-tools:20210922-530cfc39 - terminationMessagePolicy: "FallbackToLogsOnError" - command: - - /bin/bash - - -c - - | - set -e - kubectl delete svc -n kyma-system dex-service - securityContext: -{{ toYaml .Values.securityContext | indent 10 }} - {{- if .Values.global.priorityClassName }} - priorityClassName: {{ .Values.global.priorityClassName }} - {{- end }} diff --git a/resources/dex/values.yaml b/resources/dex/values.yaml deleted file mode 100644 index c151b966cc1c..000000000000 --- a/resources/dex/values.yaml +++ /dev/null @@ -1,118 +0,0 @@ -imageRegistry: "eu.gcr.io/kyma-project/incubator/develop" - -replicaCount: 1 - -containerPort: 5556 - -oidc: - staticClientsBase: |- - - id: kyma-client - name: 'Kyma Client' - redirectURIs: - - 'http://127.0.0.1:5555/callback' - secret: ZXhhbXBsZS1hcHAtc2VjcmV0 - trustedPeers: - - kubecontroller - - console - - id: console - name: Console - redirectURIs: - - 'http://console-dev.{{ .Values.global.domainName }}:4200' - - 'https://console.{{ .Values.global.domainName }}' - secret: ZXhhbXBsZS1hcHAtc2VjcmV0 - - id: grafana - name: Grafana UI - redirectURIs: - - 'https://grafana.{{ .Values.global.domainName }}/login/generic_oauth' - - 'https://grafana.{{ .Values.global.domainName }}/oauth2/callback' - secret: apie4eeX6hiC9ainieli - - id: jaeger - name: Jaeger UI - redirectURIs: - - 'http://jaeger.{{ .Values.global.domainName }}:3000/oauth2/callback' - - 'https://jaeger.{{ .Values.global.domainName }}/oauth2/callback' - secret: oiEWUWOIEwedfgg - - id: kiali - name: Kiali UI - redirectURIs: - - 'http://kiali.{{ .Values.global.domainName }}:3000/oauth2/callback' - - 'https://kiali.{{ .Values.global.domainName }}/oauth2/callback' - secret: hiFWLWqIxw5d3gl - - id: compass-ui - name: Compass UI - redirectURIs: - - 'https://compass.{{ .Values.global.domainName }}' - - 'http://compass-dev.{{ .Values.global.domainName }}:8080' - secret: th2T43VyHp43bqr - staticClientsExtra: |- - -connectors: |- - -volumeMountsExtra: |- - -volumesExtra: |- - -telemetry: - enabled: true - port: 5558 - -securityContext: - allowPrivilegeEscalation: false - privileged: false - runAsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - -dex: - expiry: - signingKeys: "720h" - idTokens: "8h" - logger: - # Log level, can be "debug", "info", "warn", "error", "fatal", "panic" - level: info - # log format, can be "text" or "json" - format: json - useStaticConnector: true - -deploymentStrategy: {} # Read more: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy - -resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 50m - memory: 16Mi -global: - isLocalEnv: false - istio: - gateway: - name: kyma-gateway - namespace: kyma-system - dex_static_user_configurer: - dir: - version: fe9f5885 - containerRegistry: - path: eu.gcr.io/kyma-project - dex_integration_tests: - dir: - version: "277f4247" - -nodeSelector: {} - -tests: - labels: - integration: true - after-upgrade: true - e2e-skr: true - securityContext: - runAsUser: 65534 - runAsNonRoot: true - runAsGroup: 65534 - -livenessProbe: - enabled: false - initialDelaySeconds: 60 - periodSeconds: 30 - timeoutSeconds: 5 - failureThreshold: 4 diff --git a/resources/iam-kubeconfig-service/Chart.yaml b/resources/iam-kubeconfig-service/Chart.yaml deleted file mode 100644 index 8228c137110e..000000000000 --- a/resources/iam-kubeconfig-service/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: Kyma component 'iam-kubeconfig-service' -name: iam-kubeconfig-service -version: 1.0.0 -home: https://kyma-project.io -icon: https://github.com/kyma-project/kyma/blob/main/logo.png?raw=true diff --git a/resources/iam-kubeconfig-service/OWNERS b/resources/iam-kubeconfig-service/OWNERS deleted file mode 100644 index 8cc5c54efd68..000000000000 --- a/resources/iam-kubeconfig-service/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -approvers: - - Tomasz-Smelcerz-SAP - - strekm - - piotrmsc - - kubadz - - Demonsthere - -labels: -- area/service-mesh -- area/security diff --git a/resources/iam-kubeconfig-service/README.md b/resources/iam-kubeconfig-service/README.md deleted file mode 100644 index d7bd3a080760..000000000000 --- a/resources/iam-kubeconfig-service/README.md +++ /dev/null @@ -1,30 +0,0 @@ -# IAM Kubeconfig Service - -## Overview - -The IAM Kubeconfig Service is a proprietary tool that generates a `kubeconfig` file which allows the user to access the Kyma cluster through the Command Line Interface (CLI), and to manage the connected cluster within the permission boundaries of the user. - -## The kubeconfig file - -This is the format of the generated `kubecofig` file: - -``` -apiVersion: v1 -clusters: -- cluster: - certificate-authority-data: {CA_DATA} - server: https://apiserver.{CLUSTER_DOMAIN} - name: {CLUSTER_NAME_AND_DOMAIN} -contexts: -- context: - cluster: {CLUSTER_NAME_AND_DOMAIN} - user: OIDCUser - name: {CLUSTER_NAME_AND_DOMAIN} -current-context: {CLUSTER_NAME_AND_DOMAIN} -kind: Config -preferences: {} -users: -- name: OIDCUser - user: - token: {TOKEN} -``` diff --git a/resources/iam-kubeconfig-service/templates/_helpers.tpl b/resources/iam-kubeconfig-service/templates/_helpers.tpl deleted file mode 100644 index a39afa368a8a..000000000000 --- a/resources/iam-kubeconfig-service/templates/_helpers.tpl +++ /dev/null @@ -1,15 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- printf "%s-%s" .Release.Name .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/resources/iam-kubeconfig-service/templates/deployment.yaml b/resources/iam-kubeconfig-service/templates/deployment.yaml deleted file mode 100644 index 42bd411959f6..000000000000 --- a/resources/iam-kubeconfig-service/templates/deployment.yaml +++ /dev/null @@ -1,79 +0,0 @@ -{{- $apiserverUrl := .Values.global.isLocalEnv | ternary "https://apiserver.$DOMAIN:9443" "https://apiserver.$DOMAIN" -}} - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - kyma-project.io/component: backend -spec: - selector: - matchLabels: - app: {{ template "name" . }} - replicas: 1 - template: - metadata: - labels: - app: {{ template "name" . }} - tlsSecret: ingress-tls-cert - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - kyma-project.io/component: backend - spec: - serviceAccountName: {{ template "name" . }} - {{- if .Values.global.isLocalEnv }} - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "dex.{{ .Values.global.domainName }}" - {{- end }} - containers: - - image: {{ .Values.global.containerRegistry.path }}/{{ .Values.global.iam_kubeconfig_service.dir }}iam-kubeconfig-service:{{ .Values.global.iam_kubeconfig_service.version }} - name: {{ template "name" . }} - command: - - sh - - -c - {{- if .Values.global.environment.gardener }} - - /app/app -kube-config-cluster-name=$DOMAIN -kube-config-url={{ $apiserverUrl }} -kube-config-ca-file=/etc/apiserver-proxy-tls-cert/tls.crt -oidc-issuer-url=https://dex.{{ .Values.global.domainName }} -oidc-client-id=kyma-client - {{- else }} - - /app/app -kube-config-cluster-name=$DOMAIN -kube-config-url={{ $apiserverUrl }} -kube-config-ca-file=/etc/apiserver-proxy-tls-cert/tls.crt -oidc-issuer-url=https://dex.{{ .Values.global.domainName }} -oidc-client-id=kyma-client -oidc-ca-file=/etc/dex-tls-cert/tls.crt - {{- end }} - envFrom: - - configMapRef: - name: apiserver-proxy - ports: - - name: http - containerPort: 8000 - readinessProbe: - httpGet: - path: /health/ready - port: 9000 - initialDelaySeconds: 45 - periodSeconds: 10 - failureThreshold: 10 - resources: -{{ toYaml .Values.resources | indent 10 }} - securityContext: -{{ toYaml .Values.securityContext | indent 10 }} - volumeMounts: - - name: apiserver-proxy-tls-cert - mountPath: "/etc/apiserver-proxy-tls-cert" - readOnly: true - {{- if not .Values.global.environment.gardener }} - - name: dex-tls-cert - mountPath: /etc/dex-tls-cert/ - {{- end }} - volumes: - {{- if not .Values.global.environment.gardener }} - - name: dex-tls-cert - secret: - secretName: ingress-tls-cert - {{- end }} - - name: apiserver-proxy-tls-cert - secret: - secretName: apiserver-proxy-tls-cert - {{- if .Values.global.priorityClassName }} - priorityClassName: {{ .Values.global.priorityClassName }} - {{- end }} diff --git a/resources/iam-kubeconfig-service/templates/psp.yaml b/resources/iam-kubeconfig-service/templates/psp.yaml deleted file mode 100644 index 6e156d60784e..000000000000 --- a/resources/iam-kubeconfig-service/templates/psp.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "fullname" . }} - labels: - release: {{ .Release.Name }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/name: {{ template "fullname" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - allowPrivilegeEscalation: false - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - seLinux: - rule: 'RunAsAny' - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - runAsUser: - rule: 'MustRunAsNonRoot' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - volumes: - - "secret" - - "configMap" -{{- end }} \ No newline at end of file diff --git a/resources/iam-kubeconfig-service/templates/rbac.yaml b/resources/iam-kubeconfig-service/templates/rbac.yaml deleted file mode 100644 index f2268d3c5d8b..000000000000 --- a/resources/iam-kubeconfig-service/templates/rbac.yaml +++ /dev/null @@ -1,34 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} -rules: -{{- if .Values.podSecurityPolicy.enabled }} - - apiGroups: ["extensions","policy"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - {{ template "fullname" . }} - {{- end }} ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "name" . }} diff --git a/resources/iam-kubeconfig-service/templates/service.yaml b/resources/iam-kubeconfig-service/templates/service.yaml deleted file mode 100644 index af28db34750c..000000000000 --- a/resources/iam-kubeconfig-service/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} -spec: - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.port }} - - name: status-port - port: 15020 - targetPort: 15020 - protocol: TCP - selector: - app: {{ template "name" . }} \ No newline at end of file diff --git a/resources/iam-kubeconfig-service/templates/virtual-service.yaml b/resources/iam-kubeconfig-service/templates/virtual-service.yaml deleted file mode 100644 index f2ec50dce31f..000000000000 --- a/resources/iam-kubeconfig-service/templates/virtual-service.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} -spec: - hosts: - - "configurations-generator.{{ .Values.global.domainName }}" - gateways: - - {{ .Values.global.istio.gateway.name }} - http: - - match: - - uri: - regex: /.* - route: - - destination: - port: - number: {{ .Values.service.port }} - host: {{ template "name" . }} - corsPolicy: - allowOrigins: - - regex: ".*" - allowHeaders: - - "authorization" \ No newline at end of file diff --git a/resources/iam-kubeconfig-service/values.yaml b/resources/iam-kubeconfig-service/values.yaml deleted file mode 100644 index 1d5cc7eaec53..000000000000 --- a/resources/iam-kubeconfig-service/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -service: - port: 8000 - name: iam-kubeconfig-service - -podSecurityPolicy: - enabled: true - -securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - -resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 5m - memory: 32Mi -global: - isLocalEnv: false - istio: - gateway: - name: kyma-gateway - containerRegistry: - path: eu.gcr.io/kyma-project - iam_kubeconfig_service: - dir: - version: "6457fd19" diff --git a/resources/istio/Chart.yaml b/resources/istio/Chart.yaml deleted file mode 100644 index 218e1eeeb305..000000000000 --- a/resources/istio/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -name: istio -version: 1.11.2-distroless -appVersion: 1.11.2 -tillerVersion: ">=2.7.2-0" -description: Helm chart for all istio components -keywords: - - istio - - security - - sidecarInjectorWebhook - - mixer - - pilot - - galley -sources: - - http://github.com/istio/istio -engine: gotpl -home: https://kyma-project.io -icon: https://github.com/kyma-project/kyma/blob/main/logo.png?raw=true diff --git a/resources/istio/OWNERS b/resources/istio/OWNERS deleted file mode 100644 index 8cc5c54efd68..000000000000 --- a/resources/istio/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -approvers: - - Tomasz-Smelcerz-SAP - - strekm - - piotrmsc - - kubadz - - Demonsthere - -labels: -- area/service-mesh -- area/security diff --git a/resources/istio/README.md b/resources/istio/README.md deleted file mode 100755 index 4d6b52041016..000000000000 --- a/resources/istio/README.md +++ /dev/null @@ -1,130 +0,0 @@ -# Istio - -[Istio](https://istio.io/) is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. - - - -The documentation here is for developers only, please follow the installation instructions from [istio.io](https://istio.io/docs/setup/install/istioctl/) for all other uses. - -## Introduction - -This chart bootstraps all Istio [components](https://istio.io/docs/concepts/what-is-istio/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager and the [istioctl](https://istio.io/docs/reference/commands/istioctl/) tool. - -## Chart Details - -This chart can install multiple Istio components: -- ingressgateway -- egressgateway -- sidecarInjectorWebhook -- galley -- mixer -- pilot -- security(citadel) -- grafana -- prometheus -- tracing(jaeger) -- kiali - -To enable or disable each component, change the corresponding `enabled` flag. - -## Prerequisites - -- Kubernetes 1.9 or newer cluster with RBAC (Role-Based Access Control) enabled is required -- Helm 2.7.2 or newer or alternately the ability to modify RBAC rules is also required -- If you want to enable automatic sidecar injection, Kubernetes 1.9+ with `admissionregistration` API is required, and `kube-apiserver` process must have the `admission-control` flag set with the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook` admission controllers added and listed in the correct order. - -## Resources Required - -The chart deploys pods that consume minimum resources as specified in the resources configuration parameter. - -## Installing the Chart - -1. Set and create the namespace where Istio was installed: - ``` - $ NAMESPACE=istio-system - $ kubectl create ns $NAMESPACE - ``` - -1. If you are enabling `kiali`, you need to create the secret that contains the username and passphrase for `kiali` dashboard: - ``` - $ echo -n 'admin' | base64 - YWRtaW4= - $ echo -n '1f2d1e2e67df' | base64 - MWYyZDFlMmU2N2Rm - $ cat <=1.9.0): - ``` - $ helm install istio --name istio --namespace $NAMESPACE - ``` - - - Without the sidecar injection webhook: - ``` - $ helm install istio --name istio --namespace $NAMESPACE --set sidecarInjectorWebhook.enabled=false - ``` - -## Configuration - -The installation of Istio ships with reasonable defaults. There may be circumstances in which defaults require overrides. - -Istio offers an Istio Control Plane CR, which is used to configure the installation. The currently exposed options can be found [here](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec). Provide the whole configuration as an [override](https://kyma-project.io/docs/#configuration-helm-overrides-for-kyma-installation). - -Some options still can be provided by overriding Helm values. However, it is not recommended. Use `--set key=value` argument during the `helm install` command to do so, or add them to the overrides Config Map. Multiple `--set` operations may be used in the same Helm operation. - -## Uninstalling the Chart - -To uninstall/delete the `istio` release but continue to track the release: - ``` - $ helm delete istio - ``` - -To uninstall/delete the `istio` release completely and make its name free for later use: - ``` - $ helm delete --purge istio - ``` diff --git a/resources/istio/files/destination-rules-minikube.yaml b/resources/istio/files/destination-rules-minikube.yaml deleted file mode 100644 index 4eb671aa64b0..000000000000 --- a/resources/istio/files/destination-rules-minikube.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# DestinationRule to disable (m)TLS when talking to ingress-proxy -apiVersion: networking.istio.io/v1beta1 -kind: DestinationRule -metadata: - name: istio-ingressgateway - namespace: istio-system -spec: - host: istio-ingressgateway.istio-system.svc.cluster.local - trafficPolicy: - tls: - mode: DISABLE diff --git a/resources/istio/files/istio-install.sh b/resources/istio/files/istio-install.sh deleted file mode 100644 index f276c78be027..000000000000 --- a/resources/istio/files/istio-install.sh +++ /dev/null @@ -1,34 +0,0 @@ -set -ex -set -o pipefail - -OPERATOR_FILE="/opt/istio/config/operator.yaml" - -echo "--> Check overrides" -if [ -f "/opt/istio/config/overrides.yaml" ]; then - yq merge -x "${OPERATOR_FILE}" /opt/istio/config/overrides.yaml > /opt/istio/combo.yaml - - CM_PRESENT=$(kubectl get cm -n "${NAMESPACE}" "${CONFIGMAP_NAME}" --ignore-not-found) - if [[ -z "${CM_PRESENT}" ]]; then - kubectl create cm "${CONFIGMAP_NAME}" -n "${NAMESPACE}" \ - --from-file "${OPERATOR_FILE}" \ - --from-file /opt/istio/config/overrides.yaml \ - --from-file /opt/istio/combo.yaml - else - kubectl create cm "${CONFIGMAP_NAME}" -n "${NAMESPACE}" \ - --from-file "${OPERATOR_FILE}" \ - --from-file /opt/istio/config/overrides.yaml \ - --from-file /opt/istio/combo.yaml \ - -o yaml --dry-run | kubectl replace -f - - fi - OPERATOR_FILE="/opt/istio/combo.yaml" -fi - -echo "--> Install Istio" -istioctl install -f "${OPERATOR_FILE}" -y - -echo "Apply custom kyma manifests" -kubectl apply -f /opt/istio/manifests - -#This is still needed as mutating webhook disrupts Gardener cluster operations, like being able to hibernate the cluster. See https://github.com/kyma-project/kyma/issues/8868#issuecomment-658764987 -echo "Apply Kyma related checks and patches" -kubectl patch MutatingWebhookConfiguration istio-sidecar-injector --type 'json' -p '[{"op":"add","path":"/webhooks/4/namespaceSelector/matchExpressions/-","value":{"key":"gardener.cloud/purpose","operator":"NotIn","values":["kube-system"]}}]' diff --git a/resources/istio/files/istio-kyma-validate-test.sh b/resources/istio/files/istio-kyma-validate-test.sh deleted file mode 100644 index 9eabe8701e3f..000000000000 --- a/resources/istio/files/istio-kyma-validate-test.sh +++ /dev/null @@ -1,94 +0,0 @@ -#!/usr/bin/env bash - -function log() { - local exp=$1; - local color=$2; - local style=$3; - local NC='\033[0m' - if ! [[ ${color} =~ '^[0-9]$' ]] ; then - case $(echo ${color} | tr '[:upper:]' '[:lower:]') in - black) color='\e[30m' ;; - red) color='\e[31m' ;; - green) color='\e[32m' ;; - yellow) color='\e[33m' ;; - blue) color='\e[34m' ;; - magenta) color='\e[35m' ;; - cyan) color='\e[36m' ;; - white) color='\e[37m' ;; - nc|*) color=${NC} ;; # no color or invalid color - esac - fi - if ! [[ ${style} =~ '^[0-9]$' ]] ; then - case $(echo ${style} | tr '[:upper:]' '[:lower:]') in - bold) style='\e[1m' ;; - underline) style='\e[4m' ;; - inverted) style='\e[7m' ;; - *) style="" ;; # no style or invalid style - esac - fi - printf "${color}${style}${exp}${NC}\n" -} - -set -e - -if [[ -z ${REQUIRED_ISTIO_VERSION} ]]; then - log "Please set REQUIRED_ISTIO_VERSION variable!" red - exit 1 -fi - -function require_istio_version() { - local version - version=$(kubectl -n istio-system get deployment istiod -o jsonpath='{.spec.template.spec.containers[0].image}' | awk -F: '{print $2}') - if [[ "$version" != "${REQUIRED_ISTIO_VERSION}" ]]; then - log "Istio must be in version: $REQUIRED_ISTIO_VERSION!" red - exit 1 - fi -} - -function require_istio_system() { - kubectl get namespace istio-system >/dev/null -} - -function check_mtls_enabled() { - log "--> Check global mTLS" - local mTLS=$(kubectl get PeerAuthentication -n istio-system default -o jsonpath='{.spec.mtls.mode}') - local status=$? - if [[ $status != 0 ]]; then - log "----> PeerAuthentication istio-system/default not found!" red - exit 1 - fi - if [[ "${mTLS}" != "STRICT" ]]; then - log "----> mTLS must be \"STRICT\"" red - exit 1 - fi - log "----> mTLS is enabled" green -} - -function check_sidecar_injector() { - echo "--> Check sidecar injector" - local configmap=$(kubectl -n istio-system get configmap istio-sidecar-injector -o jsonpath='{.data.config}') - local policyDisabled=$(grep "policy: disabled" <<< "$configmap") - if [[ -n ${policyDisabled} ]]; then - # Force automatic injecting - log " Automatic injection policy must be ENABLED" red - exit 1 - fi - log " Automatic injection policy is enabled" green -} - -function require_ingressgateway_hpa() { - echo "--> Checking istio-ingresgateway HPA" - local targetMemHPA=$(kubectl -n istio-system get istiooperators.install.istio.io installed-state -o jsonpath="{.spec.components.ingressGateways[0].k8s.hpaSpec.metrics[?(@.resource.name=='memory')].resource.targetAverageUtilization}") - if [[ ${targetMemHPA} != "80" ]]; then - echo " Memory based HPA needs to be set and targetAverageUtilization is 80" red - exit 1 - fi - echo " Memory based HPA is has targetAverageUtilization set to 80" green -} - -require_istio_system -require_istio_version -require_ingressgateway_hpa -check_mtls_enabled -check_sidecar_injector -log "Istio is configured to run Kyma!" green diff --git a/resources/istio/files/istio-operator-cluster-evaluation.yaml b/resources/istio/files/istio-operator-cluster-evaluation.yaml deleted file mode 100644 index 9c4c6801e304..000000000000 --- a/resources/istio/files/istio-operator-cluster-evaluation.yaml +++ /dev/null @@ -1,136 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - hub: eu.gcr.io/kyma-project/external/istio - tag: {{ .Chart.Version }} - profile: default - components: - egressGateways: - - enabled: false - k8s: - resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 100m - memory: 120Mi - securityContext: -{{- toYaml .Values.istio.securityContext | nindent 14 }} - name: istio-egressgateway - ingressGateways: - - enabled: true - k8s: - hpaSpec: - maxReplicas: 1 - metrics: - - resource: - name: cpu - targetAverageUtilization: 80 - type: Resource - - resource: - name: memory - targetAverageUtilization: 80 - type: Resource - minReplicas: 1 - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 25m - memory: 32Mi - service: - ports: - - name: status-port - port: 15021 - targetPort: 15021 - - name: http2 - port: 80 - targetPort: 8080 - - name: https - port: 443 - targetPort: 8443 - - name: tcp - port: 31400 - targetPort: 31400 - strategy: - rollingUpdate: - maxSurge: 100% - maxUnavailable: 0 - securityContext: -{{- toYaml .Values.istio.securityContext | nindent 14 }} - name: istio-ingressgateway - pilot: - enabled: true - k8s: - env: - - name: PILOT_HTTP10 - value: "1" - hpaSpec: - maxReplicas: 1 - minReplicas: 1 - resources: - limits: - cpu: 250m - memory: 384Mi - requests: - cpu: 75m - memory: 128Mi - securityContext: -{{- toYaml .Values.istio.securityContext | nindent 14 }} - meshConfig: - #How to set the logs in istio-proxy: https://istio.io/latest/docs/tasks/observability/logs/access-log/ - accessLogFile: "" - trustDomain: cluster.local - defaultConfig: - proxyMetadata: {} - tracing: - sampling: 100 - zipkin: - address: "{{ .Values.global.tracing.zipkinAddress }}" - enablePrometheusMerge: false - enableTracing: {{ .Values.global.tracing.enabled }} - values: - gateways: - istio-ingressgateway: - name: istio-ingressgateway - serviceAnnotations: - dns.gardener.cloud/class: garden - dns.gardener.cloud/dnsnames: "*.{{ .Values.global.domainName }}" - global: - defaultPodDisruptionBudget: - enabled: false - imagePullPolicy: IfNotPresent - logging: - level: all:warn - priorityClassName: "{{ .Values.global.priorityClassName }}" - proxy: - holdApplicationUntilProxyStarts: true - readinessFailureThreshold: 40 - readinessInitialDelaySeconds: 5 - readinessPeriodSeconds: 5 - resources: - requests: - cpu: 25m - memory: 32Mi - limits: - cpu: 250m - memory: 254Mi - proxy_init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - pilot: - autoscaleEnabled: false - configNamespace: istio-config - sidecarInjectorWebhook: - enableNamespacesByDefault: true - objectSelector: - autoInject: true - enabled: false - rewriteAppHTTPProbe: true diff --git a/resources/istio/files/istio-operator-cluster-production.yaml b/resources/istio/files/istio-operator-cluster-production.yaml deleted file mode 100644 index bfbc4bbdc4d8..000000000000 --- a/resources/istio/files/istio-operator-cluster-production.yaml +++ /dev/null @@ -1,135 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - hub: eu.gcr.io/kyma-project/external/istio - tag: {{ .Chart.Version }} - profile: default - components: - egressGateways: - - enabled: false - k8s: - resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 100m - memory: 120Mi - securityContext: -{{- toYaml .Values.istio.securityContext | nindent 14 }} - name: istio-egressgateway - ingressGateways: - - enabled: true - k8s: - hpaSpec: - maxReplicas: 10 - minReplicas: 3 - metrics: - - resource: - name: cpu - targetAverageUtilization: 80 - type: Resource - - resource: - name: memory - targetAverageUtilization: 80 - type: Resource - resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 100m - memory: 128Mi - service: - ports: - - name: status-port - port: 15021 - targetPort: 15021 - - name: http2 - port: 80 - targetPort: 8080 - - name: https - port: 443 - targetPort: 8443 - - name: tcp - port: 31400 - targetPort: 31400 - strategy: - rollingUpdate: - maxSurge: 100% - maxUnavailable: 0 - securityContext: -{{- toYaml .Values.istio.securityContext | nindent 14 }} - name: istio-ingressgateway - pilot: - enabled: true - k8s: - env: - - name: PILOT_HTTP10 - value: "1" - hpaSpec: - maxReplicas: 5 - minReplicas: 2 - resources: - limits: - cpu: 500m - memory: 1024Mi - requests: - cpu: 250m - memory: 512Mi - securityContext: -{{- toYaml .Values.istio.securityContext | nindent 14 }} - meshConfig: - #How to set the logs in istio-proxy: https://istio.io/latest/docs/tasks/observability/logs/access-log/ - accessLogFile: "" - trustDomain: cluster.local - defaultConfig: - proxyMetadata: {} - tracing: - # sampling: 1 # use the istio default (which is 1) to support override by pilot env variable at runtime - zipkin: - address: "{{ .Values.global.tracing.zipkinAddress }}" - enablePrometheusMerge: false - enableTracing: {{ .Values.global.tracing.enabled }} - values: - gateways: - istio-ingressgateway: - name: istio-ingressgateway - serviceAnnotations: - dns.gardener.cloud/class: garden - dns.gardener.cloud/dnsnames: "*.{{ .Values.global.domainName }}" - global: - imagePullPolicy: IfNotPresent - logging: - level: all:warn - priorityClassName: "{{ .Values.global.priorityClassName }}" - proxy: - holdApplicationUntilProxyStarts: true - readinessFailureThreshold: 40 - readinessInitialDelaySeconds: 5 - readinessPeriodSeconds: 5 - resources: - requests: - cpu: 150m - memory: 128Mi - limits: - cpu: 500m - memory: 1024Mi - proxy_init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - pilot: - autoscaleMax: 5 - autoscaleMin: 2 - configNamespace: istio-config - sidecarInjectorWebhook: - enableNamespacesByDefault: true - objectSelector: - autoInject: true - enabled: false - rewriteAppHTTPProbe: true diff --git a/resources/istio/files/istio-operator-cluster.yaml b/resources/istio/files/istio-operator-cluster.yaml deleted file mode 100644 index 02fc42d98ca8..000000000000 --- a/resources/istio/files/istio-operator-cluster.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - hub: eu.gcr.io/kyma-project/external/istio - tag: {{ .Chart.Version }} - profile: default - components: - egressGateways: - - enabled: false - k8s: - resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 100m - memory: 120Mi - name: istio-egressgateway - ingressGateways: - - enabled: true - k8s: - hpaSpec: - maxReplicas: 5 - minReplicas: 1 - metrics: - - resource: - name: cpu - targetAverageUtilization: 80 - type: Resource - - resource: - name: memory - targetAverageUtilization: 80 - type: Resource - resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 100m - memory: 128Mi - service: - ports: - - name: status-port - port: 15021 - targetPort: 15021 - - name: http2 - port: 80 - targetPort: 8080 - - name: https - port: 443 - targetPort: 8443 - - name: tcp - port: 31400 - targetPort: 31400 - strategy: - rollingUpdate: - maxSurge: 100% - maxUnavailable: 0 - securityContext: -{{- toYaml .Values.istio.securityContext | nindent 14 }} - name: istio-ingressgateway - pilot: - enabled: true - k8s: - env: - - name: PILOT_HTTP10 - value: "1" - resources: - limits: - cpu: 500m - memory: 1024Mi - requests: - cpu: 250m - memory: 512Mi - securityContext: -{{- toYaml .Values.istio.securityContext | nindent 14 }} - meshConfig: - accessLogFile: /dev/stdout - trustDomain: cluster.local - defaultConfig: - tracing: - # sampling: 1 # use the istio default (which is 1) to support override by pilot env variable at runtime - zipkin: - address: "{{ .Values.global.tracing.zipkinAddress }}" - enablePrometheusMerge: false - enableTracing: {{ .Values.global.tracing.enabled }} - values: - gateways: - istio-ingressgateway: - name: istio-ingressgateway - serviceAnnotations: - dns.gardener.cloud/class: garden - dns.gardener.cloud/dnsnames: "*.{{ .Values.global.domainName }}" - global: - imagePullPolicy: IfNotPresent - priorityClassName: "{{ .Values.global.priorityClassName }}" - proxy: - holdApplicationUntilProxyStarts: true - readinessFailureThreshold: 40 - readinessInitialDelaySeconds: 5 - readinessPeriodSeconds: 5 - resources: - requests: - cpu: 75m - memory: 64Mi - limits: - cpu: 250m - memory: 256Mi - proxy_init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - sidecarInjectorWebhook: - enableNamespacesByDefault: true - objectSelector: - autoInject: true - enabled: false - rewriteAppHTTPProbe: true diff --git a/resources/istio/files/istio-operator-minikube-evaluation.yaml b/resources/istio/files/istio-operator-minikube-evaluation.yaml deleted file mode 100644 index 34dadd6e9709..000000000000 --- a/resources/istio/files/istio-operator-minikube-evaluation.yaml +++ /dev/null @@ -1,169 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - hub: eu.gcr.io/kyma-project/external/istio - tag: {{ .Chart.Version }} - profile: default - components: - egressGateways: - - enabled: false - k8s: - resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 10m - memory: 40Mi - name: istio-egressgateway - ingressGateways: - - enabled: true - k8s: - hpaSpec: - maxReplicas: 1 - metrics: - - resource: - name: cpu - targetAverageUtilization: 80 - type: Resource - - resource: - name: memory - targetAverageUtilization: 80 - type: Resource - minReplicas: 1 - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 25m - memory: 32Mi - service: - ports: - - name: status-port - port: 15021 - targetPort: 15021 - - name: http2 - port: 80 - targetPort: 8080 - - name: https - port: 443 - targetPort: 8443 - - name: tcp - port: 31400 - targetPort: 31400 - strategy: - rollingUpdate: - maxSurge: 100% - maxUnavailable: 0 - securityContext: -{{- toYaml .Values.istio.securityContext | nindent 14 }} - overlays: - - kind: Deployment - name: istio-ingressgateway - patches: - - path: spec.template.spec.containers.[name:istio-proxy].ports.[containerPort:8080].hostPort - value: 80 - - path: spec.template.spec.containers.[name:istio-proxy].ports.[containerPort:8443].hostPort - value: 443 - name: istio-ingressgateway - pilot: - enabled: true - k8s: - env: - - name: PILOT_HTTP10 - value: "1" - hpaSpec: - maxReplicas: 1 - metrics: - - resource: - name: cpu - targetAverageUtilization: 80 - type: Resource - minReplicas: 1 - resources: - limits: - cpu: 250m - memory: 256Mi - requests: - cpu: 75m - memory: 128Mi - securityContext: -{{- toYaml .Values.istio.securityContext | nindent 14 }} - meshConfig: - #How to set the logs in istio-proxy: https://istio.io/latest/docs/tasks/observability/logs/access-log/ - accessLogFile: "" - trustDomain: cluster.local - defaultConfig: - proxyMetadata: {} - tracing: - sampling: 100 - zipkin: - address: "{{ .Values.global.tracing.zipkinAddress }}" - enablePrometheusMerge: false - enableTracing: {{ .Values.global.tracing.enabled }} - values: - gateways: - istio-egressgateway: - autoscaleEnabled: false - env: {} - name: istio-egressgateway - secretVolumes: - - mountPath: /etc/istio/egressgateway-certs - name: egressgateway-certs - secretName: istio-egressgateway-certs - - mountPath: /etc/istio/egressgateway-ca-certs - name: egressgateway-ca-certs - secretName: istio-egressgateway-ca-certs - type: ClusterIP - zvpn: {} - istio-ingressgateway: - autoscaleEnabled: false - env: {} - name: istio-ingressgateway - secretVolumes: - - mountPath: /etc/istio/ingressgateway-certs - name: ingressgateway-certs - secretName: istio-ingressgateway-certs - - mountPath: /etc/istio/ingressgateway-ca-certs - name: ingressgateway-ca-certs - secretName: istio-ingressgateway-ca-certs - type: NodePort - zvpn: {} - global: - defaultPodDisruptionBudget: - enabled: false - imagePullPolicy: IfNotPresent - istiod: - logging: - level: all:warn - priorityClassName: "{{ .Values.global.priorityClassName }}" - proxy: - holdApplicationUntilProxyStarts: true - readinessFailureThreshold: 40 - readinessInitialDelaySeconds: 5 - readinessPeriodSeconds: 5 - resources: - requests: - cpu: 25m - memory: 32Mi - limits: - cpu: 250m - memory: 254Mi - proxy_init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - pilot: - autoscaleEnabled: false - configNamespace: istio-config - sidecarInjectorWebhook: - enableNamespacesByDefault: true - objectSelector: - autoInject: true - enabled: false - rewriteAppHTTPProbe: true diff --git a/resources/istio/files/istio-operator-minikube.yaml b/resources/istio/files/istio-operator-minikube.yaml deleted file mode 100644 index f1261421a746..000000000000 --- a/resources/istio/files/istio-operator-minikube.yaml +++ /dev/null @@ -1,164 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - hub: eu.gcr.io/kyma-project/external/istio - tag: {{ .Chart.Version }} - profile: default - addonComponents: - components: - egressGateways: - - enabled: false - k8s: - resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 10m - memory: 40Mi - name: istio-egressgateway - ingressGateways: - - enabled: true - k8s: - hpaSpec: - maxReplicas: 1 - metrics: - - resource: - name: cpu - targetAverageUtilization: 80 - type: Resource - - resource: - name: memory - targetAverageUtilization: 80 - type: Resource - minReplicas: 1 - resources: - limits: - cpu: 2000m - memory: 256Mi - requests: - cpu: 100m - memory: 96Mi - service: - ports: - - name: status-port - port: 15021 - targetPort: 15021 - - name: http2 - port: 80 - targetPort: 8080 - - name: https - port: 443 - targetPort: 8443 - - name: tcp - port: 31400 - targetPort: 31400 - strategy: - rollingUpdate: - maxSurge: 100% - maxUnavailable: 0 - securityContext: -{{- toYaml .Values.istio.securityContext | nindent 14 }} - overlays: - - kind: Deployment - name: istio-ingressgateway - patches: - - path: spec.template.spec.containers.[name:istio-proxy].ports.[containerPort:8080].hostPort - value: 80 - - path: spec.template.spec.containers.[name:istio-proxy].ports.[containerPort:8443].hostPort - value: 443 - name: istio-ingressgateway - pilot: - enabled: true - k8s: - env: - - name: PILOT_HTTP10 - value: "1" - hpaSpec: - maxReplicas: 1 - metrics: - - resource: - name: cpu - targetAverageUtilization: 80 - type: Resource - minReplicas: 1 - resources: - limits: - cpu: 500m - memory: 1024Mi - requests: - cpu: 250m - memory: 512Mi - securityContext: -{{- toYaml .Values.istio.securityContext | nindent 14 }} - meshConfig: - accessLogFile: /dev/stdout - trustDomain: cluster.local - defaultConfig: - proxyMetadata: {} - tracing: - # sampling: 1 # use the istio default (which is 1) to support override by pilot env variable at runtime - zipkin: - address: "{{ .Values.global.tracing.zipkinAddress }}" - enablePrometheusMerge: false - enableTracing: {{ .Values.global.tracing.enabled }} - values: - gateways: - istio-egressgateway: - autoscaleEnabled: false - env: {} - name: istio-egressgateway - secretVolumes: - - mountPath: /etc/istio/egressgateway-certs - name: egressgateway-certs - secretName: istio-egressgateway-certs - - mountPath: /etc/istio/egressgateway-ca-certs - name: egressgateway-ca-certs - secretName: istio-egressgateway-ca-certs - type: ClusterIP - zvpn: {} - istio-ingressgateway: - autoscaleEnabled: false - env: {} - name: istio-ingressgateway - secretVolumes: - - mountPath: /etc/istio/ingressgateway-certs - name: ingressgateway-certs - secretName: istio-ingressgateway-certs - - mountPath: /etc/istio/ingressgateway-ca-certs - name: ingressgateway-ca-certs - secretName: istio-ingressgateway-ca-certs - type: NodePort - zvpn: {} - global: - imagePullPolicy: IfNotPresent - priorityClassName: "{{ .Values.global.priorityClassName }}" - proxy: - holdApplicationUntilProxyStarts: true - readinessFailureThreshold: 40 - readinessInitialDelaySeconds: 5 - readinessPeriodSeconds: 5 - resources: - requests: - cpu: 25m - memory: 32Mi - limits: - cpu: 250m - memory: 254Mi - proxy_init: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - pilot: - autoscaleEnabled: false - configNamespace: istio-config - sidecarInjectorWebhook: - enableNamespacesByDefault: true - objectSelector: - autoInject: true - enabled: false - rewriteAppHTTPProbe: true diff --git a/resources/istio/files/istio-proxy-reset.sh b/resources/istio/files/istio-proxy-reset.sh deleted file mode 100755 index 3bcf83101124..000000000000 --- a/resources/istio/files/istio-proxy-reset.sh +++ /dev/null @@ -1,241 +0,0 @@ -#!/usr/bin/env bash - -trap cleanup EXIT SIGTERM - -cleanup() { - if [[ -n "${REMOVE_PODS_FILE}" ]]; then - echo - echo "Removing temporary file with pods data: ${REMOVE_PODS_FILE}" - rm "${REMOVE_PODS_FILE}" - fi -} - -# Retries a command on failure. -# $1 - the max number of attempts -# $2... - the command to run -retry() { - local -r -i max_attempts="$1"; shift - local -r cmd="$@" - local -i attempt_num=1 - - until $cmd - do - if (( attempt_num == max_attempts )) - then - echo "Attempt $attempt_num failed and there are no more attempts left!" - exit $exitCode - else - echo "Attempt $attempt_num failed! Trying again in $attempt_num seconds..." - sleep $(( attempt_num++ )) - fi - done -} - -# Deletes a pod -deletePod() { - local namespace=$1 - local podName=$2 - - if [[ "${dryRun}" == "false" ]]; then - echo " Deleting pod: ${namespace}/${podName}" - retry "${retriesCount}" kubectl -n "${namespace}" delete pod "${podName}" --ignore-not-found=true - sleep "${sleepAfterPodDeleted}" - else - echo " [dryrun]" kubectl -n "${namespace}" delete pod "${podName}" - fi -} - -# Helper function to handle "replicasets" map values -# Assign value if it does not already exist. -# Append to value using "/" as a separator if it already exists. -appendToMapValue() { - local namespace=$1 - local parentObjectName=$2 - local podName=$3 - - if [[ -z "${replicasets[${namespace}/${parentObjectName}]}" ]] - then - replicasets["${namespace}/${parentObjectName}"]="${podName}" - else - replicasets["${namespace}/${parentObjectName}"]="${replicasets[${namespace}/${parentObjectName}]}/${podName}" - fi -} - - -######################################## -# Global variables - -declare -A objectsToRollout -declare -A replicasets -declare -A podsToDelete - - -######################################## -# Configuration values check - -if [ -z "$ISTIO_PROXY_IMAGE_PREFIX" ]; then - echo "Error: required ISTIO_PROXY_IMAGE_PREFIX value is missing. Exiting..." - exit $exitCode -fi - -if [ -z "$ISTIO_PROXY_IMAGE_VERSION" ]; then - echo "Error: required ISTIO_PROXY_IMAGE_VERSION value is missing. Exiting..." - exit $exitCode -fi - -# Retries count in case of an error -retriesCount=${RETRIES_COUNT:-5} -# Dry Run mode only prints commands. True by default. -dryRun="${DRY_RUN:-true}" -# Exit code for entire script. Zero by default means the script will terminate on errors, but it will not fail the process. -exitCode="${EXIT_CODE:-0}" -# Sleep time after pod is deleted -sleepAfterPodDeleted="${SLEEP_AFTER_POD_DELETED}:-0" - -######################################## -# Processing starts here - -# TODO: check if this logic is still applicable and move it elsewhere, see issue: https://github.com/kyma-project/kyma/issues/11078 -namespaces=$(retry "${retriesCount}" kubectl get ns -l kyma-project.io/created-by=e2e-upgrade-test-runner -o name | cut -d '/' -f2) - -for NS in ${namespaces}; do - if [[ "${dryRun}" == "false" ]]; then - retry "${retriesCount}" kubectl delete replicasets -n "${NS}" --all - else - echo "[dryrun] kubectl delete rs -n ${NS}" - fi -done - -if [[ -z "${PODS_FILE}" ]]; then - PODS_FILE=$(mktemp) - REMOVE_PODS_FILE=${PODS_FILE} - - echo "Getting pods data into file: ${PODS_FILE}" - allPods=$(retry "${retriesCount}" kubectl get po -A -o json) - echo "${allPods}" > "${PODS_FILE}" -fi - -echo "Processing pods data from file: ${PODS_FILE}" -istioProxyImage="${ISTIO_PROXY_IMAGE_PREFIX}:${ISTIO_PROXY_IMAGE_VERSION}" - -#This query selects all pods that have containers with an istio-proxy image in a version other than expected. -#Istio proxy image is detected by image name prefix, by default: "eu.gcr.io/kyma-project/external/istio/proxyv2" -#Full image address is used to prevent from matching pods that are not connected with Istio but use the same version. -jqQuery='.items | .[] | select(.spec.containers[].image | startswith("'"${ISTIO_PROXY_IMAGE_PREFIX}"'") and (endswith("'"${istioProxyImage}"'") | not)) | "\(.metadata.name)/\(.metadata.namespace)"' - -pods=$(jq -rc "${jqQuery}" < "${PODS_FILE}") -podArray=($(echo "${pods}" | tr " " "\n")) - -echo -echo "Analyzing Pods - ${#podArray[@]} objects found." - -for i in "${podArray[@]}" -do - namespacedName=($(echo "$i" | tr "/" "\n")) - - podName="${namespacedName[0]}" - namespace="${namespacedName[1]}" - - podJson=$(retry "${retriesCount}" kubectl get pod "${podName}" -n "${namespace}" -o json) - - #Skip pods in Terminating state - podPhase=$(jq -r '.status.phase' <<< "${podJson}") - case "${podPhase}" in - ("Terminating") - echo " Pod ${podName} in terminating state. Skipping..." - continue - ;; - (*) - ;; - esac - - parentObjectKind=$(jq -r '.metadata.ownerReferences[0].kind' <<< "${podJson}" | tr '[:upper:]' '[:lower:]') - parentObjectName=$(jq -r '.metadata.ownerReferences[0].name' <<< "${podJson}") - - case "${parentObjectKind}" in - ("null") - ;& - ("") - echo " Pod ${namespace}/${podName} has no parent object (standalone Pod). Skipping..." - continue - ;; - ("replicaset") - echo " Pod \"${namespace}/${podName}\" is managed by the ReplicaSet \"${parentObjectName}\". Requires further processing." - appendToMapValue "${namespace}" "${parentObjectName}" "${podName}" - ;; - ("replicationcontroller") - echo " Pod \"${namespace}/${podName}\" is managed by the ReplicationController \"${parentObjectName}\". Eligible for delete." - podsToDelete["${namespace}/${podName}"]="" - ;; - (*) - echo " Pod \"${namespace}/${podName}\" is managed by \"${parentObjectKind}\" \"${parentObjectName}\". Eligible for rollout. " - objectsToRollout["${parentObjectKind}/${namespace}/${parentObjectName}"]="" - ;; - esac -done - - -echo "Analyzing ReplicaSets - ${#replicasets[@]} objects found." -if [[ ${#replicasets[@]} -gt 0 ]]; then - - for key in "${!replicasets[@]}" - do - attributes=($(echo "${key}" | tr "/" "\n")) - namespace="${attributes[0]}" - replicasetName="${attributes[1]}" - - parentDeploymentName=$(retry "${retriesCount}" kubectl -n "${namespace}" get replicaset "${replicasetName}" -o jsonpath='{.metadata.ownerReferences[0].name}') - - case "${parentDeploymentName}" in - ("null") - ;& - ("") - echo " ReplicaSet ${namespace}/${replicasetName} has no parent object. It's pods must be deleted" - podsForReplicaset=$(echo "${replicasets[${key}]}" | tr "/" " ") - for pod in ${podsForReplicaset} - do - podsToDelete["${namespace}/${pod}"]="" - done - ;; - (*) - echo " ReplicaSet ${namespace}/${replicasetName} has a parent deployment: ${parentDeploymentName}. Assigned for rollout" - objectsToRollout["deployment/${namespace}/${parentDeploymentName}"]="" - ;; - esac - done -fi - -echo "" -echo "Processing objects..." -echo "" - -echo "Number of pods to delete: ${#podsToDelete[@]}" -if [[ ${#podsToDelete[@]} -gt 0 ]]; then - - for key in "${!podsToDelete[@]}" - do - attributes=($(echo "${key}" | tr "/" "\n")) - namespace="${attributes[0]}" - podName="${attributes[1]}" - - deletePod "${namespace}" "${podName}" - done -fi - -echo "Number of objects to rollout: ${#objectsToRollout[@]}" -for key in "${!objectsToRollout[@]}" -do - - attributes=($(echo "${key}" | tr "/" "\n")) - - kind="${attributes[0]}" - namespace="${attributes[1]}" - name="${attributes[2]}" - - if [[ "${dryRun}" == "false" ]]; then - retry "${retriesCount}" kubectl rollout restart "${kind}" "${name}" -n "${namespace}" - else - echo " [dryrun] kubectl rollout restart ${kind} ${name} -n ${namespace}" - fi - -done diff --git a/resources/istio/files/istio-upgrade.sh b/resources/istio/files/istio-upgrade.sh deleted file mode 100644 index f5e789c72f41..000000000000 --- a/resources/istio/files/istio-upgrade.sh +++ /dev/null @@ -1,34 +0,0 @@ -set -ex -set -o pipefail - -OPERATOR_FILE="/opt/istio/config/operator.yaml" - -echo "--> Check overrides" -if [ -f "/opt/istio/config/overrides.yaml" ]; then - yq merge -x "${OPERATOR_FILE}" /opt/istio/config/overrides.yaml > /opt/istio/combo.yaml - - CM_PRESENT=$(kubectl get cm -n "${NAMESPACE}" "${CONFIGMAP_NAME}" --ignore-not-found) - if [[ -z "${CM_PRESENT}" ]]; then - kubectl create cm "${CONFIGMAP_NAME}" -n "${NAMESPACE}" \ - --from-file "${OPERATOR_FILE}" \ - --from-file /opt/istio/config/overrides.yaml \ - --from-file /opt/istio/combo.yaml - else - kubectl create cm "${CONFIGMAP_NAME}" -n "${NAMESPACE}" \ - --from-file "${OPERATOR_FILE}" \ - --from-file /opt/istio/config/overrides.yaml \ - --from-file /opt/istio/combo.yaml \ - -o yaml --dry-run | kubectl replace -f - - fi - OPERATOR_FILE="/opt/istio/combo.yaml" -fi - -echo "--> Install Istio" -istioctl upgrade -f "${OPERATOR_FILE}" -y - -echo "Apply custom kyma manifests" -kubectl apply -f /opt/istio/manifests - -#This is still needed as mutating webhook disrupts Gardener cluster operations, like being able to hibernate the cluster. See https://github.com/kyma-project/kyma/issues/8868#issuecomment-658764987 -echo "Apply Kyma related checks and patches" -kubectl patch MutatingWebhookConfiguration istio-sidecar-injector --type 'json' -p '[{"op":"add","path":"/webhooks/4/namespaceSelector/matchExpressions/-","value":{"key":"gardener.cloud/purpose","operator":"NotIn","values":["kube-system"]}}]' diff --git a/resources/istio/files/mtls-global-v2.yaml b/resources/istio/files/mtls-global-v2.yaml deleted file mode 100644 index f1b6399acb6d..000000000000 --- a/resources/istio/files/mtls-global-v2.