apiVersion: v1 kind: Namespace metadata: labels: app.kubernetes.io/component: manager app.kubernetes.io/created-by: kubeturbo-deploy app.kubernetes.io/instance: system app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: namespace app.kubernetes.io/part-of: kubeturbo-deploy name: kubeturbo-operator name: turbo --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: kubeturbo-deploy app.kubernetes.io/instance: kubeturbo-operator-sa app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: serviceaccount app.kubernetes.io/part-of: kubeturbo-deploy name: kubeturbo-operator namespace: turbo --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kubeturbo-operator rules: - apiGroups: - "" - apps - extensions resources: - nodes - pods - configmaps - endpoints - events - deployments - persistentvolumeclaims - replicasets - replicationcontrollers - services - secrets - serviceaccounts verbs: - '*' - apiGroups: - "" - apps - extensions - policy resources: - daemonsets - endpoints - limitranges - namespaces - persistentvolumes - persistentvolumeclaims - poddisruptionbudget - resourcequotas - services - statefulsets verbs: - get - list - watch - apiGroups: - "" resources: - nodes/spec - nodes/stats verbs: - get - apiGroups: - charts.helm.k8s.io resources: - '*' verbs: - '*' - apiGroups: - rbac.authorization.k8s.io resources: - clusterroles - clusterrolebindings verbs: - '*' - apiGroups: - coordination.k8s.io resources: - leases verbs: - create - get - list - update - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - watch - get - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: kubeturbo-deploy app.kubernetes.io/instance: kubeturbo-operator app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: clusterrolebinding app.kubernetes.io/part-of: kubeturbo-deploy name: kubeturbo-operator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubeturbo-operator subjects: - kind: ServiceAccount name: kubeturbo-operator namespace: turbo --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: manager app.kubernetes.io/created-by: kubeturbo-deploy app.kubernetes.io/instance: kubeturbo-operator app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: deployment app.kubernetes.io/part-of: kubeturbo-deploy name: kubeturbo-operator name: kubeturbo-operator namespace: turbo spec: replicas: 1 selector: matchLabels: name: kubeturbo-operator template: metadata: annotations: kubectl.kubernetes.io/default-container: kubeturbo-operator labels: name: kubeturbo-operator spec: containers: - args: - --leader-elect command: - /manager env: - name: WATCH_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name image: icr.io/cpopen/kubeturbo-operator:8.14.6-SNAPSHOT livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 name: kubeturbo-operator readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 resources: limits: cpu: 500m memory: 128Mi requests: cpu: 10m memory: 64Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL securityContext: runAsNonRoot: true serviceAccountName: kubeturbo-operator terminationGracePeriodSeconds: 10 --- apiVersion: charts.helm.k8s.io/v1 kind: Kubeturbo metadata: labels: app.kubernetes.io/name: kubeturbo app.kubernetes.io/instance: kubeturbo-release app.kubernetes.io/part-of: kubeturbo-deploy app.kubernetes.io/managed-by: kustomize app.kubernetes.io/created-by: kubeturbo-deploy name: kubeturbo-release namespace: turbo spec: serverMeta: turboServer: "https://" restAPIConfig: turbonomicCredentialsSecretName: turbonomic-credentials # Supply a targetName for user friendly identification of the k8s cluster targetConfig: targetName: # Specify custom turbo-cluster-reader or turbo-cluster-admin role instead of the default cluster-admin role roleName: cluster-admin image: repository: icr.io/cpopen/turbonomic/kubeturbo tag: "" # imagePullSecret: "" # Uncomment to use an image from RHCC for cpu-frequency getter job - predefined in OCP Operator Hub version # busyboxRepository: registry.access.redhat.com/ubi9/ubi-minimal # Assigning Kubeturbo to node, see # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ # # kubeturboPodScheduling: # nodeSelector: # kubernetes.io/hostname: worker0 # # Or, use affinity: # # affinity: # nodeAffinity: # requiredDuringSchedulingIgnoredDuringExecution: # nodeSelectorTerms: # - matchExpressions: # - key: kubernetes.io/hostname # operator: In # values: # - worker1 # # Or, use taints and tolerations # # tolerations: # - key: "key1" # operator: "Equal" # value: "mytaint" # effect: "NoSchedule" # Configurations to register probe with Turbo Server # sdkProtocolConfig: # registrationTimeoutSec: 300 # restartOnRegistrationTimeout: true # Uncomment out lines to configure HA Node to ESX policies by node role. Default is master # Add more roles using format "\"foo\"\,\"bar\"" # HANodeConfig: # nodeRoles: "\"master\"" # Uncomment next lines to use dynamic logging level # Changing this value does not require restart of Kubeturbo but takes about 1 minute to take effect # logging: # level: 2 # nodePoolSize: # min: 1 # max: 1000 # Uncomment out to allow execution in OCP environments #args: # sccsupport: "*" # Uncomment out to specify kubeturbo container specifications when needed (quotas set on ns) #resources: # limits: # memory: 4Gi # cpu: "2" # requests: # memory: 512Mi # cpu: "1" # Cluster Role rules for ORM owners. # It's required when using ORM with ClusterRole 'turbo-cluster-admin'. # It's recommended to use ORM with ClusterRole 'cluster-admin'. ormOwners: apiGroup: # - redis.redis.opstreelabs.in # - charts.helm.k8s.io resources: # - redis # - xls # Flag system workloads such as those defined in kube-system, openshift-system, etc. # Kubeturbo will not generate actions for workloads that match the supplied patterns. systemWorkloadDetectors: # A list of regular expressions that match the namespace names for system workloads. namespacePatterns: - kube-.* - openshift-.* - cattle.* # List operator-controlled workloads by name or namespace (using regular expressions) # that should be excluded from the operator-controlled WorkloadController resize policy. # By default, matching workloads will generate actions that are not in Recommend mode. # exclusionDetectors: # A list of regular expressions representing operator-controlled Workload Controllers. # operatorControlledNamespacePatterns: # - example-.* # - .*-example # A list of regular expressions representing namespaces containing operator-controlled # Workload Controllers. # operatorControlledWorkloadsPatterns: # - .*-example.* --- apiVersion: v1 kind: Secret metadata: name: turbonomic-credentials namespace: turbo type: Opaque data: # username: # password: clientid: clientsecret: