apiVersion: v1 kind: Namespace metadata: name: sds labels: workload.edge.ncr.com: platform platform.edge.ncr.com/component: nodeagent annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: nodeagent pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: ienodes.dsds.edge.ncr.com labels: platform.edge.ncr.com/component: nodeagent annotations: controller-gen.kubebuilder.io/version: (unknown) pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: nodeagent pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: dsds.edge.ncr.com names: kind: IENode listKind: IENodeList plural: ienodes shortNames: - ien - iens singular: ienode scope: Cluster versions: - name: v1 additionalPrinterColumns: - name: Cluster Edge Id type: string priority: 1 jsonPath: .spec.clusterEdgeId - name: Role type: string jsonPath: .spec.role - name: Class type: string jsonPath: .spec.class - name: Lane type: string jsonPath: .spec.lane - name: Ready type: string jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Age type: date jsonPath: .metadata.creationTimestamp - name: State type: string jsonPath: .status.conditions[?(@.type=="Ready")].reason - name: Message type: string jsonPath: .status.conditions[?(@.type=="Ready")].message schema: openAPIV3Schema: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object properties: class: type: string enum: - server - touchpoint clusterEdgeID: type: string lane: type: string network: type: array items: type: object properties: addresses: type: array items: type: string dhcp4: type: boolean dhcp6: type: boolean gateway4: type: string gateway6: type: string macaddress: type: string required: - dhcp4 - dhcp6 networkServices: type: object properties: dnsServers: type: array items: type: string kubeVip: type: string ntpServers: type: array items: type: string role: type: string enum: - worker - controlplane required: - network - role status: type: object properties: conditions: type: array items: type: object description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: type: type: string description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ status: type: string description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown lastTransitionTime: type: string description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time message: type: string description: message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 observedGeneration: type: integer description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 reason: type: string description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ required: - lastTransitionTime - message - reason - status - type inventory: type: object description: ResourceInventory contains a list of Kubernetes resource object references that have been applied. properties: entries: type: array description: Entries of Kubernetes resource object references. items: type: object description: ResourceRef contains the information necessary to locate a resource within a cluster. properties: id: type: string description: ID is the string representation of the Kubernetes resource object's metadata, in the format '___'. v: type: string description: Version is the API version of the Kubernetes resource object's kind. required: - id - v served: true storage: true subresources: status: {} --- apiVersion: v1 kind: ServiceAccount metadata: name: nodeagent namespace: sds labels: platform.edge.ncr.com/component: nodeagent annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: nodeagent pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: nodeagent labels: platform.edge.ncr.com/component: nodeagent annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: nodeagent pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a rules: - resources: - configmaps - secrets apiGroups: - "" verbs: - get - list - watch - resources: - daemonsets apiGroups: - apps verbs: - get - list - watch - resources: - ienodes apiGroups: - dsds.edge.ncr.com verbs: - get - list - watch - patch - update - resources: - ienodes/status apiGroups: - dsds.edge.ncr.com verbs: - get - patch - update - resources: - customresourcedefinitions apiGroups: - apiextensions.k8s.io verbs: - get - list - watch - resources: - nodes apiGroups: - "" verbs: - get - list - watch - patch - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: nodeagent labels: platform.edge.ncr.com/component: nodeagent annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: nodeagent pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a roleRef: name: nodeagent kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - name: nodeagent namespace: sds kind: ServiceAccount --- apiVersion: v1 kind: ConfigMap metadata: name: nodeagent-plugins namespace: sds labels: platform.edge.ncr.com/component: nodeagent annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: nodeagent pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a data: cniplugin: "true" dhclient: "true" grubstringupdater: "true" iptables: "true" netplan: "true" nodepatcher: "true" ntp: "true" osuserpasswordupdater: "true" remoteagentconfig: "true" suspendAll: "false" # Suspend all plugins (overwrites all other settings) thinclientconfig: "false" thinclientconfigmapwatcher: "false" thinclientsecretwatcher: "false" --- apiVersion: v1 kind: ConfigMap metadata: name: remote-agent-configuration namespace: sds labels: platform.edge.ncr.com/component: nodeagent annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: nodeagent pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a data: config.yaml.tpl: | provider: "{{ "{{ .Provider }}" }}" subscriptions: - name: "sub.{{ "{{ .StoreID }}" }}.dsds-ea-request" bannerID: "{{ "{{ .BannerID }}" }}" storeID: "{{ "{{ .StoreID }}" }}" terminalID: "{{ "{{ .TerminalID }}" }}" CredentialsPath: "{{ "{{ .CredentialsPath }}" }}" handler: ResponseTopic: "topic.dsds-ea-response" Type: "cli" key.json: | {{ .adcKey | toString }} --- apiVersion: apps/v1 kind: DaemonSet metadata: name: nodeagent namespace: sds labels: platform.edge.ncr.com/component: nodeagent annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: nodeagent pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: selector: matchLabels: platform.edge.ncr.com/component: nodeagent template: metadata: labels: platform.edge.ncr.com/component: nodeagent annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: nodeagent pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: serviceAccountName: nodeagent automountServiceAccountToken: true priorityClassName: system-node-critical containers: - name: nodeagent image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/nodeagent@sha256:5b3f78c3acacc87ec0c372b3a52e239c6167669f94f361c85c31fc3ae3370543 args: ["pluginsconfigmap", "sds/nodeagent-plugins"] env: - name: HOSTNAME valueFrom: fieldRef: fieldPath: spec.nodeName resources: limits: cpu: "100m" memory: "100Mi" requests: cpu: "50m" memory: "100Mi" imagePullPolicy: IfNotPresent envFrom: - secretRef: name: ldkey securityContext: capabilities: add: - CAP_DAC_OVERRIDE # Root permissions to read/write to files on IEN - CAP_SYS_CHROOT # Allows chroot (for use by os.exec commands) drop: - all # Drop all linux capabilities privileged: true volumeMounts: - name: root readOnly: true # Mount root system as read only mountPath: /host - name: etc-volume mountPath: /host-etc - name: grub-volume mountPath: /host-grub - name: rofs-volume readOnly: true mountPath: /host-rofs - name: gateway-cni-script readOnly: false mountPath: /opt/cni/bin/gateway - name: calico-config-list readOnly: false mountPath: /etc/cni/net.d/10-calico.conflist - name: fw-dir readOnly: false mountPath: /etc/ien-fw/ipv4/dynamic - name: xtables-lock mountPath: /run/xtables.lock - name: dhclient-scripts readOnly: false mountPath: /etc/dhcp/dhclient-exit-hooks.d/ - name: bin-dir readOnly: true mountPath: /usr/local/bin imagePullSecrets: - name: edge-docker-pull-secret hostNetwork: true hostPID: true volumes: - name: bin-dir hostPath: type: Directory path: /usr/local/bin - name: calico-config-list hostPath: type: File path: /etc/cni/net.d/10-calico.conflist - name: dhclient-scripts hostPath: type: Directory path: /etc/dhcp/dhclient-exit-hooks.d/ - name: etc-volume hostPath: type: Directory path: /etc - name: fw-dir hostPath: type: DirectoryOrCreate path: /etc/ien-fw/ipv4/dynamic - name: gateway-cni-script hostPath: type: FileOrCreate path: /opt/cni/bin/gateway - name: grub-volume hostPath: type: Directory path: /boot - name: rofs-volume hostPath: type: Directory path: /rofs - name: root hostPath: path: / - name: xtables-lock hostPath: type: FileOrCreate path: /run/xtables.lock --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: ldkey namespace: sds labels: platform.edge.ncr.com/component: nodeagent annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: nodeagent pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: data: - remoteRef: key: edge-backend-launch-darkly-sdk-key secretKey: LD_KEY refreshInterval: 1m secretStoreRef: name: gcp-provider kind: ClusterSecretStore target: name: ldkey creationPolicy: Owner --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: remote-agent-configuration namespace: sds labels: platform.edge.ncr.com/component: nodeagent annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: nodeagent pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: data: - remoteRef: key: remotecli-${cluster_uuid}-gcp-api-key secretKey: adcKey refreshInterval: 1h secretStoreRef: name: gcp-provider kind: ClusterSecretStore target: template: engineVersion: v2 templateFrom: - configMap: name: remote-agent-configuration items: - key: key.json - key: config.yaml.tpl creationPolicy: Owner