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: "security.istio.io/v1beta1" -kind: "PeerAuthentication" -metadata: - name: "default" - namespace: "istio-system" -spec: - mtls: - mode: STRICT \ No newline at end of file diff --git a/resources/istio/files/profile-default-example.yaml b/resources/istio/files/profile-default-example.yaml deleted file mode 100644 index dea33fcb0ed0..000000000000 --- a/resources/istio/files/profile-default-example.yaml +++ /dev/null @@ -1,161 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - components: - base: - enabled: true - cni: - enabled: false - egressGateways: - - enabled: false - name: istio-egressgateway - ingressGateways: - - enabled: true - name: istio-ingressgateway - istiodRemote: - enabled: false - pilot: - enabled: true - hub: docker.io/istio - meshConfig: - defaultConfig: - proxyMetadata: {} - enablePrometheusMerge: true - profile: default - tag: 1.10.0 - values: - base: - enableCRDTemplates: false - validationURL: "" - gateways: - istio-egressgateway: - autoscaleEnabled: true - env: {} - name: istio-egressgateway - secretVolumes: - - mountPath: /etc/istio/egressgateway-certs - name: egressgateway-certs - secretName: istio-egressgateway-certs - - mountPath: /etc/istio/egressgateway-ca-certs - name: egressgateway-ca-certs - secretName: istio-egressgateway-ca-certs - type: ClusterIP - zvpn: {} - istio-ingressgateway: - autoscaleEnabled: true - env: {} - name: istio-ingressgateway - secretVolumes: - - mountPath: /etc/istio/ingressgateway-certs - name: ingressgateway-certs - secretName: istio-ingressgateway-certs - - mountPath: /etc/istio/ingressgateway-ca-certs - name: ingressgateway-ca-certs - secretName: istio-ingressgateway-ca-certs - type: LoadBalancer - zvpn: {} - global: - configValidation: true - defaultNodeSelector: {} - defaultPodDisruptionBudget: - enabled: true - defaultResources: - requests: - cpu: 10m - imagePullPolicy: "" - imagePullSecrets: [] - istioNamespace: istio-system - istiod: - enableAnalysis: false - jwtPolicy: third-party-jwt - logAsJson: false - logging: - level: default:info - meshNetworks: {} - mountMtlsCerts: false - multiCluster: - clusterName: "" - enabled: false - network: "" - omitSidecarInjectorConfigMap: false - oneNamespace: false - operatorManageWebhooks: false - pilotCertProvider: istiod - priorityClassName: "" - proxy: - autoInject: enabled - clusterDomain: cluster.local - componentLogLevel: misc:error - enableCoreDump: false - excludeIPRanges: "" - excludeInboundPorts: "" - excludeOutboundPorts: "" - image: proxyv2 - includeIPRanges: '*' - logLevel: warning - privileged: false - readinessFailureThreshold: 30 - readinessInitialDelaySeconds: 1 - readinessPeriodSeconds: 2 - resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 100m - memory: 128Mi - statusPort: 15020 - tracer: zipkin - proxy_init: - image: proxyv2 - resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 10m - memory: 10Mi - sds: - token: - aud: istio-ca - sts: - servicePort: 0 - tracer: - datadog: {} - lightstep: {} - stackdriver: {} - zipkin: {} - useMCP: false - istiodRemote: - injectionURL: "" - pilot: - autoscaleEnabled: true - autoscaleMax: 5 - autoscaleMin: 1 - configMap: true - cpu: - targetAverageUtilization: 80 - enableProtocolSniffingForInbound: true - enableProtocolSniffingForOutbound: true - env: {} - image: pilot - keepaliveMaxServerConnectionAge: 30m - nodeSelector: {} - replicaCount: 1 - traceSampling: 1 - telemetry: - enabled: true - v2: - enabled: true - metadataExchange: - wasmEnabled: false - prometheus: - enabled: true - wasmEnabled: false - stackdriver: - configOverride: {} - enabled: false - logging: false - monitoring: false - topology: false - diff --git a/resources/istio/files/uninstall.sh b/resources/istio/files/uninstall.sh deleted file mode 100644 index 67a2f9e820f0..000000000000 --- a/resources/istio/files/uninstall.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -e - -istioctl x uninstall --purge -y -kubectl delete cm "${CONFIGMAP_NAME}" -n "${NAMESPACE}" diff --git a/resources/istio/profile-evaluation.yaml b/resources/istio/profile-evaluation.yaml deleted file mode 100644 index a00e5afed61c..000000000000 --- a/resources/istio/profile-evaluation.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- - -monitoring: - enabled: false - dashboards: - enabled: false - istioServiceMonitor: - enabled: false - scrapeInterval: "" - -istio_operator_cluster_file: istio-operator-cluster-evaluation.yaml -istio_operator_minikube_file: istio-operator-minikube-evaluation.yaml \ No newline at end of file diff --git a/resources/istio/profile-production.yaml b/resources/istio/profile-production.yaml deleted file mode 100644 index b643430b8b72..000000000000 --- a/resources/istio/profile-production.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- - -monitoring: - enabled: true - dashboards: - enabled: true - istioServiceMonitor: - enabled: true - scrapeInterval: "" - -istio_operator_cluster_file: istio-operator-cluster-production.yaml \ No newline at end of file diff --git a/resources/istio/templates/_helpers.tpl b/resources/istio/templates/_helpers.tpl deleted file mode 100644 index f79bea415765..000000000000 --- a/resources/istio/templates/_helpers.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "istio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "istio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "istio.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified configmap name. -*/}} -{{- define "istio.configmap.fullname" -}} -{{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Configmap checksum. -*/}} -{{- define "istio.configmap.checksum" -}} -{{- print $.Template.BasePath "/configmap.yaml" | sha256sum -}} -{{- end -}} diff --git a/resources/istio/templates/configmap-control-plane.yaml b/resources/istio/templates/configmap-control-plane.yaml deleted file mode 100644 index 0a6bfe24759b..000000000000 --- a/resources/istio/templates/configmap-control-plane.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - name: kyma-istio-operator-config -data: -{{- if hasKey .Values.global "minikubeIP" }} - operator.yaml: |- -{{ tpl (tpl ("files/{{ .Values.istio_operator_minikube_file }}") . | .Files.Get | printf "%s" | indent 4) . }} -{{- else }} - operator.yaml: |- -{{ tpl (tpl ("files/{{ .Values.istio_operator_cluster_file }}") . | .Files.Get | printf "%s" | indent 4) . }} -{{- end }} -{{ if .Values.kyma_istio_operator }} - #This additional user-provided definition is merged with the default one - overrides.yaml: |- -{{ .Values.kyma_istio_operator | printf "%s" | indent 4 }} -{{- end }} diff --git a/resources/istio/templates/configmap-extra-manifests.yaml b/resources/istio/templates/configmap-extra-manifests.yaml deleted file mode 100644 index f133d341a5aa..000000000000 --- a/resources/istio/templates/configmap-extra-manifests.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Release.Namespace }} - name: kyma-extra-manifests -data: - mtls-global.yaml: |- -{{ tpl (.Files.Get "files/mtls-global-v2.yaml" | printf "%s" | indent 4) . }} -{{- if hasKey .Values.global "minikubeIP" }} - destination-rules-minikube.yaml: |- -{{ tpl (.Files.Get "files/destination-rules-minikube.yaml" | printf "%s" | indent 4) . }} -{{- end }} diff --git a/resources/istio/templates/istio-proxy-reset.yaml b/resources/istio/templates/istio-proxy-reset.yaml deleted file mode 100644 index 96c4afb511d4..000000000000 --- a/resources/istio/templates/istio-proxy-reset.yaml +++ /dev/null @@ -1,90 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-proxy-reset - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-proxy-reset -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "delete"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list"] - - apiGroups: ["apps", "extensions"] - resources: ["deployments", "daemonsets", "statefulsets"] - verbs: ["get", "patch"] - - apiGroups: ["apps", "extensions"] - resources: ["replicasets"] - verbs: ["get", "list", "patch", "delete"] -{{- if .Values.kyma.podSecurityPolicy.enabled }} - - apiGroups: ["extensions","policy"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - {{ template "istio.fullname" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-proxy-reset -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-proxy-reset -subjects: - - kind: ServiceAccount - name: istio-proxy-reset - namespace: {{ .Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: istio-proxy-reset - namespace: {{ .Release.Namespace }} - annotations: - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - helm.sh/hook: post-upgrade - helm.sh/hook-weight: "50" -spec: - backoffLimit: 1 - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: istio-proxy-reset - restartPolicy: Never - containers: - - name: proxy-reset - image: eu.gcr.io/kyma-project/tpi/k8s-tools:20210922-530cfc39 - env: - - name: ISTIO_PROXY_IMAGE_PREFIX - value: {{ .Values.kyma.proxyResetJob.commonIstioProxyImagePrefix | quote }} - - name: ISTIO_PROXY_IMAGE_VERSION - value: {{ .Chart.Version | quote }} - - name: RETRIES_COUNT - value: {{ .Values.kyma.proxyResetJob.retriesCount | quote }} - - name: DRY_RUN - value: {{ .Values.kyma.proxyResetJob.dryRun | quote }} - - name: EXIT_CODE - value: {{ .Values.kyma.proxyResetJob.exitCode | quote }} - - name: SLEEP_AFTER_POD_DELETED - value: {{ .Values.kyma.proxyResetJob.sleepAfterPodDeleted | quote }} - - name: HOME - value: "/tmp" - command: - - /bin/bash - - -c - - | -{{.Files.Get "files/istio-proxy-reset.sh" | printf "%s" | indent 16}} - securityContext: -{{- toYaml .Values.kyma.securityContext | nindent 12 }} - {{- if .Values.global.priorityClassName }} - priorityClassName: {{ .Values.global.priorityClassName }} - {{- end }} diff --git a/resources/istio/templates/job-cleanup.yaml b/resources/istio/templates/job-cleanup.yaml deleted file mode 100644 index 1537cd8c5482..000000000000 --- a/resources/istio/templates/job-cleanup.yaml +++ /dev/null @@ -1,87 +0,0 @@ ---- -apiVersion: batch/v1 -kind: Job -metadata: - annotations: - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - helm.sh/hook: "post-upgrade" - helm.sh/hook-weight: "40" - name: istio-cleanup-job - namespace: {{ .Release.Namespace }} -spec: - activeDeadlineSeconds: 1000 - backoffLimit: 3 - template: - spec: - containers: - - - command: - - bash - - "-c" - - | - kubectl delete destinationrules.networking.istio.io -n istio-system istio-telemetry --ignore-not-found - kubectl delete destinationrules.networking.istio.io -n istio-system istio-policy --ignore-not-found - kubectl delete gateways.networking.istio.io -n istio-system ingressgateway --ignore-not-found - image: {{ .Values.kyma.labelJob.image }}:{{ .Values.kyma.labelJob.tag }} - name: cleanup - env: - - name: HOME - value: /tmp - securityContext: -{{- toYaml .Values.kyma.securityContext | nindent 12 }} - restartPolicy: Never - serviceAccountName: istio-cleanup-job - {{- if .Values.global.priorityClassName }} - priorityClassName: {{ .Values.global.priorityClassName }} - {{- end }} ---- -kind: ServiceAccount -apiVersion: v1 -metadata: - name: istio-cleanup-job - namespace: {{ .Release.Namespace }} - annotations: - helm.sh/hook-delete-policy: "before-hook-creation" - helm.sh/hook: "post-upgrade" - helm.sh/hook-weight: "0" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: istio-cleanup-job - namespace: {{ .Release.Namespace }} - annotations: - helm.sh/hook-delete-policy: "before-hook-creation" - helm.sh/hook: "post-upgrade" - helm.sh/hook-weight: "0" -rules: - - apiGroups: ["networking.istio.io"] - resources: ["gateways"] - verbs: ["delete"] - - apiGroups: ["networking.istio.io"] - resources: ["destinationrules"] - verbs: ["delete"] -{{- if .Values.kyma.podSecurityPolicy.enabled }} - - apiGroups: ["extensions","policy"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - {{ template "istio.fullname" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: istio-cleanup-job - namespace: {{ .Release.Namespace }} - annotations: - helm.sh/hook-delete-policy: "before-hook-creation" - helm.sh/hook: "post-upgrade" - helm.sh/hook-weight: "0" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: istio-cleanup-job -subjects: - - kind: ServiceAccount - name: istio-cleanup-job diff --git a/resources/istio/templates/job-istio.yaml b/resources/istio/templates/job-istio.yaml deleted file mode 100644 index 354c395014c0..000000000000 --- a/resources/istio/templates/job-istio.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -apiVersion: batch/v1 -kind: Job -metadata: - annotations: - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - helm.sh/hook: "post-install,post-upgrade" - helm.sh/hook-weight: "30" - name: istio-job -spec: - activeDeadlineSeconds: 1000 - backoffLimit: 1 - template: - spec: - containers: - - command: - - bash - - "-c" - - | -{{- if .Release.IsUpgrade }} -{{ .Files.Get "files/istio-upgrade.sh" | printf "%s" | indent 16 }} -{{- else }} -{{ .Files.Get "files/istio-install.sh" | printf "%s" | indent 16 }} -{{- end }} - image: {{ .Values.istio.installer.image }}:{{ .Values.istio.installer.tag }} - name: installer - volumeMounts: - - name: config - mountPath: /opt/istio/config - readOnly: true - - name: manifests - mountPath: /opt/istio/manifests - readOnly: true - env: - - name: HOME - value: /tmp - - name: NAMESPACE - value: "{{ .Release.Namespace }}" - - name: CONFIGMAP_NAME - value: kyma-istio-operator-config-backup - securityContext: -{{- toYaml .Values.kyma.securityContext | nindent 12 }} - volumes: - - name: config - configMap: - name: kyma-istio-operator-config - - name: manifests - configMap: - name: kyma-extra-manifests - restartPolicy: Never - serviceAccountName: istio-job - {{- if .Values.global.priorityClassName }} - priorityClassName: {{ .Values.global.priorityClassName }} - {{- end }} diff --git a/resources/istio/templates/job-namespace-label.yaml b/resources/istio/templates/job-namespace-label.yaml deleted file mode 100644 index 46bc24612efe..000000000000 --- a/resources/istio/templates/job-namespace-label.yaml +++ /dev/null @@ -1,40 +0,0 @@ ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: kyma-ns-label - annotations: - helm.sh/hook-delete-policy: "before-hook-creation, hook-succeeded" - helm.sh/hook: "pre-install,pre-upgrade" - helm.sh/hook-weight: "10" -spec: - backoffLimit: 1 - template: - metadata: - name: kyma-ns-label - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: kyma-ns-label - restartPolicy: Never - containers: - - name: kyma-ns-label - image: {{ .Values.kyma.labelJob.image }}:{{ .Values.kyma.labelJob.tag }} - terminationMessagePolicy: "FallbackToLogsOnError" - command: - - /bin/bash - - -c - - | - set -e - {{- range .Values.kyma.namespaces2Label }} - echo "---> Setting label to {{ . }}" - kubectl label namespace {{ . | quote }} "istio-injection=disabled" --overwrite - {{- end }} - env: - - name: HOME - value: /tmp - securityContext: -{{- toYaml .Values.kyma.securityContext | nindent 10 }} - {{- if .Values.global.priorityClassName }} - priorityClassName: {{ .Values.global.priorityClassName }} - {{- end }} diff --git a/resources/istio/templates/job-uninstall.yaml b/resources/istio/templates/job-uninstall.yaml deleted file mode 100644 index d34fb47fdbe9..000000000000 --- a/resources/istio/templates/job-uninstall.yaml +++ /dev/null @@ -1,45 +0,0 @@ ---- -apiVersion: batch/v1 -kind: Job -metadata: - annotations: - helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation" - helm.sh/hook: "pre-delete" - helm.sh/hook-weight: "10" - name: istio-uninstall-job -spec: - activeDeadlineSeconds: 1000 - backoffLimit: 3 - template: - spec: - containers: - - - command: - - bash - - "-c" - - | -{{.Files.Get "files/uninstall.sh" | printf "%s" | indent 16}} - image: {{ .Values.istio.installer.image }}:{{ .Values.istio.installer.tag }} - name: uninstaller - volumeMounts: - - name: config - mountPath: /opt/istio/config - readOnly: true - env: - - name: HOME - value: /tmp - - name: NAMESPACE - value: "{{ .Release.Namespace }}" - - name: CONFIGMAP_NAME - value: kyma-istio-operator-config - securityContext: -{{- toYaml .Values.kyma.securityContext | nindent 12 }} - volumes: - - name: config - configMap: - name: kyma-istio-operator-config - restartPolicy: Never - serviceAccountName: istio-job - {{- if .Values.global.priorityClassName }} - priorityClassName: {{ .Values.global.priorityClassName }} - {{- end }} diff --git a/resources/istio/templates/monitoring/grafana/dashboards/istio-mesh.yaml b/resources/istio/templates/monitoring/grafana/dashboards/istio-mesh.yaml deleted file mode 100644 index 6be21d014b8b..000000000000 --- a/resources/istio/templates/monitoring/grafana/dashboards/istio-mesh.yaml +++ /dev/null @@ -1,915 +0,0 @@ -{{- if (and .Values.monitoring.enabled .Values.monitoring.dashboards.enabled) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-mesh-grafana-dashboard - namespace: kyma-system - labels: - grafana_dashboard: "1" - app: monitoring-grafana -data: - istio-mesh-dashboard.json: |- - { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [ - { - "content": "
\n
\n Istio\n
\n
\n Istio is an open platform that provides a uniform way to connect,\n manage, and \n secure microservices.\n
\n Need help? Join the Istio community.\n
\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "height": "50px", - "id": 13, - "links": [], - "mode": "html", - "style": { - "font-size": "18pt" - }, - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\"}[1m])), 0.001)", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Global Request Volume", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "95, 99, 99.5", - "title": "Global Success Rate (non-5xx responses)", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 22, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"4.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "4xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 23, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"5.*\"}[1m])) ", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "5xxs", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 21, - "w": 24, - "x": 0, - "y": 9 - }, - "hideTimeOverride": false, - "id": 73, - "links": [], - "pageSize": null, - "repeat": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 4, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Workload dashboard", - "linkUrl": "/dashboard/db/istio-workload?var-namespace=$__cell_2&var-workload=$__cell_", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Requests", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "ops" - }, - { - "alias": "P50 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P90 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "P99 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #E", - "thresholds": [], - "type": "number", - "unit": "s" - }, - { - "alias": "Success Rate", - "colorMode": "cell", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #F", - "thresholds": [ - ".95", - " 1.00" - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload?var-workload=$__cell_2&var-namespace=$__cell_3", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "number", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_requests_total{reporter=\"destination\", response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload}}.{{"{{"}} destination_workload_namespace }}", - "refId": "A" - }, - { - "expr": "label_join((histogram_quantile(0.50, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload}}.{{"{{"}} destination_workload_namespace }}", - "refId": "B" - }, - { - "expr": "label_join((histogram_quantile(0.90, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }}", - "refId": "D" - }, - { - "expr": "label_join((histogram_quantile(0.99, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }}", - "refId": "E" - }, - { - "expr": "label_join((sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m])) by (destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }}", - "refId": "F" - } - ], - "timeFrom": null, - "title": "HTTP/GRPC Workloads", - "transform": "table", - "type": "table" - }, - { - "columns": [], - "datasource": "Prometheus", - "fontSize": "100%", - "gridPos": { - "h": 18, - "w": 24, - "x": 0, - "y": 30 - }, - "hideTimeOverride": false, - "id": 109, - "links": [], - "pageSize": null, - "repeatDirection": "v", - "scroll": true, - "showHeader": true, - "sort": { - "col": 2, - "desc": true - }, - "styles": [ - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-tcp-workload-dashboard?var-namespace=$__cell_2&&var-workload=$__cell", - "pattern": "destination_workload", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Bytes Sent", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [ - "" - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Bytes Received", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "Bps" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-workload?var-namespace=$__cell_3&var-workload=$__cell_2", - "pattern": "destination_workload_var", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "destination_workload_namespace", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Service", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "$__cell dashboard", - "linkUrl": "/dashboard/db/istio-service?var-service=$__cell", - "pattern": "destination_service", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}", - "refId": "C" - }, - { - "expr": "label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}", - "refId": "A" - } - ], - "timeFrom": null, - "title": "TCP Workloads", - "transform": "table", - "type": "table" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 48 - }, - "id": 111, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} component }}: {{"{{"}} tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 18, - "style": "dark", - "tags": [ - "service-mesh", - "kyma" - ], - "templating": { - "list": [] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio / Mesh", - "uid": "G8wLrJIZk", - "version": 5 - } -{{- end }} diff --git a/resources/istio/templates/monitoring/grafana/dashboards/istio-performance.yaml b/resources/istio/templates/monitoring/grafana/dashboards/istio-performance.yaml deleted file mode 100644 index 52d31151874c..000000000000 --- a/resources/istio/templates/monitoring/grafana/dashboards/istio-performance.yaml +++ /dev/null @@ -1,1837 +0,0 @@ -{{- if (and .Values.monitoring.enabled .Values.monitoring.dashboards.enabled) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-performance-grafana-dashboard - namespace: kyma-system - labels: - grafana_dashboard: "1" - app: monitoring-grafana -data: - istio-performance-dashboard.json: |- - { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": 9, - "links": [], - "panels": [ - { - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 21, - "panels": [ - { - "content": "The charts on this dashboard are intended to show Istio main components cost in terms resources utilization under steady load.\n\n- **vCPU/1k rps:** shows vCPU utilization by the main Istio components normalized by 1000 requests/second. When idle or low traffic, this chart will be blank. The curve for istio-proxy refers to the services sidecars only.\n- **vCPU:** vCPU utilization by Istio components, not normalized.\n- **Memory:** memory footprint for the components. Telemetry and policy are normalized by 1k rps, and no data is shown when there is no traffic. For ingress and istio-proxy, the data is per instance.\n- **Bytes transferred/ sec:** shows the number of bytes flowing through each Istio component.\n\n\n", - "gridPos": { - "h": 6, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 19, - "links": [], - "mode": "markdown", - "timeFrom": null, - "timeShift": null, - "title": "Performance Dashboard README", - "transparent": true, - "type": "text" - } - ], - "title": "Performance Dashboard Notes", - "type": "row" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 6, - "panels": [], - "title": "vCPU Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 2 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{pod=~\"istio-telemetry-.*\",container=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{pod=~\"istio-ingressgateway-.*\",container=\"istio-proxy\"}[1m])) / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m])), 0.001)/1000))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{namespace!=\"istio-system\",container=\"istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "(sum(irate(container_cpu_usage_seconds_total{pod=~\"istio-policy-.*\",container=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU / 1k rps", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 2 - }, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubelet\",pod=~\"istio-telemetry-.*\",container=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubelet\",pod=~\"istio-ingressgateway-.*\",container=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubelet\",namespace!=\"istio-system\",container=\"istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubelet\",pod=~\"istio-policy-.*\",container=~\"mixer|istio-proxy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 13, - "panels": [], - "title": "Memory and Data Rates", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 902, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(container_memory_usage_bytes{pod=~\"istio-telemetry-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry / 1k rps", - "refId": "A" - }, - { - "expr": "sum(container_memory_usage_bytes{pod=~\"istio-ingressgateway-.*\"}) / count(container_memory_usage_bytes{pod=~\"istio-ingressgateway-.*\",container!=\"POD\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(container_memory_usage_bytes{namespace!=\"istio-system\",container=\"istio-proxy\"}) / count(container_memory_usage_bytes{namespace!=\"istio-system\",container=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "per istio proxy", - "refId": "C" - }, - { - "expr": "(sum(container_memory_usage_bytes{pod=~\"istio-policy-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-policy / 1k rps", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 11, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-telemetry\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-telemetry\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-telemetry", - "refId": "A" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-ingressgateway", - "refId": "B" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_response_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio-proxy", - "refId": "C" - }, - { - "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-policy\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-policy\"}[1m]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "istio_policy", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Bytes transferred / sec", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 17, - "panels": [], - "title": "Istio Component Versions", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 20 - }, - "id": 15, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(istio_build) by (component, tag)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} component }}: {{"{{"}} tag }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Istio Components by Version", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 71, - "panels": [], - "title": "Proxy Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 32 - }, - "id": 72, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_usage_bytes{container=\"istio-proxy\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{"{{"}} container }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 32 - }, - "id": 73, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{container=\"istio-proxy\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 32 - }, - "id": 702, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_fs_usage_bytes{container=\"istio-proxy\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{"{{"}} container }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 39 - }, - "id": 69, - "panels": [], - "title": "Pilot Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 40 - }, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=\"istio-pilot\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=\"istio-pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=\"istio-pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=\"istio-pilot\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=\"istio-pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=\"istio-pilot\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=\"istio-pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{"{{"}} container }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 40 - }, - "id": 602, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}[1m])) by (container)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{"{{"}} container }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=\"istio-pilot\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "pilot (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 40 - }, - "id": 74, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=\"istio-pilot\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{container=~\"discovery|istio-proxy\", pod=~\"istio-pilot-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{"{{"}} container }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 40 - }, - "id": 402, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"istio-pilot\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 47 - }, - "id": 93, - "panels": [], - "title": "Mixer Resource Usage", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 48 - }, - "id": 94, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "Virtual Memory", - "refId": "I", - "step": 2 - }, - { - "expr": "process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Memory", - "refId": "H", - "step": 2 - }, - { - "expr": "go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap sys", - "refId": "A" - }, - { - "expr": "go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "heap alloc", - "refId": "D" - }, - { - "expr": "go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Alloc", - "refId": "F", - "step": 2 - }, - { - "expr": "go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Heap in-use", - "refId": "E", - "step": 2 - }, - { - "expr": "go_memstats_stack_inuse_bytes{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Stack in-use", - "refId": "G", - "step": 2 - }, - { - "expr": "sum(container_memory_usage_bytes{container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "C", - "step": 2 - }, - { - "expr": "container_memory_usage_bytes{container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{"{{"}} container }} (k8s)", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 48 - }, - "id": 95, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Total (k8s)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}[1m])) by (container)", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{"{{"}} container }} (k8s)", - "refId": "B", - "step": 2 - }, - { - "expr": "irate(process_cpu_seconds_total{job=~\"istio-policy|istio-telemetry\"}[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "mixer (self-reported)", - "refId": "C", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "vCPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 48 - }, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_open_fds{job=~\"istio-policy|istio-telemetry\"}", - "format": "time_series", - "hide": true, - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open FDs (pilot)", - "refId": "A" - }, - { - "expr": "container_fs_usage_bytes{ container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{"{{"}} container }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "none", - "label": "", - "logBase": 1024, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 48 - }, - "id": 97, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"istio-telemetry\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Number of Goroutines", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 18, - "style": "dark", - "tags": [ - "service-mesh", - "kyma" - ], - "templating": { - "list": [] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio / Performance", - "uid": "vu8e0VWZk", - "version": 22 - } -{{- end }} diff --git a/resources/istio/templates/monitoring/grafana/dashboards/istio-service.yaml b/resources/istio/templates/monitoring/grafana/dashboards/istio-service.yaml deleted file mode 100644 index c9f01e7f34f4..000000000000 --- a/resources/istio/templates/monitoring/grafana/dashboards/istio-service.yaml +++ /dev/null @@ -1,2616 +0,0 @@ -{{- if (and .Values.monitoring.enabled .Values.monitoring.dashboards.enabled) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-service-grafana-dashboard - namespace: kyma-system - labels: - grafana_dashboard: "1" - app: monitoring-grafana -data: - istio-service-dashboard.json: |- - { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "iteration": 1536442501501, - "links": [], - "panels": [ - { - "content": "
\nSERVICE: $service\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Client Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Client Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Client Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Received Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 7 - }, - "id": 97, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Server Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 7 - }, - "id": 98, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Server Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 7 - }, - "id": 99, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Server Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 7 - }, - "id": 100, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m])) ", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Sent Bytes", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nCLIENT WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"source\",source_workload=~\"$srcwl\",source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} source_workload }}.{{"{{"}} source_workload_namespace }} : {{"{{"}} response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"source\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} source_workload }}.{{"{{"}} source_workload_namespace }} : {{"{{"}} response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} source_workload }}.{{"{{"}} source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} source_workload }}.{{"{{"}} source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} source_workload }}.{{"{{"}} source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} source_workload }}.{{"{{"}} source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} source_workload }}.{{"{{"}} source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} source_workload }}.{{"{{"}} source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "
\nSERVICE WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 90, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"destination\",destination_workload=~\"$dstwl\",destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} : {{"{{"}} response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"destination\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} : {{"{{"}} response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 91, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 94, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 95, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 96, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 92, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}} destination_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 93, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}}destination_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_workload }}.{{"{{"}}destination_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [ - "service-mesh", - "kyma" - ], - "templating": { - "list": [ - { - "allValue": null, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Service", - "multi": false, - "name": "service", - "options": [], - "query": "label_values(destination_service)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Client Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload Namespace", - "multi": true, - "name": "dstns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Service Workload", - "multi": true, - "name": "dstwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio / Service", - "uid": "LJ_uJAvmk", - "version": 1 - } -{{- end }} diff --git a/resources/istio/templates/monitoring/grafana/dashboards/istio-workload.yaml b/resources/istio/templates/monitoring/grafana/dashboards/istio-workload.yaml deleted file mode 100644 index 8fd38ee004d3..000000000000 --- a/resources/istio/templates/monitoring/grafana/dashboards/istio-workload.yaml +++ /dev/null @@ -1,2318 +0,0 @@ -{{- if (and .Values.monitoring.enabled .Values.monitoring.dashboards.enabled) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-workload-grafana-dashboard - namespace: kyma-system - labels: - grafana_dashboard: "1" - app: monitoring-grafana -data: - istio-workload-dashboard.json: |- - { - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.4" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "text", - "name": "Text", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1531345461465, - "links": [], - "panels": [ - { - "content": "
\nWORKLOAD: $workload.$namespace\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 89, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "Prometheus", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 0, - "y": 3 - }, - "id": 12, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Incoming Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 8, - "y": 3 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "B" - } - ], - "thresholds": "95, 99, 99.5", - "title": "Incoming Success Rate (non-5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 4, - "w": 8, - "x": 16, - "y": 3 - }, - "id": 87, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "P50", - "refId": "A" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P90", - "refId": "B" - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "P99", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Request Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 84, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Server Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "Bps", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 12, - "y": 7 - }, - "id": 85, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "TCP Client Traffic", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "content": "
\nINBOUND WORKLOADS\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 45, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 25, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} source_workload }}.{{"{{"}} source_workload_namespace }} : {{"{{"}} response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} source_workload }}.{{"{{"}} source_workload_namespace }} : {{"{{"}} response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Requests by Source And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 26, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} source_workload }}.{{"{{"}} source_workload_namespace }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} source_workload }}.{{"{{"}} source_workload_namespace }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Success Rate (non-5xx responses) By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 20 - }, - "id": 27, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Duration by Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 20 - }, - "id": 28, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Incoming Request Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 20 - }, - "id": 68, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}source_workload}}.{{"{{"}}source_workload_namespace}} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Source", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 80, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} source_workload }}.{{"{{"}} source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} source_workload }}.{{"{{"}} source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} source_workload }}.{{"{{"}} source_workload_namespace}} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} source_workload }}.{{"{{"}} source_workload_namespace}}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent to Incoming TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "content": "
\nOUTBOUND SERVICES\n
", - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 69, - "links": [], - "mode": "html", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 35 - }, - "id": 70, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} : {{"{{"}} response_code }} (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} : {{"{{"}} response_code }}", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Requests by Destination And Response Code", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 35 - }, - "id": 71, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}}destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Success Rate (non-5xx responses) By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.01", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 41 - }, - "id": 72, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Duration by Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 41 - }, - "id": 73, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Outgoing Request Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 41 - }, - "id": 74, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P50 (🔐mTLS)", - "refId": "D", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P90 (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P95 (🔐mTLS)", - "refId": "B", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P99 (🔐mTLS)", - "refId": "C", - "step": 2 - }, - { - "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P50", - "refId": "E", - "step": 2 - }, - { - "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P90", - "refId": "F", - "step": 2 - }, - { - "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P95", - "refId": "G", - "step": 2 - }, - { - "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} P99", - "refId": "H", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Response Size By Destination", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 47 - }, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Sent on Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 47 - }, - "id": 78, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }} (🔐mTLS)", - "refId": "A", - "step": 2 - }, - { - "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{"{{"}} destination_service }}", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Bytes Received from Outgoing TCP Connection", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [ - "service-mesh", - "kyma" - ], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [], - "query": "query_result(sum(istio_requests_total) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))", - "refresh": 1, - "regex": "/.*_namespace=\"([^\"]*).*/", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Workload", - "multi": false, - "name": "workload", - "options": [], - "query": "query_result((sum(istio_requests_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload Namespace", - "multi": true, - "name": "srcns", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace))", - "refresh": 1, - "regex": "/.*namespace=\"([^\"]*).*/", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Inbound Workload", - "multi": true, - "name": "srcwl", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", - "refresh": 1, - "regex": "/.*workload=\"([^\"]*).*/", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Destination Service", - "multi": true, - "name": "dstsvc", - "options": [], - "query": "query_result( sum(istio_requests_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service))", - "refresh": 1, - "regex": "/.*destination_service=\"([^\"]*).*/", - "sort": 4, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "Istio / Workload", - "uid": "UbsSZTDik", - "version": 1 - } -{{- end }} diff --git a/resources/istio/templates/monitoring/service-monitor.yaml b/resources/istio/templates/monitoring/service-monitor.yaml deleted file mode 100644 index 744530cef588..000000000000 --- a/resources/istio/templates/monitoring/service-monitor.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if (and .Values.monitoring.enabled .Values.monitoring.istioServiceMonitor.enabled) }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - annotations: - meta.helm.sh/release-name: {{ $.Release.Name | quote }} - meta.helm.sh/release-namespace: {{ .Release.Namespace }} - name: istio-component-monitor - namespace: {{ .Release.Namespace }} - labels: - app: {{ $.Release.Name }} - app.kubernetes.io/instance: {{ $.Release.Name }} - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: istio-component-monitor - helm.sh/chart: {{ .Chart.AppVersion }} - prometheus: monitoring -spec: - jobLabel: istio - targetLabels: [app] - selector: - matchExpressions: - - {key: istio, operator: In, values: [pilot]} - namespaceSelector: - matchNames: - - istio-system - endpoints: - - port: http-monitoring - {{- if .Values.monitoring.istioServiceMonitor.scrapeInterval }} - interval: {{ .Values.monitoring.istioServiceMonitor.scrapeInterval }} - {{- end }} -{{- end }} diff --git a/resources/istio/templates/rbac-install.yaml b/resources/istio/templates/rbac-install.yaml deleted file mode 100644 index bceb22bbb3d1..000000000000 --- a/resources/istio/templates/rbac-install.yaml +++ /dev/null @@ -1,157 +0,0 @@ -kind: ServiceAccount -apiVersion: v1 -metadata: - name: istio-job - namespace: {{ .Release.Namespace }} - annotations: - helm.sh/hook-delete-policy: "before-hook-creation" - helm.sh/hook: "post-install,post-upgrade" - helm.sh/hook-weight: "0" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - helm.sh/hook-delete-policy: "before-hook-creation" - helm.sh/hook: "post-install,post-upgrade" - helm.sh/hook-weight: "0" - name: istio-job -rules: -# istio groups -- apiGroups: - - authentication.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - config.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - install.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - networking.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - rbac.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - security.istio.io - resources: - - '*' - verbs: - - '*' -# k8s groups -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - '*' -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions.apiextensions.k8s.io - - customresourcedefinitions - verbs: - - '*' -- apiGroups: - - apps - - extensions - resources: - - daemonsets - - deployments - - deployments/finalizers - - deployments/scale - - ingresses - - replicasets - - statefulsets - verbs: - - '*' -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - '*' -- apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - '*' -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - roles - - rolebindings - verbs: - - '*' -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - namespaces - - pods - - persistentvolumeclaims - - secrets - - services - - serviceaccounts - - replicationcontrollers - verbs: - - '*' -- apiGroups: - - "*" - resources: - - "*" - verbs: - - "list" -{{- if .Values.kyma.podSecurityPolicy.enabled }} -- apiGroups: ["extensions","policy"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - {{ template "istio.fullname" . }} -{{- end }} ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: istio-job - annotations: - helm.sh/hook-delete-policy: "before-hook-creation" - helm.sh/hook: "post-install,post-upgrade" - helm.sh/hook-weight: "0" -subjects: -- kind: ServiceAccount - name: istio-job - namespace: {{.Release.Namespace}} -roleRef: - kind: ClusterRole - name: istio-job - apiGroup: rbac.authorization.k8s.io diff --git a/resources/istio/templates/rbac-namespace-label.yaml b/resources/istio/templates/rbac-namespace-label.yaml deleted file mode 100644 index 2bd71f685cba..000000000000 --- a/resources/istio/templates/rbac-namespace-label.yaml +++ /dev/null @@ -1,48 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kyma-ns-label - annotations: - helm.sh/hook: "pre-install,pre-upgrade" - helm.sh/hook-weight: "0" - helm.sh/hook-delete-policy: "before-hook-creation" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kyma-ns-label - annotations: - helm.sh/hook: "pre-install,pre-upgrade" - helm.sh/hook-weight: "0" - helm.sh/hook-delete-policy: "before-hook-creation" -rules: -- apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "watch", "patch"] - resourceNames: -{{ .Values.kyma.namespaces2Label | toYaml | trim | indent 4 }} -{{- if .Values.kyma.podSecurityPolicy.enabled }} -- apiGroups: ["extensions","policy"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - {{ template "istio.fullname" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kyma-ns-label - annotations: - helm.sh/hook: "pre-install,pre-upgrade" - helm.sh/hook-weight: "0" - helm.sh/hook-delete-policy: "before-hook-creation" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kyma-ns-label -subjects: -- kind: ServiceAccount - name: kyma-ns-label - namespace: istio-system diff --git a/resources/istio/templates/tests/istio-kyma-validate-rbac.yaml b/resources/istio/templates/tests/istio-kyma-validate-rbac.yaml deleted file mode 100644 index 206407451f4d..000000000000 --- a/resources/istio/templates/tests/istio-kyma-validate-rbac.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ .Chart.Name }}-kyma-validate -rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list"] - - apiGroups: ["extensions", "apps"] - resources: ["deployments"] - verbs: ["get", "list"] - - apiGroups: ["security.istio.io"] - resources: ["peerauthentications"] - verbs: ["get", "list"] - - apiGroups: ["install.istio.io"] - resources: ["istiooperators"] - verbs: ["get", "list"] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Chart.Name }}-kyma-validate ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Chart.Name }}-kyma-validate -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ .Chart.Name }}-kyma-validate -subjects: - - kind: ServiceAccount - name: {{ .Chart.Name }}-kyma-validate - namespace: istio-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-kyma-validate -rules: - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-kyma-validate -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-kyma-validate -subjects: - - kind: ServiceAccount - name: istio-kyma-validate - namespace: istio-system \ No newline at end of file diff --git a/resources/istio/templates/tests/istio-kyma-validate.yaml b/resources/istio/templates/tests/istio-kyma-validate.yaml deleted file mode 100644 index 67c4de115d66..000000000000 --- a/resources/istio/templates/tests/istio-kyma-validate.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "testing.kyma-project.io/v1alpha1" }} -{{- if .Values.test.istio_kyma_validate.enabled }} -apiVersion: "testing.kyma-project.io/v1alpha1" -kind: TestDefinition -metadata: - name: {{ .Chart.Name }}-kyma-validate - labels: - app: {{ .Chart.Name }}-kyma-validate - app.kubernetes.io/name: {{ .Chart.Name }}-kyma-validate - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - {{- range $key, $val := .Values.test.istio_kyma_validate.labels }} - kyma-project.io/test.{{ $key }}: {{ $val | quote }} - {{- end }} -spec: - template: - metadata: - labels: - app: {{ .Chart.Name }}-kyma-validate - spec: - serviceAccountName: {{ .Chart.Name }}-kyma-validate - containers: - - name: tests - image: {{ .Values.test.istio_kyma_validate.image }}:{{ .Values.test.istio_kyma_validate.tag }} - imagePullPolicy: Always - command: - - /bin/bash - - -c - - | -{{.Files.Get "files/istio-kyma-validate-test.sh" | printf "%s" | indent 16}} - env: - - name: CONFIG_DIR - value: /etc/config - - name: REQUIRED_ISTIO_VERSION - value: {{ .Chart.Version }} - securityContext: -{{- toYaml .Values.test.securityContext | nindent 12 }} - restartPolicy: Never - {{- end }} - {{- end }} diff --git a/resources/istio/values.yaml b/resources/istio/values.yaml deleted file mode 100644 index db5d39fed1f2..000000000000 --- a/resources/istio/values.yaml +++ /dev/null @@ -1,64 +0,0 @@ ---- -global: - isLocalEnv: false - tracing: - enabled: true - zipkinAddress: "zipkin.kyma-system:9411" - -kyma: - namespaces2Label: - - istio-system - - kube-system - labelJob: - image: eu.gcr.io/kyma-project/tpi/k8s-tools - tag: "20210922-530cfc39" - proxyResetJob: - commonIstioProxyImagePrefix: "eu.gcr.io/kyma-project/external/istio/proxyv2" - retriesCount: 5 - dryRun: false - sleepAfterPodDeleted: 1 - exitCode: 0 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - podSecurityPolicy: - enabled: true - -istio: - installer: - image: eu.gcr.io/kyma-project/istio-installer - tag: fe9f5885 - securityContext: - runAsUser: 65534 - runAsNonRoot: true - runAsGroup: 65534 - -monitoring: - enabled: true - dashboards: - enabled: true - istioServiceMonitor: - enabled: true - scrapeInterval: "" - -test: - istio_kyma_validate: - image: eu.gcr.io/kyma-project/tpi/k8s-tools - tag: "20210922-530cfc39" - enabled: true - labels: - integration: true - after-upgrade: true - securityContext: - runAsUser: 65534 - runAsNonRoot: true - runAsGroup: 65534 - -istio_operator_cluster_file: istio-operator-cluster.yaml -istio_operator_minikube_file: istio-operator-minikube.yaml diff --git a/resources/kiali/templates/kyma-additions/auth-proxy-deployment.yaml b/resources/kiali/templates/kyma-additions/auth-proxy-deployment.yaml index b94d6ce0b78f..15107632578d 100644 --- a/resources/kiali/templates/kyma-additions/auth-proxy-deployment.yaml +++ b/resources/kiali/templates/kyma-additions/auth-proxy-deployment.yaml @@ -18,13 +18,6 @@ spec: annotations: checksum/config: {{ tpl (toYaml .Values.authProxy) . | sha256sum }} spec: - {{- if .Values.global.isLocalEnv }} - hostNetwork: true #only for minikube - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "dex.{{ .Values.global.domainName }}" - {{- end }} {{- if .Values.authProxy.nodeSelector }} nodeSelector: {{ toYaml .Values.authProxy.nodeSelector | indent 8 }} diff --git a/resources/kiali/templates/tests/test.yaml b/resources/kiali/templates/tests/test.yaml index 4b5228ec524a..7995d7dc38a6 100644 --- a/resources/kiali/templates/tests/test.yaml +++ b/resources/kiali/templates/tests/test.yaml @@ -19,12 +19,6 @@ spec: annotations: sidecar.istio.io/inject: "false" spec: -{{ if .Values.global.isLocalEnv }} - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "kiali.{{ .Values.global.domainName }}" -{{ end }} restartPolicy: Never containers: - name: tests diff --git a/resources/kiali/values.yaml b/resources/kiali/values.yaml index 63520bf96608..051eee62b0c3 100644 --- a/resources/kiali/values.yaml +++ b/resources/kiali/values.yaml @@ -8,7 +8,6 @@ tests: after-upgrade: true global: - isLocalEnv: false istio: gateway: name: kyma-gateway diff --git a/resources/logging/templates/tests/test.yaml b/resources/logging/templates/tests/test.yaml index 2e49945010ca..07e05c608926 100644 --- a/resources/logging/templates/tests/test.yaml +++ b/resources/logging/templates/tests/test.yaml @@ -24,14 +24,6 @@ spec: sidecar.istio.io/inject: "false" spec: serviceAccountName: {{ .Chart.Name }}-tests - {{ if .Values.global.isLocalEnv }} - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "oauth2.{{ .Values.global.domainName }}" - - "dex.{{ .Values.global.domainName }}" - - "loki.{{ .Values.global.domainName }}" - {{ end }} restartPolicy: Never containers: - name: tests diff --git a/resources/monitoring/charts/grafana/templates/kyma-additions/auth-proxy-deployment.yaml b/resources/monitoring/charts/grafana/templates/kyma-additions/auth-proxy-deployment.yaml index fe49bff108fd..183338e8aa3f 100644 --- a/resources/monitoring/charts/grafana/templates/kyma-additions/auth-proxy-deployment.yaml +++ b/resources/monitoring/charts/grafana/templates/kyma-additions/auth-proxy-deployment.yaml @@ -23,13 +23,6 @@ spec: annotations: checksum/config: {{ tpl (toYaml .Values.authProxy) . | sha256sum }} spec: - {{- if .Values.global.isLocalEnv }} - hostNetwork: true #only for minikube - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "dex.{{ .Values.global.domainName }}" - {{- end }} {{- if .Values.kyma.authProxy.nodeSelector }} nodeSelector: {{ toYaml .Values.kyma.authProxy.nodeSelector | indent 8 }} diff --git a/resources/monitoring/values.yaml b/resources/monitoring/values.yaml index f84858efa4f9..b60f57ee7e11 100644 --- a/resources/monitoring/values.yaml +++ b/resources/monitoring/values.yaml @@ -1,5 +1,4 @@ global: - isLocalEnv: false containerRegistry: path: eu.gcr.io/kyma-project istio: diff --git a/resources/ory/templates/hpa.yaml b/resources/ory/templates/hpa.yaml index 51b130ad85ab..8c342027b42e 100644 --- a/resources/ory/templates/hpa.yaml +++ b/resources/ory/templates/hpa.yaml @@ -1,4 +1,4 @@ -{{- if and (not .Values.global.isLocalEnv) (.Capabilities.APIVersions.Has "autoscaling/v2beta1") }} +{{- if .Capabilities.APIVersions.Has "autoscaling/v2beta1" }} {{- if .Values.hpa.oathkeeper.enabled }} --- apiVersion: autoscaling/v2beta1 diff --git a/resources/permission-controller/.helmignore b/resources/permission-controller/.helmignore deleted file mode 100644 index f0c131944441..000000000000 --- a/resources/permission-controller/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/resources/permission-controller/Chart.yaml b/resources/permission-controller/Chart.yaml deleted file mode 100644 index db2f7e269d29..000000000000 --- a/resources/permission-controller/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: Kyma component 'permission-controller' -name: permission-controller -version: 1.0.0 -home: https://kyma-project.io -icon: https://github.com/kyma-project/kyma/blob/main/logo.png?raw=true diff --git a/resources/permission-controller/README.md b/resources/permission-controller/README.md deleted file mode 100644 index 0e023d8bdbf4..000000000000 --- a/resources/permission-controller/README.md +++ /dev/null @@ -1,14 +0,0 @@ -# Permission Controller - -## Introduction -This chart bootstraps a Permission Controller deployment on a Kubernetes cluster. - -## Overview -The Permission Controller listens for new Namespaces and creates a RoleBinding for the users of the specified group to the **kyma-admin** role within these Namespaces. The Controller uses a blocking mechanism which defines the Namespaces in which the users of the defined group are not assigned the **kyma-admin** role. When the Controller is deployed in a cluster, it checks all existing Namespaces and assigns the roles accordingly. - -## Installation -Being an integral part of Kyma, permission-controller is available by default in both cluster and local environments. As with the remaining Kyma components, permission-controller is installed using [Helm](https://helm.sh). - -## Configuration - -See [this](https://kyma-project.io/docs/components/security/) document to learn how to configure the controller. diff --git a/resources/permission-controller/templates/_helpers.tpl b/resources/permission-controller/templates/_helpers.tpl deleted file mode 100644 index 48e64bd63001..000000000000 --- a/resources/permission-controller/templates/_helpers.tpl +++ /dev/null @@ -1,54 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "namespace-permission-controller.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "namespace-permission-controller.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "namespace-permission-controller.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "namespace-permission-controller.labels" -}} -app.kubernetes.io/name: {{ include "namespace-permission-controller.name" . }} -helm.sh/chart: {{ include "namespace-permission-controller.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -List of namespaces to be excluded -*/}} -{{- define "namespace-permission-controller.excludelist" -}} -{{- range $i:= .Values.config.namespaceExcludeList -}} -{{ printf "%s, " $i -}} -{{- end }} -{{- end -}} diff --git a/resources/permission-controller/templates/deployment.yaml b/resources/permission-controller/templates/deployment.yaml deleted file mode 100644 index e9060a275418..000000000000 --- a/resources/permission-controller/templates/deployment.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "namespace-permission-controller.fullname" . }} - labels: - kyma-project.io/component: controller -{{ include "namespace-permission-controller.labels" . | indent 4 }} -spec: - replicas: {{ .Values.deployment.replicaCount }} - revisionHistoryLimit: 10 - selector: - matchLabels: - app: {{ include "namespace-permission-controller.name" . }} - release: {{ .Release.Name }} - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - labels: - app: {{ include "namespace-permission-controller.name" . }} - release: {{ .Release.Name }} - kyma-project.io/component: controller - spec: - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - /manager - args: - - --metrics-addr=127.0.0.1:8080 - - --static-connector={{ .Values.config.enableStaticUser }} - {{- with .Values.config.namespaceExcludeList }} - - --excluded-namespaces={{ . | join ", " }} - {{ end }} - - --subject-groups={{ .Values.global.kymaRuntime.namespaceAdminGroup }} - resources: -{{ toYaml .Values.deployment.resources | indent 12 }} - securityContext: -{{ toYaml .Values.deployment.securityContext | indent 12 }} - serviceAccountName: {{ include "namespace-permission-controller.name" . }}-account - nodeSelector: - {{- with .Values.deployment.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.global.priorityClassName }} - priorityClassName: {{ .Values.global.priorityClassName }} - {{- end }} - {{- with .Values.deployment.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.deployment.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/resources/permission-controller/templates/psp.yaml b/resources/permission-controller/templates/psp.yaml deleted file mode 100644 index cc3eea599fe3..000000000000 --- a/resources/permission-controller/templates/psp.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.podSecurityPolicy.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "namespace-permission-controller.fullname" . }} - labels: - release: {{ .Release.Name }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/name: {{ template "namespace-permission-controller.fullname" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - allowPrivilegeEscalation: false - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - seLinux: - rule: 'RunAsAny' - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - runAsUser: - rule: 'MustRunAsNonRoot' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 -{{- end }} \ No newline at end of file diff --git a/resources/permission-controller/templates/rbac.yaml b/resources/permission-controller/templates/rbac.yaml deleted file mode 100644 index 029b19a16b1c..000000000000 --- a/resources/permission-controller/templates/rbac.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "namespace-permission-controller.name" . }}-account - namespace: {{ .Release.Namespace }} ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "namespace-permission-controller.name" . }}-role-binding - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: {{ include "namespace-permission-controller.name" . }}-account - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kyma-admin \ No newline at end of file diff --git a/resources/permission-controller/values.yaml b/resources/permission-controller/values.yaml deleted file mode 100644 index 5d44f224b67a..000000000000 --- a/resources/permission-controller/values.yaml +++ /dev/null @@ -1,47 +0,0 @@ -image: - repository: eu.gcr.io/kyma-project/permission-controller - tag: "a47d438f" - pullPolicy: IfNotPresent - -deployment: - replicaCount: 1 - resources: - limits: - cpu: 100m - memory: 96Mi - requests: - cpu: 10m - memory: 16Mi - nodeSelector: {} - tolerations: [] - affinity: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - -podSecurityPolicy: - enabled: true - -global: - kymaRuntime: - namespaceAdminGroup: "runtimeNamespaceAdmin" - -config: - enableStaticUser: "true" - namespaceExcludeList: - - istio-system - - kube-node-lease - - kube-public - - kube-system - - kyma-installer - - kyma-integration - - kyma-system - - natss - - compass-system diff --git a/resources/rafter/charts/controller-manager/templates/deployment.yaml b/resources/rafter/charts/controller-manager/templates/deployment.yaml index 89f31cf8ae21..407bcdccd14f 100644 --- a/resources/rafter/charts/controller-manager/templates/deployment.yaml +++ b/resources/rafter/charts/controller-manager/templates/deployment.yaml @@ -57,14 +57,6 @@ spec: {{- if .Values.pod.extraProperties }} {{ include "rafter.tplValue" ( dict "value" .Values.pod.extraProperties "context" . ) | nindent 6 }} {{- end }} - # MODIFIED: Block - START - {{ if .Values.global.isLocalEnv }} - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "storage.{{ .Values.global.domainName }}" - {{ end }} - # MODIFIED: Block - END containers: - name: {{ include "rafter.name" . }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/resources/rafter/templates/tests/test.yaml b/resources/rafter/templates/tests/test.yaml index fb6957cbc26f..bda9c96ce95d 100644 --- a/resources/rafter/templates/tests/test.yaml +++ b/resources/rafter/templates/tests/test.yaml @@ -20,12 +20,6 @@ spec: annotations: sidecar.istio.io/inject: "true" spec: - {{ if .Values.global.isLocalEnv }} - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "storage.{{ .Values.global.domainName }}" - {{ end }} securityContext: runAsNonRoot: true runAsUser: 1000 diff --git a/resources/service-catalog/values.yaml b/resources/service-catalog/values.yaml index 175a7c980c1e..855d6f3b02e8 100644 --- a/resources/service-catalog/values.yaml +++ b/resources/service-catalog/values.yaml @@ -1,5 +1,4 @@ global: - isLocalEnv: false containerRegistry: path: eu.gcr.io/kyma-project istio: diff --git a/resources/tracing/templates/kyma-additions/auth-proxy-deployment.yaml b/resources/tracing/templates/kyma-additions/auth-proxy-deployment.yaml index 1e0f4c5ac2e1..9e1843235682 100644 --- a/resources/tracing/templates/kyma-additions/auth-proxy-deployment.yaml +++ b/resources/tracing/templates/kyma-additions/auth-proxy-deployment.yaml @@ -19,13 +19,6 @@ spec: annotations: checksum/config: {{ tpl (toYaml .Values.authProxy) . | sha256sum }} spec: - {{- if .Values.global.isLocalEnv }} - hostNetwork: true #only for minikube - hostAliases: - - ip: {{ .Values.global.minikubeIP }} - hostnames: - - "dex.{{ .Values.global.domainName }}" - {{- end }} {{- if .Values.authProxy.nodeSelector }} nodeSelector: {{ toYaml .Values.authProxy.nodeSelector | indent 8 }} diff --git a/resources/tracing/values.yaml b/resources/tracing/values.yaml index 85b1c2d08b5b..52b5fa97e9c0 100644 --- a/resources/tracing/values.yaml +++ b/resources/tracing/values.yaml @@ -106,7 +106,6 @@ serviceAccount: name: global: - isLocalEnv: false istio: gateway: name: kyma-gateway diff --git a/resources/uaa-activator/.helmignore b/resources/uaa-activator/.helmignore deleted file mode 100644 index 50af03172541..000000000000 --- a/resources/uaa-activator/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/resources/uaa-activator/Chart.yaml b/resources/uaa-activator/Chart.yaml deleted file mode 100644 index 77c7d21cca9b..000000000000 --- a/resources/uaa-activator/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: Kyma component 'uaa-activator' -name: uaa-activator -version: 1.0.0 -home: https://kyma-project.io -icon: https://github.com/kyma-project/kyma/blob/main/logo.png?raw=true diff --git a/resources/uaa-activator/README.md b/resources/uaa-activator/README.md deleted file mode 100644 index 14c7b0c3ff72..000000000000 --- a/resources/uaa-activator/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# UAA Activator - -## Overview - -The UAA Activator is a solution that allows you to manage application authorization and trust to identity providers in a Kyma cluster. For more information, read [this](../../components/uaa-activator/README.md) document. diff --git a/resources/uaa-activator/templates/_helpers.tpl b/resources/uaa-activator/templates/_helpers.tpl deleted file mode 100644 index 615454ea6690..000000000000 --- a/resources/uaa-activator/templates/_helpers.tpl +++ /dev/null @@ -1,52 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "uaa-activator.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "uaa-activator.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "uaa-activator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "uaa-activator.labels" -}} -helm.sh/chart: {{ include "uaa-activator.chart" . }} -{{ include "uaa-activator.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Selector labels -*/}} -{{- define "uaa-activator.selectorLabels" -}} -app.kubernetes.io/name: {{ include "uaa-activator.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} diff --git a/resources/uaa-activator/templates/job.yaml b/resources/uaa-activator/templates/job.yaml deleted file mode 100644 index 9b1995e57821..000000000000 --- a/resources/uaa-activator/templates/job.yaml +++ /dev/null @@ -1,71 +0,0 @@ -# use job to have a backoff limit for retires (totally new pod will be created) -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "uaa-activator.fullname" . }} - labels: - {{- include "uaa-activator.labels" . | nindent 4 }} - annotations: - # Using post-install hook as Helm is not waiting for Jobs to be completed when they are part of the release - # https://github.com/helm/helm/blob/dev-v2/cmd/helm/install.go#L218 - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-weight: "1" - helm.sh/hook-delete-policy: before-hook-creation -spec: - backoffLimit: {{ .Values.job.backoffLimit }} - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - labels: - {{- include "uaa-activator.labels" . | nindent 8 }} - spec: - restartPolicy: Never - serviceAccountName: {{ include "uaa-activator.fullname" . }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.registryPath }}/uaa-activator:{{ .Values.image.version }}" - env: - - name: CLUSTER_DOMAIN_NAME - value: {{ .Values.global.domainName }} - - - name: UAA_IS_UPGRADE - value: "{{ .Release.IsUpgrade }}" - - name: UAA_DEVELOPER_GROUP - value: {{ .Values.global.kymaRuntime.developerGroup }} - - name: UAA_DEVELOPER_ROLE - value: {{ .Values.global.role.developer }} - - name: UAA_NAMESPACE_ADMIN_GROUP - value: {{ .Values.global.kymaRuntime.namespaceAdminGroup }} - - name: UAA_NAMESPACE_ADMIN_ROLE - value: {{ .Values.global.role.namespaceAdmin }} - - name: UAA_SERVICE_INSTANCE_NAMESPACE - value: "{{ .Release.Namespace }}" - - name: UAA_SERVICE_INSTANCE_NAME - value: "uaa-issuer" - - name: UAA_SERVICEBINDING_NAMESPACE - value: "{{ .Release.Namespace }}" - - name: UAA_SERVICEBINDING_NAME - value: "uaa-issuer-secret" - - - name: DEX_CONFIG_MAP_NAMESPACE - value: "{{ .Release.Namespace }}" - - name: DEX_CONFIG_MAP_NAME - value: "dex-config" - - name: DEX_DEPLOYMENT_NAMESPACE - value: "{{ .Release.Namespace }}" - - name: DEX_DEPLOYMENT_NAME - value: "dex" - - - name: GLOBAL_REPEAT_INTERVAL - value: "5s" - - name: GLOBAL_REPEAT_TIMEOUT - value: "5m" - imagePullPolicy: {{ .Values.image.pullPolicy }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- if .Values.global.priorityClassName }} - priorityClassName: {{ .Values.global.priorityClassName }} - {{- end }} diff --git a/resources/uaa-activator/templates/rbac.yaml b/resources/uaa-activator/templates/rbac.yaml deleted file mode 100644 index ca69bd4577dc..000000000000 --- a/resources/uaa-activator/templates/rbac.yaml +++ /dev/null @@ -1,46 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "uaa-activator.fullname" . }} - labels: - {{- include "uaa-activator.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["secrets", "configmaps"] - verbs: ["get", "create", "update"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["clusterserviceclasses", "clusterserviceplans"] - verbs: ["get"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["serviceinstances", "servicebindings"] - verbs: ["get", "create", "update", "delete" ] - - apiGroups: ["apps"] - resources: ["replicasets"] - verbs: ["list"] - - apiGroups: ["apps"] - resources: ["deployments"] - verbs: ["get", "update"] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "uaa-activator.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "uaa-activator.labels" . | nindent 4 }} - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "uaa-activator.fullname" . }} - labels: - {{- include "uaa-activator.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ include "uaa-activator.fullname" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "uaa-activator.fullname" . }} diff --git a/resources/uaa-activator/values.yaml b/resources/uaa-activator/values.yaml deleted file mode 100644 index 8929ff32aefc..000000000000 --- a/resources/uaa-activator/values.yaml +++ /dev/null @@ -1,45 +0,0 @@ -job: - backoffLimit: 3 - -# BE AWARE: Those values need to remain the same as those defined in `cluster-users/values.yaml` -global: - kymaRuntime: - developerGroup: runtimeDeveloper - namespaceAdminGroup: runtimeNamespaceAdmin - role: - developer: KymaRuntimeNamespaceDeveloper - namespaceAdmin: KymaRuntimeNamespaceAdmin - -image: - registryPath: eu.gcr.io/kyma-project - pullPolicy: IfNotPresent - version: "96c3c891" - -initJobs: - secret: - image: - registryPath: eu.gcr.io/kyma-project/incubator/develop - tag: "20210208-080d17ad" - -nameOverride: "" -fullnameOverride: "" - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi diff --git a/resources/xip-patch/Chart.yaml b/resources/xip-patch/Chart.yaml deleted file mode 100644 index 3dea48bc9f56..000000000000 --- a/resources/xip-patch/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -description: Kyma component 'xip-patch' -name: xip-patch -version: 1.0.0 -home: https://kyma-project.io -icon: https://github.com/kyma-project/kyma/blob/main/logo.png?raw=true diff --git a/resources/xip-patch/OWNERS b/resources/xip-patch/OWNERS deleted file mode 100644 index 8cc5c54efd68..000000000000 --- a/resources/xip-patch/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -approvers: - - Tomasz-Smelcerz-SAP - - strekm - - piotrmsc - - kubadz - - Demonsthere - -labels: -- area/service-mesh -- area/security diff --git a/resources/xip-patch/README.md b/resources/xip-patch/README.md deleted file mode 100644 index 95e47d67d502..000000000000 --- a/resources/xip-patch/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Xip patch - -## Overview - -This chart packs the [patch script](../../components/xip-patch/README.md) as a Kubernetes job. diff --git a/resources/xip-patch/templates/job.yaml b/resources/xip-patch/templates/job.yaml deleted file mode 100644 index b8d31591fdf8..000000000000 --- a/resources/xip-patch/templates/job.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }} - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded -spec: - template: - metadata: - name: {{ .Release.Name }} - spec: - serviceAccountName: {{ .Release.Name }}-service-account - restartPolicy: Never - containers: - - name: {{ .Release.Name }} - image: {{ .Values.containerRegistry.path }}/{{ .Values.xip_patch.dir }}xip-patch:{{ .Values.xip_patch.version }} - env: - - name: EXTERNAL_PUBLIC_IP - value: {{ .Values.global.loadBalancerIP }} - - name: INGRESSGATEWAY_SERVICE_NAME - value: istio-ingressgateway - - name: GLOBAL_DOMAIN - value: {{ .Values.global.domainName }} - - name: GLOBAL_TLS_CERT - value: {{ .Values.global.tlsCrt }} - - name: GLOBAL_TLS_KEY - value: {{ .Values.global.tlsKey }} - - name: INGRESS_DOMAIN - valueFrom: - configMapKeyRef: - name: net-global-overrides - key: global.domainName - optional: true - - name: INGRESS_TLS_CERT - valueFrom: - configMapKeyRef: - name: net-global-overrides - key: global.ingress.tlsCrt - optional: true - - name: INGRESS_TLS_KEY - valueFrom: - configMapKeyRef: - name: net-global-overrides - key: global.ingress.tlsKey - optional: true - - name: TLS_SECRET_NAME - value: {{ .Values.tls.secretName }} - {{- if .Values.global.priorityClassName }} - priorityClassName: {{ .Values.global.priorityClassName }} - {{- end }} diff --git a/resources/xip-patch/templates/rolebindings.yaml b/resources/xip-patch/templates/rolebindings.yaml deleted file mode 100644 index 1899624fd8ea..000000000000 --- a/resources/xip-patch/templates/rolebindings.yaml +++ /dev/null @@ -1,56 +0,0 @@ ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Release.Name }}-kyma-installer-role-binding - namespace: kyma-installer -subjects: -- kind: ServiceAccount - name: {{ .Release.Name }}-service-account - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: xip-kyma-installer-role - apiGroup: rbac.authorization.k8s.io ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Release.Name }}-istio-system-role-binding - namespace: istio-system -subjects: -- kind: ServiceAccount - name: {{ .Release.Name }}-service-account - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: xip-istio-system-role - apiGroup: rbac.authorization.k8s.io ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Release.Name }}-kyma-system-role-binding - namespace: kyma-system -subjects: -- kind: ServiceAccount - name: {{ .Release.Name }}-service-account - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: xip-kyma-system-role - apiGroup: rbac.authorization.k8s.io ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Release.Name }}-kube-system-role-binding - namespace: kube-system -subjects: -- kind: ServiceAccount - name: {{ .Release.Name }}-service-account - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: xip-kube-system-role - apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/resources/xip-patch/templates/roles.yaml b/resources/xip-patch/templates/roles.yaml deleted file mode 100644 index be7d94728873..000000000000 --- a/resources/xip-patch/templates/roles.yaml +++ /dev/null @@ -1,53 +0,0 @@ -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: kyma-installer - name: xip-kyma-installer-role -rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "create", "patch"] ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: istio-system - name: xip-istio-system-role -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "create", "patch"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] -- apiGroups: ["cert.gardener.cloud"] - resources: ["certificates"] - verbs: ["get", "create", "patch"] -- apiGroups: [""] - resources: ["services"] - verbs: ["get", "patch"] ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: kyma-system - name: xip-kyma-system-role -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "patch"] ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: kube-system - name: xip-kube-system-role -rules: -- apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["shoot-info"] - verbs: ["get"] -- apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["coredns"] - verbs: ["get","patch"] diff --git a/resources/xip-patch/templates/serviceaccount.yaml b/resources/xip-patch/templates/serviceaccount.yaml deleted file mode 100644 index 1504289f699c..000000000000 --- a/resources/xip-patch/templates/serviceaccount.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-service-account diff --git a/resources/xip-patch/values.yaml b/resources/xip-patch/values.yaml deleted file mode 100644 index b2eaa5cdd71f..000000000000 --- a/resources/xip-patch/values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -containerRegistry: - path: eu.gcr.io/kyma-project -xip_patch: - dir: - version: fe9f5885 -tls: - secretName: "kyma-gateway-certs" -global: - isLocalEnv: false