Initial render: k3s-dev environment

rendered/argocd/k3s-dev/applications/abinitio-common/config.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-common-config
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-common-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-common/config"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-common/passwords.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-common-passwords
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-common-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-common/passwords"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-common/resources.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-common-resources
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-common-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-common/resources"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-db/authgateway-db.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-db-authgateway-db
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-db-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-db/authgateway-db"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio-db
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-db/controlcenter-db.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-db-controlcenter-db
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-db-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-db/controlcenter-db"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio-db
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-db/metadatahub-db.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-db-metadatahub-db
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-db-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-db/metadatahub-db"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio-db
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-platform/authgateway.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-platform-authgateway
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-platform-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-platform/authgateway"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-platform/blueprints.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-platform-blueprints
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-platform-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-platform/blueprints"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-platform/controlcenter.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-platform-controlcenter
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-platform-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-platform/controlcenter"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-platform/datacatalog.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-platform-datacatalog
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-platform-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-platform/datacatalog"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-platform/dqa.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-platform-dqa
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-platform-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-platform/dqa"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-platform/eme.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-platform-eme
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-platform-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-platform/eme"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-platform/enterprise-data-masking.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-platform-enterprise-data-masking
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-platform-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-platform/enterprise-data-masking"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-platform/expressit.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-platform-expressit
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-platform-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-platform/expressit"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-platform/metadata-promotion.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-platform-metadata-promotion
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-platform-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-platform/metadata-promotion"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-platform/metadatahub.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-platform-metadatahub
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-platform-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-platform/metadatahub"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-platform/portal.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-platform-portal
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-platform-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-platform/portal"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-platform/queryit.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-platform-queryit
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-platform-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-platform/queryit"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-platform/runtime-locator.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-platform-runtime-locator
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-platform-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-platform/runtime-locator"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-platform/rwi.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-platform-rwi
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-platform-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-platform/rwi"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-platform/semantic-discovery.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-platform-semantic-discovery
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-platform-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-platform/semantic-discovery"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-platform/tdm.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-platform-tdm
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-platform-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-platform/tdm"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-platform/testing-framework.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-platform-testing-framework
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-platform-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-platform/testing-framework"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-platform/trw.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-platform-trw
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-platform-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-platform/trw"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/abinitio-system/ab-runtime-operator.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: abinitio-system-ab-runtime-operator
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: abinitio-system-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/abinitio-system/ab-runtime-operator"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio-system
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/certificates/cert-manager.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: certificates-cert-manager
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: certificates-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/certificates/cert-manager"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: cert-manager
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/database/cnpg.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: database-cnpg
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: database-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/database/cnpg"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: abinitio-db
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/ingress/nginx-ingress.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ingress-nginx-ingress
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: ingress-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/ingress/nginx-ingress"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: ingress-nginx
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/applications/storage/csi-driver-nfs.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: storage-csi-driver-nfs
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: storage-project
+  source:
+    repoURL: "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+    targetRevision: HEAD
+    path: "rendered/manifests/k3s-dev/storage/csi-driver-nfs"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: kube-system
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    automated:
+      selfHeal: true
+      prune: true

rendered/argocd/k3s-dev/appprojects/abinitio-common-project.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: abinitio-common-project
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+spec:
+  description: "Abinitio-common project generated for environment k3s-dev"
+  sourceRepos:
+    - "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+  destinations:
+    - server: "https://kubernetes.default.svc"
+      namespace: abinitio
+  clusterResourceWhitelist:
+    - group: "*"
+      kind: "*"
+  namespaceResourceBlacklist:
+    - group: ""
+      kind: "ResourceQuota"

rendered/argocd/k3s-dev/appprojects/abinitio-db-project.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: abinitio-db-project
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+spec:
+  description: "Abinitio-db project generated for environment k3s-dev"
+  sourceRepos:
+    - "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+  destinations:
+    - server: "https://kubernetes.default.svc"
+      namespace: abinitio-db
+  clusterResourceWhitelist:
+    - group: "*"
+      kind: "*"
+  namespaceResourceBlacklist:
+    - group: ""
+      kind: "ResourceQuota"

rendered/argocd/k3s-dev/appprojects/abinitio-platform-project.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: abinitio-platform-project
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+spec:
+  description: "Abinitio-platform project generated for environment k3s-dev"
+  sourceRepos:
+    - "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+  destinations:
+    - server: "https://kubernetes.default.svc"
+      namespace: abinitio
+  clusterResourceWhitelist:
+    - group: "*"
+      kind: "*"
+  namespaceResourceBlacklist:
+    - group: ""
+      kind: "ResourceQuota"

rendered/argocd/k3s-dev/appprojects/abinitio-system-project.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: abinitio-system-project
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+spec:
+  description: "Abinitio-system project generated for environment k3s-dev"
+  sourceRepos:
+    - "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+  destinations:
+    - server: "https://kubernetes.default.svc"
+      namespace: abinitio-system
+  clusterResourceWhitelist:
+    - group: "*"
+      kind: "*"
+  namespaceResourceBlacklist:
+    - group: ""
+      kind: "ResourceQuota"

rendered/argocd/k3s-dev/appprojects/certificates-project.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: certificates-project
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+spec:
+  description: "Certificates project generated for environment k3s-dev"
+  sourceRepos:
+    - "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+  destinations:
+    - server: "https://kubernetes.default.svc"
+      namespace: cert-manager
+  clusterResourceWhitelist:
+    - group: "*"
+      kind: "*"
+  namespaceResourceBlacklist:
+    - group: ""
+      kind: "ResourceQuota"

rendered/argocd/k3s-dev/appprojects/database-project.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: database-project
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+spec:
+  description: "Database project generated for environment k3s-dev"
+  sourceRepos:
+    - "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+  destinations:
+    - server: "https://kubernetes.default.svc"
+      namespace: abinitio-db
+  clusterResourceWhitelist:
+    - group: "*"
+      kind: "*"
+  namespaceResourceBlacklist:
+    - group: ""
+      kind: "ResourceQuota"

rendered/argocd/k3s-dev/appprojects/ingress-project.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: ingress-project
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+spec:
+  description: "Ingress project generated for environment k3s-dev"
+  sourceRepos:
+    - "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+  destinations:
+    - server: "https://kubernetes.default.svc"
+      namespace: ingress-nginx
+  clusterResourceWhitelist:
+    - group: "*"
+      kind: "*"
+  namespaceResourceBlacklist:
+    - group: ""
+      kind: "ResourceQuota"

rendered/argocd/k3s-dev/appprojects/storage-project.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: storage-project
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+spec:
+  description: "Storage project generated for environment k3s-dev"
+  sourceRepos:
+    - "https://gitea.k3s.sg.ic.cloudguild.gcp.abinitio.com/gitea-admin/ab-initio-manifests.git"
+  destinations:
+    - server: "https://kubernetes.default.svc"
+      namespace: kube-system
+  clusterResourceWhitelist:
+    - group: "*"
+      kind: "*"
+  namespaceResourceBlacklist:
+    - group: ""
+      kind: "ResourceQuota"

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_abinitio.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: abinitio
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/abinitio
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/abinitio
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: abinitio

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_admin.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: admin
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/admin
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/admin
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: admin

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_ag-appserver.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ag-appserver
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/ag-appserver
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/ag-appserver
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: ag-appserver

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_ag-db-importer.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ag-db-importer
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/ag-db-importer
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/ag-db-importer
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: ag-db-importer

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_ag-report.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ag-report
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/ag-report
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/ag-report
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: ag-report

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_ag-ui-importer.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ag-ui-importer
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/ag-ui-importer
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/ag-ui-importer
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: ag-ui-importer

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_aiadmin.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: aiadmin
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/aiadmin
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/aiadmin
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: aiadmin

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_aic-join-user.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: aic-join-user
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/aic-join-user
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/aic-join-user
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: aic-join-user

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_azure-client.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: azure-client
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/azure-client
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/azure-client
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: azure-client

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_bridge.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: bridge
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/bridge
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/bridge
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: bridge

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_cafe-join-user.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: cafe-join-user
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/cafe-join-user
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/cafe-join-user
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: cafe-join-user

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_cc-jdbc.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: cc-jdbc
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/cc-jdbc
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/cc-jdbc
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: cc-jdbc

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_cc-join-user.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: cc-join-user
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/cc-join-user
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/cc-join-user
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: cc-join-user

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_dcs-hmac-key.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: dcs-hmac-key
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/dcs-hmac-key
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/dcs-hmac-key
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: dcs-hmac-key

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_dcs-join-user.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: dcs-join-user
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/dcs-join-user
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/dcs-join-user
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: dcs-join-user

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_dcs-utility-user.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: dcs-utility-user
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/dcs-utility-user
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/dcs-utility-user
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: dcs-utility-user

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_ei-join-user.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ei-join-user
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/ei-join-user
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/ei-join-user
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: ei-join-user

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_eme-join-user.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: eme-join-user
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/eme-join-user
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/eme-join-user
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: eme-join-user

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_mhub-appserver.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mhub-appserver
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/mhub-appserver
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/mhub-appserver
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: mhub-appserver

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_mhub-db-importer.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mhub-db-importer
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/mhub-db-importer
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/mhub-db-importer
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: mhub-db-importer

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_mhub-join-user.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mhub-join-user
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/mhub-join-user
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/mhub-join-user
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: mhub-join-user

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_mhub-report.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mhub-report
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/mhub-report
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/mhub-report
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: mhub-report

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_mhub-ui-importer.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mhub-ui-importer
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/mhub-ui-importer
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/mhub-ui-importer
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: mhub-ui-importer

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_mhub-utility-user.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mhub-utility-user
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/mhub-utility-user
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/mhub-utility-user
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: mhub-utility-user

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_ocagent.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ocagent
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/ocagent
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/ocagent
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: ocagent

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_password-key-file.yaml

@@ -0,0 +1,19 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: password-key-file
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      decodingStrategy: Base64
+      key: secret/abinitio/password-key-file
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: password-key-file

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_qi-join-user.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: qi-join-user
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/qi-join-user
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/qi-join-user
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: qi-join-user

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_qiadmin-join-user.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: qiadmin-join-user
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/qiadmin-join-user
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/qiadmin-join-user
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: qiadmin-join-user

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_runtime-locator-join-user.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: runtime-locator-join-user
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/runtime-locator-join-user
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/runtime-locator-join-user
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: runtime-locator-join-user

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_sd-join-user.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: sd-join-user
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/sd-join-user
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/sd-join-user
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: sd-join-user

rendered/manifests/k3s-dev/abinitio-common/passwords/external-secrets.io_v1beta1_externalsecret_trw-join-user.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: trw-join-user
+  namespace: abinitio
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/trw-join-user
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/trw-join-user
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    creationPolicy: Owner
+    name: trw-join-user

rendered/manifests/k3s-dev/abinitio-common/resources/cert-manager.io_v1_certificate_abinitio-tls.yaml

@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: abinitio-tls
+  namespace: abinitio
+spec:
+  dnsNames:
+  - aidp.k3s.sg.ic.cloudguild.gcp.abinitio.com
+  issuerRef:
+    kind: ClusterIssuer
+    name: selfsigned-ca-issuer
+  secretName: abinitio-tls

rendered/manifests/k3s-dev/abinitio-common/resources/v1_persistentvolumeclaim_ab-shared-data-and-appconf-root-claim.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: ab-shared-data-and-appconf-root-claim
+  namespace: abinitio
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 100Gi
+  storageClassName: local-nfs

rendered/manifests/k3s-dev/abinitio-common/resources/v1_serviceaccount_abinitio-sa.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: abinitio-sa
+  namespace: abinitio

rendered/manifests/k3s-dev/abinitio-db/authgateway-db/external-secrets.io_v1beta1_externalsecret_ag-appserver.yaml

@@ -0,0 +1,32 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ag-appserver
+  namespace: abinitio-db
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/ag-appserver
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/ag-appserver
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    name: ag-appserver
+    template:
+      data:
+        jdbc-uri: jdbc:postgresql://authgateway-db-rw.abinitio-db:5432/authgateway?password={{
+          .password }}&user={{ .username }}
+        password: '{{ .password }}'
+        pgpass: authgateway-db-rw:5432:authgateway:{{ .username }}:{{ .password }}
+        uri: postgresql://{{ .username }}:{{ .password }}@authgateway-db-rw.abinitio-db:5432/authgateway
+        username: '{{ .username }}'
+      metadata:
+        labels:
+          cnpg.io/reload: "true"

rendered/manifests/k3s-dev/abinitio-db/authgateway-db/external-secrets.io_v1beta1_externalsecret_ag-db-importer.yaml

@@ -0,0 +1,32 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ag-db-importer
+  namespace: abinitio-db
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/ag-db-importer
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/ag-db-importer
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    name: ag-db-importer
+    template:
+      data:
+        jdbc-uri: jdbc:postgresql://authgateway-db-rw.abinitio-db:5432/authgateway?password={{
+          .password }}&user={{ .username }}
+        password: '{{ .password }}'
+        pgpass: authgateway-db-rw:5432:authgateway:{{ .username }}:{{ .password }}
+        uri: postgresql://{{ .username }}:{{ .password }}@authgateway-db-rw.abinitio-db:5432/authgateway
+        username: '{{ .username }}'
+      metadata:
+        labels:
+          cnpg.io/reload: "true"

rendered/manifests/k3s-dev/abinitio-db/authgateway-db/external-secrets.io_v1beta1_externalsecret_ag-report.yaml

@@ -0,0 +1,32 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ag-report
+  namespace: abinitio-db
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/ag-report
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/ag-report
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    name: ag-report
+    template:
+      data:
+        jdbc-uri: jdbc:postgresql://authgateway-db-rw.abinitio-db:5432/authgateway?password={{
+          .password }}&user={{ .username }}
+        password: '{{ .password }}'
+        pgpass: authgateway-db-rw:5432:authgateway:{{ .username }}:{{ .password }}
+        uri: postgresql://{{ .username }}:{{ .password }}@authgateway-db-rw.abinitio-db:5432/authgateway
+        username: '{{ .username }}'
+      metadata:
+        labels:
+          cnpg.io/reload: "true"

rendered/manifests/k3s-dev/abinitio-db/authgateway-db/postgresql.cnpg.io_v1_cluster_authgateway.yaml

@@ -0,0 +1,45 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: authgateway
+  namespace: abinitio-db
+spec:
+  bootstrap:
+    initdb:
+      database: authgateway
+      owner: ag_appserver
+      postInitApplicationSQLRefs:
+        configMapRefs:
+        - key: authgateway.sql
+          name: authgateway-sql
+      secret:
+        name: ag-appserver
+  imageName: ghcr.io/cloudnative-pg/postgresql:16
+  instances: 2
+  managed:
+    roles:
+    - login: true
+      name: ag_appserver
+      passwordSecret:
+        name: ag-appserver
+    - login: true
+      name: ag_importer
+      passwordSecret:
+        name: ag-db-importer
+    - login: true
+      name: ag_report
+      passwordSecret:
+        name: ag-report
+  postgresql:
+    parameters:
+      effective_cache_size: 6GB
+      shared_buffers: 3GB
+  resources:
+    limits:
+      cpu: 3
+      memory: 12Gi
+    requests:
+      cpu: 1
+      memory: 4Gi
+  storage:
+    size: 30Gi

rendered/manifests/k3s-dev/abinitio-db/authgateway-db/v1_configmap_authgateway-sql.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+data:
+  authgateway.sql: |
+    CREATE ROLE ag_importer;
+    CREATE ROLE ag_report;
+    CREATE SCHEMA ag_meta AUTHORIZATION ag_appserver;
+    CREATE SCHEMA ag_main AUTHORIZATION ag_appserver;
+    GRANT USAGE ON SCHEMA ag_meta TO ag_importer;
+    GRANT USAGE ON SCHEMA ag_main TO ag_importer;
+    GRANT USAGE ON SCHEMA ag_meta TO ag_report;
+    GRANT USAGE ON SCHEMA ag_main TO ag_report;
+kind: ConfigMap
+metadata:
+  name: authgateway-sql
+  namespace: abinitio-db

rendered/manifests/k3s-dev/abinitio-db/controlcenter-db/external-secrets.io_v1beta1_externalsecret_cc-jdbc.yaml

@@ -0,0 +1,33 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: cc-jdbc
+  namespace: abinitio-db
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/cc-jdbc
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/cc-jdbc
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    name: cc-jdbc
+    template:
+      data:
+        jdbc-uri: jdbc:postgresql://controlcenter-db-rw.abinitio-db:5432/controlcenter?password={{
+          .password }}&user={{ .username }}
+        password: '{{ .password }}'
+        pgpass: controlcenter-db-rw:5432:controlcenter:{{ .username }}:{{ .password
+          }}
+        uri: postgresql://{{ .username }}:{{ .password }}@controlcenter-db-rw.abinitio-db:5432/controlcenter
+        username: '{{ .username }}'
+      metadata:
+        labels:
+          cnpg.io/reload: "true"

rendered/manifests/k3s-dev/abinitio-db/controlcenter-db/postgresql.cnpg.io_v1_cluster_controlcenter.yaml

@@ -0,0 +1,37 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: controlcenter
+  namespace: abinitio-db
+spec:
+  bootstrap:
+    initdb:
+      database: controlcenter
+      owner: cc_jdbc
+      postInitApplicationSQLRefs:
+        configMapRefs:
+        - key: controlcenter.sql
+          name: controlcenter-sql
+      secret:
+        name: cc-jdbc
+  imageName: ghcr.io/cloudnative-pg/postgresql:16
+  instances: 2
+  managed:
+    roles:
+    - login: true
+      name: cc_jdbc
+      passwordSecret:
+        name: cc-jdbc
+  postgresql:
+    parameters:
+      effective_cache_size: 4GB
+      shared_buffers: 2GB
+  resources:
+    limits:
+      cpu: 2
+      memory: 8Gi
+    requests:
+      cpu: 1
+      memory: 4Gi
+  storage:
+    size: 30Gi

rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/external-secrets.io_v1beta1_externalsecret_mhub-appserver.yaml

@@ -0,0 +1,32 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mhub-appserver
+  namespace: abinitio-db
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/mhub-appserver
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/mhub-appserver
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    name: mhub-appserver
+    template:
+      data:
+        jdbc-uri: jdbc:postgresql://metadatahub-db-rw.abinitio-db:5432/metadatahub?password={{
+          .password }}&user={{ .username }}
+        password: '{{ .password }}'
+        pgpass: metadatahub-db-rw:5432:metadatahub:{{ .username }}:{{ .password }}
+        uri: postgresql://{{ .username }}:{{ .password }}@metadatahub-db-rw.abinitio-db:5432/metadatahub
+        username: '{{ .username }}'
+      metadata:
+        labels:
+          cnpg.io/reload: "true"

rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/external-secrets.io_v1beta1_externalsecret_mhub-db-importer.yaml

@@ -0,0 +1,32 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mhub-db-importer
+  namespace: abinitio-db
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/mhub-db-importer
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/mhub-db-importer
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    name: mhub-db-importer
+    template:
+      data:
+        jdbc-uri: jdbc:postgresql://metadatahub-db-rw.abinitio-db:5432/metadatahub?password={{
+          .password }}&user={{ .username }}
+        password: '{{ .password }}'
+        pgpass: metadatahub-db-rw:5432:metadatahub:{{ .username }}:{{ .password }}
+        uri: postgresql://{{ .username }}:{{ .password }}@metadatahub-db-rw.abinitio-db:5432/metadatahub
+        username: '{{ .username }}'
+      metadata:
+        labels:
+          cnpg.io/reload: "true"

rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/external-secrets.io_v1beta1_externalsecret_mhub-report.yaml

@@ -0,0 +1,32 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mhub-report
+  namespace: abinitio-db
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/mhub-report
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/mhub-report
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    name: mhub-report
+    template:
+      data:
+        jdbc-uri: jdbc:postgresql://metadatahub-db-rw.abinitio-db:5432/metadatahub?password={{
+          .password }}&user={{ .username }}
+        password: '{{ .password }}'
+        pgpass: metadatahub-db-rw:5432:metadatahub:{{ .username }}:{{ .password }}
+        uri: postgresql://{{ .username }}:{{ .password }}@metadatahub-db-rw.abinitio-db:5432/metadatahub
+        username: '{{ .username }}'
+      metadata:
+        labels:
+          cnpg.io/reload: "true"

rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/postgresql.cnpg.io_v1_cluster_metadatahub.yaml

