1apiVersion: v1
2kind: Namespace
3metadata:
4 name: sds
5 labels:
6 workload.edge.ncr.com: platform
7 platform.edge.ncr.com/component: nodeagent
8 annotations:
9 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
10 pallet.edge.ncr.com/name: nodeagent
11 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
12 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
13 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
14 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
15---
16apiVersion: apiextensions.k8s.io/v1
17kind: CustomResourceDefinition
18metadata:
19 name: ienodes.dsds.edge.ncr.com
20 labels:
21 platform.edge.ncr.com/component: nodeagent
22 annotations:
23 controller-gen.kubebuilder.io/version: (unknown)
24 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
25 pallet.edge.ncr.com/name: nodeagent
26 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
27 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
28 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
29 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
30spec:
31 group: dsds.edge.ncr.com
32 names:
33 kind: IENode
34 listKind: IENodeList
35 plural: ienodes
36 shortNames:
37 - ien
38 - iens
39 singular: ienode
40 scope: Cluster
41 versions:
42 - name: v1
43 additionalPrinterColumns:
44 - name: Cluster Edge Id
45 type: string
46 priority: 1
47 jsonPath: .spec.clusterEdgeId
48 - name: Role
49 type: string
50 jsonPath: .spec.role
51 - name: Class
52 type: string
53 jsonPath: .spec.class
54 - name: Lane
55 type: string
56 jsonPath: .spec.lane
57 - name: Ready
58 type: string
59 jsonPath: .status.conditions[?(@.type=="Ready")].status
60 - name: Age
61 type: date
62 jsonPath: .metadata.creationTimestamp
63 - name: State
64 type: string
65 jsonPath: .status.conditions[?(@.type=="Ready")].reason
66 - name: Message
67 type: string
68 jsonPath: .status.conditions[?(@.type=="Ready")].message
69 schema:
70 openAPIV3Schema:
71 type: object
72 properties:
73 apiVersion:
74 type: string
75 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
76 kind:
77 type: string
78 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
79 metadata:
80 type: object
81 spec:
82 type: object
83 properties:
84 class:
85 type: string
86 enum:
87 - server
88 - touchpoint
89 clusterEdgeID:
90 type: string
91 lane:
92 type: string
93 network:
94 type: array
95 items:
96 type: object
97 properties:
98 addresses:
99 type: array
100 items:
101 type: string
102 dhcp4:
103 type: boolean
104 dhcp6:
105 type: boolean
106 gateway4:
107 type: string
108 gateway6:
109 type: string
110 macaddress:
111 type: string
112 required:
113 - dhcp4
114 - dhcp6
115 networkServices:
116 type: object
117 properties:
118 dnsServers:
119 type: array
120 items:
121 type: string
122 kubeVip:
123 type: string
124 ntpServers:
125 type: array
126 items:
127 type: string
128 role:
129 type: string
130 enum:
131 - worker
132 - controlplane
133 required:
134 - network
135 - role
136 status:
137 type: object
138 properties:
139 conditions:
140 type: array
141 items:
142 type: object
143 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
144 properties:
145 type:
146 type: string
147 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
148 maxLength: 316
149 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
150 status:
151 type: string
152 description: status of the condition, one of True, False, Unknown.
153 enum:
154 - "True"
155 - "False"
156 - Unknown
157 lastTransitionTime:
158 type: string
159 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
160 format: date-time
161 message:
162 type: string
163 description: message is a human readable message indicating details about the transition. This may be an empty string.
164 maxLength: 32768
165 observedGeneration:
166 type: integer
167 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
168 format: int64
169 minimum: 0
170 reason:
171 type: string
172 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
173 maxLength: 1024
174 minLength: 1
175 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
176 required:
177 - lastTransitionTime
178 - message
179 - reason
180 - status
181 - type
182 inventory:
183 type: object
184 description: ResourceInventory contains a list of Kubernetes resource object references that have been applied.
185 properties:
186 entries:
187 type: array
188 description: Entries of Kubernetes resource object references.
189 items:
190 type: object
191 description: ResourceRef contains the information necessary to locate a resource within a cluster.
192 properties:
193 id:
194 type: string
195 description: ID is the string representation of the Kubernetes resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
196 v:
197 type: string
198 description: Version is the API version of the Kubernetes resource object's kind.
199 required:
200 - id
201 - v
202 served: true
203 storage: true
204 subresources:
205 status: {}
206---
207apiVersion: v1
208kind: ServiceAccount
209metadata:
210 name: nodeagent
211 namespace: sds
212 labels:
213 platform.edge.ncr.com/component: nodeagent
214 annotations:
215 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
216 pallet.edge.ncr.com/name: nodeagent
217 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
218 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
219 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
220 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
221---
222apiVersion: rbac.authorization.k8s.io/v1
223kind: ClusterRole
224metadata:
225 name: nodeagent
226 labels:
227 platform.edge.ncr.com/component: nodeagent
228 annotations:
229 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
230 pallet.edge.ncr.com/name: nodeagent
231 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
232 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
233 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
234 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
235rules:
236- resources:
237 - configmaps
238 - secrets
239 apiGroups:
240 - ""
241 verbs:
242 - get
243 - list
244 - watch
245- resources:
246 - daemonsets
247 apiGroups:
248 - apps
249 verbs:
250 - get
251 - list
252 - watch
253- resources:
254 - ienodes
255 apiGroups:
256 - dsds.edge.ncr.com
257 verbs:
258 - get
259 - list
260 - watch
261 - patch
262 - update
263- resources:
264 - ienodes/status
265 apiGroups:
266 - dsds.edge.ncr.com
267 verbs:
268 - get
269 - patch
270 - update
271- resources:
272 - customresourcedefinitions
273 apiGroups:
274 - apiextensions.k8s.io
275 verbs:
276 - get
277 - list
278 - watch
279- resources:
280 - nodes
281 apiGroups:
282 - ""
283 verbs:
284 - get
285 - list
286 - watch
287 - patch
288 - update
289---
290apiVersion: rbac.authorization.k8s.io/v1
291kind: ClusterRoleBinding
292metadata:
293 name: nodeagent
294 labels:
295 platform.edge.ncr.com/component: nodeagent
296 annotations:
297 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
298 pallet.edge.ncr.com/name: nodeagent
299 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
300 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
301 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
302 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
303roleRef:
304 name: nodeagent
305 kind: ClusterRole
306 apiGroup: rbac.authorization.k8s.io
307subjects:
308- name: nodeagent
309 namespace: sds
310 kind: ServiceAccount
311---
312apiVersion: v1
313kind: ConfigMap
314metadata:
315 name: nodeagent-plugins
316 namespace: sds
317 labels:
318 platform.edge.ncr.com/component: nodeagent
319 annotations:
320 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
321 pallet.edge.ncr.com/name: nodeagent
322 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
323 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
324 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
325 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
326data:
327 cniplugin: "true"
328 dhclient: "true"
329 grubstringupdater: "true"
330 iptables: "true"
331 netplan: "true"
332 nodepatcher: "true"
333 ntp: "true"
334 osuserpasswordupdater: "true"
335 remoteagentconfig: "true"
336 suspendAll: "false" # Suspend all plugins (overwrites all other settings)
337 thinclientconfig: "false"
338 thinclientconfigmapwatcher: "false"
339 thinclientsecretwatcher: "false"
340---
341apiVersion: v1
342kind: ConfigMap
343metadata:
344 name: remote-agent-configuration
345 namespace: sds
346 labels:
347 platform.edge.ncr.com/component: nodeagent
348 annotations:
349 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
350 pallet.edge.ncr.com/name: nodeagent
351 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
352 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
353 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
354 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
355data:
356 config.yaml.tpl: |
357 provider: "{{ "{{ .Provider }}" }}"
358
359 subscriptions:
360 - name: "sub.{{ "{{ .StoreID }}" }}.dsds-ea-request"
361 bannerID: "{{ "{{ .BannerID }}" }}"
362 storeID: "{{ "{{ .StoreID }}" }}"
363 terminalID: "{{ "{{ .TerminalID }}" }}"
364 CredentialsPath: "{{ "{{ .CredentialsPath }}" }}"
365 handler:
366 ResponseTopic: "topic.dsds-ea-response"
367 Type: "cli"
368 key.json: |
369 {{ .adcKey | toString }}
370---
371apiVersion: apps/v1
372kind: DaemonSet
373metadata:
374 name: nodeagent
375 namespace: sds
376 labels:
377 platform.edge.ncr.com/component: nodeagent
378 annotations:
379 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
380 pallet.edge.ncr.com/name: nodeagent
381 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
382 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
383 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
384 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
