gitea-admin/ab-initio-manifests
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial render: k3s-dev environment

Browse Source
This commit is contained in:
gitea-admin
2026-03-07 15:00:05 +00:00
commit a787720f2a
306 changed files with 75879 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_abinitio.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: abinitio
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/abinitio
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/abinitio
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: abinitio

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_admin.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: admin
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/admin
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/admin
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: admin

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_ag-appserver.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ag-appserver
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/ag-appserver
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/ag-appserver
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: ag-appserver

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_ag-db-importer.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ag-db-importer
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/ag-db-importer
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/ag-db-importer
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: ag-db-importer

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_ag-report.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ag-report
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/ag-report
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/ag-report
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: ag-report

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_ag-ui-importer.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ag-ui-importer
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/ag-ui-importer
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/ag-ui-importer
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: ag-ui-importer

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_aiadmin.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: aiadmin
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/aiadmin
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/aiadmin
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: aiadmin

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_aic-join-user.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: aic-join-user
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/aic-join-user
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/aic-join-user
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: aic-join-user

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_azure-client.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: azure-client
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/azure-client
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/azure-client
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: azure-client

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_bridge.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: bridge
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/bridge
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/bridge
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: bridge

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_cafe-join-user.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: cafe-join-user
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/cafe-join-user
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/cafe-join-user
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: cafe-join-user

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_cc-jdbc.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: cc-jdbc
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/cc-jdbc
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/cc-jdbc
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: cc-jdbc

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_cc-join-user.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: cc-join-user
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/cc-join-user
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/cc-join-user
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: cc-join-user

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_dcs-hmac-key.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: dcs-hmac-key
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/dcs-hmac-key
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/dcs-hmac-key
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: dcs-hmac-key

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_dcs-join-user.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: dcs-join-user
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/dcs-join-user
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/dcs-join-user
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: dcs-join-user

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_dcs-utility-user.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: dcs-utility-user
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/dcs-utility-user
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/dcs-utility-user
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: dcs-utility-user

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_ei-join-user.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ei-join-user
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/ei-join-user
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/ei-join-user
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: ei-join-user

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_eme-join-user.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: eme-join-user
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/eme-join-user
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/eme-join-user
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: eme-join-user

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_mhub-appserver.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: mhub-appserver
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/mhub-appserver
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/mhub-appserver
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: mhub-appserver

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_mhub-db-importer.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: mhub-db-importer
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/mhub-db-importer
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/mhub-db-importer
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: mhub-db-importer

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_mhub-join-user.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: mhub-join-user
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/mhub-join-user
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/mhub-join-user
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: mhub-join-user

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_mhub-report.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: mhub-report
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/mhub-report
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/mhub-report
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: mhub-report

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_mhub-ui-importer.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: mhub-ui-importer
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/mhub-ui-importer
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/mhub-ui-importer
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: mhub-ui-importer

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_mhub-utility-user.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: mhub-utility-user
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/mhub-utility-user
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/mhub-utility-user
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: mhub-utility-user

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_ocagent.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ocagent
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/ocagent
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/ocagent
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: ocagent

19
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_password-key-file.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: password-key-file
namespace: abinitio
spec:
data:
- remoteRef:
decodingStrategy: Base64
key: secret/abinitio/password-key-file
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: password-key-file

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_qi-join-user.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: qi-join-user
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/qi-join-user
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/qi-join-user
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: qi-join-user

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_qiadmin-join-user.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: qiadmin-join-user
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/qiadmin-join-user
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/qiadmin-join-user
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: qiadmin-join-user

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_runtime-locator-join-user.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: runtime-locator-join-user
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/runtime-locator-join-user
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/runtime-locator-join-user
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: runtime-locator-join-user

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_sd-join-user.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: sd-join-user
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/sd-join-user
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/sd-join-user
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: sd-join-user

22
rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_trw-join-user.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: trw-join-user
namespace: abinitio
spec:
data:
- remoteRef:
key: secret/abinitio/trw-join-user
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/trw-join-user
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
creationPolicy: Owner
name: trw-join-user

12
rendered/manifests/k3s-dev/abinitio-common/resources/cert-manager.io_v1_certificate_abinitio-tls.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: abinitio-tls
namespace: abinitio
spec:
dnsNames:
- aidp.k3s.sg.ic.cloudguild.gcp.abinitio.com
issuerRef:
kind: ClusterIssuer
name: selfsigned-ca-issuer
secretName: abinitio-tls

12
rendered/manifests/k3s-dev/abinitio-common/resources/v1_persistentvolumeclaim_ab-shared-data-and-appconf-root-claim.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ab-shared-data-and-appconf-root-claim
namespace: abinitio
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Gi
storageClassName: local-nfs

5
rendered/manifests/k3s-dev/abinitio-common/resources/v1_serviceaccount_abinitio-sa.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: abinitio-sa
namespace: abinitio

32
rendered/manifests/k3s-dev/abinitio-db/authgateway-db/external-secrets.io_v1beta1_externalsecret_ag-appserver.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ag-appserver
namespace: abinitio-db
spec:
data:
- remoteRef:
key: secret/abinitio/ag-appserver
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/ag-appserver
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
name: ag-appserver
template:
data:
jdbc-uri: jdbc:postgresql://authgateway-db-rw.abinitio-db:5432/authgateway?password={{
.password }}&user={{ .username }}
password: '{{ .password }}'
pgpass: authgateway-db-rw:5432:authgateway:{{ .username }}:{{ .password }}
uri: postgresql://{{ .username }}:{{ .password }}@authgateway-db-rw.abinitio-db:5432/authgateway
username: '{{ .username }}'
metadata:
labels:
cnpg.io/reload: "true"

32
rendered/manifests/k3s-dev/abinitio-db/authgateway-db/external-secrets.io_v1beta1_externalsecret_ag-db-importer.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ag-db-importer
namespace: abinitio-db
spec:
data:
- remoteRef:
key: secret/abinitio/ag-db-importer
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/ag-db-importer
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
name: ag-db-importer
template:
data:
jdbc-uri: jdbc:postgresql://authgateway-db-rw.abinitio-db:5432/authgateway?password={{
.password }}&user={{ .username }}
password: '{{ .password }}'
pgpass: authgateway-db-rw:5432:authgateway:{{ .username }}:{{ .password }}
uri: postgresql://{{ .username }}:{{ .password }}@authgateway-db-rw.abinitio-db:5432/authgateway
username: '{{ .username }}'
metadata:
labels:
cnpg.io/reload: "true"

32
rendered/manifests/k3s-dev/abinitio-db/authgateway-db/external-secrets.io_v1beta1_externalsecret_ag-report.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ag-report
namespace: abinitio-db
spec:
data:
- remoteRef:
key: secret/abinitio/ag-report
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/ag-report
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
name: ag-report
template:
data:
jdbc-uri: jdbc:postgresql://authgateway-db-rw.abinitio-db:5432/authgateway?password={{
.password }}&user={{ .username }}
password: '{{ .password }}'
pgpass: authgateway-db-rw:5432:authgateway:{{ .username }}:{{ .password }}
uri: postgresql://{{ .username }}:{{ .password }}@authgateway-db-rw.abinitio-db:5432/authgateway
username: '{{ .username }}'
metadata:
labels:
cnpg.io/reload: "true"

45
rendered/manifests/k3s-dev/abinitio-db/authgateway-db/postgresql.cnpg.io_v1_cluster_authgateway.yaml Normal file
View File

@@ -0,0 +1,45 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: authgateway
namespace: abinitio-db
spec:
bootstrap:
initdb:
database: authgateway
owner: ag_appserver
postInitApplicationSQLRefs:
configMapRefs:
- key: authgateway.sql
name: authgateway-sql
secret:
name: ag-appserver
imageName: ghcr.io/cloudnative-pg/postgresql:16
instances: 2
managed:
roles:
- login: true
name: ag_appserver
passwordSecret:
name: ag-appserver
- login: true
name: ag_importer
passwordSecret:
name: ag-db-importer
- login: true
name: ag_report
passwordSecret:
name: ag-report
postgresql:
parameters:
effective_cache_size: 6GB
shared_buffers: 3GB
resources:
limits:
cpu: 3
memory: 12Gi
requests:
cpu: 1
memory: 4Gi
storage:
size: 30Gi

15
rendered/manifests/k3s-dev/abinitio-db/authgateway-db/v1_configmap_authgateway-sql.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
data:
authgateway.sql: |
CREATE ROLE ag_importer;
CREATE ROLE ag_report;
CREATE SCHEMA ag_meta AUTHORIZATION ag_appserver;
CREATE SCHEMA ag_main AUTHORIZATION ag_appserver;
GRANT USAGE ON SCHEMA ag_meta TO ag_importer;
GRANT USAGE ON SCHEMA ag_main TO ag_importer;
GRANT USAGE ON SCHEMA ag_meta TO ag_report;
GRANT USAGE ON SCHEMA ag_main TO ag_report;
kind: ConfigMap
metadata:
name: authgateway-sql
namespace: abinitio-db

33
rendered/manifests/k3s-dev/abinitio-db/controlcenter-db/external-secrets.io_v1beta1_externalsecret_cc-jdbc.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: cc-jdbc
namespace: abinitio-db
spec:
data:
- remoteRef:
key: secret/abinitio/cc-jdbc
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/cc-jdbc
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
name: cc-jdbc
template:
data:
jdbc-uri: jdbc:postgresql://controlcenter-db-rw.abinitio-db:5432/controlcenter?password={{
.password }}&user={{ .username }}
password: '{{ .password }}'
pgpass: controlcenter-db-rw:5432:controlcenter:{{ .username }}:{{ .password
}}
uri: postgresql://{{ .username }}:{{ .password }}@controlcenter-db-rw.abinitio-db:5432/controlcenter
username: '{{ .username }}'
metadata:
labels:
cnpg.io/reload: "true"

37
rendered/manifests/k3s-dev/abinitio-db/controlcenter-db/postgresql.cnpg.io_v1_cluster_controlcenter.yaml Normal file
View File

@@ -0,0 +1,37 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: controlcenter
namespace: abinitio-db
spec:
bootstrap:
initdb:
database: controlcenter
owner: cc_jdbc
postInitApplicationSQLRefs:
configMapRefs:
- key: controlcenter.sql
name: controlcenter-sql
secret:
name: cc-jdbc
imageName: ghcr.io/cloudnative-pg/postgresql:16
instances: 2
managed:
roles:
- login: true
name: cc_jdbc
passwordSecret:
name: cc-jdbc
postgresql:
parameters:
effective_cache_size: 4GB
shared_buffers: 2GB
resources:
limits:
cpu: 2
memory: 8Gi
requests:
cpu: 1
memory: 4Gi
storage:
size: 30Gi

7310
rendered/manifests/k3s-dev/abinitio-db/controlcenter-db/v1_configmap_controlcenter-sql.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

32
rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/external-secrets.io_v1beta1_externalsecret_mhub-appserver.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: mhub-appserver
namespace: abinitio-db
spec:
data:
- remoteRef:
key: secret/abinitio/mhub-appserver
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/mhub-appserver
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
name: mhub-appserver
template:
data:
jdbc-uri: jdbc:postgresql://metadatahub-db-rw.abinitio-db:5432/metadatahub?password={{
.password }}&user={{ .username }}
password: '{{ .password }}'
pgpass: metadatahub-db-rw:5432:metadatahub:{{ .username }}:{{ .password }}
uri: postgresql://{{ .username }}:{{ .password }}@metadatahub-db-rw.abinitio-db:5432/metadatahub
username: '{{ .username }}'
metadata:
labels:
cnpg.io/reload: "true"

32
rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/external-secrets.io_v1beta1_externalsecret_mhub-db-importer.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: mhub-db-importer
namespace: abinitio-db
spec:
data:
- remoteRef:
key: secret/abinitio/mhub-db-importer
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/mhub-db-importer
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
name: mhub-db-importer
template:
data:
jdbc-uri: jdbc:postgresql://metadatahub-db-rw.abinitio-db:5432/metadatahub?password={{
.password }}&user={{ .username }}
password: '{{ .password }}'
pgpass: metadatahub-db-rw:5432:metadatahub:{{ .username }}:{{ .password }}
uri: postgresql://{{ .username }}:{{ .password }}@metadatahub-db-rw.abinitio-db:5432/metadatahub
username: '{{ .username }}'
metadata:
labels:
cnpg.io/reload: "true"

32
rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/external-secrets.io_v1beta1_externalsecret_mhub-report.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: mhub-report
namespace: abinitio-db
spec:
data:
- remoteRef:
key: secret/abinitio/mhub-report
property: username
secretKey: username
- remoteRef:
key: secret/abinitio/mhub-report
property: password
secretKey: password
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: vault-store
target:
name: mhub-report
template:
data:
jdbc-uri: jdbc:postgresql://metadatahub-db-rw.abinitio-db:5432/metadatahub?password={{
.password }}&user={{ .username }}
password: '{{ .password }}'
pgpass: metadatahub-db-rw:5432:metadatahub:{{ .username }}:{{ .password }}
uri: postgresql://{{ .username }}:{{ .password }}@metadatahub-db-rw.abinitio-db:5432/metadatahub
username: '{{ .username }}'
metadata:
labels:
cnpg.io/reload: "true"

45
rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/postgresql.cnpg.io_v1_cluster_metadatahub.yaml Normal file
View File

@@ -0,0 +1,45 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: metadatahub
namespace: abinitio-db
spec:
bootstrap:
initdb:
database: metadatahub
owner: mhub_appserver
postInitApplicationSQLRefs:
configMapRefs:
- key: metadatahub.sql
name: metadatahub-sql
secret:
name: mhub-appserver
imageName: ghcr.io/cloudnative-pg/postgresql:16
instances: 2
managed:
roles:
- login: true
name: mhub_appserver
passwordSecret:
name: mhub-appserver
- login: true
name: mhub_importer
passwordSecret:
name: mhub-db-importer
- login: true
name: mhub_report
passwordSecret:
name: mhub-report
postgresql:
parameters:
effective_cache_size: 12GB
shared_buffers: 6GB
resources:
limits:
cpu: 6
memory: 24Gi
requests:
cpu: 3
memory: 12Gi
storage:
size: 60Gi

15
rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/v1_configmap_metadatahub-sql.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
data:
metadatahub.sql: |
CREATE ROLE mhub_importer;
CREATE ROLE mhub_report;
CREATE SCHEMA mhub_meta AUTHORIZATION mhub_appserver;
CREATE SCHEMA mhub_main AUTHORIZATION mhub_appserver;
GRANT USAGE ON SCHEMA mhub_meta TO mhub_importer;
GRANT USAGE ON SCHEMA mhub_main TO mhub_importer;
GRANT USAGE ON SCHEMA mhub_meta TO mhub_report;
GRANT USAGE ON SCHEMA mhub_main TO mhub_report;
kind: ConfigMap
metadata:
name: metadatahub-sql
namespace: abinitio-db

362
rendered/manifests/k3s-dev/abinitio-platform/authgateway/apps_v1_deployment_authgateway-importer.yaml Normal file
View File

@@ -0,0 +1,362 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: authgateway-importer
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: authgateway-importer
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: authgateway-importer-2.4.3-a
name: authgateway-importer
namespace: abinitio
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: authgateway-importer
app.kubernetes.io/name: authgateway-importer
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: authgateway-importer
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: authgateway-importer
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: authgateway-importer-2.4.3-a
name: authgateway-importer
spec:
containers:
- args:
- --ab-k8s-start-reporter
- "true"
- --ab-k8s-job-launch-script
- /ab-setup/setup_pod.sh
command:
- ab-container-entrypoint.ksh
env:
- name: AB_AG_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: AB_AG_USERNAME
value: aiadmin
- name: AB_ALLOW_FILE_LOCK_ON_REMOTE_FILE_SYSTEM
value: "true"
- name: AB_AUTHORIZATION_GATEWAY_URL
value: http://authgateway:8080/authgateway
- name: AB_BRIDGE_CONFIGURATION_DIR
value: /abinitio/bridge
- name: AB_BRIDGE_CONFIGURATION_NAME
value: container-bridge
- name: AB_CHARSET
value: utf-8
- name: AB_CONFIGURATION
value: /config/pod/abinitiorc:/config/pod/apphubrc
- name: AB_CONNECTION_BRIDGE_ENCRYPTED_RPC_ENCRYPTION_KEY
value: file=/secrets/bridge/password
- name: AB_CONNECTION_BRIDGE_PORT
value: "7070"
- name: AB_CONNECTION_BRIDGE_RPC_ENCRYPTION_TYPE
value: aes128-gcm
- name: AB_CONNECTION_BRIDGE_SECURITY_CONFIGURATION
value: container-bridge-security
- name: AB_HOSTNAME_KEYSERVER_URLS
value: abks://key-server:6151
- name: AB_IPV4_ONLY
value: "true"
- name: AB_K8S_MAX_IDLE_SECONDS
value: "0"
- name: AB_K8S_START_BRIDGE
value: background
- name: AB_K8S_START_REPORTER
value: "true"
- name: AB_KEY_DAEMON_DIR
value: /tmp/abkc/data
- name: AB_MHUB_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: AB_MHUB_USERNAME
value: aiadmin
- name: AB_MUX_ENABLE_AG_CREDENTIAL_MAPPING
value: "true"
- name: AB_OPS_CONSOLE_URL
value: http://controlcenter:8080/controlcenter
- name: AB_OPS_PHYSICAL_HOSTNAME
value: authgateway-importer
- name: AB_OPS_WSS_ENCRYPTED_PASSWORD
value: file=/secrets/ocagent/password
- name: AB_OPS_WSS_USERNAME
value: ocagent
- name: AB_PASSWORD_KEY_FILE
value: /secrets/password_key_file/password
- name: APP_FULL_URL
value: http://authgateway:8080/authgateway
- name: BRIDGE_AB_ENCRYPTED_KEY
value: file=/secrets/bridge/password
- name: CC_ADMIN_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: CC_ADMIN_USERNAME
value: aiadmin
- name: CMAP_MOUNT
value: /config/pod
- name: DEPLOY_NAME
value: authgateway-importer
- name: JAVA_OPTS
value: -XX:InitialRAMPercentage=50.0 -XX:MaxRAMPercentage=75.0
- name: LOAD_PHYSOBJECTS
value: "true"
- name: MHUB_IMPORTER_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: NAMESPACE
value: abinitio
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_LABEL
value: 'abinitio/product: authgateway-importer, abinitio/deployment: authgateway-importer'
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_SERVICE
value: authgateway-importer
- name: POD_SERVICE_HEADLESS
value: authgateway-importer-headless
image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/authgateway-importer:4.4.1.1-1
imagePullPolicy: IfNotPresent
name: authgateway-importer
readinessProbe:
exec:
command:
- stat
- /tmp/.pod.ready
failureThreshold: 120
initialDelaySeconds: 45
periodSeconds: 10
resources:
limits:
ephemeral-storage: 8Gi
memory: 12Gi
requests:
cpu: "1"
ephemeral-storage: 8Gi
memory: 8Gi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /config/pod
name: pod-config
- mountPath: /abinitio
name: abinitio-local
- mountPath: /secrets/aiadmin/password
name: aiadmin
subPath: password
- mountPath: /secrets/ocagent/password
name: ocagent
subPath: password
- mountPath: /secrets/bridge/password
name: bridge
subPath: password
- mountPath: /secrets/eme_join_user/password
name: eme-join-user
subPath: password
- mountPath: /secrets/qi_join_user/password
name: qi-join-user
subPath: password
- mountPath: /secrets/dcs_utility_user/password
name: dcs-utility-user
subPath: password
- mountPath: /secrets/mhub_utility_user/password
name: mhub-utility-user
subPath: password
- mountPath: /secrets/ag_db_importer/password
name: ag-db-importer
subPath: password
- mountPath: /secrets/admin/password
name: admin
subPath: password
- mountPath: /secrets/ag_ui_importer/password
name: ag-ui-importer
subPath: password
- mountPath: /secrets/cafe_join_user/password
name: cafe-join-user
subPath: password
- mountPath: /secrets/cc_join_user/password
name: cc-join-user
subPath: password
- mountPath: /secrets/dcs_join_user/password
name: dcs-join-user
subPath: password
- mountPath: /secrets/ei_join_user/password
name: ei-join-user
subPath: password
- mountPath: /secrets/mhub_join_user/password
name: mhub-join-user
subPath: password
- mountPath: /secrets/qiadmin_join_user/password
name: qiadmin-join-user
subPath: password
- mountPath: /secrets/sd_join_user/password
name: sd-join-user
subPath: password
- mountPath: /secrets/trw_join_user/password
name: trw-join-user
subPath: password
- mountPath: /secrets/mhub_db_importer/password
name: mhub-db-importer
subPath: password
- mountPath: /secrets/mhub_ui_importer/password
name: mhub-ui-importer
subPath: password
- mountPath: /secrets/ag_appserver/password
name: ag-appserver
subPath: password
- mountPath: /secrets/ag_report/password
name: ag-report
subPath: password
- mountPath: /secrets/cc_jdbc/password
name: cc-jdbc
subPath: password
- mountPath: /secrets/dcs_hmac_key/password
name: dcs-hmac-key
subPath: password
- mountPath: /secrets/abinitio/password
name: abinitio
subPath: password
- mountPath: /secrets/mhub_appserver/password
name: mhub-appserver
subPath: password
- mountPath: /secrets/mhub_report/password
name: mhub-report
subPath: password
- mountPath: /secrets/runtime_locator_join_user/password
name: runtime-locator-join-user
subPath: password
- mountPath: /secrets/password_key_file/password
name: password-key-file
subPath: password
- mountPath: /tmp
name: tmp-volume
hostAliases:
- hostnames:
- authgateway-importer.abinitio
ip: 127.0.0.1
hostname: authgateway-importer
initContainers: null
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
serviceAccountName: abinitio-sa
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 511
name: authgateway-importer
name: pod-config
- name: abinitio-local
persistentVolumeClaim:
claimName: authgateway-importer-claim
- emptyDir: {}
name: tmp-volume
- name: aiadmin
secret:
secretName: aiadmin
- name: ocagent
secret:
secretName: ocagent
- name: bridge
secret:
secretName: bridge
- name: eme-join-user
secret:
secretName: eme-join-user
- name: qi-join-user
secret:
secretName: qi-join-user
- name: dcs-utility-user
secret:
secretName: dcs-utility-user
- name: mhub-utility-user
secret:
secretName: mhub-utility-user
- name: ag-db-importer
secret:
secretName: ag-db-importer
- name: admin
secret:
secretName: admin
- name: ag-ui-importer
secret:
secretName: ag-ui-importer
- name: cafe-join-user
secret:
secretName: cafe-join-user
- name: cc-join-user
secret:
secretName: cc-join-user
- name: dcs-join-user
secret:
secretName: dcs-join-user
- name: ei-join-user
secret:
secretName: ei-join-user
- name: mhub-join-user
secret:
secretName: mhub-join-user
- name: qiadmin-join-user
secret:
secretName: qiadmin-join-user
- name: sd-join-user
secret:
secretName: sd-join-user
- name: trw-join-user
secret:
secretName: trw-join-user
- name: mhub-db-importer
secret:
secretName: mhub-db-importer
- name: mhub-ui-importer
secret:
secretName: mhub-ui-importer
- name: ag-appserver
secret:
secretName: ag-appserver
- name: ag-report
secret:
secretName: ag-report
- name: cc-jdbc
secret:
secretName: cc-jdbc
- name: dcs-hmac-key
secret:
secretName: dcs-hmac-key
- name: abinitio
secret:
secretName: abinitio
- name: mhub-appserver
secret:
secretName: mhub-appserver
- name: mhub-report
secret:
secretName: mhub-report
- name: runtime-locator-join-user
secret:
secretName: runtime-locator-join-user
- name: password-key-file
secret:
secretName: password-key-file