@@ -0,0 +1,45 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: metadatahub
+  namespace: abinitio-db
+spec:
+  bootstrap:
+    initdb:
+      database: metadatahub
+      owner: mhub_appserver
+      postInitApplicationSQLRefs:
+        configMapRefs:
+        - key: metadatahub.sql
+          name: metadatahub-sql
+      secret:
+        name: mhub-appserver
+  imageName: ghcr.io/cloudnative-pg/postgresql:16
+  instances: 2
+  managed:
+    roles:
+    - login: true
+      name: mhub_appserver
+      passwordSecret:
+        name: mhub-appserver
+    - login: true
+      name: mhub_importer
+      passwordSecret:
+        name: mhub-db-importer
+    - login: true
+      name: mhub_report
+      passwordSecret:
+        name: mhub-report
+  postgresql:
+    parameters:
+      effective_cache_size: 12GB
+      shared_buffers: 6GB
+  resources:
+    limits:
+      cpu: 6
+      memory: 24Gi
+    requests:
+      cpu: 3
+      memory: 12Gi
+  storage:
+    size: 60Gi

rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/v1_configmap_metadatahub-sql.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+data:
+  metadatahub.sql: |
+    CREATE ROLE mhub_importer;
+    CREATE ROLE mhub_report;
+    CREATE SCHEMA mhub_meta AUTHORIZATION mhub_appserver;
+    CREATE SCHEMA mhub_main AUTHORIZATION mhub_appserver;
+    GRANT USAGE ON SCHEMA mhub_meta TO mhub_importer;
+    GRANT USAGE ON SCHEMA mhub_main TO mhub_importer;
+    GRANT USAGE ON SCHEMA mhub_meta TO mhub_report;
+    GRANT USAGE ON SCHEMA mhub_main TO mhub_report;
+kind: ConfigMap
+metadata:
+  name: metadatahub-sql
+  namespace: abinitio-db

rendered/manifests/k3s-dev/abinitio-platform/authgateway/apps_v1_deployment_authgateway-importer.yaml

@@ -0,0 +1,362 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/instance: authgateway-importer
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: authgateway-importer
+    app.kubernetes.io/part-of: AbInitio
+    app.kubernetes.io/version: 4.4.1
+    helm.sh/chart: authgateway-importer-2.4.3-a
+  name: authgateway-importer
+  namespace: abinitio
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: authgateway-importer
+      app.kubernetes.io/name: authgateway-importer
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: authgateway-importer
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: authgateway-importer
+        app.kubernetes.io/part-of: AbInitio
+        app.kubernetes.io/version: 4.4.1
+        helm.sh/chart: authgateway-importer-2.4.3-a
+      name: authgateway-importer
+    spec:
+      containers:
+      - args:
+        - --ab-k8s-start-reporter
+        - "true"
+        - --ab-k8s-job-launch-script
+        - /ab-setup/setup_pod.sh
+        command:
+        - ab-container-entrypoint.ksh
+        env:
+        - name: AB_AG_ENCRYPTED_PASSWORD
+          value: file=/secrets/aiadmin/password
+        - name: AB_AG_USERNAME
+          value: aiadmin
+        - name: AB_ALLOW_FILE_LOCK_ON_REMOTE_FILE_SYSTEM
+          value: "true"
+        - name: AB_AUTHORIZATION_GATEWAY_URL
+          value: http://authgateway:8080/authgateway
+        - name: AB_BRIDGE_CONFIGURATION_DIR
+          value: /abinitio/bridge
+        - name: AB_BRIDGE_CONFIGURATION_NAME
+          value: container-bridge
+        - name: AB_CHARSET
+          value: utf-8
+        - name: AB_CONFIGURATION
+          value: /config/pod/abinitiorc:/config/pod/apphubrc
+        - name: AB_CONNECTION_BRIDGE_ENCRYPTED_RPC_ENCRYPTION_KEY
+          value: file=/secrets/bridge/password
+        - name: AB_CONNECTION_BRIDGE_PORT
+          value: "7070"
+        - name: AB_CONNECTION_BRIDGE_RPC_ENCRYPTION_TYPE
+          value: aes128-gcm
+        - name: AB_CONNECTION_BRIDGE_SECURITY_CONFIGURATION
+          value: container-bridge-security
+        - name: AB_HOSTNAME_KEYSERVER_URLS
+          value: abks://key-server:6151
+        - name: AB_IPV4_ONLY
+          value: "true"
+        - name: AB_K8S_MAX_IDLE_SECONDS
+          value: "0"
+        - name: AB_K8S_START_BRIDGE
+          value: background
+        - name: AB_K8S_START_REPORTER
+          value: "true"
+        - name: AB_KEY_DAEMON_DIR
+          value: /tmp/abkc/data
+        - name: AB_MHUB_ENCRYPTED_PASSWORD
+          value: file=/secrets/aiadmin/password
+        - name: AB_MHUB_USERNAME
+          value: aiadmin
+        - name: AB_MUX_ENABLE_AG_CREDENTIAL_MAPPING
+          value: "true"
+        - name: AB_OPS_CONSOLE_URL
+          value: http://controlcenter:8080/controlcenter
+        - name: AB_OPS_PHYSICAL_HOSTNAME
+          value: authgateway-importer
+        - name: AB_OPS_WSS_ENCRYPTED_PASSWORD
+          value: file=/secrets/ocagent/password
+        - name: AB_OPS_WSS_USERNAME
+          value: ocagent
+        - name: AB_PASSWORD_KEY_FILE
+          value: /secrets/password_key_file/password
+        - name: APP_FULL_URL
+          value: http://authgateway:8080/authgateway
+        - name: BRIDGE_AB_ENCRYPTED_KEY
+          value: file=/secrets/bridge/password
+        - name: CC_ADMIN_ENCRYPTED_PASSWORD
+          value: file=/secrets/aiadmin/password
+        - name: CC_ADMIN_USERNAME
+          value: aiadmin
+        - name: CMAP_MOUNT
+          value: /config/pod
+        - name: DEPLOY_NAME
+          value: authgateway-importer
+        - name: JAVA_OPTS
+          value: -XX:InitialRAMPercentage=50.0 -XX:MaxRAMPercentage=75.0
+        - name: LOAD_PHYSOBJECTS
+          value: "true"
+        - name: MHUB_IMPORTER_ENCRYPTED_PASSWORD
+          value: file=/secrets/aiadmin/password
+        - name: NAMESPACE
+          value: abinitio
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        - name: POD_LABEL
+          value: 'abinitio/product: authgateway-importer, abinitio/deployment: authgateway-importer'
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_SERVICE
+          value: authgateway-importer
+        - name: POD_SERVICE_HEADLESS
+          value: authgateway-importer-headless
+        image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/authgateway-importer:4.4.1.1-1
+        imagePullPolicy: IfNotPresent
+        name: authgateway-importer
+        readinessProbe:
+          exec:
+            command:
+            - stat
+            - /tmp/.pod.ready
+          failureThreshold: 120
+          initialDelaySeconds: 45
+          periodSeconds: 10
+        resources:
+          limits:
+            ephemeral-storage: 8Gi
+            memory: 12Gi
+          requests:
+            cpu: "1"
+            ephemeral-storage: 8Gi
+            memory: 8Gi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          runAsGroup: 1000
+          runAsNonRoot: true
+          runAsUser: 1000
+          seccompProfile:
+            type: RuntimeDefault
+        volumeMounts:
+        - mountPath: /config/pod
+          name: pod-config
+        - mountPath: /abinitio
+          name: abinitio-local
+        - mountPath: /secrets/aiadmin/password
+          name: aiadmin
+          subPath: password
+        - mountPath: /secrets/ocagent/password
+          name: ocagent
+          subPath: password
+        - mountPath: /secrets/bridge/password
+          name: bridge
+          subPath: password
+        - mountPath: /secrets/eme_join_user/password
+          name: eme-join-user
+          subPath: password
+        - mountPath: /secrets/qi_join_user/password
+          name: qi-join-user
+          subPath: password
+        - mountPath: /secrets/dcs_utility_user/password
+          name: dcs-utility-user
+          subPath: password
+        - mountPath: /secrets/mhub_utility_user/password
+          name: mhub-utility-user
+          subPath: password
+        - mountPath: /secrets/ag_db_importer/password
+          name: ag-db-importer
+          subPath: password
+        - mountPath: /secrets/admin/password
+          name: admin
+          subPath: password
+        - mountPath: /secrets/ag_ui_importer/password
+          name: ag-ui-importer
+          subPath: password
+        - mountPath: /secrets/cafe_join_user/password
+          name: cafe-join-user
+          subPath: password
+        - mountPath: /secrets/cc_join_user/password
+          name: cc-join-user
+          subPath: password
+        - mountPath: /secrets/dcs_join_user/password
+          name: dcs-join-user
+          subPath: password
+        - mountPath: /secrets/ei_join_user/password
+          name: ei-join-user
+          subPath: password
+        - mountPath: /secrets/mhub_join_user/password
+          name: mhub-join-user
+          subPath: password
+        - mountPath: /secrets/qiadmin_join_user/password
+          name: qiadmin-join-user
+          subPath: password
+        - mountPath: /secrets/sd_join_user/password
+          name: sd-join-user
+          subPath: password
+        - mountPath: /secrets/trw_join_user/password
+          name: trw-join-user
+          subPath: password
+        - mountPath: /secrets/mhub_db_importer/password
+          name: mhub-db-importer
+          subPath: password
+        - mountPath: /secrets/mhub_ui_importer/password
+          name: mhub-ui-importer
+          subPath: password
+        - mountPath: /secrets/ag_appserver/password
+          name: ag-appserver
+          subPath: password
+        - mountPath: /secrets/ag_report/password
+          name: ag-report
+          subPath: password
+        - mountPath: /secrets/cc_jdbc/password
+          name: cc-jdbc
+          subPath: password
+        - mountPath: /secrets/dcs_hmac_key/password
+          name: dcs-hmac-key
+          subPath: password
+        - mountPath: /secrets/abinitio/password
+          name: abinitio
+          subPath: password
+        - mountPath: /secrets/mhub_appserver/password
+          name: mhub-appserver
+          subPath: password
+        - mountPath: /secrets/mhub_report/password
+          name: mhub-report
+          subPath: password
+        - mountPath: /secrets/runtime_locator_join_user/password
+          name: runtime-locator-join-user
+          subPath: password
+        - mountPath: /secrets/password_key_file/password
+          name: password-key-file
+          subPath: password
+        - mountPath: /tmp
+          name: tmp-volume
+      hostAliases:
+      - hostnames:
+        - authgateway-importer.abinitio
+        ip: 127.0.0.1
+      hostname: authgateway-importer
+      initContainers: null
+      securityContext:
+        fsGroup: 1000
+        fsGroupChangePolicy: OnRootMismatch
+        runAsGroup: 1000
+        runAsNonRoot: true
+        runAsUser: 1000
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: abinitio-sa
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - configMap:
+          defaultMode: 511
+          name: authgateway-importer
+        name: pod-config
+      - name: abinitio-local
+        persistentVolumeClaim:
+          claimName: authgateway-importer-claim
+      - emptyDir: {}
+        name: tmp-volume
+      - name: aiadmin
+        secret:
+          secretName: aiadmin
+      - name: ocagent
+        secret:
+          secretName: ocagent
+      - name: bridge
+        secret:
+          secretName: bridge
+      - name: eme-join-user
+        secret:
+          secretName: eme-join-user
+      - name: qi-join-user
+        secret:
+          secretName: qi-join-user
+      - name: dcs-utility-user
+        secret:
+          secretName: dcs-utility-user
+      - name: mhub-utility-user
+        secret:
+          secretName: mhub-utility-user
+      - name: ag-db-importer
+        secret:
+          secretName: ag-db-importer
+      - name: admin
+        secret:
+          secretName: admin
+      - name: ag-ui-importer
+        secret:
+          secretName: ag-ui-importer
+      - name: cafe-join-user
+        secret:
+          secretName: cafe-join-user
+      - name: cc-join-user
+        secret:
+          secretName: cc-join-user
+      - name: dcs-join-user
+        secret:
+          secretName: dcs-join-user
+      - name: ei-join-user
+        secret:
+          secretName: ei-join-user
+      - name: mhub-join-user
+        secret:
+          secretName: mhub-join-user
+      - name: qiadmin-join-user
+        secret:
+          secretName: qiadmin-join-user
+      - name: sd-join-user
+        secret:
+          secretName: sd-join-user
+      - name: trw-join-user
+        secret:
+          secretName: trw-join-user
+      - name: mhub-db-importer
+        secret:
+          secretName: mhub-db-importer
+      - name: mhub-ui-importer
+        secret:
+          secretName: mhub-ui-importer
+      - name: ag-appserver
+        secret:
+          secretName: ag-appserver
+      - name: ag-report
+        secret:
+          secretName: ag-report
+      - name: cc-jdbc
+        secret:
+          secretName: cc-jdbc
+      - name: dcs-hmac-key
+        secret:
+          secretName: dcs-hmac-key
+      - name: abinitio
+        secret:
+          secretName: abinitio
+      - name: mhub-appserver
+        secret:
+          secretName: mhub-appserver
+      - name: mhub-report
+        secret:
+          secretName: mhub-report
+      - name: runtime-locator-join-user
+        secret:
+          secretName: runtime-locator-join-user
+      - name: password-key-file
+        secret:
+          secretName: password-key-file