385spec:
386 selector:
387 matchLabels:
388 platform.edge.ncr.com/component: nodeagent
389 template:
390 metadata:
391 labels:
392 platform.edge.ncr.com/component: nodeagent
393 annotations:
394 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
395 pallet.edge.ncr.com/name: nodeagent
396 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
397 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
398 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
399 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
400 spec:
401 serviceAccountName: nodeagent
402 automountServiceAccountToken: true
403 priorityClassName: system-node-critical
404 containers:
405 - name: nodeagent
406 image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/nodeagent@sha256:5b3f78c3acacc87ec0c372b3a52e239c6167669f94f361c85c31fc3ae3370543
407 args: ["pluginsconfigmap", "sds/nodeagent-plugins"]
408 env:
409 - name: HOSTNAME
410 valueFrom:
411 fieldRef:
412 fieldPath: spec.nodeName
413 resources:
414 limits:
415 cpu: "100m"
416 memory: "100Mi"
417 requests:
418 cpu: "50m"
419 memory: "100Mi"
420 imagePullPolicy: IfNotPresent
421 envFrom:
422 - secretRef:
423 name: ldkey
424 securityContext:
425 capabilities:
426 add:
427 - CAP_DAC_OVERRIDE # Root permissions to read/write to files on IEN
428 - CAP_SYS_CHROOT # Allows chroot (for use by os.exec commands)
429 drop:
430 - all # Drop all linux capabilities
431 privileged: true
432 volumeMounts:
433 - name: root
434 readOnly: true # Mount root system as read only
435 mountPath: /host
436 - name: etc-volume
437 mountPath: /host-etc
438 - name: grub-volume
439 mountPath: /host-grub
440 - name: rofs-volume
441 readOnly: true
442 mountPath: /host-rofs
443 - name: gateway-cni-script
444 readOnly: false
445 mountPath: /opt/cni/bin/gateway
446 - name: calico-config-list
447 readOnly: false
448 mountPath: /etc/cni/net.d/10-calico.conflist
449 - name: fw-dir
450 readOnly: false
451 mountPath: /etc/ien-fw/ipv4/dynamic
452 - name: xtables-lock
453 mountPath: /run/xtables.lock
454 - name: dhclient-scripts
455 readOnly: false
456 mountPath: /etc/dhcp/dhclient-exit-hooks.d/
457 - name: bin-dir
458 readOnly: true
459 mountPath: /usr/local/bin
460 imagePullSecrets:
461 - name: edge-docker-pull-secret
462 hostNetwork: true
463 hostPID: true
464 volumes:
465 - name: bin-dir
466 hostPath:
467 type: Directory
468 path: /usr/local/bin
469 - name: calico-config-list
470 hostPath:
471 type: File
472 path: /etc/cni/net.d/10-calico.conflist
473 - name: dhclient-scripts
474 hostPath:
475 type: Directory
476 path: /etc/dhcp/dhclient-exit-hooks.d/
477 - name: etc-volume
478 hostPath:
479 type: Directory
480 path: /etc
481 - name: fw-dir
482 hostPath:
483 type: DirectoryOrCreate
484 path: /etc/ien-fw/ipv4/dynamic
485 - name: gateway-cni-script
486 hostPath:
487 type: FileOrCreate
488 path: /opt/cni/bin/gateway
489 - name: grub-volume
490 hostPath:
491 type: Directory
492 path: /boot
493 - name: rofs-volume
494 hostPath:
495 type: Directory
496 path: /rofs
497 - name: root
498 hostPath:
499 path: /
500 - name: xtables-lock
501 hostPath:
502 type: FileOrCreate
503 path: /run/xtables.lock
504---
505apiVersion: external-secrets.io/v1beta1
506kind: ExternalSecret
507metadata:
508 name: ldkey
509 namespace: sds
510 labels:
511 platform.edge.ncr.com/component: nodeagent
512 annotations:
513 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
514 pallet.edge.ncr.com/name: nodeagent
515 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
516 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
517 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
518 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
519spec:
520 data:
521 - remoteRef:
522 key: edge-backend-launch-darkly-sdk-key
523 secretKey: LD_KEY
524 refreshInterval: 1m
525 secretStoreRef:
526 name: gcp-provider
527 kind: ClusterSecretStore
528 target:
529 name: ldkey
530 creationPolicy: Owner
531---
532apiVersion: external-secrets.io/v1beta1
533kind: ExternalSecret
534metadata:
535 name: remote-agent-configuration
536 namespace: sds
537 labels:
538 platform.edge.ncr.com/component: nodeagent
539 annotations:
540 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
541 pallet.edge.ncr.com/name: nodeagent
542 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
543 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
544 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
545 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
546spec:
547 data:
548 - remoteRef:
549 key: remotecli-${cluster_uuid}-gcp-api-key
550 secretKey: adcKey
551 refreshInterval: 1h
552 secretStoreRef:
553 name: gcp-provider
554 kind: ClusterSecretStore
555 target:
556 template:
557 engineVersion: v2
558 templateFrom:
559 - configMap:
560 name: remote-agent-configuration
561 items:
562 - key: key.json
563 - key: config.yaml.tpl
564 creationPolicy: Owner
View as plain text