312
rendered/manifests/k3s-dev/abinitio-platform/authgateway/apps_v1_deployment_authgateway.yaml Normal file
View File

@@ -0,0 +1,312 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
abinitio/deployment: authgateway
app.kubernetes.io/instance: authgateway
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: authgateway
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: authgateway-2.4.3-a
name: authgateway
namespace: abinitio
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: authgateway
app.kubernetes.io/name: authgateway
template:
metadata:
labels:
abinitio/deployment: authgateway
app.kubernetes.io/instance: authgateway
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: authgateway
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: authgateway-2.4.3-a
name: authgateway
spec:
containers:
- env:
- name: AB_CONFIG_PROVIDER_URL
value: file://localhost/config
- name: AB_IPV4_ONLY
value: "true"
- name: AB_PASSWORD_KEY_FILE
value: /secrets/password_key_file/password
- name: CATALINA_TMPDIR
value: /tmp
- name: DEPLOY_NAME
value: authgateway
- name: JAVA_OPTS
value: -XX:InitialRAMPercentage=50.0 -XX:MaxRAMPercentage=75.0
- name: LOAD_PHYSOBJECTS
value: "true"
- name: NAMESPACE
value: abinitio
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_LABEL
value: 'abinitio/product: authgateway, abinitio/deployment: authgateway'
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_SERVICE
value: authgateway
image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/authgateway:4.4.1.1-1
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- ${CATALINA_HOME}/bin/catalina.sh stop
livenessProbe:
failureThreshold: 3
httpGet:
path: /authgateway/api/abwebinternal/health/k8s/liveness
port: 8080
initialDelaySeconds: 5
periodSeconds: 30
name: authgateway-app
readinessProbe:
failureThreshold: 3
httpGet:
path: /authgateway/api/abwebinternal/health/k8s/readiness
port: 8080
initialDelaySeconds: 10
periodSeconds: 30
resources:
limits:
ephemeral-storage: 2Gi
memory: 8Gi
requests:
cpu: "1"
ephemeral-storage: 2Gi
memory: 8Gi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
startupProbe:
failureThreshold: 60
httpGet:
path: /authgateway/api/abwebinternal/health/k8s/startup
port: 8080
initialDelaySeconds: 60
periodSeconds: 30
volumeMounts:
- mountPath: /config/authgateway
name: app-external-config
- mountPath: /abinitio
name: abinitio-local
- mountPath: /tmp
name: tmp-volume
- mountPath: /secrets/aiadmin/password
name: aiadmin
subPath: password
- mountPath: /secrets/ocagent/password
name: ocagent
subPath: password
- mountPath: /secrets/bridge/password
name: bridge
subPath: password
- mountPath: /secrets/eme_join_user/password
name: eme-join-user
subPath: password
- mountPath: /secrets/qi_join_user/password
name: qi-join-user
subPath: password
- mountPath: /secrets/dcs_utility_user/password
name: dcs-utility-user
subPath: password
- mountPath: /secrets/mhub_utility_user/password
name: mhub-utility-user
subPath: password
- mountPath: /secrets/ag_db_importer/password
name: ag-db-importer
subPath: password
- mountPath: /secrets/admin/password
name: admin
subPath: password
- mountPath: /secrets/ag_ui_importer/password
name: ag-ui-importer
subPath: password
- mountPath: /secrets/cafe_join_user/password
name: cafe-join-user
subPath: password
- mountPath: /secrets/cc_join_user/password
name: cc-join-user
subPath: password
- mountPath: /secrets/dcs_join_user/password
name: dcs-join-user
subPath: password
- mountPath: /secrets/ei_join_user/password
name: ei-join-user
subPath: password
- mountPath: /secrets/mhub_join_user/password
name: mhub-join-user
subPath: password
- mountPath: /secrets/qiadmin_join_user/password
name: qiadmin-join-user
subPath: password
- mountPath: /secrets/sd_join_user/password
name: sd-join-user
subPath: password
- mountPath: /secrets/trw_join_user/password
name: trw-join-user
subPath: password
- mountPath: /secrets/mhub_db_importer/password
name: mhub-db-importer
subPath: password
- mountPath: /secrets/mhub_ui_importer/password
name: mhub-ui-importer
subPath: password
- mountPath: /secrets/ag_appserver/password
name: ag-appserver
subPath: password
- mountPath: /secrets/ag_report/password
name: ag-report
subPath: password
- mountPath: /secrets/cc_jdbc/password
name: cc-jdbc
subPath: password
- mountPath: /secrets/dcs_hmac_key/password
name: dcs-hmac-key
subPath: password
- mountPath: /secrets/abinitio/password
name: abinitio
subPath: password
- mountPath: /secrets/mhub_appserver/password
name: mhub-appserver
subPath: password
- mountPath: /secrets/mhub_report/password
name: mhub-report
subPath: password
- mountPath: /secrets/runtime_locator_join_user/password
name: runtime-locator-join-user
subPath: password
- mountPath: /secrets/password_key_file/password
name: password-key-file
subPath: password
hostname: authgateway
initContainers: null
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
serviceAccountName: abinitio-sa
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: abinitio-local
- configMap:
defaultMode: 511
name: authgateway-external-config
name: app-external-config
- emptyDir: {}
name: tmp-volume
- name: aiadmin
secret:
secretName: aiadmin
- name: ocagent
secret:
secretName: ocagent
- name: bridge
secret:
secretName: bridge
- name: eme-join-user
secret:
secretName: eme-join-user
- name: qi-join-user
secret:
secretName: qi-join-user
- name: dcs-utility-user
secret:
secretName: dcs-utility-user
- name: mhub-utility-user
secret:
secretName: mhub-utility-user
- name: ag-db-importer
secret:
secretName: ag-db-importer
- name: admin
secret:
secretName: admin
- name: ag-ui-importer
secret:
secretName: ag-ui-importer
- name: cafe-join-user
secret:
secretName: cafe-join-user
- name: cc-join-user
secret:
secretName: cc-join-user
- name: dcs-join-user
secret:
secretName: dcs-join-user
- name: ei-join-user
secret:
secretName: ei-join-user
- name: mhub-join-user
secret:
secretName: mhub-join-user
- name: qiadmin-join-user
secret:
secretName: qiadmin-join-user
- name: sd-join-user
secret:
secretName: sd-join-user
- name: trw-join-user
secret:
secretName: trw-join-user
- name: mhub-db-importer
secret:
secretName: mhub-db-importer
- name: mhub-ui-importer
secret:
secretName: mhub-ui-importer
- name: ag-appserver
secret:
secretName: ag-appserver
- name: ag-report
secret:
secretName: ag-report
- name: cc-jdbc
secret:
secretName: cc-jdbc
- name: dcs-hmac-key
secret:
secretName: dcs-hmac-key
- name: abinitio
secret:
secretName: abinitio
- name: mhub-appserver
secret:
secretName: mhub-appserver
- name: mhub-report
secret:
secretName: mhub-report
- name: runtime-locator-join-user
secret:
secretName: runtime-locator-join-user
- name: password-key-file
secret:
secretName: password-key-file

1462
rendered/manifests/k3s-dev/abinitio-platform/authgateway/v1_configmap_authgateway-external-config.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

73
rendered/manifests/k3s-dev/abinitio-platform/authgateway/v1_configmap_authgateway-importer.yaml Normal file
View File

@@ -0,0 +1,73 @@
apiVersion: v1
data:
abinitiorc: |
AB_AG_LOCAL_ROOT : /abinitio/deploy
AB_BRIDGE_WORKDIR @ container-bridge : /tmp/container-bridge-workdir
AB_CHARSET : utf-8
AB_HOSTNAME_KEYSERVER_URLS : abks://key-server:6151
AB_OPS_CONSOLE_URL : http://controlcenter:8080/controlcenter
AB_OPS_MONITOR : true
AB_OPS_MONITOR_RESOURCES : false
AB_OPS_PHYSICAL_HOSTNAME : authgateway-importer
AB_PROC_DIR : /tmp
AB_WORK_DIR : /abinitio/work
apphubrc: |
AB_BRIDGE_VOLATILE_DIR : /tmp/ab-bridge-volatile-dir
AB_KEYSERVER_GROUP : AI-IC-AWS001a
AB_KEYSERVER_URLS : abks://key-server:6150
deploy_params.config: |
appserver.cluster.option: '3'
appserver.host: 'authgateway'
appserver.port: '8080'
appserver.protocol: 'http'
appserver.type: 'tomcat'
bridge.config: 'container-bridge'
bridge.create.security.config: 'N'
bridge.host: 'authgateway-importer'
bridge.port: '7070'
bridge.rpc.aes128gcm.ab_encrypted_key: 'file=/secrets/bridge/password'
bridge.rpc.aes128gcm.mhub_encrypted_key: 'file=/secrets/bridge/password'
bridge.security_config: 'container-bridge-security'
bridge.security_type: 'aes-128-gcm'
db.appserver.mhub_encrypted_password: 'file=/secrets/ag_appserver/password'
db.appserver.username: 'ag_appserver'
db.create: 'Y'
db.create_physical: 'N'
db.datastore.destroy_if_exists: 'N'
db.host: 'authgateway-rw.abinitio-db.svc'
db.importer.ab_encrypted_password: 'file=/secrets/ag_db_importer/password'
db.importer.mhub_encrypted_password: 'file=/secrets/ag_db_importer/password'
db.importer.username: 'ag_importer'
db.name: 'authgateway'
db.port: '5432'
db.report.mhub_encrypted_password: 'file=/secrets/ag_report/password'
db.report.username: 'ag_report'
db.type: 'postgresql'
deployment.name: 'authgateway-importer'
deployment.set_server_config: 'N'
deployment.type_basic: 'N'
lineage.server: 'N'
lineageserver.url: ''
security.encryption.keyDirectory: ''
security.encryption.useExternalKey: 'N'
ui.webaccess.admin.ab_encrypted_password: 'file=/secrets/admin/password'
ui.webaccess.admin.password_hash_encrypted: 'file=/secrets/admin/password'
ui.webaccess.importer.ab_encrypted_password: 'file=/secrets/ag_ui_importer/password'
ui.webaccess.importer.password_hash_encrypted: 'file=/secrets/ag_ui_importer/password'
webapp.app_name: 'authgateway'
webapp.cluster.hosts: 'authgateway-jgroup'
webapp.cluster.port: '7800'
webapp.clustered.deployment: 'Y'
webapp.deploy_warfile: 'N'
webapp.indexDirectoryRoot: 'file:///abinitio/data/searchIndex'
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: authgateway-importer
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: authgateway-importer
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: authgateway-importer-2.4.3-a
name: authgateway-importer
namespace: abinitio

18
rendered/manifests/k3s-dev/abinitio-platform/authgateway/v1_persistentvolumeclaim_authgateway-importer-claim.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: authgateway-importer
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: authgateway-importer
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: authgateway-importer-2.4.3-a
name: authgateway-importer-claim
namespace: abinitio
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

23
rendered/manifests/k3s-dev/abinitio-platform/authgateway/v1_service_authgateway-importer.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: authgateway-importer
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: authgateway-importer
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: authgateway-importer-2.4.3-a
name: authgateway-importer
namespace: abinitio
spec:
ports:
- name: bridge
port: 7070
protocol: TCP
targetPort: 7070
publishNotReadyAddresses: true
selector:
app.kubernetes.io/instance: authgateway-importer
app.kubernetes.io/name: authgateway-importer
type: ClusterIP

25
rendered/manifests/k3s-dev/abinitio-platform/authgateway/v1_service_authgateway-jgroup.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: v1
kind: Service
metadata:
labels:
abinitio/deployment: authgateway
app.kubernetes.io/instance: authgateway
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: authgateway
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: authgateway-2.4.3-a
name: authgateway-jgroup
namespace: abinitio
spec:
clusterIP: None
ports:
- name: jgroup-channel
port: 7800
protocol: TCP
targetPort: 7800
publishNotReadyAddresses: true
selector:
app.kubernetes.io/instance: authgateway
app.kubernetes.io/name: authgateway
type: ClusterIP

27
rendered/manifests/k3s-dev/abinitio-platform/authgateway/v1_service_authgateway.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
labels:
abinitio/deployment: authgateway
app.kubernetes.io/instance: authgateway
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: authgateway
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: authgateway-2.4.3-a
name: authgateway
namespace: abinitio
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/instance: authgateway
app.kubernetes.io/name: authgateway
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds: 86400
type: ClusterIP

362
rendered/manifests/k3s-dev/abinitio-platform/blueprints/apps_v1_deployment_blueprints.yaml Normal file
View File

@@ -0,0 +1,362 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: blueprints
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: blueprints
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: blueprints-2.4.3-a
name: blueprints
namespace: abinitio
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: blueprints
app.kubernetes.io/name: blueprints
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: blueprints
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: blueprints
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: blueprints-2.4.3-a
name: blueprints
spec:
containers:
- args:
- --ab-k8s-job-launch-script
- /ab-setup/setup_pod.sh
command:
- ab-container-entrypoint.ksh
env:
- name: AB_AIR_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: AB_AIR_ROOT
value: //eme-0.eme-headless/abinitio/eme/eme
- name: AB_AIR_USER
value: aiadmin
- name: AB_ALLOW_FILE_LOCK_ON_REMOTE_FILE_SYSTEM
value: "true"
- name: AB_AUTHORIZATION_GATEWAY_URL
value: http://authgateway:8080/authgateway
- name: AB_BRIDGE_CONFIGURATION_DIR
value: /abinitio/bridge
- name: AB_BRIDGE_CONFIGURATION_NAME
value: container-bridge
- name: AB_CHARSET
value: utf-8
- name: AB_CONFIGURATION
value: /config/pod/abinitiorc:/config/pod/apphubrc
- name: AB_CONNECTION_BRIDGE_ENCRYPTED_RPC_ENCRYPTION_KEY
value: file=/secrets/bridge/password
- name: AB_CONNECTION_BRIDGE_PORT
value: "7070"
- name: AB_CONNECTION_BRIDGE_RPC_ENCRYPTION_TYPE
value: aes128-gcm
- name: AB_CONNECTION_BRIDGE_SECURITY_CONFIGURATION
value: container-bridge-security
- name: AB_HOSTNAME_KEYSERVER_URLS
value: abks://key-server:6151
- name: AB_IPV4_ONLY
value: "true"
- name: AB_K8S_MAX_IDLE_SECONDS
value: "0"
- name: AB_K8S_START_BRIDGE
value: background
- name: AB_K8S_START_REPORTER
value: "true"
- name: AB_KEY_DAEMON_DIR
value: /tmp/abkc/data
- name: AB_MHUB_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: AB_MHUB_URL
value: http://metadatahub:8080/metadatahub
- name: AB_MHUB_USERNAME
value: aiadmin
- name: AB_MUX_ENABLE_AG_CREDENTIAL_MAPPING
value: "true"
- name: AB_OPS_CONSOLE_URL
value: http://controlcenter:8080/controlcenter
- name: AB_OPS_WSS_ENCRYPTED_PASSWORD
value: file=/secrets/ocagent/password
- name: AB_OPS_WSS_USERNAME
value: ocagent
- name: AB_PASSWORD_KEY_FILE
value: /secrets/password_key_file/password
- name: BRIDGE_AB_ENCRYPTED_KEY
value: file=/secrets/bridge/password
- name: CC_ADMIN_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: CC_ADMIN_USERNAME
value: aiadmin
- name: CMAP_MOUNT
value: /config/pod
- name: DEPLOY_NAME
value: blueprints
- name: JAVA_OPTS
value: -XX:InitialRAMPercentage=50.0 -XX:MaxRAMPercentage=75.0
- name: LOAD_PHYSOBJECTS
value: "true"
- name: NAMESPACE
value: abinitio
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_LABEL
value: 'abinitio/product: blueprints, abinitio/deployment: blueprints'
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_SERVICE
value: blueprints
- name: POD_SERVICE_HEADLESS
value: blueprints-headless
image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/blueprints:4.4.1.1-1
imagePullPolicy: IfNotPresent
name: blueprints
readinessProbe:
exec:
command:
- stat
- /tmp/.pod.ready
failureThreshold: 960
periodSeconds: 10
resources:
limits:
ephemeral-storage: 2Gi
memory: 16Gi
requests:
cpu: 500m
ephemeral-storage: 2Gi
memory: 8Gi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /config/pod
name: pod-config
- mountPath: /abinitio
name: abinitio-local
- mountPath: /secrets/aiadmin/password
name: aiadmin
subPath: password
- mountPath: /secrets/ocagent/password
name: ocagent
subPath: password
- mountPath: /secrets/bridge/password
name: bridge
subPath: password
- mountPath: /secrets/eme_join_user/password
name: eme-join-user
subPath: password
- mountPath: /secrets/qi_join_user/password
name: qi-join-user
subPath: password
- mountPath: /secrets/dcs_utility_user/password
name: dcs-utility-user
subPath: password
- mountPath: /secrets/mhub_utility_user/password
name: mhub-utility-user
subPath: password
- mountPath: /secrets/ag_db_importer/password
name: ag-db-importer
subPath: password
- mountPath: /secrets/admin/password
name: admin
subPath: password
- mountPath: /secrets/ag_ui_importer/password
name: ag-ui-importer
subPath: password
- mountPath: /secrets/cafe_join_user/password
name: cafe-join-user
subPath: password
- mountPath: /secrets/cc_join_user/password
name: cc-join-user
subPath: password
- mountPath: /secrets/dcs_join_user/password
name: dcs-join-user
subPath: password
- mountPath: /secrets/ei_join_user/password
name: ei-join-user
subPath: password
- mountPath: /secrets/mhub_join_user/password
name: mhub-join-user
subPath: password
- mountPath: /secrets/qiadmin_join_user/password
name: qiadmin-join-user
subPath: password
- mountPath: /secrets/sd_join_user/password
name: sd-join-user
subPath: password
- mountPath: /secrets/trw_join_user/password
name: trw-join-user
subPath: password
- mountPath: /secrets/mhub_db_importer/password
name: mhub-db-importer
subPath: password
- mountPath: /secrets/mhub_ui_importer/password
name: mhub-ui-importer
subPath: password
- mountPath: /secrets/ag_appserver/password
name: ag-appserver
subPath: password
- mountPath: /secrets/ag_report/password
name: ag-report
subPath: password
- mountPath: /secrets/cc_jdbc/password
name: cc-jdbc
subPath: password
- mountPath: /secrets/dcs_hmac_key/password
name: dcs-hmac-key
subPath: password
- mountPath: /secrets/abinitio/password
name: abinitio
subPath: password
- mountPath: /secrets/mhub_appserver/password
name: mhub-appserver
subPath: password
- mountPath: /secrets/mhub_report/password
name: mhub-report
subPath: password
- mountPath: /secrets/runtime_locator_join_user/password
name: runtime-locator-join-user
subPath: password
- mountPath: /secrets/password_key_file/password
name: password-key-file
subPath: password
- mountPath: /ab_share
name: ab-share-data-and-appconf-root
- mountPath: /tmp
name: tmp-volume
hostAliases:
- hostnames:
- blueprints.abinitio
ip: 127.0.0.1
hostname: blueprints
initContainers: null
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
serviceAccountName: abinitio-sa
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 511
name: blueprints
name: pod-config
- name: abinitio-local
persistentVolumeClaim:
claimName: blueprints-claim
- emptyDir: {}
name: tmp-volume
- name: aiadmin
secret:
secretName: aiadmin
- name: ocagent
secret:
secretName: ocagent
- name: bridge
secret:
secretName: bridge
- name: eme-join-user
secret:
secretName: eme-join-user
- name: qi-join-user
secret:
secretName: qi-join-user
- name: dcs-utility-user
secret:
secretName: dcs-utility-user
- name: mhub-utility-user
secret:
secretName: mhub-utility-user
- name: ag-db-importer
secret:
secretName: ag-db-importer
- name: admin
secret:
secretName: admin
- name: ag-ui-importer
secret:
secretName: ag-ui-importer
- name: cafe-join-user
secret:
secretName: cafe-join-user
- name: cc-join-user
secret:
secretName: cc-join-user
- name: dcs-join-user
secret:
secretName: dcs-join-user
- name: ei-join-user
secret:
secretName: ei-join-user
- name: mhub-join-user
secret:
secretName: mhub-join-user
- name: qiadmin-join-user
secret:
secretName: qiadmin-join-user
- name: sd-join-user
secret:
secretName: sd-join-user
- name: trw-join-user
secret:
secretName: trw-join-user
- name: mhub-db-importer
secret:
secretName: mhub-db-importer
- name: mhub-ui-importer
secret:
secretName: mhub-ui-importer
- name: ag-appserver
secret:
secretName: ag-appserver
- name: ag-report
secret:
secretName: ag-report
- name: cc-jdbc
secret:
secretName: cc-jdbc
- name: dcs-hmac-key
secret:
secretName: dcs-hmac-key
- name: abinitio
secret:
secretName: abinitio
- name: mhub-appserver
secret:
secretName: mhub-appserver
- name: mhub-report
secret:
secretName: mhub-report
- name: runtime-locator-join-user
secret:
secretName: runtime-locator-join-user
- name: password-key-file
secret:
secretName: password-key-file
- name: ab-share-data-and-appconf-root
persistentVolumeClaim:
claimName: ab-shared-data-and-appconf-root-claim