rendered/manifests/k3s-dev/abinitio-platform/authgateway/apps_v1_deployment_authgateway.yaml

@@ -0,0 +1,312 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    abinitio/deployment: authgateway
+    app.kubernetes.io/instance: authgateway
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: authgateway
+    app.kubernetes.io/part-of: AbInitio
+    app.kubernetes.io/version: 4.4.1
+    helm.sh/chart: authgateway-2.4.3-a
+  name: authgateway
+  namespace: abinitio
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: authgateway
+      app.kubernetes.io/name: authgateway
+  template:
+    metadata:
+      labels:
+        abinitio/deployment: authgateway
+        app.kubernetes.io/instance: authgateway
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: authgateway
+        app.kubernetes.io/part-of: AbInitio
+        app.kubernetes.io/version: 4.4.1
+        helm.sh/chart: authgateway-2.4.3-a
+      name: authgateway
+    spec:
+      containers:
+      - env:
+        - name: AB_CONFIG_PROVIDER_URL
+          value: file://localhost/config
+        - name: AB_IPV4_ONLY
+          value: "true"
+        - name: AB_PASSWORD_KEY_FILE
+          value: /secrets/password_key_file/password
+        - name: CATALINA_TMPDIR
+          value: /tmp
+        - name: DEPLOY_NAME
+          value: authgateway
+        - name: JAVA_OPTS
+          value: -XX:InitialRAMPercentage=50.0 -XX:MaxRAMPercentage=75.0
+        - name: LOAD_PHYSOBJECTS
+          value: "true"
+        - name: NAMESPACE
+          value: abinitio
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        - name: POD_LABEL
+          value: 'abinitio/product: authgateway, abinitio/deployment: authgateway'
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_SERVICE
+          value: authgateway
+        image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/authgateway:4.4.1.1-1
+        imagePullPolicy: IfNotPresent
+        lifecycle:
+          preStop:
+            exec:
+              command:
+              - /bin/sh
+              - -c
+              - ${CATALINA_HOME}/bin/catalina.sh stop
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /authgateway/api/abwebinternal/health/k8s/liveness
+            port: 8080
+          initialDelaySeconds: 5
+          periodSeconds: 30
+        name: authgateway-app
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /authgateway/api/abwebinternal/health/k8s/readiness
+            port: 8080
+          initialDelaySeconds: 10
+          periodSeconds: 30
+        resources:
+          limits:
+            ephemeral-storage: 2Gi
+            memory: 8Gi
+          requests:
+            cpu: "1"
+            ephemeral-storage: 2Gi
+            memory: 8Gi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          runAsGroup: 1000
+          runAsNonRoot: true
+          runAsUser: 1000
+          seccompProfile:
+            type: RuntimeDefault
+        startupProbe:
+          failureThreshold: 60
+          httpGet:
+            path: /authgateway/api/abwebinternal/health/k8s/startup
+            port: 8080
+          initialDelaySeconds: 60
+          periodSeconds: 30
+        volumeMounts:
+        - mountPath: /config/authgateway
+          name: app-external-config
+        - mountPath: /abinitio
+          name: abinitio-local
+        - mountPath: /tmp
+          name: tmp-volume
+        - mountPath: /secrets/aiadmin/password
+          name: aiadmin
+          subPath: password
+        - mountPath: /secrets/ocagent/password
+          name: ocagent
+          subPath: password
+        - mountPath: /secrets/bridge/password
+          name: bridge
+          subPath: password
+        - mountPath: /secrets/eme_join_user/password
+          name: eme-join-user
+          subPath: password
+        - mountPath: /secrets/qi_join_user/password
+          name: qi-join-user
+          subPath: password
+        - mountPath: /secrets/dcs_utility_user/password
+          name: dcs-utility-user
+          subPath: password
+        - mountPath: /secrets/mhub_utility_user/password
+          name: mhub-utility-user
+          subPath: password
+        - mountPath: /secrets/ag_db_importer/password
+          name: ag-db-importer
+          subPath: password
+        - mountPath: /secrets/admin/password
+          name: admin
+          subPath: password
+        - mountPath: /secrets/ag_ui_importer/password
+          name: ag-ui-importer
+          subPath: password
+        - mountPath: /secrets/cafe_join_user/password
+          name: cafe-join-user
+          subPath: password
+        - mountPath: /secrets/cc_join_user/password
+          name: cc-join-user
+          subPath: password
+        - mountPath: /secrets/dcs_join_user/password
+          name: dcs-join-user
+          subPath: password
+        - mountPath: /secrets/ei_join_user/password
+          name: ei-join-user
+          subPath: password
+        - mountPath: /secrets/mhub_join_user/password
+          name: mhub-join-user
+          subPath: password
+        - mountPath: /secrets/qiadmin_join_user/password
+          name: qiadmin-join-user
+          subPath: password
+        - mountPath: /secrets/sd_join_user/password
+          name: sd-join-user
+          subPath: password
+        - mountPath: /secrets/trw_join_user/password
+          name: trw-join-user
+          subPath: password
+        - mountPath: /secrets/mhub_db_importer/password
+          name: mhub-db-importer
+          subPath: password
+        - mountPath: /secrets/mhub_ui_importer/password
+          name: mhub-ui-importer
+          subPath: password
+        - mountPath: /secrets/ag_appserver/password
+          name: ag-appserver
+          subPath: password
+        - mountPath: /secrets/ag_report/password
+          name: ag-report
+          subPath: password
+        - mountPath: /secrets/cc_jdbc/password
+          name: cc-jdbc
+          subPath: password
+        - mountPath: /secrets/dcs_hmac_key/password
+          name: dcs-hmac-key
+          subPath: password
+        - mountPath: /secrets/abinitio/password
+          name: abinitio
+          subPath: password
+        - mountPath: /secrets/mhub_appserver/password
+          name: mhub-appserver
+          subPath: password
+        - mountPath: /secrets/mhub_report/password
+          name: mhub-report
+          subPath: password
+        - mountPath: /secrets/runtime_locator_join_user/password
+          name: runtime-locator-join-user
+          subPath: password
+        - mountPath: /secrets/password_key_file/password
+          name: password-key-file
+          subPath: password
+      hostname: authgateway
+      initContainers: null
+      securityContext:
+        fsGroup: 1000
+        fsGroupChangePolicy: OnRootMismatch
+        runAsGroup: 1000
+        runAsNonRoot: true
+        runAsUser: 1000
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: abinitio-sa
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - emptyDir: {}
+        name: abinitio-local
+      - configMap:
+          defaultMode: 511
+          name: authgateway-external-config
+        name: app-external-config
+      - emptyDir: {}
+        name: tmp-volume
+      - name: aiadmin
+        secret:
+          secretName: aiadmin
+      - name: ocagent
+        secret:
+          secretName: ocagent
+      - name: bridge
+        secret:
+          secretName: bridge
+      - name: eme-join-user
+        secret:
+          secretName: eme-join-user
+      - name: qi-join-user
+        secret:
+          secretName: qi-join-user
+      - name: dcs-utility-user
+        secret:
+          secretName: dcs-utility-user
+      - name: mhub-utility-user
+        secret:
+          secretName: mhub-utility-user
+      - name: ag-db-importer
+        secret:
+          secretName: ag-db-importer
+      - name: admin
+        secret:
+          secretName: admin
+      - name: ag-ui-importer
+        secret:
+          secretName: ag-ui-importer
+      - name: cafe-join-user
+        secret:
+          secretName: cafe-join-user
+      - name: cc-join-user
+        secret:
+          secretName: cc-join-user
+      - name: dcs-join-user
+        secret:
+          secretName: dcs-join-user
+      - name: ei-join-user
+        secret:
+          secretName: ei-join-user
+      - name: mhub-join-user
+        secret:
+          secretName: mhub-join-user
+      - name: qiadmin-join-user
+        secret:
+          secretName: qiadmin-join-user
+      - name: sd-join-user
+        secret:
+          secretName: sd-join-user
+      - name: trw-join-user
+        secret:
+          secretName: trw-join-user
+      - name: mhub-db-importer
+        secret:
+          secretName: mhub-db-importer
+      - name: mhub-ui-importer
+        secret:
+          secretName: mhub-ui-importer
+      - name: ag-appserver
+        secret:
+          secretName: ag-appserver
+      - name: ag-report
+        secret:
+          secretName: ag-report
+      - name: cc-jdbc
+        secret:
+          secretName: cc-jdbc
+      - name: dcs-hmac-key
+        secret:
+          secretName: dcs-hmac-key
+      - name: abinitio
+        secret:
+          secretName: abinitio
+      - name: mhub-appserver
+        secret:
+          secretName: mhub-appserver
+      - name: mhub-report
+        secret:
+          secretName: mhub-report
+      - name: runtime-locator-join-user
+        secret:
+          secretName: runtime-locator-join-user
+      - name: password-key-file
+        secret:
+          secretName: password-key-file

rendered/manifests/k3s-dev/abinitio-platform/authgateway/v1_configmap_authgateway-importer.yaml

@@ -0,0 +1,73 @@
+apiVersion: v1
+data:
+  abinitiorc: |
+    AB_AG_LOCAL_ROOT : /abinitio/deploy
+    AB_BRIDGE_WORKDIR @ container-bridge : /tmp/container-bridge-workdir
+    AB_CHARSET : utf-8
+    AB_HOSTNAME_KEYSERVER_URLS : abks://key-server:6151
+    AB_OPS_CONSOLE_URL : http://controlcenter:8080/controlcenter
+    AB_OPS_MONITOR : true
+    AB_OPS_MONITOR_RESOURCES : false
+    AB_OPS_PHYSICAL_HOSTNAME : authgateway-importer
+    AB_PROC_DIR : /tmp
+    AB_WORK_DIR : /abinitio/work
+  apphubrc: |
+    AB_BRIDGE_VOLATILE_DIR : /tmp/ab-bridge-volatile-dir
+    AB_KEYSERVER_GROUP : AI-IC-AWS001a
+    AB_KEYSERVER_URLS : abks://key-server:6150
+  deploy_params.config: |
+    appserver.cluster.option: '3'
+    appserver.host: 'authgateway'
+    appserver.port: '8080'
+    appserver.protocol: 'http'
+    appserver.type: 'tomcat'
+    bridge.config: 'container-bridge'
+    bridge.create.security.config: 'N'
+    bridge.host: 'authgateway-importer'
+    bridge.port: '7070'
+    bridge.rpc.aes128gcm.ab_encrypted_key: 'file=/secrets/bridge/password'
+    bridge.rpc.aes128gcm.mhub_encrypted_key: 'file=/secrets/bridge/password'
+    bridge.security_config: 'container-bridge-security'
+    bridge.security_type: 'aes-128-gcm'
+    db.appserver.mhub_encrypted_password: 'file=/secrets/ag_appserver/password'
+    db.appserver.username: 'ag_appserver'
+    db.create: 'Y'
+    db.create_physical: 'N'
+    db.datastore.destroy_if_exists: 'N'
+    db.host: 'authgateway-rw.abinitio-db.svc'
+    db.importer.ab_encrypted_password: 'file=/secrets/ag_db_importer/password'
+    db.importer.mhub_encrypted_password: 'file=/secrets/ag_db_importer/password'
+    db.importer.username: 'ag_importer'
+    db.name: 'authgateway'
+    db.port: '5432'
+    db.report.mhub_encrypted_password: 'file=/secrets/ag_report/password'
+    db.report.username: 'ag_report'
+    db.type: 'postgresql'
+    deployment.name: 'authgateway-importer'
+    deployment.set_server_config: 'N'
+    deployment.type_basic: 'N'
+    lineage.server: 'N'
+    lineageserver.url: ''
+    security.encryption.keyDirectory: ''
+    security.encryption.useExternalKey: 'N'
+    ui.webaccess.admin.ab_encrypted_password: 'file=/secrets/admin/password'
+    ui.webaccess.admin.password_hash_encrypted: 'file=/secrets/admin/password'
+    ui.webaccess.importer.ab_encrypted_password: 'file=/secrets/ag_ui_importer/password'
+    ui.webaccess.importer.password_hash_encrypted: 'file=/secrets/ag_ui_importer/password'
+    webapp.app_name: 'authgateway'
+    webapp.cluster.hosts: 'authgateway-jgroup'
+    webapp.cluster.port: '7800'
+    webapp.clustered.deployment: 'Y'
+    webapp.deploy_warfile: 'N'
+    webapp.indexDirectoryRoot: 'file:///abinitio/data/searchIndex'
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/instance: authgateway-importer
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: authgateway-importer
+    app.kubernetes.io/part-of: AbInitio
+    app.kubernetes.io/version: 4.4.1
+    helm.sh/chart: authgateway-importer-2.4.3-a
+  name: authgateway-importer
+  namespace: abinitio

rendered/manifests/k3s-dev/abinitio-platform/authgateway/v1_persistentvolumeclaim_authgateway-importer-claim.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    app.kubernetes.io/instance: authgateway-importer
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: authgateway-importer
+    app.kubernetes.io/part-of: AbInitio
+    app.kubernetes.io/version: 4.4.1
+    helm.sh/chart: authgateway-importer-2.4.3-a
+  name: authgateway-importer-claim
+  namespace: abinitio
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi

rendered/manifests/k3s-dev/abinitio-platform/authgateway/v1_service_authgateway-importer.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: authgateway-importer
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: authgateway-importer
+    app.kubernetes.io/part-of: AbInitio
+    app.kubernetes.io/version: 4.4.1
+    helm.sh/chart: authgateway-importer-2.4.3-a
+  name: authgateway-importer
+  namespace: abinitio
+spec:
+  ports:
+  - name: bridge
+    port: 7070
+    protocol: TCP
+    targetPort: 7070
+  publishNotReadyAddresses: true
+  selector:
+    app.kubernetes.io/instance: authgateway-importer
+    app.kubernetes.io/name: authgateway-importer
+  type: ClusterIP

rendered/manifests/k3s-dev/abinitio-platform/authgateway/v1_service_authgateway-jgroup.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    abinitio/deployment: authgateway
+    app.kubernetes.io/instance: authgateway
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: authgateway
+    app.kubernetes.io/part-of: AbInitio
+    app.kubernetes.io/version: 4.4.1
+    helm.sh/chart: authgateway-2.4.3-a
+  name: authgateway-jgroup
+  namespace: abinitio
+spec:
+  clusterIP: None
+  ports:
+  - name: jgroup-channel
+    port: 7800
+    protocol: TCP
+    targetPort: 7800
+  publishNotReadyAddresses: true
+  selector:
+    app.kubernetes.io/instance: authgateway
+    app.kubernetes.io/name: authgateway
+  type: ClusterIP

rendered/manifests/k3s-dev/abinitio-platform/authgateway/v1_service_authgateway.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    abinitio/deployment: authgateway
+    app.kubernetes.io/instance: authgateway
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: authgateway
+    app.kubernetes.io/part-of: AbInitio
+    app.kubernetes.io/version: 4.4.1
+    helm.sh/chart: authgateway-2.4.3-a
+  name: authgateway
+  namespace: abinitio
+spec:
+  ports:
+  - name: http
+    port: 8080
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app.kubernetes.io/instance: authgateway
+    app.kubernetes.io/name: authgateway
+  sessionAffinity: ClientIP
+  sessionAffinityConfig:
+    clientIP:
+      timeoutSeconds: 86400
+  type: ClusterIP

rendered/manifests/k3s-dev/abinitio-platform/blueprints/apps_v1_deployment_blueprints.yaml

@@ -0,0 +1,362 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/instance: blueprints
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: blueprints
+    app.kubernetes.io/part-of: AbInitio
+    app.kubernetes.io/version: 4.4.1
+    helm.sh/chart: blueprints-2.4.3-a
+  name: blueprints
+  namespace: abinitio
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: blueprints
+      app.kubernetes.io/name: blueprints
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: blueprints
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: blueprints
+        app.kubernetes.io/part-of: AbInitio
+        app.kubernetes.io/version: 4.4.1
+        helm.sh/chart: blueprints-2.4.3-a
+      name: blueprints
+    spec:
+      containers:
+      - args:
+        - --ab-k8s-job-launch-script
+        - /ab-setup/setup_pod.sh
+        command:
+        - ab-container-entrypoint.ksh
+        env:
+        - name: AB_AIR_ENCRYPTED_PASSWORD
+          value: file=/secrets/aiadmin/password
+        - name: AB_AIR_ROOT
+          value: //eme-0.eme-headless/abinitio/eme/eme
+        - name: AB_AIR_USER
+          value: aiadmin
+        - name: AB_ALLOW_FILE_LOCK_ON_REMOTE_FILE_SYSTEM
+          value: "true"
+        - name: AB_AUTHORIZATION_GATEWAY_URL
+          value: http://authgateway:8080/authgateway
+        - name: AB_BRIDGE_CONFIGURATION_DIR
+          value: /abinitio/bridge
+        - name: AB_BRIDGE_CONFIGURATION_NAME
+          value: container-bridge
+        - name: AB_CHARSET
+          value: utf-8
+        - name: AB_CONFIGURATION
+          value: /config/pod/abinitiorc:/config/pod/apphubrc
+        - name: AB_CONNECTION_BRIDGE_ENCRYPTED_RPC_ENCRYPTION_KEY
+          value: file=/secrets/bridge/password
+        - name: AB_CONNECTION_BRIDGE_PORT
+          value: "7070"
+        - name: AB_CONNECTION_BRIDGE_RPC_ENCRYPTION_TYPE
+          value: aes128-gcm
+        - name: AB_CONNECTION_BRIDGE_SECURITY_CONFIGURATION
+          value: container-bridge-security
+        - name: AB_HOSTNAME_KEYSERVER_URLS
+          value: abks://key-server:6151
+        - name: AB_IPV4_ONLY
+          value: "true"
+        - name: AB_K8S_MAX_IDLE_SECONDS
+          value: "0"
+        - name: AB_K8S_START_BRIDGE
+          value: background
+        - name: AB_K8S_START_REPORTER
+          value: "true"
+        - name: AB_KEY_DAEMON_DIR
+          value: /tmp/abkc/data
+        - name: AB_MHUB_ENCRYPTED_PASSWORD
+          value: file=/secrets/aiadmin/password
+        - name: AB_MHUB_URL
+          value: http://metadatahub:8080/metadatahub
+        - name: AB_MHUB_USERNAME
+          value: aiadmin
+        - name: AB_MUX_ENABLE_AG_CREDENTIAL_MAPPING
+          value: "true"
+        - name: AB_OPS_CONSOLE_URL
+          value: http://controlcenter:8080/controlcenter
+        - name: AB_OPS_WSS_ENCRYPTED_PASSWORD
+          value: file=/secrets/ocagent/password
+        - name: AB_OPS_WSS_USERNAME
+          value: ocagent
+        - name: AB_PASSWORD_KEY_FILE
+          value: /secrets/password_key_file/password
+        - name: BRIDGE_AB_ENCRYPTED_KEY
+          value: file=/secrets/bridge/password
+        - name: CC_ADMIN_ENCRYPTED_PASSWORD
+          value: file=/secrets/aiadmin/password
+        - name: CC_ADMIN_USERNAME
+          value: aiadmin
+        - name: CMAP_MOUNT
+          value: /config/pod
+        - name: DEPLOY_NAME
+          value: blueprints
+        - name: JAVA_OPTS
+          value: -XX:InitialRAMPercentage=50.0 -XX:MaxRAMPercentage=75.0
+        - name: LOAD_PHYSOBJECTS
+          value: "true"
+        - name: NAMESPACE
+          value: abinitio
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        - name: POD_LABEL
+          value: 'abinitio/product: blueprints, abinitio/deployment: blueprints'
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_SERVICE
+          value: blueprints
+        - name: POD_SERVICE_HEADLESS
+          value: blueprints-headless
+        image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/blueprints:4.4.1.1-1
+        imagePullPolicy: IfNotPresent
+        name: blueprints
+        readinessProbe:
+          exec:
+            command:
+            - stat
+            - /tmp/.pod.ready
+          failureThreshold: 960
+          periodSeconds: 10
+        resources:
+          limits:
+            ephemeral-storage: 2Gi
+            memory: 16Gi
+          requests:
+            cpu: 500m
+            ephemeral-storage: 2Gi
+            memory: 8Gi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          runAsGroup: 1000
+          runAsNonRoot: true
+          runAsUser: 1000
+          seccompProfile:
+            type: RuntimeDefault
+        volumeMounts:
+        - mountPath: /config/pod
+          name: pod-config
+        - mountPath: /abinitio
+          name: abinitio-local
+        - mountPath: /secrets/aiadmin/password
+          name: aiadmin
+          subPath: password
+        - mountPath: /secrets/ocagent/password
+          name: ocagent
+          subPath: password
+        - mountPath: /secrets/bridge/password
+          name: bridge
+          subPath: password
+        - mountPath: /secrets/eme_join_user/password
+          name: eme-join-user
+          subPath: password
+        - mountPath: /secrets/qi_join_user/password
+          name: qi-join-user
+          subPath: password
+        - mountPath: /secrets/dcs_utility_user/password
+          name: dcs-utility-user
+          subPath: password
+        - mountPath: /secrets/mhub_utility_user/password
+          name: mhub-utility-user
+          subPath: password
+        - mountPath: /secrets/ag_db_importer/password
+          name: ag-db-importer
+          subPath: password
+        - mountPath: /secrets/admin/password
+          name: admin
+          subPath: password
+        - mountPath: /secrets/ag_ui_importer/password
+          name: ag-ui-importer
+          subPath: password
+        - mountPath: /secrets/cafe_join_user/password
+          name: cafe-join-user
+          subPath: password
+        - mountPath: /secrets/cc_join_user/password
+          name: cc-join-user
+          subPath: password
+        - mountPath: /secrets/dcs_join_user/password
+          name: dcs-join-user
+          subPath: password
+        - mountPath: /secrets/ei_join_user/password
+          name: ei-join-user
+          subPath: password
+        - mountPath: /secrets/mhub_join_user/password
+          name: mhub-join-user
+          subPath: password
+        - mountPath: /secrets/qiadmin_join_user/password
+          name: qiadmin-join-user
+          subPath: password
+        - mountPath: /secrets/sd_join_user/password
+          name: sd-join-user
+          subPath: password
+        - mountPath: /secrets/trw_join_user/password
+          name: trw-join-user
+          subPath: password
+        - mountPath: /secrets/mhub_db_importer/password
+          name: mhub-db-importer
+          subPath: password
+        - mountPath: /secrets/mhub_ui_importer/password
+          name: mhub-ui-importer
+          subPath: password
+        - mountPath: /secrets/ag_appserver/password
+          name: ag-appserver
+          subPath: password
+        - mountPath: /secrets/ag_report/password
+          name: ag-report
+          subPath: password
+        - mountPath: /secrets/cc_jdbc/password
+          name: cc-jdbc
+          subPath: password
+        - mountPath: /secrets/dcs_hmac_key/password
+          name: dcs-hmac-key
+          subPath: password
+        - mountPath: /secrets/abinitio/password
+          name: abinitio
+          subPath: password
+        - mountPath: /secrets/mhub_appserver/password
+          name: mhub-appserver
+          subPath: password
+        - mountPath: /secrets/mhub_report/password
+          name: mhub-report
+          subPath: password
+        - mountPath: /secrets/runtime_locator_join_user/password
+          name: runtime-locator-join-user
+          subPath: password
+        - mountPath: /secrets/password_key_file/password
+          name: password-key-file
+          subPath: password
+        - mountPath: /ab_share
+          name: ab-share-data-and-appconf-root
+        - mountPath: /tmp
+          name: tmp-volume
+      hostAliases:
+      - hostnames:
+        - blueprints.abinitio
+        ip: 127.0.0.1
+      hostname: blueprints
+      initContainers: null
+      securityContext:
+        fsGroup: 1000
+        fsGroupChangePolicy: OnRootMismatch
+        runAsGroup: 1000
+        runAsNonRoot: true
+        runAsUser: 1000
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: abinitio-sa
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - configMap:
+          defaultMode: 511
+          name: blueprints
+        name: pod-config
+      - name: abinitio-local
+        persistentVolumeClaim:
+          claimName: blueprints-claim
+      - emptyDir: {}
+        name: tmp-volume
+      - name: aiadmin
+        secret:
+          secretName: aiadmin
+      - name: ocagent
+        secret:
+          secretName: ocagent
+      - name: bridge
+        secret:
+          secretName: bridge
+      - name: eme-join-user
+        secret:
+          secretName: eme-join-user
+      - name: qi-join-user
+        secret:
+          secretName: qi-join-user
+      - name: dcs-utility-user
+        secret:
+          secretName: dcs-utility-user
+      - name: mhub-utility-user
+        secret:
+          secretName: mhub-utility-user
+      - name: ag-db-importer
+        secret:
+          secretName: ag-db-importer
+      - name: admin
+        secret:
+          secretName: admin
+      - name: ag-ui-importer
+        secret:
+          secretName: ag-ui-importer
+      - name: cafe-join-user
+        secret:
+          secretName: cafe-join-user
+      - name: cc-join-user
+        secret:
+          secretName: cc-join-user
+      - name: dcs-join-user
+        secret:
+          secretName: dcs-join-user
+      - name: ei-join-user
+        secret:
+          secretName: ei-join-user
+      - name: mhub-join-user
+        secret:
+          secretName: mhub-join-user
+      - name: qiadmin-join-user
+        secret:
+          secretName: qiadmin-join-user
+      - name: sd-join-user
+        secret:
+          secretName: sd-join-user
+      - name: trw-join-user
+        secret:
+          secretName: trw-join-user
+      - name: mhub-db-importer
+        secret:
+          secretName: mhub-db-importer
+      - name: mhub-ui-importer
+        secret:
+          secretName: mhub-ui-importer
+      - name: ag-appserver
+        secret:
+          secretName: ag-appserver
+      - name: ag-report
+        secret:
+          secretName: ag-report
+      - name: cc-jdbc
+        secret:
+          secretName: cc-jdbc
+      - name: dcs-hmac-key
+        secret:
+          secretName: dcs-hmac-key
+      - name: abinitio
+        secret:
+          secretName: abinitio
+      - name: mhub-appserver
+        secret:
+          secretName: mhub-appserver
+      - name: mhub-report
+        secret:
+          secretName: mhub-report
+      - name: runtime-locator-join-user
+        secret:
+          secretName: runtime-locator-join-user
+      - name: password-key-file
+        secret:
+          secretName: password-key-file
+      - name: ab-share-data-and-appconf-root
+        persistentVolumeClaim:
+          claimName: ab-shared-data-and-appconf-root-claim

rendered/manifests/k3s-dev/abinitio-platform/blueprints/v1_configmap_blueprints.yaml