94
rendered/manifests/k3s-dev/abinitio-platform/blueprints/v1_configmap_blueprints.yaml Normal file
View File

@@ -0,0 +1,94 @@
apiVersion: v1
data:
abinitiorc: |
AB_AIR_BRANCH @ expressit : main
AB_AIR_ROOT @ expressit : //eme-0.eme-headless/abinitio/eme/eme
AB_APPCONF_ROOT_DIR @ expressit : /ab_share/ab_appconf_root
AB_BRIDGE_WORKDIR @ container-bridge : /tmp/container-bridge-workdir
AB_CHARSET : utf-8
AB_CONNECTION : bridge
AB_CONNECTION_BRIDGE_ENCRYPTED_RPC_ENCRYPTION_KEY @ emeabeme : file=/secrets/bridge/password
AB_HOSTNAME_KEYSERVER_URLS : abks://key-server:6151
AB_MHUB_LOCAL_ROOT : /abinitio/deploy
AB_OPS_CONSOLE_URL : http://controlcenter:8080/controlcenter
AB_OPS_MONITOR : true
AB_OPS_MONITOR_RESOURCES : false
AB_OPS_PHYSICAL_HOSTNAME : blueprints
AB_PROC_DIR : /tmp
AB_WORK_DIR : /abinitio/work
apphubrc: |
AB_BRIDGE_VOLATILE_DIR : /tmp/ab-bridge-volatile-dir
AB_KEYSERVER_GROUP : AI-IC-AWS001a
AB_KEYSERVER_URLS : abks://key-server:6150
install-properties.config: |
AB_AIR_ROOT=//eme-0.eme-headless/abinitio/eme/eme
AB_APPLICATION_HUB=/usr/local/abinitio-app-hub
DO_CATALOGVIEW_PROJECT=y
DO_EME_INSTALL=y
DO_EXAMPLES_INSTALL=n
DO_EZ_PRIV=y
DO_MHUB_INSTALL=y
EZ_GENERATOR_AG_CATALOG_IP=datacatalog
EZ_GENERATOR_AG_CATALOG_NAME=Data Catalog Services
EZ_GENERATOR_AG_URL=http://authgateway:8080/authgateway
EZ_GENERATOR_AG_USER=aiadmin
EZ_GENERATOR_APPCONF_REL_LOC=edl
EZ_GENERATOR_APPID=expressit
EZ_GENERATOR_BLUEPRINTS_TO_INSTALL=ALL
EZ_GENERATOR_BLUEPRINT_SERVICE_HOST=blueprints
EZ_GENERATOR_BLUEPRINT_SERVICE_PORT=9870
EZ_GENERATOR_CATALOGVIEW_PHYSPROJECT=catalogview
EZ_GENERATOR_CATALOGVIEW_TECHSYSTEM=EnterpriseDataLake
EZ_GENERATOR_CC_HOST=http://controlcenter:8080/controlcenter
EZ_GENERATOR_CONFIG_MHUB_DEPLOYMENT_DIR=/abinitio/deploy/metadatahub-importer
EZ_GENERATOR_CONFIG_MHUB_MAIN_SCHEMA=mhub_main
EZ_GENERATOR_CONFIG_MHUB_META_SCHEMA=mhub_meta
EZ_GENERATOR_CONFIG_MHUB_USER=aiadmin
EZ_GENERATOR_DATAQUALITY=/ab_share/ab_appconf_root/global/abinitio/dataquality
EZ_GENERATOR_DATAQUALITY_RPATH=/Projects/abinitio/dataquality
EZ_GENERATOR_DCAT_URL=http://datacatalog:8080/datacatalog
EZ_GENERATOR_EI_PRODUCT_INSTANCE=Express>It
EZ_GENERATOR_EI_WORKSPACE=Blueprints (Pipelines)
EZ_GENERATOR_EME_TECHSYSTEM=Technical Repository
EZ_GENERATOR_EME_USES_AG_AUTH=y
EZ_GENERATOR_INSTALL_ACTIVE_METADATA_REFERENCE=y
EZ_GENERATOR_INSTALL_CODEGEN_TRACING=y
EZ_GENERATOR_INSTALL_CONTROL_TEST_RUNS=n
EZ_GENERATOR_LANDING_ROOT=/ab_share/ab_appconf_root/main/users
EZ_GENERATOR_LISTENER_SERVICE_HOST=blueprints
EZ_GENERATOR_LISTENER_SERVICE_PORT=9876
EZ_GENERATOR_LISTENER_SERVICE_URL=http://blueprints:9876
EZ_GENERATOR_MHUB_LOCAL_ROOT_DIR=/abinitio/deploy
EZ_GENERATOR_QUERYIT_HOST=localhost
EZ_GENERATOR_QUERYIT_RPATH=/Projects/queryit-instance-0
EZ_GENERATOR_QUERYIT_SANDBOX_INSTANCE=queryit-instance-0
EZ_GENERATOR_QUERYIT_SANDBOX_ROOT=/abinitio/sandboxes/private_sand
EZ_GENERATOR_QUERYIT_USER=aiadmin
EZ_GENERATOR_STDENV=/abinitio/sandboxes/sand/stdenv
EZ_GENERATOR_STDENV_RPATH=/Projects/stdenv
EZ_GENERATOR_USE_LOCAL_QUERYIT_SANDBOX=n
INSTALL_ACTIVE_METADATA_REFERENCE=y
INSTALL_CONFIG_USING_ABAPP_MHUB=y
MHUB_ABAPP_NAME=metadatahub
MHUB_DATASTORE_NAME=metadatahub-importer
MHUB_IMPORTER_USERNAME=aiadmin
MHUB_IMPORT_PROFILE_PATH=/abinitio/deploy/metadatahub-importer/config/import.profile
MHUB_URL=http://metadatahub:8080/metadatahub
SANDBOX_ROOT=/abinitio/sandboxes/sand
WAIT_BETWEEN_LOAD_ATTEMPTS=60
WAIT_FOR_LOAD_ATTEMPTS=150
EZ_GENERATOR_AG_ENCRYPTED_PASSWORD=file=/secrets/aiadmin/password
EZ_GENERATOR_AG_BASE64_PASSWORD=file=/secrets/aiadmin/password
MHUB_IMPORTER_ENCRYPTED_PASSWORD=file=/secrets/aiadmin/password
EZ_GENERATOR_CONFIG_MHUB_ENCRYPTED_PASSWORD=file=/secrets/aiadmin/password
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: blueprints
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: blueprints
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: blueprints-2.4.3-a
name: blueprints
namespace: abinitio

18
rendered/manifests/k3s-dev/abinitio-platform/blueprints/v1_persistentvolumeclaim_blueprints-claim.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: blueprints
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: blueprints
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: blueprints-2.4.3-a
name: blueprints-claim
namespace: abinitio
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

31
rendered/manifests/k3s-dev/abinitio-platform/blueprints/v1_service_blueprints.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: blueprints
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: blueprints
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: blueprints-2.4.3-a
name: blueprints
namespace: abinitio
spec:
ports:
- name: blueprints
port: 9870
protocol: TCP
targetPort: 9870
- name: listener
port: 9876
protocol: TCP
targetPort: 9876
- name: bridge
port: 7070
protocol: TCP
targetPort: 7070
publishNotReadyAddresses: false
selector:
app.kubernetes.io/instance: blueprints
app.kubernetes.io/name: blueprints
type: ClusterIP

348
rendered/manifests/k3s-dev/abinitio-platform/controlcenter/apps_v1_deployment_controlcenter-scheduler.yaml Normal file
View File

@@ -0,0 +1,348 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: controlcenter-scheduler
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: controlcenter-scheduler
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: controlcenter-scheduler-2.4.3-a
name: controlcenter-scheduler
namespace: abinitio
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: controlcenter-scheduler
app.kubernetes.io/name: controlcenter-scheduler
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: controlcenter-scheduler
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: controlcenter-scheduler
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: controlcenter-scheduler-2.4.3-a
name: controlcenter-scheduler
spec:
containers:
- args:
- --ab-k8s-start-reporter
- "true"
- --ab-k8s-job-launch-script
- /ab-setup/setup_pod.sh
command:
- ab-container-entrypoint.ksh
env:
- name: AB_ALLOW_FILE_LOCK_ON_REMOTE_FILE_SYSTEM
value: "true"
- name: AB_AUTHORIZATION_GATEWAY_URL
value: http://authgateway:8080/authgateway
- name: AB_BRIDGE_CONFIGURATION_DIR
value: /abinitio/bridge
- name: AB_BRIDGE_CONFIGURATION_NAME
value: container-bridge
- name: AB_CHARSET
value: utf-8
- name: AB_CONFIGURATION
value: /config/pod/abinitiorc:/config/pod/apphubrc
- name: AB_CONNECTION_BRIDGE_ENCRYPTED_RPC_ENCRYPTION_KEY
value: file=/secrets/bridge/password
- name: AB_CONNECTION_BRIDGE_PORT
value: "7070"
- name: AB_CONNECTION_BRIDGE_RPC_ENCRYPTION_TYPE
value: aes128-gcm
- name: AB_CONNECTION_BRIDGE_SECURITY_CONFIGURATION
value: container-bridge-security
- name: AB_HOSTNAME_KEYSERVER_URLS
value: abks://key-server:6151
- name: AB_IPV4_ONLY
value: "true"
- name: AB_K8S_MAX_IDLE_SECONDS
value: "0"
- name: AB_K8S_START_BRIDGE
value: background
- name: AB_K8S_START_REPORTER
value: "true"
- name: AB_KEY_DAEMON_DIR
value: /tmp/abkc/data
- name: AB_MUX_ENABLE_AG_CREDENTIAL_MAPPING
value: "false"
- name: AB_OPS_CONSOLE_URL
value: http://controlcenter:8080/controlcenter
- name: AB_OPS_HOST_CLUSTER_NAME
value: controlcenter-scheduler-cluster-name
- name: AB_OPS_WSS_ENCRYPTED_PASSWORD
value: file=/secrets/ocagent/password
- name: AB_OPS_WSS_USERNAME
value: ocagent
- name: AB_PASSWORD_KEY_FILE
value: /secrets/password_key_file/password
- name: BRIDGE_AB_ENCRYPTED_KEY
value: file=/secrets/bridge/password
- name: CC_ADMIN_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: CC_ADMIN_USERNAME
value: aiadmin
- name: CMAP_MOUNT
value: /config/pod
- name: DEPLOY_NAME
value: controlcenter-scheduler
- name: LOAD_PHYSOBJECTS
value: "true"
- name: NAMESPACE
value: abinitio
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_LABEL
value: 'abinitio/product: controlcenter-scheduler, abinitio/deployment:
controlcenter-scheduler'
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_SERVICE
value: controlcenter-scheduler
- name: POD_SERVICE_HEADLESS
value: controlcenter-scheduler-headless
image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/controlcenter-scheduler:4.4.1.1-1
imagePullPolicy: IfNotPresent
name: controlcenter-scheduler
readinessProbe:
exec:
command:
- stat
- /tmp/.pod.ready
failureThreshold: 960
periodSeconds: 10
resources:
limits:
ephemeral-storage: 8Gi
memory: 4096Mi
requests:
cpu: 500m
ephemeral-storage: 8Gi
memory: 4096Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /config/pod
name: pod-config
- mountPath: /abinitio
name: abinitio-local
- mountPath: /secrets/aiadmin/password
name: aiadmin
subPath: password
- mountPath: /secrets/ocagent/password
name: ocagent
subPath: password
- mountPath: /secrets/bridge/password
name: bridge
subPath: password
- mountPath: /secrets/eme_join_user/password
name: eme-join-user
subPath: password
- mountPath: /secrets/qi_join_user/password
name: qi-join-user
subPath: password
- mountPath: /secrets/dcs_utility_user/password
name: dcs-utility-user
subPath: password
- mountPath: /secrets/mhub_utility_user/password
name: mhub-utility-user
subPath: password
- mountPath: /secrets/ag_db_importer/password
name: ag-db-importer
subPath: password
- mountPath: /secrets/admin/password
name: admin
subPath: password
- mountPath: /secrets/ag_ui_importer/password
name: ag-ui-importer
subPath: password
- mountPath: /secrets/cafe_join_user/password
name: cafe-join-user
subPath: password
- mountPath: /secrets/cc_join_user/password
name: cc-join-user
subPath: password
- mountPath: /secrets/dcs_join_user/password
name: dcs-join-user
subPath: password
- mountPath: /secrets/ei_join_user/password
name: ei-join-user
subPath: password
- mountPath: /secrets/mhub_join_user/password
name: mhub-join-user
subPath: password
- mountPath: /secrets/qiadmin_join_user/password
name: qiadmin-join-user
subPath: password
- mountPath: /secrets/sd_join_user/password
name: sd-join-user
subPath: password
- mountPath: /secrets/trw_join_user/password
name: trw-join-user
subPath: password
- mountPath: /secrets/mhub_db_importer/password
name: mhub-db-importer
subPath: password
- mountPath: /secrets/mhub_ui_importer/password
name: mhub-ui-importer
subPath: password
- mountPath: /secrets/ag_appserver/password
name: ag-appserver
subPath: password
- mountPath: /secrets/ag_report/password
name: ag-report
subPath: password
- mountPath: /secrets/cc_jdbc/password
name: cc-jdbc
subPath: password
- mountPath: /secrets/dcs_hmac_key/password
name: dcs-hmac-key
subPath: password
- mountPath: /secrets/abinitio/password
name: abinitio
subPath: password
- mountPath: /secrets/mhub_appserver/password
name: mhub-appserver
subPath: password
- mountPath: /secrets/mhub_report/password
name: mhub-report
subPath: password
- mountPath: /secrets/runtime_locator_join_user/password
name: runtime-locator-join-user
subPath: password
- mountPath: /secrets/password_key_file/password
name: password-key-file
subPath: password
- mountPath: /tmp
name: tmp-volume
hostAliases:
- hostnames:
- controlcenter-scheduler.abinitio
ip: 127.0.0.1
hostname: controlcenter-scheduler
initContainers: null
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
serviceAccountName: controlcenter-scheduler-sa
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 511
name: controlcenter-scheduler
name: pod-config
- name: abinitio-local
persistentVolumeClaim:
claimName: controlcenter-scheduler-claim
- emptyDir: {}
name: tmp-volume
- name: aiadmin
secret:
secretName: aiadmin
- name: ocagent
secret:
secretName: ocagent
- name: bridge
secret:
secretName: bridge
- name: eme-join-user
secret:
secretName: eme-join-user
- name: qi-join-user
secret:
secretName: qi-join-user
- name: dcs-utility-user
secret:
secretName: dcs-utility-user
- name: mhub-utility-user
secret:
secretName: mhub-utility-user
- name: ag-db-importer
secret:
secretName: ag-db-importer
- name: admin
secret:
secretName: admin
- name: ag-ui-importer
secret:
secretName: ag-ui-importer
- name: cafe-join-user
secret:
secretName: cafe-join-user
- name: cc-join-user
secret:
secretName: cc-join-user
- name: dcs-join-user
secret:
secretName: dcs-join-user
- name: ei-join-user
secret:
secretName: ei-join-user
- name: mhub-join-user
secret:
secretName: mhub-join-user
- name: qiadmin-join-user
secret:
secretName: qiadmin-join-user
- name: sd-join-user
secret:
secretName: sd-join-user
- name: trw-join-user
secret:
secretName: trw-join-user
- name: mhub-db-importer
secret:
secretName: mhub-db-importer
- name: mhub-ui-importer
secret:
secretName: mhub-ui-importer
- name: ag-appserver
secret:
secretName: ag-appserver
- name: ag-report
secret:
secretName: ag-report
- name: cc-jdbc
secret:
secretName: cc-jdbc
- name: dcs-hmac-key
secret:
secretName: dcs-hmac-key
- name: abinitio
secret:
secretName: abinitio
- name: mhub-appserver
secret:
secretName: mhub-appserver
- name: mhub-report
secret:
secretName: mhub-report
- name: runtime-locator-join-user
secret:
secretName: runtime-locator-join-user
- name: password-key-file
secret:
secretName: password-key-file

311
rendered/manifests/k3s-dev/abinitio-platform/controlcenter/apps_v1_deployment_controlcenter.yaml Normal file
View File

@@ -0,0 +1,311 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
abinitio/deployment: controlcenter
app.kubernetes.io/instance: controlcenter
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: controlcenter
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: controlcenter-2.4.3-a
name: controlcenter
namespace: abinitio
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: controlcenter
app.kubernetes.io/name: controlcenter
template:
metadata:
labels:
abinitio/deployment: controlcenter
app.kubernetes.io/instance: controlcenter
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: controlcenter
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: controlcenter-2.4.3-a
name: controlcenter
spec:
containers:
- env:
- name: AB_CONFIG_PROVIDER_URL
value: file://localhost/config
- name: AB_IPV4_ONLY
value: "true"
- name: AB_PASSWORD_KEY_FILE
value: /secrets/password_key_file/password
- name: CATALINA_TMPDIR
value: /tmp
- name: DEPLOY_NAME
value: controlcenter
- name: JAVA_OPTS
value: -XX:InitialRAMPercentage=50.0 -XX:MaxRAMPercentage=75.0
- name: LOAD_PHYSOBJECTS
value: "true"
- name: NAMESPACE
value: abinitio
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_LABEL
value: 'abinitio/product: controlcenter, abinitio/deployment: controlcenter'
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_SERVICE
value: controlcenter
image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/controlcenter:4.4.1.1-1
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- ${CATALINA_HOME}/bin/catalina.sh stop
livenessProbe:
failureThreshold: 3
httpGet:
path: /controlcenter/api/abwebinternal/health/k8s/liveness
port: 8080
initialDelaySeconds: 15
periodSeconds: 30
name: controlcenter-app
readinessProbe:
failureThreshold: 3
httpGet:
path: /controlcenter/api/abwebinternal/health/k8s/readiness
port: 8080
initialDelaySeconds: 15
periodSeconds: 30
resources:
limits:
ephemeral-storage: 2Gi
memory: 4Gi
requests:
cpu: 200m
ephemeral-storage: 2Gi
memory: 4Gi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
startupProbe:
failureThreshold: 3
httpGet:
path: /controlcenter/api/abwebinternal/health/k8s/startup
port: 8080
initialDelaySeconds: 15
periodSeconds: 30
volumeMounts:
- mountPath: /config/controlcenter
name: app-external-config
- mountPath: /abinitio
name: abinitio-local
- mountPath: /tmp
name: tmp-volume
- mountPath: /secrets/aiadmin/password
name: aiadmin
subPath: password
- mountPath: /secrets/ocagent/password
name: ocagent
subPath: password
- mountPath: /secrets/bridge/password
name: bridge
subPath: password
- mountPath: /secrets/eme_join_user/password
name: eme-join-user
subPath: password
- mountPath: /secrets/qi_join_user/password
name: qi-join-user
subPath: password
- mountPath: /secrets/dcs_utility_user/password
name: dcs-utility-user
subPath: password
- mountPath: /secrets/mhub_utility_user/password
name: mhub-utility-user
subPath: password
- mountPath: /secrets/ag_db_importer/password
name: ag-db-importer
subPath: password
- mountPath: /secrets/admin/password
name: admin
subPath: password
- mountPath: /secrets/ag_ui_importer/password
name: ag-ui-importer
subPath: password
- mountPath: /secrets/cafe_join_user/password
name: cafe-join-user
subPath: password
- mountPath: /secrets/cc_join_user/password
name: cc-join-user
subPath: password
- mountPath: /secrets/dcs_join_user/password
name: dcs-join-user
subPath: password
- mountPath: /secrets/ei_join_user/password
name: ei-join-user
subPath: password
- mountPath: /secrets/mhub_join_user/password
name: mhub-join-user
subPath: password
- mountPath: /secrets/qiadmin_join_user/password
name: qiadmin-join-user
subPath: password
- mountPath: /secrets/sd_join_user/password
name: sd-join-user
subPath: password
- mountPath: /secrets/trw_join_user/password
name: trw-join-user
subPath: password
- mountPath: /secrets/mhub_db_importer/password
name: mhub-db-importer
subPath: password
- mountPath: /secrets/mhub_ui_importer/password
name: mhub-ui-importer
subPath: password
- mountPath: /secrets/ag_appserver/password
name: ag-appserver
subPath: password
- mountPath: /secrets/ag_report/password
name: ag-report
subPath: password
- mountPath: /secrets/cc_jdbc/password
name: cc-jdbc
subPath: password
- mountPath: /secrets/dcs_hmac_key/password
name: dcs-hmac-key
subPath: password
- mountPath: /secrets/abinitio/password
name: abinitio
subPath: password
- mountPath: /secrets/mhub_appserver/password
name: mhub-appserver
subPath: password
- mountPath: /secrets/mhub_report/password
name: mhub-report
subPath: password
- mountPath: /secrets/runtime_locator_join_user/password
name: runtime-locator-join-user
subPath: password
- mountPath: /secrets/password_key_file/password
name: password-key-file
subPath: password
hostname: controlcenter
initContainers: null
securityContext:
fsGroup: 1000
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
serviceAccountName: abinitio-sa
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: abinitio-local
- configMap:
defaultMode: 511
name: controlcenter-external-config
name: app-external-config
- emptyDir: {}
name: tmp-volume
- name: aiadmin
secret:
secretName: aiadmin
- name: ocagent
secret:
secretName: ocagent
- name: bridge
secret:
secretName: bridge
- name: eme-join-user
secret:
secretName: eme-join-user
- name: qi-join-user
secret:
secretName: qi-join-user
- name: dcs-utility-user
secret:
secretName: dcs-utility-user
- name: mhub-utility-user
secret:
secretName: mhub-utility-user
- name: ag-db-importer
secret:
secretName: ag-db-importer
- name: admin
secret:
secretName: admin
- name: ag-ui-importer
secret:
secretName: ag-ui-importer
- name: cafe-join-user
secret:
secretName: cafe-join-user
- name: cc-join-user
secret:
secretName: cc-join-user
- name: dcs-join-user
secret:
secretName: dcs-join-user
- name: ei-join-user
secret:
secretName: ei-join-user
- name: mhub-join-user
secret:
secretName: mhub-join-user
- name: qiadmin-join-user
secret:
secretName: qiadmin-join-user
- name: sd-join-user
secret:
secretName: sd-join-user
- name: trw-join-user
secret:
secretName: trw-join-user
- name: mhub-db-importer
secret:
secretName: mhub-db-importer
- name: mhub-ui-importer
secret:
secretName: mhub-ui-importer
- name: ag-appserver
secret:
secretName: ag-appserver
- name: ag-report
secret:
secretName: ag-report
- name: cc-jdbc
secret:
secretName: cc-jdbc
- name: dcs-hmac-key
secret:
secretName: dcs-hmac-key
- name: abinitio
secret:
secretName: abinitio
- name: mhub-appserver
secret:
secretName: mhub-appserver
- name: mhub-report
secret:
secretName: mhub-report
- name: runtime-locator-join-user
secret:
secretName: runtime-locator-join-user
- name: password-key-file
secret:
secretName: password-key-file

94
rendered/manifests/k3s-dev/abinitio-platform/controlcenter/rbac.authorization.k8s.io_v1_role_controlcenter-scheduler-role.yaml Normal file
View File

@@ -0,0 +1,94 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/instance: controlcenter-scheduler
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: controlcenter-scheduler
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: controlcenter-scheduler-2.4.3-a
name: controlcenter-scheduler-role
namespace: abinitio
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- get
- create
- apiGroups:
- ""
resources:
- events
verbs:
- list
- apiGroups:
- ""
resources:
- limitranges
verbs:
- get
- list
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- apiGroups:
- cloud.abinitio.com
resources:
- cooperatingsystemruntimes
verbs:
- get
- create
- delete
- patch
- list
- apiGroups:
- cloud.abinitio.com
resources:
- cooperatingsystemruntimepools
verbs:
- get
- create
- delete
- patch
- list
- apiGroups:
- cloud.abinitio.com
resources:
- cooperatingsystemruntimetemplates
verbs:
- get
- create
- delete
- patch
- list
- apiGroups:
- cloud.abinitio.com
resources:
- cooperatingsystemruntimeclaims
verbs:
- get
- create
- delete
- patch
- list

13
rendered/manifests/k3s-dev/abinitio-platform/controlcenter/rbac.authorization.k8s.io_v1_rolebinding_controlcenter-scheduler-role-rb.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: controlcenter-scheduler-role-rb
namespace: abinitio
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: controlcenter-scheduler-role
subjects:
- kind: ServiceAccount
name: controlcenter-scheduler-sa
namespace: abinitio

67
rendered/manifests/k3s-dev/abinitio-platform/controlcenter/v1_configmap_controlcenter-external-config.yaml Normal file
View File

@@ -0,0 +1,67 @@
apiVersion: v1
data:
controlcenter.yaml: |
externalConfig:
controlCenter:
appserverType: tomcat
authentication:
type: ag
authorization:
type: ag
authorizationGateway:
password: file=/secrets/cc_join_user/password
productIdentifier: Control>Center
productName: Control>Center
url: http://authgateway:8080/authgateway
username: cc_join_user
bridgeConnectionList:
- encryptionType: aes128-gcm
name: ag-importer-bridge
rpcSecret: file=/secrets/bridge/password
securityConfig: container-bridge-security
url: http://authgateway-importer:7070
cluster:
autoConfig:
hosts: controlcenter-jgroup
port: 7800
protocol: tcp
channelName: ch01
enabled: true
db:
host: controlcenter-rw.abinitio-db.svc
name: controlcenter
password: file=/secrets/cc_jdbc/password
port: 5432
type: PostgreSQL
username: cc_jdbc
interop:
trw:
url: http://trw:8080/trw
logging:
directoryPath: /abinitio/webapp/logs
maxBackups: 5
serverConfiguration:
network:
DNS:
expand: 0
ui:
admin:
password: file=/secrets/aiadmin/password
ocagent:
password: file=/secrets/ocagent/password
reporterConfigPassword: file=/secrets/ocagent/password
urlFromBrowser: https://aidp.k3s.sg.ic.cloudguild.gcp.abinitio.com/controlcenter
websockets:
forceDisable: false
kind: ConfigMap
metadata:
labels:
abinitio/deployment: controlcenter
app.kubernetes.io/instance: controlcenter
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: controlcenter
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: controlcenter-2.4.3-a
name: controlcenter-external-config
namespace: abinitio

28
rendered/manifests/k3s-dev/abinitio-platform/controlcenter/v1_configmap_controlcenter-scheduler.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v1
data:
abinitiorc: |
AB_BRIDGE_WORKDIR @ container-bridge : /tmp/container-bridge-workdir
AB_CHARSET : utf-8
AB_HOSTNAME_KEYSERVER_URLS : abks://key-server:6151
AB_OPS_CONSOLE_URL : http://controlcenter:8080/controlcenter
AB_OPS_HOST_CLUSTER_NAME : controlcenter-scheduler-cluster-name
AB_OPS_MONITOR : true
AB_OPS_MONITOR_RESOURCES : true
AB_OPS_PHYSICAL_HOSTNAME : controlcenter-scheduler.abinitio.svc.cluster.local
AB_PROC_DIR : /tmp
AB_WORK_DIR : /abinitio/work
apphubrc: |
AB_BRIDGE_VOLATILE_DIR : /tmp/ab-bridge-volatile-dir
AB_KEYSERVER_GROUP : AI-IC-AWS001a
AB_KEYSERVER_URLS : abks://key-server:6150
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: controlcenter-scheduler
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: controlcenter-scheduler
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: controlcenter-scheduler-2.4.3-a
name: controlcenter-scheduler
namespace: abinitio

18
rendered/manifests/k3s-dev/abinitio-platform/controlcenter/v1_persistentvolumeclaim_controlcenter-scheduler-claim.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: controlcenter-scheduler
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: controlcenter-scheduler
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: controlcenter-scheduler-2.4.3-a
name: controlcenter-scheduler-claim
namespace: abinitio
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

25
rendered/manifests/k3s-dev/abinitio-platform/controlcenter/v1_service_controlcenter-jgroup.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: v1
kind: Service
metadata:
labels:
abinitio/deployment: controlcenter
app.kubernetes.io/instance: controlcenter
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: controlcenter
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: controlcenter-2.4.3-a
name: controlcenter-jgroup
namespace: abinitio
spec:
clusterIP: None
ports:
- name: jgroup-channel
port: 7800
protocol: TCP
targetPort: 7800
publishNotReadyAddresses: true
selector:
app.kubernetes.io/instance: controlcenter
app.kubernetes.io/name: controlcenter
type: ClusterIP

23
rendered/manifests/k3s-dev/abinitio-platform/controlcenter/v1_service_controlcenter-scheduler.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: controlcenter-scheduler
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: controlcenter-scheduler
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: controlcenter-scheduler-2.4.3-a
name: controlcenter-scheduler
namespace: abinitio
spec:
ports:
- name: bridge
port: 7070
protocol: TCP
targetPort: 7070
publishNotReadyAddresses: false
selector:
app.kubernetes.io/instance: controlcenter-scheduler
app.kubernetes.io/name: controlcenter-scheduler
type: ClusterIP

27
rendered/manifests/k3s-dev/abinitio-platform/controlcenter/v1_service_controlcenter.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
labels:
abinitio/deployment: controlcenter
app.kubernetes.io/instance: controlcenter
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: controlcenter
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: controlcenter-2.4.3-a
name: controlcenter
namespace: abinitio
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/instance: controlcenter
app.kubernetes.io/name: controlcenter
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds: 86400
type: ClusterIP

12
rendered/manifests/k3s-dev/abinitio-platform/controlcenter/v1_serviceaccount_controlcenter-scheduler-sa.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: controlcenter-scheduler
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: controlcenter-scheduler
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: controlcenter-scheduler-2.4.3-a
name: controlcenter-scheduler-sa
namespace: abinitio

312
rendered/manifests/k3s-dev/abinitio-platform/datacatalog/apps_v1_deployment_datacatalog.yaml Normal file
View File

@@ -0,0 +1,312 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
abinitio/deployment: datacatalog
app.kubernetes.io/instance: datacatalog
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: datacatalog
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: datacatalog-2.4.3-a
name: datacatalog
namespace: abinitio
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: datacatalog
app.kubernetes.io/name: datacatalog
template:
metadata:
labels:
abinitio/deployment: datacatalog
app.kubernetes.io/instance: datacatalog
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: datacatalog
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: datacatalog-2.4.3-a
name: datacatalog
spec:
containers:
- env:
- name: AB_CONFIG_PROVIDER_URL
value: file://localhost/config
- name: AB_IPV4_ONLY
value: "true"
- name: AB_PASSWORD_KEY_FILE
value: /secrets/password_key_file/password
- name: CATALINA_TMPDIR
value: /tmp
- name: DEPLOY_NAME
value: datacatalog
- name: JAVA_OPTS
value: -XX:InitialRAMPercentage=50.0 -XX:MaxRAMPercentage=75.0
- name: LOAD_PHYSOBJECTS
value: "true"
- name: NAMESPACE
value: abinitio
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_LABEL
value: 'abinitio/product: datacatalog, abinitio/deployment: datacatalog'
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_SERVICE
value: datacatalog
image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/datacatalog:4.4.1.1-1
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- ${CATALINA_HOME}/bin/catalina.sh stop
livenessProbe:
failureThreshold: 3
httpGet:
path: /datacatalog/api/abwebinternal/health/k8s/liveness
port: 8080
initialDelaySeconds: 5
periodSeconds: 30
name: datacatalog-app
readinessProbe:
failureThreshold: 3
httpGet:
path: /datacatalog/api/abwebinternal/health/k8s/readiness
port: 8080
initialDelaySeconds: 10
periodSeconds: 30
resources:
limits:
ephemeral-storage: 8Gi
memory: 2Gi
requests:
cpu: 200m
ephemeral-storage: 4Gi
memory: 2Gi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
startupProbe:
failureThreshold: 3
httpGet:
path: /datacatalog/api/abwebinternal/health/k8s/startup
port: 8080
initialDelaySeconds: 15
periodSeconds: 30
volumeMounts:
- mountPath: /config/datacatalog
name: app-external-config
- mountPath: /abinitio
name: abinitio-local
- mountPath: /tmp
name: tmp-volume
- mountPath: /secrets/aiadmin/password
name: aiadmin
subPath: password
- mountPath: /secrets/ocagent/password
name: ocagent
subPath: password
- mountPath: /secrets/bridge/password
name: bridge
subPath: password
- mountPath: /secrets/eme_join_user/password
name: eme-join-user
subPath: password
- mountPath: /secrets/qi_join_user/password
name: qi-join-user
subPath: password
- mountPath: /secrets/dcs_utility_user/password
name: dcs-utility-user
subPath: password
- mountPath: /secrets/mhub_utility_user/password
name: mhub-utility-user
subPath: password
- mountPath: /secrets/ag_db_importer/password
name: ag-db-importer
subPath: password
- mountPath: /secrets/admin/password
name: admin
subPath: password
- mountPath: /secrets/ag_ui_importer/password
name: ag-ui-importer
subPath: password
- mountPath: /secrets/cafe_join_user/password
name: cafe-join-user
subPath: password
- mountPath: /secrets/cc_join_user/password
name: cc-join-user
subPath: password
- mountPath: /secrets/dcs_join_user/password
name: dcs-join-user
subPath: password
- mountPath: /secrets/ei_join_user/password
name: ei-join-user
subPath: password
- mountPath: /secrets/mhub_join_user/password
name: mhub-join-user
subPath: password
- mountPath: /secrets/qiadmin_join_user/password
name: qiadmin-join-user
subPath: password
- mountPath: /secrets/sd_join_user/password
name: sd-join-user
subPath: password
- mountPath: /secrets/trw_join_user/password
name: trw-join-user
subPath: password
- mountPath: /secrets/mhub_db_importer/password
name: mhub-db-importer
subPath: password
- mountPath: /secrets/mhub_ui_importer/password
name: mhub-ui-importer
subPath: password
- mountPath: /secrets/ag_appserver/password
name: ag-appserver
subPath: password
- mountPath: /secrets/ag_report/password
name: ag-report
subPath: password
- mountPath: /secrets/cc_jdbc/password
name: cc-jdbc
subPath: password
- mountPath: /secrets/dcs_hmac_key/password
name: dcs-hmac-key
subPath: password
- mountPath: /secrets/abinitio/password
name: abinitio
subPath: password
- mountPath: /secrets/mhub_appserver/password
name: mhub-appserver
subPath: password
- mountPath: /secrets/mhub_report/password
name: mhub-report
subPath: password
- mountPath: /secrets/runtime_locator_join_user/password
name: runtime-locator-join-user
subPath: password
- mountPath: /secrets/password_key_file/password
name: password-key-file
subPath: password
hostname: datacatalog
initContainers: null
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
serviceAccountName: abinitio-sa
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: abinitio-local
- configMap:
defaultMode: 511
name: datacatalog-external-config
name: app-external-config
- emptyDir: {}
name: tmp-volume
- name: aiadmin
secret:
secretName: aiadmin
- name: ocagent
secret:
secretName: ocagent
- name: bridge
secret:
secretName: bridge
- name: eme-join-user
secret:
secretName: eme-join-user
- name: qi-join-user
secret:
secretName: qi-join-user
- name: dcs-utility-user
secret:
secretName: dcs-utility-user
- name: mhub-utility-user
secret:
secretName: mhub-utility-user
- name: ag-db-importer
secret:
secretName: ag-db-importer
- name: admin
secret:
secretName: admin
- name: ag-ui-importer
secret:
secretName: ag-ui-importer
- name: cafe-join-user
secret:
secretName: cafe-join-user
- name: cc-join-user
secret:
secretName: cc-join-user
- name: dcs-join-user
secret:
secretName: dcs-join-user
- name: ei-join-user
secret:
secretName: ei-join-user
- name: mhub-join-user
secret:
secretName: mhub-join-user
- name: qiadmin-join-user
secret:
secretName: qiadmin-join-user
- name: sd-join-user
secret:
secretName: sd-join-user
- name: trw-join-user
secret:
secretName: trw-join-user
- name: mhub-db-importer
secret:
secretName: mhub-db-importer
- name: mhub-ui-importer
secret:
secretName: mhub-ui-importer
- name: ag-appserver
secret:
secretName: ag-appserver
- name: ag-report
secret:
secretName: ag-report
- name: cc-jdbc
secret:
secretName: cc-jdbc
- name: dcs-hmac-key
secret:
secretName: dcs-hmac-key
- name: abinitio
secret:
secretName: abinitio
- name: mhub-appserver
secret:
secretName: mhub-appserver
- name: mhub-report
secret:
secretName: mhub-report
- name: runtime-locator-join-user
secret:
secretName: runtime-locator-join-user
- name: password-key-file
secret:
secretName: password-key-file

60
rendered/manifests/k3s-dev/abinitio-platform/datacatalog/v1_configmap_datacatalog-external-config.yaml Normal file
View File

@@ -0,0 +1,60 @@
apiVersion: v1
data:
datacatalog.yaml: |
externalConfig:
dataCatalogServices:
appserverType: tomcat
authentication:
type: ag
authorization:
type: ag
authorizationGateway:
password: file=/secrets/dcs_join_user/password
productIdentifier: Data Catalog Services
productName: Data Catalog Services
url: http://authgateway:8080/authgateway
username: dcs_join_user
bridgeConnectionList: []
cluster:
autoConfig:
hosts: datacatalog-jgroup
port: 7800
protocol: tcp
channelName: ch01
enabled: true
defaultBridgeConnection:
encryptionType: aes128-gcm
name: container-bridge
rpcSecret: file=/secrets/bridge/password
securityConfig: container-bridge-security
url: http://queryit-0:7070
interop:
metadataHub:
url: http://metadatahub:8080/metadatahub
utilityPassword: file=/secrets/mhub_utility_user/password
utilityUsername: mhub_utility
logging:
directoryPath: /abinitio/webapp/logs
maxBackups: 3
queryItInstanceList:
- bridgeName: default
instanceName: queryit-instance-0
sandboxPath: /abinitio/sandboxes/private_sand/queryit-instance-0
security:
dataCatalog:
hmacKey: file=/secrets/dcs_hmac_key/password
urlFromBrowser: https://aidp.k3s.sg.ic.cloudguild.gcp.abinitio.com/datacatalog
websockets:
forceDisable: false
kind: ConfigMap
metadata:
labels:
abinitio/deployment: datacatalog
app.kubernetes.io/instance: datacatalog
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: datacatalog
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: datacatalog-2.4.3-a
name: datacatalog-external-config
namespace: abinitio

25
rendered/manifests/k3s-dev/abinitio-platform/datacatalog/v1_service_datacatalog-jgroup.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: v1
kind: Service
metadata:
labels:
abinitio/deployment: datacatalog
app.kubernetes.io/instance: datacatalog
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: datacatalog
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: datacatalog-2.4.3-a
name: datacatalog-jgroup
namespace: abinitio
spec:
clusterIP: None
ports:
- name: jgroup-channel
port: 7800
protocol: TCP
targetPort: 7800
publishNotReadyAddresses: true
selector:
app.kubernetes.io/instance: datacatalog
app.kubernetes.io/name: datacatalog
type: ClusterIP

27
rendered/manifests/k3s-dev/abinitio-platform/datacatalog/v1_service_datacatalog.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
labels:
abinitio/deployment: datacatalog
app.kubernetes.io/instance: datacatalog
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: datacatalog
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: datacatalog-2.4.3-a
name: datacatalog
namespace: abinitio
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/instance: datacatalog
app.kubernetes.io/name: datacatalog
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds: 86400
type: ClusterIP

368
rendered/manifests/k3s-dev/abinitio-platform/dqa/apps_v1_deployment_dqa.yaml Normal file
View File

@@ -0,0 +1,368 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: dqa
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: dqa
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: dqa-2.4.3-a
name: dqa
namespace: abinitio
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: dqa
app.kubernetes.io/name: dqa
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: dqa
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: dqa
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: dqa-2.4.3-a
name: dqa
spec:
containers:
- args:
- --ab-k8s-job-launch-script
- /ab-setup/setup_pod.sh
command:
- ab-container-entrypoint.ksh
env:
- name: AB_AIR_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: AB_AIR_ROOT
value: //eme-0.eme-headless/abinitio/eme/eme
- name: AB_AIR_USER
value: aiadmin
- name: AB_ALLOW_FILE_LOCK_ON_REMOTE_FILE_SYSTEM
value: "true"
- name: AB_AUTHORIZATION_GATEWAY_URL
value: http://authgateway:8080/authgateway
- name: AB_BRIDGE_CONFIGURATION_DIR
value: /abinitio/bridge
- name: AB_BRIDGE_CONFIGURATION_NAME
value: container-bridge
- name: AB_CHARSET
value: utf-8
- name: AB_CONFIGURATION
value: /config/pod/abinitiorc:/config/pod/apphubrc
- name: AB_CONNECTION_BRIDGE_ENCRYPTED_RPC_ENCRYPTION_KEY
value: file=/secrets/bridge/password
- name: AB_CONNECTION_BRIDGE_PORT
value: "7070"
- name: AB_CONNECTION_BRIDGE_RPC_ENCRYPTION_TYPE
value: aes128-gcm
- name: AB_CONNECTION_BRIDGE_SECURITY_CONFIGURATION
value: container-bridge-security
- name: AB_HOSTNAME_KEYSERVER_URLS
value: abks://key-server:6151
- name: AB_IPV4_ONLY
value: "true"
- name: AB_K8S_MAX_IDLE_SECONDS
value: "0"
- name: AB_K8S_START_BRIDGE
value: background
- name: AB_K8S_START_REPORTER
value: "true"
- name: AB_KEY_DAEMON_DIR
value: /tmp/abkc/data
- name: AB_MHUB_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: AB_MHUB_HOME
value: /opt/abinitio/mhub/metadata-hub
- name: AB_MHUB_LOCAL_ROOT
value: /abinitio/deploy
- name: AB_MHUB_URL
value: http://metadatahub:8080/metadatahub
- name: AB_MHUB_USERNAME
value: aiadmin
- name: AB_MUX_ENABLE_AG_CREDENTIAL_MAPPING
value: "false"
- name: AB_OPS_CONSOLE_URL
value: http://controlcenter:8080/controlcenter
- name: AB_OPS_WSS_ENCRYPTED_PASSWORD
value: file=/secrets/ocagent/password
- name: AB_OPS_WSS_USERNAME
value: ocagent
- name: AB_PASSWORD_KEY_FILE
value: /secrets/password_key_file/password
- name: BRIDGE_AB_ENCRYPTED_KEY
value: file=/secrets/bridge/password
- name: CC_ADMIN_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: CC_ADMIN_USERNAME
value: aiadmin
- name: CMAP_MOUNT
value: /config/pod
- name: DEPLOY_NAME
value: dqa
- name: LOAD_PHYSOBJECTS
value: "true"
- name: MHUB_IMPORTER_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: MHUB_IMPORTER_USERNAME
value: aiadmin
- name: NAMESPACE
value: abinitio
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_LABEL
value: 'abinitio/product: dqa, abinitio/deployment: dqa'
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_SERVICE
value: dqa
- name: POD_SERVICE_HEADLESS
value: dqa-headless
image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/dqa:4.4.1.1-1
imagePullPolicy: IfNotPresent
name: dqa
readinessProbe:
exec:
command:
- stat
- /tmp/.pod.ready
failureThreshold: 240
periodSeconds: 10
resources:
limits:
ephemeral-storage: 10Gi
memory: 8Gi
requests:
cpu: "1"
ephemeral-storage: 10Gi
memory: 4Gi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /config/pod
name: pod-config
- mountPath: /abinitio
name: abinitio-local
- mountPath: /secrets/aiadmin/password
name: aiadmin
subPath: password
- mountPath: /secrets/ocagent/password
name: ocagent
subPath: password
- mountPath: /secrets/bridge/password
name: bridge
subPath: password
- mountPath: /secrets/eme_join_user/password
name: eme-join-user
subPath: password
- mountPath: /secrets/qi_join_user/password
name: qi-join-user
subPath: password
- mountPath: /secrets/dcs_utility_user/password
name: dcs-utility-user
subPath: password
- mountPath: /secrets/mhub_utility_user/password
name: mhub-utility-user
subPath: password
- mountPath: /secrets/ag_db_importer/password
name: ag-db-importer
subPath: password
- mountPath: /secrets/admin/password
name: admin
subPath: password
- mountPath: /secrets/ag_ui_importer/password
name: ag-ui-importer
subPath: password
- mountPath: /secrets/cafe_join_user/password
name: cafe-join-user
subPath: password
- mountPath: /secrets/cc_join_user/password
name: cc-join-user
subPath: password
- mountPath: /secrets/dcs_join_user/password
name: dcs-join-user
subPath: password
- mountPath: /secrets/ei_join_user/password
name: ei-join-user
subPath: password
- mountPath: /secrets/mhub_join_user/password
name: mhub-join-user
subPath: password
- mountPath: /secrets/qiadmin_join_user/password
name: qiadmin-join-user
subPath: password
- mountPath: /secrets/sd_join_user/password
name: sd-join-user
subPath: password
- mountPath: /secrets/trw_join_user/password
name: trw-join-user
subPath: password
- mountPath: /secrets/mhub_db_importer/password
name: mhub-db-importer
subPath: password
- mountPath: /secrets/mhub_ui_importer/password
name: mhub-ui-importer
subPath: password
- mountPath: /secrets/ag_appserver/password
name: ag-appserver
subPath: password
- mountPath: /secrets/ag_report/password
name: ag-report
subPath: password
- mountPath: /secrets/cc_jdbc/password
name: cc-jdbc
subPath: password
- mountPath: /secrets/dcs_hmac_key/password
name: dcs-hmac-key
subPath: password
- mountPath: /secrets/abinitio/password
name: abinitio
subPath: password
- mountPath: /secrets/mhub_appserver/password
name: mhub-appserver
subPath: password
- mountPath: /secrets/mhub_report/password
name: mhub-report
subPath: password
- mountPath: /secrets/runtime_locator_join_user/password
name: runtime-locator-join-user
subPath: password
- mountPath: /secrets/password_key_file/password
name: password-key-file
subPath: password
- mountPath: /ab_share
name: ab-share-data-and-appconf-root
- mountPath: /tmp
name: tmp-volume
hostAliases:
- hostnames:
- dqa.abinitio
ip: 127.0.0.1
hostname: dqa
initContainers: null
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
serviceAccountName: abinitio-sa
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 511
name: dqa
name: pod-config
- name: abinitio-local
persistentVolumeClaim:
claimName: dqa-claim
- emptyDir: {}
name: tmp-volume
- name: aiadmin
secret:
secretName: aiadmin
- name: ocagent
secret:
secretName: ocagent
- name: bridge
secret:
secretName: bridge
- name: eme-join-user
secret:
secretName: eme-join-user
- name: qi-join-user
secret:
secretName: qi-join-user
- name: dcs-utility-user
secret:
secretName: dcs-utility-user
- name: mhub-utility-user
secret:
secretName: mhub-utility-user
- name: ag-db-importer
secret:
secretName: ag-db-importer
- name: admin
secret:
secretName: admin
- name: ag-ui-importer
secret:
secretName: ag-ui-importer
- name: cafe-join-user
secret:
secretName: cafe-join-user
- name: cc-join-user
secret:
secretName: cc-join-user
- name: dcs-join-user
secret:
secretName: dcs-join-user
- name: ei-join-user
secret:
secretName: ei-join-user
- name: mhub-join-user
secret:
secretName: mhub-join-user
- name: qiadmin-join-user
secret:
secretName: qiadmin-join-user
- name: sd-join-user
secret:
secretName: sd-join-user
- name: trw-join-user
secret:
secretName: trw-join-user
- name: mhub-db-importer
secret:
secretName: mhub-db-importer
- name: mhub-ui-importer
secret:
secretName: mhub-ui-importer
- name: ag-appserver
secret:
secretName: ag-appserver
- name: ag-report
secret:
secretName: ag-report
- name: cc-jdbc
secret:
secretName: cc-jdbc
- name: dcs-hmac-key
secret:
secretName: dcs-hmac-key
- name: abinitio
secret:
secretName: abinitio
- name: mhub-appserver
secret:
secretName: mhub-appserver
- name: mhub-report
secret:
secretName: mhub-report
- name: runtime-locator-join-user
secret:
secretName: runtime-locator-join-user
- name: password-key-file
secret:
secretName: password-key-file
- name: ab-share-data-and-appconf-root
persistentVolumeClaim:
claimName: ab-shared-data-and-appconf-root-claim

77
rendered/manifests/k3s-dev/abinitio-platform/dqa/v1_configmap_dqa.yaml Normal file
View File

@@ -0,0 +1,77 @@
apiVersion: v1
data:
abinitiorc: |
AB_AIR_BRANCH @ expressit : main
AB_AIR_ROOT : //eme-0.eme-headless/abinitio/eme/eme
AB_AIR_ROOT @ expressit : //eme-0.eme-headless/abinitio/eme/eme
AB_APPCONF_ROOT_DIR @ expressit : /ab_share/ab_appconf_root
AB_BRIDGE_WORKDIR @ container-bridge : /tmp/container-bridge-workdir
AB_CHARSET : utf-8
AB_CHARSET @ rwi : utf-8
AB_CONNECTION : bridge
AB_CONNECTION @ rwi : bridge
AB_CONNECTION_BRIDGE_ENCRYPTED_RPC_ENCRYPTION_KEY @ emeabeme : file=/secrets/bridge/password
AB_HOSTNAME_KEYSERVER_URLS : abks://key-server:6151
AB_MHUB_LOCAL_ROOT : /abinitio/deploy
AB_OPS_CONSOLE_URL : http://controlcenter:8080/controlcenter
AB_OPS_MONITOR : true
AB_OPS_MONITOR_RESOURCES : false
AB_OPS_PHYSICAL_HOSTNAME : dqa
AB_PROC_DIR : /tmp
AB_WORK_DIR : /abinitio/work
apphubrc: |
AB_BRIDGE_VOLATILE_DIR : /tmp/ab-bridge-volatile-dir
AB_KEYSERVER_GROUP : AI-IC-AWS001a
AB_KEYSERVER_URLS : abks://key-server:6150
install-properties.config: |
AB_AIR_BRANCH=main
AB_AIR_ROOT=//eme-0.eme-headless/abinitio/eme/eme
AB_APPCONF_ROOT_DIR=/ab_share/ab_appconf_root
AB_APPLICATION_HUB=/usr/local/abinitio-app-hub
AB_MHUB_CONFIG_DIR=/abinitio/deploy/metadatahub-importer/config
AB_MHUB_LOCAL_DIR=/abinitio/deploy/metadatahub-importer
ALLOW_DS_CREATION=1
ALLOW_DS_UPDATE=1
DQ_INSTALL_CONFIG_CREATE_COMMON_IO_AND_DATA_QUALITY_SANDBOXES=y
DQ_INSTALL_CONFIG_DO_PXML_CREATION_AT_BRANCH_LEVEL=y
DQ_INSTALL_CONFIG_FORCE_PROJECT_CHECKOUT=y
DQ_INSTALL_CONFIG_INSTALL_EXAMPLES=y
DQ_INSTALL_CONFIG_MAKE_MHUB_BACKUP=n
DQ_INSTALL_CONFIG_OVERWRITE_COMMON_IO_SANDBOX=y
DQ_INSTALL_CONFIG_OVERWRITE_DQA_COMMON_SANDBOX=y
DQ_INSTALL_CONFIG_OVERWRITE_DQ_SANDBOX=y
EIT_APP_IDENTIFIER=expressit
EIT_USERNAME=aiadmin
INSTALL_CONFIG_USING_ABAPP_MHUB=y
MHUB_ABAPP_NAME=metadatahub
MHUB_DATASTORE_NAME=metadatahub-importer
MHUB_EME_TR_DSCONN=Technical Repository
MHUB_IMPORTER_USERNAME=aiadmin
MHUB_MAIN_SCHEMA=mhub_main
MHUB_META_SCHEMA=mhub_meta
MHUB_URL=http://metadatahub:8080/metadatahub
RPATH_TO_COMMON_IO=/Projects/abinitio/common_io
RPATH_TO_DATAQUALITY=/Projects/abinitio/dataquality
RPATH_TO_DP_EXAMPLES=/Projects/abinitio/dp-examples
RPATH_TO_DQ_COMMON=/Projects/abinitio/dq-common
RPATH_TO_DQ_EXAMPLES=/Projects/abinitio/dq-examples
RPATH_TO_STDENV=/Projects/stdenv
RWI_DATA_ROOT=/ab_share/data/mfs/mfs_2way
RWI_METADATA_ROOT=//rwi/abinitio/rwi/mount/data/serial
SANDBOX_PATH_TO_COMMON_IO=/ab_share/ab_appconf_root/global/abinitio/common_io
SANDBOX_PATH_TO_DATAQUALITY=/ab_share/ab_appconf_root/global/abinitio/dataquality
SANDBOX_PATH_TO_STDENV=/abinitio/sandboxes/sand/stdenv
WAIT_BETWEEN_LOAD_ATTEMPTS=30
WAIT_FOR_LOAD_ATTEMPTS=300
MHUB_IMPORTER_ENCRYPTED_PASSWORD=file=/secrets/aiadmin/password
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: dqa
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: dqa
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: dqa-2.4.3-a
name: dqa
namespace: abinitio

18
rendered/manifests/k3s-dev/abinitio-platform/dqa/v1_persistentvolumeclaim_dqa-claim.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: dqa
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: dqa
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: dqa-2.4.3-a
name: dqa-claim
namespace: abinitio
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

23
rendered/manifests/k3s-dev/abinitio-platform/dqa/v1_service_dqa.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: dqa
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: dqa
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: dqa-2.4.3-a
name: dqa
namespace: abinitio
spec:
ports:
- name: bridge
port: 7070
protocol: TCP
targetPort: 7070
publishNotReadyAddresses: false
selector:
app.kubernetes.io/instance: dqa
app.kubernetes.io/name: dqa
type: ClusterIP

375
rendered/manifests/k3s-dev/abinitio-platform/eme/apps_v1_statefulset_eme.yaml Normal file
View File

@@ -0,0 +1,375 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
abinitio/statefulset: eme
app.kubernetes.io/instance: eme
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: eme
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: eme-2.4.3-a
name: eme
namespace: abinitio
spec:
podManagementPolicy: Parallel
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: eme
app.kubernetes.io/name: eme
serviceName: eme-headless
template:
metadata:
labels:
app.kubernetes.io/instance: eme
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: eme
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: eme-2.4.3-a
name: eme
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/instance: eme
app.kubernetes.io/name: eme
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- args:
- --ab-k8s-start-reporter
- "true"
- --ab-k8s-job-launch-script
- /ab-setup/setup_pod.sh
command:
- ab-container-entrypoint.ksh
env:
- name: AB_AIR_ROOT
value: /abinitio/eme/eme
- name: AB_ALLOW_FILE_LOCK_ON_REMOTE_FILE_SYSTEM
value: "true"
- name: AB_AUTHORIZATION_GATEWAY_URL
value: http://authgateway:8080/authgateway
- name: AB_BRIDGE_CONFIGURATION_DIR
value: /abinitio/bridge
- name: AB_BRIDGE_CONFIGURATION_NAME
value: container-bridge
- name: AB_CHARSET
value: utf-8
- name: AB_CONFIGURATION
value: /config/pod/abinitiorc:/config/pod/apphubrc
- name: AB_CONNECTION_BRIDGE_ENCRYPTED_RPC_ENCRYPTION_KEY
value: file=/secrets/bridge/password
- name: AB_CONNECTION_BRIDGE_PORT
value: "7070"
- name: AB_CONNECTION_BRIDGE_RPC_ENCRYPTION_TYPE
value: aes128-gcm
- name: AB_CONNECTION_BRIDGE_SECURITY_CONFIGURATION
value: container-bridge-security
- name: AB_HOSTNAME_KEYSERVER_URLS
value: abks://key-server:6151
- name: AB_IPV4_ONLY
value: "true"
- name: AB_K8S_MAX_IDLE_SECONDS
value: "0"
- name: AB_K8S_START_BRIDGE
value: background
- name: AB_K8S_START_REPORTER
value: "true"
- name: AB_KEY_DAEMON_DIR
value: /tmp/abkc/data
- name: AB_MUX_ENABLE_AG_CREDENTIAL_MAPPING
value: "false"
- name: AB_OPS_CONSOLE_URL
value: http://controlcenter:8080/controlcenter
- name: AB_OPS_PHYSICAL_HOSTNAME
value: eme
- name: AB_OPS_WSS_ENCRYPTED_PASSWORD
value: file=/secrets/ocagent/password
- name: AB_OPS_WSS_USERNAME
value: ocagent
- name: AB_PASSWORD_KEY_FILE
value: /secrets/password_key_file/password
- name: BRIDGE_AB_ENCRYPTED_KEY
value: file=/secrets/bridge/password
- name: CC_ADMIN_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: CC_ADMIN_USERNAME
value: aiadmin
- name: CMAP_MOUNT
value: /config/pod
- name: DEPLOY_NAME
value: eme
- name: EME_AG_JOINER_ENCRYPTED_PASSWORD
value: file=/secrets/eme_join_user/password
- name: EME_AG_JOINER_NAME
value: eme_join_user
- name: EME_AG_PRODUCT_ID
value: EMETR
- name: EME_AG_URL
value: http://authgateway:8080/authgateway
- name: EME_LOAD_SAV_FILES
value: "false"
- name: EME_START_ARGUMENTS
value: -override-running-server-check
- name: LOAD_PHYSOBJECTS
value: "true"
- name: NAMESPACE
value: abinitio
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_LABEL
value: 'abinitio/product: eme, abinitio/deployment: eme'
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_SERVICE
value: eme
- name: POD_SERVICE_HEADLESS
value: eme-headless
image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/eme:4.4.1.1-1
imagePullPolicy: IfNotPresent
name: eme
readinessProbe:
exec:
command:
- /bin/sh
- -c
- air ls /abinitio/default/eme-created
failureThreshold: 12
initialDelaySeconds: 10
periodSeconds: 30
successThreshold: 1
resources:
limits:
ephemeral-storage: 8Gi
memory: 16Gi
requests:
cpu: 200m
ephemeral-storage: 8Gi
memory: 16Gi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /config/pod
name: pod-config
- mountPath: /abinitio
name: abinitio-local
- mountPath: /secrets/aiadmin/password
name: aiadmin
subPath: password
- mountPath: /secrets/ocagent/password
name: ocagent
subPath: password
- mountPath: /secrets/bridge/password
name: bridge
subPath: password
- mountPath: /secrets/eme_join_user/password
name: eme-join-user
subPath: password
- mountPath: /secrets/qi_join_user/password
name: qi-join-user
subPath: password
- mountPath: /secrets/dcs_utility_user/password
name: dcs-utility-user
subPath: password
- mountPath: /secrets/mhub_utility_user/password
name: mhub-utility-user
subPath: password
- mountPath: /secrets/ag_db_importer/password
name: ag-db-importer
subPath: password
- mountPath: /secrets/admin/password
name: admin
subPath: password
- mountPath: /secrets/ag_ui_importer/password
name: ag-ui-importer
subPath: password
- mountPath: /secrets/cafe_join_user/password
name: cafe-join-user
subPath: password
- mountPath: /secrets/cc_join_user/password
name: cc-join-user
subPath: password
- mountPath: /secrets/dcs_join_user/password
name: dcs-join-user
subPath: password
- mountPath: /secrets/ei_join_user/password
name: ei-join-user
subPath: password
- mountPath: /secrets/mhub_join_user/password
name: mhub-join-user
subPath: password
- mountPath: /secrets/qiadmin_join_user/password
name: qiadmin-join-user
subPath: password
- mountPath: /secrets/sd_join_user/password
name: sd-join-user
subPath: password
- mountPath: /secrets/trw_join_user/password
name: trw-join-user
subPath: password
- mountPath: /secrets/mhub_db_importer/password
name: mhub-db-importer
subPath: password
- mountPath: /secrets/mhub_ui_importer/password
name: mhub-ui-importer
subPath: password
- mountPath: /secrets/ag_appserver/password
name: ag-appserver
subPath: password
- mountPath: /secrets/ag_report/password
name: ag-report
subPath: password
- mountPath: /secrets/cc_jdbc/password
name: cc-jdbc
subPath: password
- mountPath: /secrets/dcs_hmac_key/password
name: dcs-hmac-key
subPath: password
- mountPath: /secrets/abinitio/password
name: abinitio
subPath: password
- mountPath: /secrets/mhub_appserver/password
name: mhub-appserver
subPath: password
- mountPath: /secrets/mhub_report/password
name: mhub-report
subPath: password
- mountPath: /secrets/runtime_locator_join_user/password
name: runtime-locator-join-user
subPath: password
- mountPath: /secrets/password_key_file/password
name: password-key-file
subPath: password
- mountPath: /tmp
name: tmp-volume
hostAliases:
- hostnames:
- eme.abinitio
ip: 127.0.0.1
hostname: eme
initContainers: null
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
serviceAccountName: abinitio-sa
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 511
name: eme
name: pod-config
- name: abinitio-local
persistentVolumeClaim:
claimName: eme-claim
- emptyDir: {}
name: tmp-volume
- name: aiadmin
secret:
secretName: aiadmin
- name: ocagent
secret:
secretName: ocagent
- name: bridge
secret:
secretName: bridge
- name: eme-join-user
secret:
secretName: eme-join-user
- name: qi-join-user
secret:
secretName: qi-join-user
- name: dcs-utility-user
secret:
secretName: dcs-utility-user
- name: mhub-utility-user
secret:
secretName: mhub-utility-user
- name: ag-db-importer
secret:
secretName: ag-db-importer
- name: admin
secret:
secretName: admin
- name: ag-ui-importer
secret:
secretName: ag-ui-importer
- name: cafe-join-user
secret:
secretName: cafe-join-user
- name: cc-join-user
secret:
secretName: cc-join-user
- name: dcs-join-user
secret:
secretName: dcs-join-user
- name: ei-join-user
secret:
secretName: ei-join-user
- name: mhub-join-user
secret:
secretName: mhub-join-user
- name: qiadmin-join-user
secret:
secretName: qiadmin-join-user
- name: sd-join-user
secret:
secretName: sd-join-user
- name: trw-join-user
secret:
secretName: trw-join-user
- name: mhub-db-importer
secret:
secretName: mhub-db-importer
- name: mhub-ui-importer
secret:
secretName: mhub-ui-importer
- name: ag-appserver
secret:
secretName: ag-appserver
- name: ag-report
secret:
secretName: ag-report
- name: cc-jdbc
secret:
secretName: cc-jdbc
- name: dcs-hmac-key
secret:
secretName: dcs-hmac-key
- name: abinitio
secret:
secretName: abinitio
- name: mhub-appserver
secret:
secretName: mhub-appserver
- name: mhub-report
secret:
secretName: mhub-report
- name: runtime-locator-join-user
secret:
secretName: runtime-locator-join-user
- name: password-key-file
secret:
secretName: password-key-file

35
rendered/manifests/k3s-dev/abinitio-platform/eme/v1_configmap_eme.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: v1
data:
abinitiorc: |
AB_BRIDGE_ALLOW_UNSECURED_HTTP_BRIDGE_TUNNEL : true
AB_BRIDGE_TUNNEL_ALLOW_LIST : /~ab_home/config/bridge-tunnel-allow-list.example
AB_BRIDGE_WORKDIR @ container-bridge : /tmp/container-bridge-workdir
AB_CHARSET : utf-8
AB_HOSTNAME_KEYSERVER_URLS : abks://key-server:6151
AB_OPS_CONSOLE_URL : http://controlcenter:8080/controlcenter
AB_OPS_MONITOR : true
AB_OPS_MONITOR_RESOURCES : false
AB_OPS_PHYSICAL_HOSTNAME : eme-0.eme-headless
AB_PROC_DIR : /tmp
AB_WORK_DIR : /abinitio/work
apphubrc: |
AB_AIR_BRANCHES @ eme : main
AB_AIR_ROOT @ eme : /abinitio/eme/eme
AB_BRIDGE_VOLATILE_DIR : /tmp/ab-bridge-volatile-dir
AB_DESCRIPTION @ eme : Local EME
AB_DISPLAY_NAME @ eme : Local EME
AB_EME_REPOSITORIES : eme
AB_KEYSERVER_GROUP : AI-IC-AWS001a
AB_KEYSERVER_URLS : abks://key-server:6150
AB_UMASK : 002
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: eme
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: eme
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: eme-2.4.3-a
name: eme
namespace: abinitio

18
rendered/manifests/k3s-dev/abinitio-platform/eme/v1_persistentvolumeclaim_eme-claim.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: eme
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: eme
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: eme-2.4.3-a
name: eme-claim
namespace: abinitio
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

23
rendered/manifests/k3s-dev/abinitio-platform/eme/v1_service_eme-headless.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: eme
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: eme
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: eme-2.4.3-a
name: eme-headless
namespace: abinitio
spec:
clusterIP: None
ports:
- name: bridge
port: 7070
protocol: TCP
targetPort: 7070
publishNotReadyAddresses: false
selector:
app.kubernetes.io/instance: eme
app.kubernetes.io/name: eme

23
rendered/manifests/k3s-dev/abinitio-platform/eme/v1_service_eme.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: eme
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: eme
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: eme-2.4.3-a
name: eme
namespace: abinitio
spec:
ports:
- name: bridge
port: 7070
protocol: TCP
targetPort: 7070
publishNotReadyAddresses: false
selector:
app.kubernetes.io/instance: eme
app.kubernetes.io/name: eme
type: ClusterIP

361
rendered/manifests/k3s-dev/abinitio-platform/enterprise-data-masking/apps_v1_deployment_enterprise-data-masking.yaml Normal file
View File

@@ -0,0 +1,361 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: enterprise-data-masking
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: enterprise-data-masking
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: enterprise-data-masking-2.4.3-a
name: enterprise-data-masking
namespace: abinitio
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: enterprise-data-masking
app.kubernetes.io/name: enterprise-data-masking
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: enterprise-data-masking
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: enterprise-data-masking
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: enterprise-data-masking-2.4.3-a
name: enterprise-data-masking
spec:
containers:
- args:
- --ab-k8s-job-launch-script
- /ab-setup/setup_pod.sh
command:
- ab-container-entrypoint.ksh
env:
- name: AB_AIR_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: AB_AIR_ROOT
value: //eme-0.eme-headless/abinitio/eme/eme
- name: AB_AIR_USER
value: aiadmin
- name: AB_ALLOW_FILE_LOCK_ON_REMOTE_FILE_SYSTEM
value: "true"
- name: AB_AUTHORIZATION_GATEWAY_URL
value: http://authgateway:8080/authgateway
- name: AB_BRIDGE_CONFIGURATION_DIR
value: /abinitio/bridge
- name: AB_BRIDGE_CONFIGURATION_NAME
value: container-bridge
- name: AB_CHARSET
value: utf-8
- name: AB_CONFIGURATION
value: /config/pod/abinitiorc:/config/pod/apphubrc
- name: AB_CONNECTION_BRIDGE_ENCRYPTED_RPC_ENCRYPTION_KEY
value: file=/secrets/bridge/password
- name: AB_CONNECTION_BRIDGE_PORT
value: "7070"
- name: AB_CONNECTION_BRIDGE_RPC_ENCRYPTION_TYPE
value: aes128-gcm
- name: AB_CONNECTION_BRIDGE_SECURITY_CONFIGURATION
value: container-bridge-security
- name: AB_HOSTNAME_KEYSERVER_URLS
value: abks://key-server:6151
- name: AB_IPV4_ONLY
value: "true"
- name: AB_K8S_MAX_IDLE_SECONDS
value: "0"
- name: AB_K8S_START_BRIDGE
value: background
- name: AB_K8S_START_REPORTER
value: "true"
- name: AB_KEY_DAEMON_DIR
value: /tmp/abkc/data
- name: AB_MHUB_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: AB_MHUB_URL
value: http://metadatahub:8080/metadatahub
- name: AB_MHUB_USERNAME
value: aiadmin
- name: AB_MUX_ENABLE_AG_CREDENTIAL_MAPPING
value: "false"
- name: AB_OPS_CONSOLE_URL
value: http://controlcenter:8080/controlcenter
- name: AB_OPS_WSS_ENCRYPTED_PASSWORD
value: file=/secrets/ocagent/password
- name: AB_OPS_WSS_USERNAME
value: ocagent
- name: AB_PASSWORD_KEY_FILE
value: /secrets/password_key_file/password
- name: BRIDGE_AB_ENCRYPTED_KEY
value: file=/secrets/bridge/password
- name: CC_ADMIN_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: CC_ADMIN_USERNAME
value: aiadmin
- name: CMAP_MOUNT
value: /config/pod
- name: DEPLOY_NAME
value: enterprise-data-masking
- name: LOAD_PHYSOBJECTS
value: "true"
- name: NAMESPACE
value: abinitio
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_LABEL
value: 'abinitio/product: enterprise-data-masking, abinitio/deployment:
enterprise-data-masking'
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_SERVICE
value: enterprise-data-masking
- name: POD_SERVICE_HEADLESS
value: enterprise-data-masking-headless
image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/enterprise-data-masking:4.4.1.1-1
imagePullPolicy: IfNotPresent
name: enterprise-data-masking
readinessProbe:
exec:
command:
- stat
- /tmp/.pod.ready
failureThreshold: 240
periodSeconds: 10
resources:
limits:
ephemeral-storage: 2Gi
memory: 4Gi
requests:
cpu: "1"
ephemeral-storage: 2Gi
memory: 1Gi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /config/pod
name: pod-config
- mountPath: /abinitio
name: abinitio-local
- mountPath: /secrets/aiadmin/password
name: aiadmin
subPath: password
- mountPath: /secrets/ocagent/password
name: ocagent
subPath: password
- mountPath: /secrets/bridge/password
name: bridge
subPath: password
- mountPath: /secrets/eme_join_user/password
name: eme-join-user
subPath: password
- mountPath: /secrets/qi_join_user/password
name: qi-join-user
subPath: password
- mountPath: /secrets/dcs_utility_user/password
name: dcs-utility-user
subPath: password
- mountPath: /secrets/mhub_utility_user/password
name: mhub-utility-user
subPath: password
- mountPath: /secrets/ag_db_importer/password
name: ag-db-importer
subPath: password
- mountPath: /secrets/admin/password
name: admin
subPath: password
- mountPath: /secrets/ag_ui_importer/password
name: ag-ui-importer
subPath: password
- mountPath: /secrets/cafe_join_user/password
name: cafe-join-user
subPath: password
- mountPath: /secrets/cc_join_user/password
name: cc-join-user
subPath: password
- mountPath: /secrets/dcs_join_user/password
name: dcs-join-user
subPath: password
- mountPath: /secrets/ei_join_user/password
name: ei-join-user
subPath: password
- mountPath: /secrets/mhub_join_user/password
name: mhub-join-user
subPath: password
- mountPath: /secrets/qiadmin_join_user/password
name: qiadmin-join-user
subPath: password
- mountPath: /secrets/sd_join_user/password
name: sd-join-user
subPath: password
- mountPath: /secrets/trw_join_user/password
name: trw-join-user
subPath: password
- mountPath: /secrets/mhub_db_importer/password
name: mhub-db-importer
subPath: password
- mountPath: /secrets/mhub_ui_importer/password
name: mhub-ui-importer
subPath: password
- mountPath: /secrets/ag_appserver/password
name: ag-appserver
subPath: password
- mountPath: /secrets/ag_report/password
name: ag-report
subPath: password
- mountPath: /secrets/cc_jdbc/password
name: cc-jdbc
subPath: password
- mountPath: /secrets/dcs_hmac_key/password
name: dcs-hmac-key
subPath: password
- mountPath: /secrets/abinitio/password
name: abinitio
subPath: password
- mountPath: /secrets/mhub_appserver/password
name: mhub-appserver
subPath: password
- mountPath: /secrets/mhub_report/password
name: mhub-report
subPath: password
- mountPath: /secrets/runtime_locator_join_user/password
name: runtime-locator-join-user
subPath: password
- mountPath: /secrets/password_key_file/password
name: password-key-file
subPath: password
- mountPath: /ab_share
name: ab-share-data-and-appconf-root
- mountPath: /tmp
name: tmp-volume
hostAliases:
- hostnames:
- enterprise-data-masking.abinitio
ip: 127.0.0.1
hostname: enterprise-data-masking
initContainers: null
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
serviceAccountName: abinitio-sa
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 511
name: enterprise-data-masking
name: pod-config
- name: abinitio-local
persistentVolumeClaim:
claimName: enterprise-data-masking-claim
- emptyDir: {}
name: tmp-volume
- name: aiadmin
secret:
secretName: aiadmin
- name: ocagent
secret:
secretName: ocagent
- name: bridge
secret:
secretName: bridge
- name: eme-join-user
secret:
secretName: eme-join-user
- name: qi-join-user
secret:
secretName: qi-join-user
- name: dcs-utility-user
secret:
secretName: dcs-utility-user
- name: mhub-utility-user
secret:
secretName: mhub-utility-user
- name: ag-db-importer
secret:
secretName: ag-db-importer
- name: admin
secret:
secretName: admin
- name: ag-ui-importer
secret:
secretName: ag-ui-importer
- name: cafe-join-user
secret:
secretName: cafe-join-user
- name: cc-join-user
secret:
secretName: cc-join-user
- name: dcs-join-user
secret:
secretName: dcs-join-user
- name: ei-join-user
secret:
secretName: ei-join-user
- name: mhub-join-user
secret:
secretName: mhub-join-user
- name: qiadmin-join-user
secret:
secretName: qiadmin-join-user
- name: sd-join-user
secret:
secretName: sd-join-user
- name: trw-join-user
secret:
secretName: trw-join-user
- name: mhub-db-importer
secret:
secretName: mhub-db-importer
- name: mhub-ui-importer
secret:
secretName: mhub-ui-importer
- name: ag-appserver
secret:
secretName: ag-appserver
- name: ag-report
secret:
secretName: ag-report
- name: cc-jdbc
secret:
secretName: cc-jdbc
- name: dcs-hmac-key
secret:
secretName: dcs-hmac-key
- name: abinitio
secret:
secretName: abinitio
- name: mhub-appserver
secret:
secretName: mhub-appserver
- name: mhub-report
secret:
secretName: mhub-report
- name: runtime-locator-join-user
secret:
secretName: runtime-locator-join-user
- name: password-key-file
secret:
secretName: password-key-file
- name: ab-share-data-and-appconf-root
persistentVolumeClaim:
claimName: ab-shared-data-and-appconf-root-claim

90
rendered/manifests/k3s-dev/abinitio-platform/enterprise-data-masking/v1_configmap_enterprise-data-masking.yaml Normal file
View File

@@ -0,0 +1,90 @@
apiVersion: v1
data:
abinitiorc: |
AB_AIR_BRANCH @ expressit : main
AB_AIR_ROOT : //eme-0.eme-headless/abinitio/eme/eme
AB_AIR_ROOT @ expressit : //eme-0.eme-headless/abinitio/eme/eme
AB_APPCONF_ROOT_DIR @ expressit : /ab_share/ab_appconf_root
AB_BRIDGE_WORKDIR @ container-bridge : /tmp/container-bridge-workdir
AB_CHARSET : utf-8
AB_CONNECTION : bridge
AB_CONNECTION @ emeabeme : bridge
AB_CONNECTION_BRIDGE_ENCRYPTED_RPC_ENCRYPTION_KEY @ emeabeme : file=/secrets/bridge/password
AB_CONNECTION_BRIDGE_PORT @ emeabeme : 7070
AB_CONNECTION_BRIDGE_RPC_ENCRYPTION_TYPE @ emeabeme : aes128-gcm
AB_CONNECTION_BRIDGE_SECURITY_CONFIGURATION @ emeabeme : container-bridge-security
AB_HOME @ emeabeme : /usr/local/abinitio
AB_HOSTNAME_KEYSERVER_URLS : abks://key-server:6151
AB_MHUB_LOCAL_ROOT : /abinitio/deploy
AB_NODES @ emeabeme : eme-0.eme-headless
AB_OPS_CONSOLE_URL : http://controlcenter:8080/controlcenter
AB_OPS_MONITOR : true
AB_OPS_MONITOR_RESOURCES : false
AB_OPS_PHYSICAL_HOSTNAME : enterprise-data-masking
AB_PROC_DIR : /tmp
AB_WORK_DIR : /abinitio/work
apphubrc: |
AB_BRIDGE_VOLATILE_DIR : /tmp/ab-bridge-volatile-dir
AB_KEYSERVER_GROUP : AI-IC-AWS001a
AB_KEYSERVER_URLS : abks://key-server:6150
install-properties.config: |
AB_AIR_BRANCH=main
AB_AIR_ROOT=//eme-0.eme-headless/abinitio/eme/eme
AB_APPLICATION_HUB=/usr/local/abinitio-app-hub
AB_MHUB_CONFIG_DIR=/abinitio/deploy/metadatahub-importer/config
DBM_ABSDK_GRAPH_PROJECT_RPATH=/Projects/abinitio/dbm_deps/absdk_graph
DBM_CONFIG_MHUB_USER=aiadmin
DBM_DATA_CATALOG_URL=http://datacatalog:8080/datacatalog
DBM_DATA_CATALOG_USER=aiadmin
DBM_DBC_DIR=/abinitio/sandboxes/sand/edm_dbc
DBM_EME_ADMIN=aiadmin
DBM_EXPRESSIT_WORKSPACE=Test_Data_Management
DBM_PROJECT_RPATH=/Projects/abinitio/dbm
DBM_SERVICE_AUDIT_LISTENER_PORT=9478
DBM_SERVICE_DIRECTORY=/abinitio/sandboxes
DBM_SERVICE_PORT=9878
DBM_SERVICE_URL=http://enterprise-data-masking:9878
DEFAULT_MHUB_URL=http://metadatahub:8080/metadatahub
DO_DPC_INSTALL=y
DO_EME_INSTALL=y
DO_EXPRESSIT_INSTALL=n
DO_EXPRESSIT_INSTALL_SERVICE_GRAPHS=y
DO_EXPRESSIT_INSTALL_UI=n
DO_MHUB_CONFIGURATION=y
DO_MHUB_INSTALL=n
DO_SERVICE_INSTALL=y
EIT_APP_IDENTIFIER=expressit
EIT_PRIVATE_PROJECT_TR_PATH=/Projects/abinitio/examples/test_data_management
EIT_USERNAME=aiadmin
INSTALL_CONFIG_USING_ABAPP_MHUB=y
IS_MULTI_SERVER_INSTALL=y
LOAD_INTO_MAIN_NAV_BAR=n
MHUB_ABAPP_NAME=metadatahub
MHUB_DATASTORE_NAME=metadatahub-importer
MHUB_IMPORTER_USERNAME=aiadmin
MHUB_IMPORT_PROFILE_PATH=/abinitio/deploy/metadatahub-importer/config/import.profile
MHUB_URL=http://metadatahub:8080/metadatahub
PRIVATE_REL_RPATH=private_edm
RPATH_TO_STDENV=/Projects/stdenv
SANDBOX_PATH_TO_STDENV=/abinitio/sandboxes/sand/stdenv
TDM_EXAMPLES_PROJECT_RPATH=/Projects/abinitio/examples/test_data_management
TDM_PROJECT_RPATH=/Projects/abinitio/dms
UPDATE_ABSQL_WITH_MASKING=n
UPGRADE_TDM=n
WAIT_BETWEEN_LOAD_ATTEMPTS=30
WAIT_FOR_LOAD_ATTEMPTS=300
DBM_CONFIG_MHUB_ENCRYPTED_PASSWORD=file=/secrets/aiadmin/password
MHUB_IMPORTER_ENCRYPTED_PASSWORD=file=/secrets/aiadmin/password
DBM_DATA_CATALOG_USER_ENCRYPTED_PASSWORD=file=/secrets/aiadmin/password
DBM_EME_ADMIN_ENCRYPTED_PASSWORD=file=/secrets/aiadmin/password
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: enterprise-data-masking
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: enterprise-data-masking
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: enterprise-data-masking-2.4.3-a
name: enterprise-data-masking
namespace: abinitio

18
rendered/manifests/k3s-dev/abinitio-platform/enterprise-data-masking/v1_persistentvolumeclaim_enterprise-data-masking-claim.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: enterprise-data-masking
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: enterprise-data-masking
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: enterprise-data-masking-2.4.3-a
name: enterprise-data-masking-claim
namespace: abinitio
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

27
rendered/manifests/k3s-dev/abinitio-platform/enterprise-data-masking/v1_service_enterprise-data-masking.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: enterprise-data-masking
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: enterprise-data-masking
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: enterprise-data-masking-2.4.3-a
name: enterprise-data-masking
namespace: abinitio
spec:
ports:
- name: enterprise-data-masking
port: 9878
protocol: TCP
targetPort: 9878
- name: bridge
port: 7070
protocol: TCP
targetPort: 7070
publishNotReadyAddresses: false
selector:
app.kubernetes.io/instance: enterprise-data-masking
app.kubernetes.io/name: enterprise-data-masking
type: ClusterIP

364
rendered/manifests/k3s-dev/abinitio-platform/expressit/apps_v1_deployment_expressit-bridge.yaml Normal file
View File

@@ -0,0 +1,364 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: expressit-bridge
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: expressit-bridge
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: expressit-bridge-2.4.3-a
name: expressit-bridge
namespace: abinitio
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: expressit-bridge
app.kubernetes.io/name: expressit-bridge
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: expressit-bridge
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: expressit-bridge
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: expressit-bridge-2.4.3-a
name: expressit-bridge
spec:
containers:
- args:
- --ab-k8s-start-reporter
- "true"
- --ab-k8s-job-launch-script
- /ab-setup/setup_pod.sh
command:
- ab-container-entrypoint.ksh
env:
- name: AB_AIR_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: AB_AIR_ROOT
value: //eme-0.eme-headless/abinitio/eme/eme
- name: AB_AIR_USER
value: aiadmin
- name: AB_ALLOW_FILE_LOCK_ON_REMOTE_FILE_SYSTEM
value: "true"
- name: AB_AUTHORIZATION_GATEWAY_URL
value: http://authgateway:8080/authgateway
- name: AB_BRIDGE_CONFIGURATION_DIR
value: /abinitio/bridge
- name: AB_BRIDGE_CONFIGURATION_NAME
value: container-bridge
- name: AB_CHARSET
value: utf-8
- name: AB_CONFIGURATION
value: /config/pod/abinitiorc:/config/pod/apphubrc
- name: AB_CONNECTION_BRIDGE_ENCRYPTED_RPC_ENCRYPTION_KEY
value: file=/secrets/bridge/password
- name: AB_CONNECTION_BRIDGE_PORT
value: "7070"
- name: AB_CONNECTION_BRIDGE_RPC_ENCRYPTION_TYPE
value: aes128-gcm
- name: AB_CONNECTION_BRIDGE_SECURITY_CONFIGURATION
value: container-bridge-security
- name: AB_HOSTNAME_KEYSERVER_URLS
value: abks://key-server:6151
- name: AB_IPV4_ONLY
value: "true"
- name: AB_K8S_MAX_IDLE_SECONDS
value: "0"
- name: AB_K8S_START_BRIDGE
value: background
- name: AB_K8S_START_REPORTER
value: "true"
- name: AB_KEY_DAEMON_DIR
value: /tmp/abkc/data
- name: AB_MHUB_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: AB_MHUB_URL
value: http://metadatahub:8080/metadatahub
- name: AB_MHUB_USERNAME
value: aiadmin
- name: AB_MUX_ENABLE_AG_CREDENTIAL_MAPPING
value: "false"
- name: AB_OPS_CONSOLE_URL
value: http://controlcenter:8080/controlcenter
- name: AB_OPS_PHYSICAL_HOSTNAME
value: expressit-bridge
- name: AB_OPS_WSS_ENCRYPTED_PASSWORD
value: file=/secrets/ocagent/password
- name: AB_OPS_WSS_USERNAME
value: ocagent
- name: AB_PASSWORD_KEY_FILE
value: /secrets/password_key_file/password
- name: BRIDGE_AB_ENCRYPTED_KEY
value: file=/secrets/bridge/password
- name: CC_ADMIN_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: CC_ADMIN_USERNAME
value: aiadmin
- name: CMAP_MOUNT
value: /config/pod
- name: DEPLOY_NAME
value: expressit-bridge
- name: LOAD_PHYSOBJECTS
value: "true"
- name: NAMESPACE
value: abinitio
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_LABEL
value: 'abinitio/product: expressit-bridge, abinitio/deployment: expressit-bridge'
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_SERVICE
value: expressit-bridge
- name: POD_SERVICE_HEADLESS
value: expressit-bridge-headless
image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/expressit-bridge:4.4.1.1-1
imagePullPolicy: IfNotPresent
name: expressit-bridge
readinessProbe:
exec:
command:
- stat
- /tmp/.pod.ready
failureThreshold: 240
periodSeconds: 10
resources:
limits:
ephemeral-storage: 8Gi
memory: 8Gi
requests:
cpu: "1"
ephemeral-storage: 8Gi
memory: 4Gi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /config/pod
name: pod-config
- mountPath: /abinitio
name: abinitio-local
- mountPath: /secrets/aiadmin/password
name: aiadmin
subPath: password
- mountPath: /secrets/ocagent/password
name: ocagent
subPath: password
- mountPath: /secrets/bridge/password
name: bridge
subPath: password
- mountPath: /secrets/eme_join_user/password
name: eme-join-user
subPath: password
- mountPath: /secrets/qi_join_user/password
name: qi-join-user
subPath: password
- mountPath: /secrets/dcs_utility_user/password
name: dcs-utility-user
subPath: password
- mountPath: /secrets/mhub_utility_user/password
name: mhub-utility-user
subPath: password
- mountPath: /secrets/ag_db_importer/password
name: ag-db-importer
subPath: password
- mountPath: /secrets/admin/password
name: admin
subPath: password
- mountPath: /secrets/ag_ui_importer/password
name: ag-ui-importer
subPath: password
- mountPath: /secrets/cafe_join_user/password
name: cafe-join-user
subPath: password
- mountPath: /secrets/cc_join_user/password
name: cc-join-user
subPath: password
- mountPath: /secrets/dcs_join_user/password
name: dcs-join-user
subPath: password
- mountPath: /secrets/ei_join_user/password
name: ei-join-user
subPath: password
- mountPath: /secrets/mhub_join_user/password
name: mhub-join-user
subPath: password
- mountPath: /secrets/qiadmin_join_user/password
name: qiadmin-join-user
subPath: password
- mountPath: /secrets/sd_join_user/password
name: sd-join-user
subPath: password
- mountPath: /secrets/trw_join_user/password
name: trw-join-user
subPath: password
- mountPath: /secrets/mhub_db_importer/password
name: mhub-db-importer
subPath: password
- mountPath: /secrets/mhub_ui_importer/password
name: mhub-ui-importer
subPath: password
- mountPath: /secrets/ag_appserver/password
name: ag-appserver
subPath: password
- mountPath: /secrets/ag_report/password
name: ag-report
subPath: password
- mountPath: /secrets/cc_jdbc/password
name: cc-jdbc
subPath: password
- mountPath: /secrets/dcs_hmac_key/password
name: dcs-hmac-key
subPath: password
- mountPath: /secrets/abinitio/password
name: abinitio
subPath: password
- mountPath: /secrets/mhub_appserver/password
name: mhub-appserver
subPath: password
- mountPath: /secrets/mhub_report/password
name: mhub-report
subPath: password
- mountPath: /secrets/runtime_locator_join_user/password
name: runtime-locator-join-user
subPath: password
- mountPath: /secrets/password_key_file/password
name: password-key-file
subPath: password
- mountPath: /ab_share
name: ab-share-data-and-appconf-root
- mountPath: /tmp
name: tmp-volume
hostAliases:
- hostnames:
- expressit-bridge.abinitio
ip: 127.0.0.1
hostname: expressit-bridge
initContainers: null
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
serviceAccountName: abinitio-sa
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 511
name: expressit-bridge
name: pod-config
- name: abinitio-local
persistentVolumeClaim:
claimName: expressit-bridge-claim
- emptyDir: {}
name: tmp-volume
- name: aiadmin
secret:
secretName: aiadmin
- name: ocagent
secret:
secretName: ocagent
- name: bridge
secret:
secretName: bridge
- name: eme-join-user
secret:
secretName: eme-join-user
- name: qi-join-user
secret:
secretName: qi-join-user
- name: dcs-utility-user
secret:
secretName: dcs-utility-user
- name: mhub-utility-user
secret:
secretName: mhub-utility-user
- name: ag-db-importer
secret:
secretName: ag-db-importer
- name: admin
secret:
secretName: admin
- name: ag-ui-importer
secret:
secretName: ag-ui-importer
- name: cafe-join-user
secret:
secretName: cafe-join-user
- name: cc-join-user
secret:
secretName: cc-join-user
- name: dcs-join-user
secret:
secretName: dcs-join-user
- name: ei-join-user
secret:
secretName: ei-join-user
- name: mhub-join-user
secret:
secretName: mhub-join-user
- name: qiadmin-join-user
secret:
secretName: qiadmin-join-user
- name: sd-join-user
secret:
secretName: sd-join-user
- name: trw-join-user
secret:
secretName: trw-join-user
- name: mhub-db-importer
secret:
secretName: mhub-db-importer
- name: mhub-ui-importer
secret:
secretName: mhub-ui-importer
- name: ag-appserver
secret:
secretName: ag-appserver
- name: ag-report
secret:
secretName: ag-report
- name: cc-jdbc
secret:
secretName: cc-jdbc
- name: dcs-hmac-key
secret:
secretName: dcs-hmac-key
- name: abinitio
secret:
secretName: abinitio
- name: mhub-appserver
secret:
secretName: mhub-appserver
- name: mhub-report
secret:
secretName: mhub-report
- name: runtime-locator-join-user
secret:
secretName: runtime-locator-join-user
- name: password-key-file
secret:
secretName: password-key-file
- name: ab-share-data-and-appconf-root
persistentVolumeClaim:
claimName: ab-shared-data-and-appconf-root-claim

312
rendered/manifests/k3s-dev/abinitio-platform/expressit/apps_v1_deployment_expressit.yaml Normal file
View File

@@ -0,0 +1,312 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
abinitio/deployment: expressit
app.kubernetes.io/instance: expressit
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: expressit
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: expressit-2.4.3-a
name: expressit
namespace: abinitio
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: expressit
app.kubernetes.io/name: expressit
template:
metadata:
labels:
abinitio/deployment: expressit
app.kubernetes.io/instance: expressit
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: expressit
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: expressit-2.4.3-a
name: expressit
spec:
containers:
- env:
- name: AB_CONFIG_PROVIDER_URL
value: file://localhost/config
- name: AB_IPV4_ONLY
value: "true"
- name: AB_PASSWORD_KEY_FILE
value: /secrets/password_key_file/password
- name: CATALINA_TMPDIR
value: /tmp
- name: DEPLOY_NAME
value: expressit
- name: JAVA_OPTS
value: -XX:InitialRAMPercentage=50.0 -XX:MaxRAMPercentage=75.0
- name: LOAD_PHYSOBJECTS
value: "true"
- name: NAMESPACE
value: abinitio
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_LABEL
value: 'abinitio/product: expressit, abinitio/deployment: expressit'
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_SERVICE
value: expressit
image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/expressit:4.4.1.1-1
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- ${CATALINA_HOME}/bin/catalina.sh stop
livenessProbe:
failureThreshold: 3
httpGet:
path: /expressit/api/abwebinternal/health/k8s/liveness
port: 8080
initialDelaySeconds: 5
periodSeconds: 30
name: expressit-app
readinessProbe:
failureThreshold: 3
httpGet:
path: /expressit/api/abwebinternal/health/k8s/readiness
port: 8080
initialDelaySeconds: 10
periodSeconds: 30
resources:
limits:
ephemeral-storage: 2Gi
memory: 4Gi
requests:
cpu: 100m
ephemeral-storage: 2Gi
memory: 4Gi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
startupProbe:
failureThreshold: 3
httpGet:
path: /expressit/api/abwebinternal/health/k8s/startup
port: 8080
initialDelaySeconds: 30
periodSeconds: 30
volumeMounts:
- mountPath: /config/expressit
name: app-external-config
- mountPath: /abinitio
name: abinitio-local
- mountPath: /tmp
name: tmp-volume
- mountPath: /secrets/aiadmin/password
name: aiadmin
subPath: password
- mountPath: /secrets/ocagent/password
name: ocagent
subPath: password
- mountPath: /secrets/bridge/password
name: bridge
subPath: password
- mountPath: /secrets/eme_join_user/password
name: eme-join-user
subPath: password
- mountPath: /secrets/qi_join_user/password
name: qi-join-user
subPath: password
- mountPath: /secrets/dcs_utility_user/password
name: dcs-utility-user
subPath: password
- mountPath: /secrets/mhub_utility_user/password
name: mhub-utility-user
subPath: password
- mountPath: /secrets/ag_db_importer/password
name: ag-db-importer
subPath: password
- mountPath: /secrets/admin/password
name: admin
subPath: password
- mountPath: /secrets/ag_ui_importer/password
name: ag-ui-importer
subPath: password
- mountPath: /secrets/cafe_join_user/password
name: cafe-join-user
subPath: password
- mountPath: /secrets/cc_join_user/password
name: cc-join-user
subPath: password
- mountPath: /secrets/dcs_join_user/password
name: dcs-join-user
subPath: password
- mountPath: /secrets/ei_join_user/password
name: ei-join-user
subPath: password
- mountPath: /secrets/mhub_join_user/password
name: mhub-join-user
subPath: password
- mountPath: /secrets/qiadmin_join_user/password
name: qiadmin-join-user
subPath: password
- mountPath: /secrets/sd_join_user/password
name: sd-join-user
subPath: password
- mountPath: /secrets/trw_join_user/password
name: trw-join-user
subPath: password
- mountPath: /secrets/mhub_db_importer/password
name: mhub-db-importer
subPath: password
- mountPath: /secrets/mhub_ui_importer/password
name: mhub-ui-importer
subPath: password
- mountPath: /secrets/ag_appserver/password
name: ag-appserver
subPath: password
- mountPath: /secrets/ag_report/password
name: ag-report
subPath: password
- mountPath: /secrets/cc_jdbc/password
name: cc-jdbc
subPath: password
- mountPath: /secrets/dcs_hmac_key/password
name: dcs-hmac-key
subPath: password
- mountPath: /secrets/abinitio/password
name: abinitio
subPath: password
- mountPath: /secrets/mhub_appserver/password
name: mhub-appserver
subPath: password
- mountPath: /secrets/mhub_report/password
name: mhub-report
subPath: password
- mountPath: /secrets/runtime_locator_join_user/password
name: runtime-locator-join-user
subPath: password
- mountPath: /secrets/password_key_file/password
name: password-key-file
subPath: password
hostname: expressit
initContainers: null
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
serviceAccountName: abinitio-sa
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: abinitio-local
- configMap:
defaultMode: 511
name: expressit-external-config
name: app-external-config
- emptyDir: {}
name: tmp-volume
- name: aiadmin
secret:
secretName: aiadmin
- name: ocagent
secret:
secretName: ocagent
- name: bridge
secret:
secretName: bridge
- name: eme-join-user
secret:
secretName: eme-join-user
- name: qi-join-user
secret:
secretName: qi-join-user
- name: dcs-utility-user
secret:
secretName: dcs-utility-user
- name: mhub-utility-user
secret:
secretName: mhub-utility-user
- name: ag-db-importer
secret:
secretName: ag-db-importer
- name: admin
secret:
secretName: admin
- name: ag-ui-importer
secret:
secretName: ag-ui-importer
- name: cafe-join-user
secret:
secretName: cafe-join-user
- name: cc-join-user
secret:
secretName: cc-join-user
- name: dcs-join-user
secret:
secretName: dcs-join-user
- name: ei-join-user
secret:
secretName: ei-join-user
- name: mhub-join-user
secret:
secretName: mhub-join-user
- name: qiadmin-join-user
secret:
secretName: qiadmin-join-user
- name: sd-join-user
secret:
secretName: sd-join-user
- name: trw-join-user
secret:
secretName: trw-join-user
- name: mhub-db-importer
secret:
secretName: mhub-db-importer
- name: mhub-ui-importer
secret:
secretName: mhub-ui-importer
- name: ag-appserver
secret:
secretName: ag-appserver
- name: ag-report
secret:
secretName: ag-report
- name: cc-jdbc
secret:
secretName: cc-jdbc
- name: dcs-hmac-key
secret:
secretName: dcs-hmac-key
- name: abinitio
secret:
secretName: abinitio
- name: mhub-appserver
secret:
secretName: mhub-appserver
- name: mhub-report
secret:
secretName: mhub-report
- name: runtime-locator-join-user
secret:
secretName: runtime-locator-join-user
- name: password-key-file
secret:
secretName: password-key-file

48
rendered/manifests/k3s-dev/abinitio-platform/expressit/v1_configmap_expressit-bridge.yaml Normal file
View File

@@ -0,0 +1,48 @@
apiVersion: v1
data:
abinitiorc: |
AB_AIR_BRANCH @ expressit : main
AB_AIR_ROOT : //eme-0.eme-headless/abinitio/eme/eme
AB_AIR_ROOT @ expressit : //eme-0.eme-headless/abinitio/eme/eme
AB_APPCONF_ROOT_DIR @ expressit : /ab_share/ab_appconf_root
AB_BRE_ALLOW_STRINGY_AUTOMAP : true
AB_BRE_ENABLE_MARKDOWN_COMMENTS : true
AB_BRIDGE_WORKDIR @ container-bridge : /tmp/container-bridge-workdir
AB_CHARSET : utf-8
AB_CHARSET @ rwi : utf-8
AB_CONNECTION @ emeabeme : bridge
AB_CONNECTION @ rwi : bridge
AB_CONNECTION_BRIDGE_ENCRYPTED_RPC_ENCRYPTION_KEY @ emeabeme : file=/secrets/bridge/password
AB_CONNECTION_BRIDGE_PORT @ emeabeme : 7070
AB_CONNECTION_BRIDGE_RPC_ENCRYPTION_TYPE @ emeabeme : aes128-gcm
AB_CONNECTION_BRIDGE_SECURITY_CONFIGURATION @ emeabeme : container-bridge-security
AB_ENV_ROOT : /abinitio/sandboxes/sand/stdenv
AB_HOME @ emeabeme : /usr/local/abinitio
AB_HOSTNAME_KEYSERVER_URLS : abks://key-server:6151
AB_NODES @ emeabeme : eme-0.eme-headless
AB_OPS_CONSOLE_URL : http://controlcenter:8080/controlcenter
AB_OPS_MONITOR : true
AB_OPS_MONITOR_RESOURCES : false
AB_OPS_PHYSICAL_HOSTNAME : expressit-bridge
AB_PROC_DIR : /tmp
AB_WORK_DIR : /abinitio/work
apphubrc: |
AB_AIR_BRANCH @ eme : main
AB_AIR_ROOT @ eme : //eme-0.eme-headless/abinitio/eme/eme
AB_BRIDGE_VOLATILE_DIR : /tmp/ab-bridge-volatile-dir
AB_DESCRIPTION @ eme : Ab Initio Data Platform technical repository
AB_DISPLAY_NAME @ eme : Default technical repository deployed in eme StatefulSet
AB_EME_REPOSITORIES : eme
AB_KEYSERVER_GROUP : AI-IC-AWS001a
AB_KEYSERVER_URLS : abks://key-server:6150
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: expressit-bridge
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: expressit-bridge
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: expressit-bridge-2.4.3-a
name: expressit-bridge
namespace: abinitio

57
rendered/manifests/k3s-dev/abinitio-platform/expressit/v1_configmap_expressit-external-config.yaml Normal file
View File

@@ -0,0 +1,57 @@
apiVersion: v1
data:
expressit.yaml: |
externalConfig:
expressIt:
allowDrillDown: true
appIdentifier: expressit
appserverType: tomcat
authentication:
type: ag
authorization:
type: ag
authorizationGateway:
password: file=/secrets/ei_join_user/password
productIdentifier: Express>It
productName: Express>It
url: http://authgateway:8080/authgateway
username: ei_join_user
bridgeConnection:
encryptionType: aes128-gcm
rpcSecret: file=/secrets/bridge/password
securityConfig: container-bridge-security
url: http://expressit-bridge:7070
cluster:
autoConfig:
hosts: expressit-jgroup
port: 7800
protocol: tcp
channelName: ch01
enabled: true
emeTR:
useAgCredentials: true
interop:
dataCatalogServices:
url: http://datacatalog:8080/datacatalog
metadataHub:
url: http://metadatahub:8080/metadatahub
logging:
directoryPath: /abinitio/webapp/logs
maxBackups: 3
packageForSupport:
encrypted: EncryptForNonAdmins
urlFromBrowser: https://aidp.k3s.sg.ic.cloudguild.gcp.abinitio.com/expressit
websockets:
forceDisable: false
kind: ConfigMap
metadata:
labels:
abinitio/deployment: expressit
app.kubernetes.io/instance: expressit
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: expressit
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: expressit-2.4.3-a
name: expressit-external-config
namespace: abinitio

18
rendered/manifests/k3s-dev/abinitio-platform/expressit/v1_persistentvolumeclaim_expressit-bridge-claim.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: expressit-bridge
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: expressit-bridge
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: expressit-bridge-2.4.3-a
name: expressit-bridge-claim
namespace: abinitio
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

23
rendered/manifests/k3s-dev/abinitio-platform/expressit/v1_service_expressit-bridge.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: expressit-bridge
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: expressit-bridge
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: expressit-bridge-2.4.3-a
name: expressit-bridge
namespace: abinitio
spec:
ports:
- name: bridge
port: 7070
protocol: TCP
targetPort: 7070
publishNotReadyAddresses: false
selector:
app.kubernetes.io/instance: expressit-bridge
app.kubernetes.io/name: expressit-bridge
type: ClusterIP

25
rendered/manifests/k3s-dev/abinitio-platform/expressit/v1_service_expressit-jgroup.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: v1
kind: Service
metadata:
labels:
abinitio/deployment: expressit
app.kubernetes.io/instance: expressit
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: expressit
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: expressit-2.4.3-a
name: expressit-jgroup
namespace: abinitio
spec:
clusterIP: None
ports:
- name: jgroup-channel
port: 7800
protocol: TCP
targetPort: 7800
publishNotReadyAddresses: true
selector:
app.kubernetes.io/instance: expressit
app.kubernetes.io/name: expressit
type: ClusterIP

27
rendered/manifests/k3s-dev/abinitio-platform/expressit/v1_service_expressit.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
labels:
abinitio/deployment: expressit
app.kubernetes.io/instance: expressit
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: expressit
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: expressit-2.4.3-a
name: expressit
namespace: abinitio
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/instance: expressit
app.kubernetes.io/name: expressit
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds: 86400
type: ClusterIP

354
rendered/manifests/k3s-dev/abinitio-platform/metadata-promotion/apps_v1_deployment_metadata-promotion.yaml Normal file
View File

@@ -0,0 +1,354 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: metadata-promotion
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metadata-promotion
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: metadata-promotion-2.4.3-a
name: metadata-promotion
namespace: abinitio
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: metadata-promotion
app.kubernetes.io/name: metadata-promotion
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: metadata-promotion
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metadata-promotion
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: metadata-promotion-2.4.3-a
name: metadata-promotion
spec:
containers:
- args:
- --ab-k8s-job-launch-script
- /ab-setup/setup_pod.sh
command:
- ab-container-entrypoint.ksh
env:
- name: AB_AIR_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: AB_AIR_ROOT
value: //eme-0.eme-headless/abinitio/eme/eme
- name: AB_AIR_USER
value: aiadmin
- name: AB_ALLOW_FILE_LOCK_ON_REMOTE_FILE_SYSTEM
value: "true"
- name: AB_AUTHORIZATION_GATEWAY_URL
value: http://authgateway:8080/authgateway
- name: AB_BRIDGE_CONFIGURATION_DIR
value: /abinitio/bridge
- name: AB_BRIDGE_CONFIGURATION_NAME
value: container-bridge
- name: AB_CHARSET
value: utf-8
- name: AB_CONFIGURATION
value: /config/pod/abinitiorc:/config/pod/apphubrc
- name: AB_CONNECTION_BRIDGE_ENCRYPTED_RPC_ENCRYPTION_KEY
value: file=/secrets/bridge/password
- name: AB_CONNECTION_BRIDGE_PORT
value: "7070"
- name: AB_CONNECTION_BRIDGE_RPC_ENCRYPTION_TYPE
value: aes128-gcm
- name: AB_CONNECTION_BRIDGE_SECURITY_CONFIGURATION
value: container-bridge-security
- name: AB_HOSTNAME_KEYSERVER_URLS
value: abks://key-server:6151
- name: AB_IPV4_ONLY
value: "true"
- name: AB_K8S_MAX_IDLE_SECONDS
value: "0"
- name: AB_K8S_START_BRIDGE
value: background
- name: AB_K8S_START_REPORTER
value: "true"
- name: AB_KEY_DAEMON_DIR
value: /tmp/abkc/data
- name: AB_MUX_ENABLE_AG_CREDENTIAL_MAPPING
value: "false"
- name: AB_OPS_CONSOLE_URL
value: http://controlcenter:8080/controlcenter
- name: AB_OPS_WSS_ENCRYPTED_PASSWORD
value: file=/secrets/ocagent/password
- name: AB_OPS_WSS_USERNAME
value: ocagent
- name: AB_PASSWORD_KEY_FILE
value: /secrets/password_key_file/password
- name: BRIDGE_AB_ENCRYPTED_KEY
value: file=/secrets/bridge/password
- name: CC_ADMIN_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: CC_ADMIN_USERNAME
value: aiadmin
- name: CMAP_MOUNT
value: /config/pod
- name: DEPLOY_NAME
value: metadata-promotion
- name: LOAD_PHYSOBJECTS
value: "true"
- name: NAMESPACE
value: abinitio
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_LABEL
value: 'abinitio/product: metadata-promotion, abinitio/deployment: metadata-promotion'
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_SERVICE
value: metadata-promotion
- name: POD_SERVICE_HEADLESS
value: metadata-promotion-headless
image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/metadata-promotion:4.4.1.1-1
imagePullPolicy: IfNotPresent
name: metadata-promotion
readinessProbe:
exec:
command:
- stat
- /tmp/.pod.ready
failureThreshold: 240
periodSeconds: 10
resources:
limits:
ephemeral-storage: 2Gi
memory: 4Gi
requests:
cpu: 100m
ephemeral-storage: 2Gi
memory: 1Gi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /config/pod
name: pod-config
- mountPath: /abinitio
name: abinitio-local
- mountPath: /secrets/aiadmin/password
name: aiadmin
subPath: password
- mountPath: /secrets/ocagent/password
name: ocagent
subPath: password
- mountPath: /secrets/bridge/password
name: bridge
subPath: password
- mountPath: /secrets/eme_join_user/password
name: eme-join-user
subPath: password
- mountPath: /secrets/qi_join_user/password
name: qi-join-user
subPath: password
- mountPath: /secrets/dcs_utility_user/password
name: dcs-utility-user
subPath: password
- mountPath: /secrets/mhub_utility_user/password
name: mhub-utility-user
subPath: password
- mountPath: /secrets/ag_db_importer/password
name: ag-db-importer
subPath: password
- mountPath: /secrets/admin/password
name: admin
subPath: password
- mountPath: /secrets/ag_ui_importer/password
name: ag-ui-importer
subPath: password
- mountPath: /secrets/cafe_join_user/password
name: cafe-join-user
subPath: password
- mountPath: /secrets/cc_join_user/password
name: cc-join-user
subPath: password
- mountPath: /secrets/dcs_join_user/password
name: dcs-join-user
subPath: password
- mountPath: /secrets/ei_join_user/password
name: ei-join-user
subPath: password
- mountPath: /secrets/mhub_join_user/password
name: mhub-join-user
subPath: password
- mountPath: /secrets/qiadmin_join_user/password
name: qiadmin-join-user
subPath: password
- mountPath: /secrets/sd_join_user/password
name: sd-join-user
subPath: password
- mountPath: /secrets/trw_join_user/password
name: trw-join-user
subPath: password
- mountPath: /secrets/mhub_db_importer/password
name: mhub-db-importer
subPath: password
- mountPath: /secrets/mhub_ui_importer/password
name: mhub-ui-importer
subPath: password
- mountPath: /secrets/ag_appserver/password
name: ag-appserver
subPath: password
- mountPath: /secrets/ag_report/password
name: ag-report
subPath: password
- mountPath: /secrets/cc_jdbc/password
name: cc-jdbc
subPath: password
- mountPath: /secrets/dcs_hmac_key/password
name: dcs-hmac-key
subPath: password
- mountPath: /secrets/abinitio/password
name: abinitio
subPath: password
- mountPath: /secrets/mhub_appserver/password
name: mhub-appserver
subPath: password
- mountPath: /secrets/mhub_report/password
name: mhub-report
subPath: password
- mountPath: /secrets/runtime_locator_join_user/password
name: runtime-locator-join-user
subPath: password
- mountPath: /secrets/password_key_file/password
name: password-key-file
subPath: password
- mountPath: /ab_share
name: ab-share-data-and-appconf-root
- mountPath: /tmp
name: tmp-volume
hostAliases:
- hostnames:
- metadata-promotion.abinitio
ip: 127.0.0.1
hostname: metadata-promotion
initContainers: null
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
serviceAccountName: abinitio-sa
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 511
name: metadata-promotion
name: pod-config
- name: abinitio-local
persistentVolumeClaim:
claimName: metadata-promotion-claim
- emptyDir: {}
name: tmp-volume
- name: aiadmin
secret:
secretName: aiadmin
- name: ocagent
secret:
secretName: ocagent
- name: bridge
secret:
secretName: bridge
- name: eme-join-user
secret:
secretName: eme-join-user
- name: qi-join-user
secret:
secretName: qi-join-user
- name: dcs-utility-user
secret:
secretName: dcs-utility-user
- name: mhub-utility-user
secret:
secretName: mhub-utility-user
- name: ag-db-importer
secret:
secretName: ag-db-importer
- name: admin
secret:
secretName: admin
- name: ag-ui-importer
secret:
secretName: ag-ui-importer
- name: cafe-join-user
secret:
secretName: cafe-join-user
- name: cc-join-user
secret:
secretName: cc-join-user
- name: dcs-join-user
secret:
secretName: dcs-join-user
- name: ei-join-user
secret:
secretName: ei-join-user
- name: mhub-join-user
secret:
secretName: mhub-join-user
- name: qiadmin-join-user
secret:
secretName: qiadmin-join-user
- name: sd-join-user
secret:
secretName: sd-join-user
- name: trw-join-user
secret:
secretName: trw-join-user
- name: mhub-db-importer
secret:
secretName: mhub-db-importer
- name: mhub-ui-importer
secret:
secretName: mhub-ui-importer
- name: ag-appserver
secret:
secretName: ag-appserver
- name: ag-report
secret:
secretName: ag-report
- name: cc-jdbc
secret:
secretName: cc-jdbc
- name: dcs-hmac-key
secret:
secretName: dcs-hmac-key
- name: abinitio
secret:
secretName: abinitio
- name: mhub-appserver
secret:
secretName: mhub-appserver
- name: mhub-report
secret:
secretName: mhub-report
- name: runtime-locator-join-user
secret:
secretName: runtime-locator-join-user
- name: password-key-file
secret:
secretName: password-key-file
- name: ab-share-data-and-appconf-root
persistentVolumeClaim:
claimName: ab-shared-data-and-appconf-root-claim

81
rendered/manifests/k3s-dev/abinitio-platform/metadata-promotion/v1_configmap_metadata-promotion.yaml Normal file
View File

@@ -0,0 +1,81 @@
apiVersion: v1
data:
abinitiorc: |
AB_AIR_BRANCH @ expressit : main
AB_AIR_ROOT : //eme-0.eme-headless/abinitio/eme/eme
AB_AIR_ROOT @ expressit : //eme-0.eme-headless/abinitio/eme/eme
AB_APPCONF_ROOT_DIR @ expressit : /ab_share/ab_appconf_root
AB_BRIDGE_WORKDIR @ container-bridge : /tmp/container-bridge-workdir
AB_CHARSET : utf-8
AB_CONNECTION : bridge
AB_CONNECTION_BRIDGE_ENCRYPTED_RPC_ENCRYPTION_KEY @ emeabeme : file=/secrets/bridge/password
AB_HOSTNAME_KEYSERVER_URLS : abks://key-server:6151
AB_MHUB_LOCAL_ROOT : /abinitio/deploy
AB_OPS_CONSOLE_URL : http://controlcenter:8080/controlcenter
AB_OPS_MONITOR : true
AB_OPS_MONITOR_RESOURCES : false
AB_OPS_PHYSICAL_HOSTNAME : metadata-promotion
AB_PROC_DIR : /tmp
AB_WORK_DIR : /abinitio/work
apphubrc: |
AB_BRIDGE_VOLATILE_DIR : /tmp/ab-bridge-volatile-dir
AB_KEYSERVER_GROUP : AI-IC-AWS001a
AB_KEYSERVER_URLS : abks://key-server:6150
install-properties.config: |
AB_AIR_BRANCH=main
AB_AIR_ROOT=//eme-0.eme-headless/abinitio/eme/eme
AB_APPCONF_ROOT_DIR=/ab_share/ab_appconf_root
AB_APPLICATION_HUB=/usr/local/abinitio-app-hub
AB_MHUB_CONFIG_DIR=/abinitio/deploy/metadatahub-importer/config
DEFAULT_MHUB_URL=http://metadatahub:8080/metadatahub
DEFAULT_PROMOTION_USER=aiadmin
DEFAULT_TR_BRANCH=main
DEFAULT_TR_INTEGRATION=y
DEFAULT_TR_PATH=//eme-0.eme-headless/abinitio/eme/eme
DEFAULT_TR_USER=aiadmin
DO_EXPRESSIT_INSTALL=y
DO_MHUB_INSTALL=n
DO_SERVICE_INSTALL=y
DO_TR_INSTALL=y
EIT_APP_IDENTIFIER=expressit
EIT_USERNAME=aiadmin
EZ_UTILITY_PROJECT_RPATH=/Projects/abinitio/ez_utility
INSTALL_CONFIG_USING_ABAPP_MHUB=y
LOAD_INTO_DROPDOWN=y
LOAD_INTO_NAVBAR=y
MHUB_ABAPP_NAME=metadatahub
MHUB_DATASTORE_NAME=metadatahub-importer
MHUB_IMPORTER_USERNAME=aiadmin
MHUB_IMPORT_PROFILE_PATH=/abinitio/deploy/metadatahub-importer/config/import.profile
MHUB_SPLIT_FROM_SERVICE=y
MHUB_URL=http://metadatahub:8080/metadatahub
NAVBAR_MENU_NAME=Other
PROJECTS_XML=/ab_share/ab_appconf_root/main/config/promotion.projects.xml
PROMOTION_CONFIG_MHUB_USER=aiadmin
PROMOTION_PROJECT_RPATH=/Projects/abinitio/promotion
PROMOTION_SERVICE_AUDIT_LISTENER_PORT=9977
PROMOTION_SERVICE_DIRECTORY=/abinitio/sandboxes/sand
PROMOTION_SERVICE_PORT=9877
PROMOTION_SERVICE_URL=http://metadata-promotion:9877
RPATH_TO_STDENV=/Projects/stdenv
SANDBOX_PATH_TO_STDENV_FOR_EIT=/ab_share/ab_appconf_root/main/global/stdenv
SANDBOX_PATH_TO_STDENV_FOR_SERVICE=/abinitio/sandboxes/sand/stdenv
SECURE_MHUB_CONNECTIONS=y
TECHNICAL_REPOSITORY_DIRECTORY=/Projects/abinitio
UPGRADE_PROMOTION_CONFIGURATION=n
WAIT_BETWEEN_LOAD_ATTEMPTS=30
WAIT_FOR_LOAD_ATTEMPTS=300
PROMOTION_CONFIG_MHUB_ENCRYPTED_PASSWORD=file=/secrets/aiadmin/password
MHUB_IMPORTER_ENCRYPTED_PASSWORD=file=/secrets/aiadmin/password
DEFAULT_PROMOTION_ENCRYPTED_PASSWORD=file=/secrets/aiadmin/password
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: metadata-promotion
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metadata-promotion
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: metadata-promotion-2.4.3-a
name: metadata-promotion
namespace: abinitio

18
rendered/manifests/k3s-dev/abinitio-platform/metadata-promotion/v1_persistentvolumeclaim_metadata-promotion-claim.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: metadata-promotion
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metadata-promotion
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: metadata-promotion-2.4.3-a
name: metadata-promotion-claim
namespace: abinitio
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

27
rendered/manifests/k3s-dev/abinitio-platform/metadata-promotion/v1_service_metadata-promotion.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: metadata-promotion
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metadata-promotion
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: metadata-promotion-2.4.3-a
name: metadata-promotion
namespace: abinitio
spec:
ports:
- name: metadata-promotion
port: 9877
protocol: TCP
targetPort: 9877
- name: bridge
port: 7070
protocol: TCP
targetPort: 7070
publishNotReadyAddresses: false
selector:
app.kubernetes.io/instance: metadata-promotion
app.kubernetes.io/name: metadata-promotion
type: ClusterIP

399
rendered/manifests/k3s-dev/abinitio-platform/metadatahub/apps_v1_deployment_metadata-loader.yaml Normal file
View File

@@ -0,0 +1,399 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: metadata-loader
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metadata-loader
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: metadata-loader-2.4.3-a
name: metadata-loader
namespace: abinitio
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: metadata-loader
app.kubernetes.io/name: metadata-loader
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: metadata-loader
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: metadata-loader
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: metadata-loader-2.4.3-a
name: metadata-loader
spec:
containers:
- args:
- --ab-k8s-job-launch-script
- /ab-setup/setup_pod.sh
command:
- ab-container-entrypoint.ksh
env:
- name: AB_AIR_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: AB_AIR_ROOT
value: //eme-0.eme-headless/abinitio/eme/eme
- name: AB_AIR_USER
value: aiadmin
- name: AB_ALLOW_FILE_LOCK_ON_REMOTE_FILE_SYSTEM
value: "true"
- name: AB_AUTHORIZATION_GATEWAY_URL
value: http://authgateway:8080/authgateway
- name: AB_BRIDGE_CONFIGURATION_DIR
value: /abinitio/bridge
- name: AB_BRIDGE_CONFIGURATION_NAME
value: container-bridge
- name: AB_CHARSET
value: utf-8
- name: AB_CONFIGURATION
value: /config/pod/abinitiorc:/config/pod/apphubrc
- name: AB_CONNECTION_BRIDGE_ENCRYPTED_RPC_ENCRYPTION_KEY
value: file=/secrets/bridge/password
- name: AB_CONNECTION_BRIDGE_PORT
value: "7070"
- name: AB_CONNECTION_BRIDGE_RPC_ENCRYPTION_TYPE
value: aes128-gcm
- name: AB_CONNECTION_BRIDGE_SECURITY_CONFIGURATION
value: container-bridge-security
- name: AB_HOSTNAME_KEYSERVER_URLS
value: abks://key-server:6151
- name: AB_IPV4_ONLY
value: "true"
- name: AB_K8S_MAX_IDLE_SECONDS
value: "0"
- name: AB_K8S_START_BRIDGE
value: background
- name: AB_K8S_START_REPORTER
value: "true"
- name: AB_KEY_DAEMON_DIR
value: /tmp/abkc/data
- name: AB_MHUB_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: AB_MHUB_URL
value: http://metadatahub:8080/metadatahub
- name: AB_MHUB_USERNAME
value: aiadmin
- name: AB_MUX_ENABLE_AG_CREDENTIAL_MAPPING
value: "false"
- name: AB_OPS_CONSOLE_URL
value: http://controlcenter:8080/controlcenter
- name: AB_OPS_WSS_ENCRYPTED_PASSWORD
value: file=/secrets/ocagent/password
- name: AB_OPS_WSS_USERNAME
value: ocagent
- name: AB_PASSWORD_KEY_FILE
value: /secrets/password_key_file/password
- name: AIC_EXTENSIONS
value: <nil>
- name: BRIDGE_AB_ENCRYPTED_KEY
value: file=/secrets/bridge/password
- name: CC_ADMIN_ENCRYPTED_PASSWORD
value: file=/secrets/aiadmin/password
- name: CC_ADMIN_USERNAME
value: aiadmin
- name: CMAP_MOUNT
value: /config/pod
- name: DEPLOY_NAME
value: metadata-loader
- name: JAVA_OPTS
value: -XX:InitialRAMPercentage=50.0 -XX:MaxRAMPercentage=75.0
- name: LOAD_PHYSOBJECTS
value: "true"
- name: NAMESPACE
value: abinitio
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_LABEL
value: 'abinitio/product: metadata-loader, abinitio/deployment: metadata-loader'
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_SERVICE
value: metadata-loader
- name: POD_SERVICE_HEADLESS
value: metadata-loader-headless
- name: WAIT_FOR_PRODUCTS
value: promotion,sd,physobjects,dqa,edm,blueprints
image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/metadata-loader:4.4.1.1-1
imagePullPolicy: IfNotPresent
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 20
tcpSocket:
port: 7070
name: metadata-loader
readinessProbe:
exec:
command:
- stat
- /abinitio/.accepting_files.state
failureThreshold: 30
periodSeconds: 30
resources:
limits:
ephemeral-storage: 2Gi
memory: 8Gi
requests:
cpu: 500m
ephemeral-storage: 2Gi
memory: 4Gi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /config/pod
name: pod-config
- mountPath: /abinitio
name: abinitio-local
- mountPath: /secrets/aiadmin/password
name: aiadmin
subPath: password
- mountPath: /secrets/ocagent/password
name: ocagent
subPath: password
- mountPath: /secrets/bridge/password
name: bridge
subPath: password
- mountPath: /secrets/eme_join_user/password
name: eme-join-user
subPath: password
- mountPath: /secrets/qi_join_user/password
name: qi-join-user
subPath: password
- mountPath: /secrets/dcs_utility_user/password
name: dcs-utility-user
subPath: password
- mountPath: /secrets/mhub_utility_user/password
name: mhub-utility-user
subPath: password
- mountPath: /secrets/ag_db_importer/password
name: ag-db-importer
subPath: password
- mountPath: /secrets/admin/password
name: admin
subPath: password
- mountPath: /secrets/ag_ui_importer/password
name: ag-ui-importer
subPath: password
- mountPath: /secrets/cafe_join_user/password
name: cafe-join-user
subPath: password
- mountPath: /secrets/cc_join_user/password
name: cc-join-user
subPath: password
- mountPath: /secrets/dcs_join_user/password
name: dcs-join-user
subPath: password
- mountPath: /secrets/ei_join_user/password
name: ei-join-user
subPath: password
- mountPath: /secrets/mhub_join_user/password
name: mhub-join-user
subPath: password
- mountPath: /secrets/qiadmin_join_user/password
name: qiadmin-join-user
subPath: password
- mountPath: /secrets/sd_join_user/password
name: sd-join-user
subPath: password
- mountPath: /secrets/trw_join_user/password
name: trw-join-user
subPath: password
- mountPath: /secrets/mhub_db_importer/password
name: mhub-db-importer
subPath: password
- mountPath: /secrets/mhub_ui_importer/password
name: mhub-ui-importer
subPath: password
- mountPath: /secrets/ag_appserver/password
name: ag-appserver
subPath: password
- mountPath: /secrets/ag_report/password
name: ag-report
subPath: password
- mountPath: /secrets/cc_jdbc/password
name: cc-jdbc
subPath: password
- mountPath: /secrets/dcs_hmac_key/password
name: dcs-hmac-key
subPath: password
- mountPath: /secrets/abinitio/password
name: abinitio
subPath: password
- mountPath: /secrets/mhub_appserver/password
name: mhub-appserver
subPath: password
- mountPath: /secrets/mhub_report/password
name: mhub-report
subPath: password
- mountPath: /secrets/runtime_locator_join_user/password
name: runtime-locator-join-user
subPath: password
- mountPath: /secrets/password_key_file/password
name: password-key-file
subPath: password
- mountPath: /ab_share
name: ab-share-data-and-appconf-root
- mountPath: /tmp
name: tmp-volume
hostAliases:
- hostnames:
- metadata-loader.abinitio
ip: 127.0.0.1
hostname: metadata-loader
initContainers:
- args:
- |
set -e
mkdir -p /abinitio/install && \
for archive in /*.tar.gz; do \
echo "Unpacking $archive..." && \
tar -xvzf "$archive" -C /abinitio/install; \
done && \
chmod -R 755 /abinitio/install
command:
- sh
- -c
image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/metadata-loader-platform-init:4.4.1.1-1
imagePullPolicy: IfNotPresent
name: metadata-loader-platform-init
resources:
limits:
ephemeral-storage: 2Gi
memory: 1Gi
requests:
cpu: 500m
ephemeral-storage: 1Gi
memory: 1Gi
securityContext:
runAsUser: 1000
volumeMounts:
- mountPath: /abinitio
name: abinitio-local
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
serviceAccountName: abinitio-sa
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 511
name: metadata-loader
name: pod-config
- name: abinitio-local
persistentVolumeClaim:
claimName: metadata-loader-claim
- emptyDir: {}
name: tmp-volume
- name: aiadmin
secret:
secretName: aiadmin
- name: ocagent
secret:
secretName: ocagent
- name: bridge
secret:
secretName: bridge
- name: eme-join-user
secret:
secretName: eme-join-user
- name: qi-join-user
secret:
secretName: qi-join-user
- name: dcs-utility-user
secret:
secretName: dcs-utility-user
- name: mhub-utility-user
secret:
secretName: mhub-utility-user
- name: ag-db-importer
secret:
secretName: ag-db-importer
- name: admin
secret:
secretName: admin
- name: ag-ui-importer
secret:
secretName: ag-ui-importer
- name: cafe-join-user
secret:
secretName: cafe-join-user
- name: cc-join-user
secret:
secretName: cc-join-user
- name: dcs-join-user
secret:
secretName: dcs-join-user
- name: ei-join-user
secret:
secretName: ei-join-user
- name: mhub-join-user
secret:
secretName: mhub-join-user
- name: qiadmin-join-user
secret:
secretName: qiadmin-join-user
- name: sd-join-user
secret:
secretName: sd-join-user
- name: trw-join-user
secret:
secretName: trw-join-user
- name: mhub-db-importer
secret:
secretName: mhub-db-importer
- name: mhub-ui-importer
secret:
secretName: mhub-ui-importer
- name: ag-appserver
secret:
secretName: ag-appserver
- name: ag-report
secret:
secretName: ag-report
- name: cc-jdbc
secret:
secretName: cc-jdbc
- name: dcs-hmac-key
secret:
secretName: dcs-hmac-key
- name: abinitio
secret:
secretName: abinitio
- name: mhub-appserver
secret:
secretName: mhub-appserver
- name: mhub-report
secret:
secretName: mhub-report
- name: runtime-locator-join-user
secret:
secretName: runtime-locator-join-user
- name: password-key-file
secret:
secretName: password-key-file
- name: ab-share-data-and-appconf-root
persistentVolumeClaim:
claimName: ab-shared-data-and-appconf-root-claim

Some files were not shown because too many files have changed in this diff Show More