@@ -0,0 +1,94 @@
+apiVersion: v1
+data:
+  abinitiorc: |
+    AB_AIR_BRANCH @ expressit : main
+    AB_AIR_ROOT @ expressit : //eme-0.eme-headless/abinitio/eme/eme
+    AB_APPCONF_ROOT_DIR @ expressit : /ab_share/ab_appconf_root
+    AB_BRIDGE_WORKDIR @ container-bridge : /tmp/container-bridge-workdir
+    AB_CHARSET : utf-8
+    AB_CONNECTION : bridge
+    AB_CONNECTION_BRIDGE_ENCRYPTED_RPC_ENCRYPTION_KEY @ emeabeme : file=/secrets/bridge/password
+    AB_HOSTNAME_KEYSERVER_URLS : abks://key-server:6151
+    AB_MHUB_LOCAL_ROOT : /abinitio/deploy
+    AB_OPS_CONSOLE_URL : http://controlcenter:8080/controlcenter
+    AB_OPS_MONITOR : true
+    AB_OPS_MONITOR_RESOURCES : false
+    AB_OPS_PHYSICAL_HOSTNAME : blueprints
+    AB_PROC_DIR : /tmp
+    AB_WORK_DIR : /abinitio/work
+  apphubrc: |
+    AB_BRIDGE_VOLATILE_DIR : /tmp/ab-bridge-volatile-dir
+    AB_KEYSERVER_GROUP : AI-IC-AWS001a
+    AB_KEYSERVER_URLS : abks://key-server:6150
+  install-properties.config: |
+    AB_AIR_ROOT=//eme-0.eme-headless/abinitio/eme/eme
+    AB_APPLICATION_HUB=/usr/local/abinitio-app-hub
+    DO_CATALOGVIEW_PROJECT=y
+    DO_EME_INSTALL=y
+    DO_EXAMPLES_INSTALL=n
+    DO_EZ_PRIV=y
+    DO_MHUB_INSTALL=y
+    EZ_GENERATOR_AG_CATALOG_IP=datacatalog
+    EZ_GENERATOR_AG_CATALOG_NAME=Data Catalog Services
+    EZ_GENERATOR_AG_URL=http://authgateway:8080/authgateway
+    EZ_GENERATOR_AG_USER=aiadmin
+    EZ_GENERATOR_APPCONF_REL_LOC=edl
+    EZ_GENERATOR_APPID=expressit
+    EZ_GENERATOR_BLUEPRINTS_TO_INSTALL=ALL
+    EZ_GENERATOR_BLUEPRINT_SERVICE_HOST=blueprints
+    EZ_GENERATOR_BLUEPRINT_SERVICE_PORT=9870
+    EZ_GENERATOR_CATALOGVIEW_PHYSPROJECT=catalogview
+    EZ_GENERATOR_CATALOGVIEW_TECHSYSTEM=EnterpriseDataLake
+    EZ_GENERATOR_CC_HOST=http://controlcenter:8080/controlcenter
+    EZ_GENERATOR_CONFIG_MHUB_DEPLOYMENT_DIR=/abinitio/deploy/metadatahub-importer
+    EZ_GENERATOR_CONFIG_MHUB_MAIN_SCHEMA=mhub_main
+    EZ_GENERATOR_CONFIG_MHUB_META_SCHEMA=mhub_meta
+    EZ_GENERATOR_CONFIG_MHUB_USER=aiadmin
+    EZ_GENERATOR_DATAQUALITY=/ab_share/ab_appconf_root/global/abinitio/dataquality
+    EZ_GENERATOR_DATAQUALITY_RPATH=/Projects/abinitio/dataquality
+    EZ_GENERATOR_DCAT_URL=http://datacatalog:8080/datacatalog
+    EZ_GENERATOR_EI_PRODUCT_INSTANCE=Express>It
+    EZ_GENERATOR_EI_WORKSPACE=Blueprints (Pipelines)
+    EZ_GENERATOR_EME_TECHSYSTEM=Technical Repository
+    EZ_GENERATOR_EME_USES_AG_AUTH=y
+    EZ_GENERATOR_INSTALL_ACTIVE_METADATA_REFERENCE=y
+    EZ_GENERATOR_INSTALL_CODEGEN_TRACING=y
+    EZ_GENERATOR_INSTALL_CONTROL_TEST_RUNS=n
+    EZ_GENERATOR_LANDING_ROOT=/ab_share/ab_appconf_root/main/users
+    EZ_GENERATOR_LISTENER_SERVICE_HOST=blueprints
+    EZ_GENERATOR_LISTENER_SERVICE_PORT=9876
+    EZ_GENERATOR_LISTENER_SERVICE_URL=http://blueprints:9876
+    EZ_GENERATOR_MHUB_LOCAL_ROOT_DIR=/abinitio/deploy
+    EZ_GENERATOR_QUERYIT_HOST=localhost
+    EZ_GENERATOR_QUERYIT_RPATH=/Projects/queryit-instance-0
+    EZ_GENERATOR_QUERYIT_SANDBOX_INSTANCE=queryit-instance-0
+    EZ_GENERATOR_QUERYIT_SANDBOX_ROOT=/abinitio/sandboxes/private_sand
+    EZ_GENERATOR_QUERYIT_USER=aiadmin
+    EZ_GENERATOR_STDENV=/abinitio/sandboxes/sand/stdenv
+    EZ_GENERATOR_STDENV_RPATH=/Projects/stdenv
+    EZ_GENERATOR_USE_LOCAL_QUERYIT_SANDBOX=n
+    INSTALL_ACTIVE_METADATA_REFERENCE=y
+    INSTALL_CONFIG_USING_ABAPP_MHUB=y
+    MHUB_ABAPP_NAME=metadatahub
+    MHUB_DATASTORE_NAME=metadatahub-importer
+    MHUB_IMPORTER_USERNAME=aiadmin
+    MHUB_IMPORT_PROFILE_PATH=/abinitio/deploy/metadatahub-importer/config/import.profile
+    MHUB_URL=http://metadatahub:8080/metadatahub
+    SANDBOX_ROOT=/abinitio/sandboxes/sand
+    WAIT_BETWEEN_LOAD_ATTEMPTS=60
+    WAIT_FOR_LOAD_ATTEMPTS=150
+    EZ_GENERATOR_AG_ENCRYPTED_PASSWORD=file=/secrets/aiadmin/password
+    EZ_GENERATOR_AG_BASE64_PASSWORD=file=/secrets/aiadmin/password
+    MHUB_IMPORTER_ENCRYPTED_PASSWORD=file=/secrets/aiadmin/password
+    EZ_GENERATOR_CONFIG_MHUB_ENCRYPTED_PASSWORD=file=/secrets/aiadmin/password
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/instance: blueprints
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: blueprints
+    app.kubernetes.io/part-of: AbInitio
+    app.kubernetes.io/version: 4.4.1
+    helm.sh/chart: blueprints-2.4.3-a
+  name: blueprints
+  namespace: abinitio

rendered/manifests/k3s-dev/abinitio-platform/blueprints/v1_persistentvolumeclaim_blueprints-claim.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    app.kubernetes.io/instance: blueprints
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: blueprints
+    app.kubernetes.io/part-of: AbInitio
+    app.kubernetes.io/version: 4.4.1
+    helm.sh/chart: blueprints-2.4.3-a
+  name: blueprints-claim
+  namespace: abinitio
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi

rendered/manifests/k3s-dev/abinitio-platform/blueprints/v1_service_blueprints.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: blueprints
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: blueprints
+    app.kubernetes.io/part-of: AbInitio
+    app.kubernetes.io/version: 4.4.1
+    helm.sh/chart: blueprints-2.4.3-a
+  name: blueprints
+  namespace: abinitio
+spec:
+  ports:
+  - name: blueprints
+    port: 9870
+    protocol: TCP
+    targetPort: 9870
+  - name: listener
+    port: 9876
+    protocol: TCP
+    targetPort: 9876
+  - name: bridge
+    port: 7070
+    protocol: TCP
+    targetPort: 7070
+  publishNotReadyAddresses: false
+  selector:
+    app.kubernetes.io/instance: blueprints
+    app.kubernetes.io/name: blueprints
+  type: ClusterIP

rendered/manifests/k3s-dev/abinitio-platform/controlcenter/apps_v1_deployment_controlcenter-scheduler.yaml

@@ -0,0 +1,348 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/instance: controlcenter-scheduler
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: controlcenter-scheduler
+    app.kubernetes.io/part-of: AbInitio
+    app.kubernetes.io/version: 4.4.1
+    helm.sh/chart: controlcenter-scheduler-2.4.3-a
+  name: controlcenter-scheduler
+  namespace: abinitio
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: controlcenter-scheduler
+      app.kubernetes.io/name: controlcenter-scheduler
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: controlcenter-scheduler
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: controlcenter-scheduler
+        app.kubernetes.io/part-of: AbInitio
+        app.kubernetes.io/version: 4.4.1
+        helm.sh/chart: controlcenter-scheduler-2.4.3-a
+      name: controlcenter-scheduler
+    spec:
+      containers:
+      - args:
+        - --ab-k8s-start-reporter
+        - "true"
+        - --ab-k8s-job-launch-script
+        - /ab-setup/setup_pod.sh
+        command:
+        - ab-container-entrypoint.ksh
+        env:
+        - name: AB_ALLOW_FILE_LOCK_ON_REMOTE_FILE_SYSTEM
+          value: "true"
+        - name: AB_AUTHORIZATION_GATEWAY_URL
+          value: http://authgateway:8080/authgateway
+        - name: AB_BRIDGE_CONFIGURATION_DIR
+          value: /abinitio/bridge
+        - name: AB_BRIDGE_CONFIGURATION_NAME
+          value: container-bridge
+        - name: AB_CHARSET
+          value: utf-8
+        - name: AB_CONFIGURATION
+          value: /config/pod/abinitiorc:/config/pod/apphubrc
+        - name: AB_CONNECTION_BRIDGE_ENCRYPTED_RPC_ENCRYPTION_KEY
+          value: file=/secrets/bridge/password
+        - name: AB_CONNECTION_BRIDGE_PORT
+          value: "7070"
+        - name: AB_CONNECTION_BRIDGE_RPC_ENCRYPTION_TYPE
+          value: aes128-gcm
+        - name: AB_CONNECTION_BRIDGE_SECURITY_CONFIGURATION
+          value: container-bridge-security
+        - name: AB_HOSTNAME_KEYSERVER_URLS
+          value: abks://key-server:6151
+        - name: AB_IPV4_ONLY
+          value: "true"
+        - name: AB_K8S_MAX_IDLE_SECONDS
+          value: "0"
+        - name: AB_K8S_START_BRIDGE
+          value: background
+        - name: AB_K8S_START_REPORTER
+          value: "true"
+        - name: AB_KEY_DAEMON_DIR
+          value: /tmp/abkc/data
+        - name: AB_MUX_ENABLE_AG_CREDENTIAL_MAPPING
+          value: "false"
+        - name: AB_OPS_CONSOLE_URL
+          value: http://controlcenter:8080/controlcenter
+        - name: AB_OPS_HOST_CLUSTER_NAME
+          value: controlcenter-scheduler-cluster-name
+        - name: AB_OPS_WSS_ENCRYPTED_PASSWORD
+          value: file=/secrets/ocagent/password
+        - name: AB_OPS_WSS_USERNAME
+          value: ocagent
+        - name: AB_PASSWORD_KEY_FILE
+          value: /secrets/password_key_file/password
+        - name: BRIDGE_AB_ENCRYPTED_KEY
+          value: file=/secrets/bridge/password
+        - name: CC_ADMIN_ENCRYPTED_PASSWORD
+          value: file=/secrets/aiadmin/password
+        - name: CC_ADMIN_USERNAME
+          value: aiadmin
+        - name: CMAP_MOUNT
+          value: /config/pod
+        - name: DEPLOY_NAME
+          value: controlcenter-scheduler
+        - name: LOAD_PHYSOBJECTS
+          value: "true"
+        - name: NAMESPACE
+          value: abinitio
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        - name: POD_LABEL
+          value: 'abinitio/product: controlcenter-scheduler, abinitio/deployment:
+            controlcenter-scheduler'
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_SERVICE
+          value: controlcenter-scheduler
+        - name: POD_SERVICE_HEADLESS
+          value: controlcenter-scheduler-headless
+        image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/controlcenter-scheduler:4.4.1.1-1
+        imagePullPolicy: IfNotPresent
+        name: controlcenter-scheduler
+        readinessProbe:
+          exec:
+            command:
+            - stat
+            - /tmp/.pod.ready
+          failureThreshold: 960
+          periodSeconds: 10
+        resources:
+          limits:
+            ephemeral-storage: 8Gi
+            memory: 4096Mi
+          requests:
+            cpu: 500m
+            ephemeral-storage: 8Gi
+            memory: 4096Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          runAsGroup: 1000
+          runAsNonRoot: true
+          runAsUser: 1000
+          seccompProfile:
+            type: RuntimeDefault
+        volumeMounts:
+        - mountPath: /config/pod
+          name: pod-config
+        - mountPath: /abinitio
+          name: abinitio-local
+        - mountPath: /secrets/aiadmin/password
+          name: aiadmin
+          subPath: password
+        - mountPath: /secrets/ocagent/password
+          name: ocagent
+          subPath: password
+        - mountPath: /secrets/bridge/password
+          name: bridge
+          subPath: password
+        - mountPath: /secrets/eme_join_user/password
+          name: eme-join-user
+          subPath: password
+        - mountPath: /secrets/qi_join_user/password
+          name: qi-join-user
+          subPath: password
+        - mountPath: /secrets/dcs_utility_user/password
+          name: dcs-utility-user
+          subPath: password
+        - mountPath: /secrets/mhub_utility_user/password
+          name: mhub-utility-user
+          subPath: password
+        - mountPath: /secrets/ag_db_importer/password
+          name: ag-db-importer
+          subPath: password
+        - mountPath: /secrets/admin/password
+          name: admin
+          subPath: password
+        - mountPath: /secrets/ag_ui_importer/password
+          name: ag-ui-importer
+          subPath: password
+        - mountPath: /secrets/cafe_join_user/password
+          name: cafe-join-user
+          subPath: password
+        - mountPath: /secrets/cc_join_user/password
+          name: cc-join-user
+          subPath: password
+        - mountPath: /secrets/dcs_join_user/password
+          name: dcs-join-user
+          subPath: password
+        - mountPath: /secrets/ei_join_user/password
+          name: ei-join-user
+          subPath: password
+        - mountPath: /secrets/mhub_join_user/password
+          name: mhub-join-user
+          subPath: password
+        - mountPath: /secrets/qiadmin_join_user/password
+          name: qiadmin-join-user
+          subPath: password
+        - mountPath: /secrets/sd_join_user/password
+          name: sd-join-user
+          subPath: password
+        - mountPath: /secrets/trw_join_user/password
+          name: trw-join-user
+          subPath: password
+        - mountPath: /secrets/mhub_db_importer/password
+          name: mhub-db-importer
+          subPath: password
+        - mountPath: /secrets/mhub_ui_importer/password
+          name: mhub-ui-importer
+          subPath: password
+        - mountPath: /secrets/ag_appserver/password
+          name: ag-appserver
+          subPath: password
+        - mountPath: /secrets/ag_report/password
+          name: ag-report
+          subPath: password
+        - mountPath: /secrets/cc_jdbc/password
+          name: cc-jdbc
+          subPath: password
+        - mountPath: /secrets/dcs_hmac_key/password
+          name: dcs-hmac-key
+          subPath: password
+        - mountPath: /secrets/abinitio/password
+          name: abinitio
+          subPath: password
+        - mountPath: /secrets/mhub_appserver/password
+          name: mhub-appserver
+          subPath: password
+        - mountPath: /secrets/mhub_report/password
+          name: mhub-report
+          subPath: password
+        - mountPath: /secrets/runtime_locator_join_user/password
+          name: runtime-locator-join-user
+          subPath: password
+        - mountPath: /secrets/password_key_file/password
+          name: password-key-file
+          subPath: password
+        - mountPath: /tmp
+          name: tmp-volume
+      hostAliases:
+      - hostnames:
+        - controlcenter-scheduler.abinitio
+        ip: 127.0.0.1
+      hostname: controlcenter-scheduler
+      initContainers: null
+      securityContext:
+        fsGroup: 1000
+        fsGroupChangePolicy: OnRootMismatch
+        runAsGroup: 1000
+        runAsNonRoot: true
+        runAsUser: 1000
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: controlcenter-scheduler-sa
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - configMap:
+          defaultMode: 511
+          name: controlcenter-scheduler
+        name: pod-config
+      - name: abinitio-local
+        persistentVolumeClaim:
+          claimName: controlcenter-scheduler-claim
+      - emptyDir: {}
+        name: tmp-volume
+      - name: aiadmin
+        secret:
+          secretName: aiadmin
+      - name: ocagent
+        secret:
+          secretName: ocagent
+      - name: bridge
+        secret:
+          secretName: bridge
+      - name: eme-join-user
+        secret:
+          secretName: eme-join-user
+      - name: qi-join-user
+        secret:
+          secretName: qi-join-user
+      - name: dcs-utility-user
+        secret:
+          secretName: dcs-utility-user
+      - name: mhub-utility-user
+        secret:
+          secretName: mhub-utility-user
+      - name: ag-db-importer
+        secret:
+          secretName: ag-db-importer
+      - name: admin
+        secret:
+          secretName: admin
+      - name: ag-ui-importer
+        secret:
+          secretName: ag-ui-importer
+      - name: cafe-join-user
+        secret:
+          secretName: cafe-join-user
+      - name: cc-join-user
+        secret:
+          secretName: cc-join-user
+      - name: dcs-join-user
+        secret:
+          secretName: dcs-join-user
+      - name: ei-join-user
+        secret:
+          secretName: ei-join-user
+      - name: mhub-join-user
+        secret:
+          secretName: mhub-join-user
+      - name: qiadmin-join-user
+        secret:
+          secretName: qiadmin-join-user
+      - name: sd-join-user
+        secret:
+          secretName: sd-join-user
+      - name: trw-join-user
+        secret:
+          secretName: trw-join-user
+      - name: mhub-db-importer
+        secret:
+          secretName: mhub-db-importer
+      - name: mhub-ui-importer
+        secret:
+          secretName: mhub-ui-importer
+      - name: ag-appserver
+        secret:
+          secretName: ag-appserver
+      - name: ag-report
+        secret:
+          secretName: ag-report
+      - name: cc-jdbc
+        secret:
+          secretName: cc-jdbc
+      - name: dcs-hmac-key
+        secret:
+          secretName: dcs-hmac-key
+      - name: abinitio
+        secret:
+          secretName: abinitio
+      - name: mhub-appserver
+        secret:
+          secretName: mhub-appserver
+      - name: mhub-report
+        secret:
+          secretName: mhub-report
+      - name: runtime-locator-join-user
+        secret:
+          secretName: runtime-locator-join-user
+      - name: password-key-file
+        secret:
+          secretName: password-key-file

rendered/manifests/k3s-dev/abinitio-platform/controlcenter/apps_v1_deployment_controlcenter.yaml

@@ -0,0 +1,311 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    abinitio/deployment: controlcenter
+    app.kubernetes.io/instance: controlcenter
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: controlcenter
+    app.kubernetes.io/part-of: AbInitio
+    app.kubernetes.io/version: 4.4.1
+    helm.sh/chart: controlcenter-2.4.3-a
+  name: controlcenter
+  namespace: abinitio
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: controlcenter
+      app.kubernetes.io/name: controlcenter
+  template:
+    metadata:
+      labels:
+        abinitio/deployment: controlcenter
+        app.kubernetes.io/instance: controlcenter
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: controlcenter
+        app.kubernetes.io/part-of: AbInitio
+        app.kubernetes.io/version: 4.4.1
+        helm.sh/chart: controlcenter-2.4.3-a
+      name: controlcenter
+    spec:
+      containers:
+      - env:
+        - name: AB_CONFIG_PROVIDER_URL
+          value: file://localhost/config
+        - name: AB_IPV4_ONLY
+          value: "true"
+        - name: AB_PASSWORD_KEY_FILE
+          value: /secrets/password_key_file/password
+        - name: CATALINA_TMPDIR
+          value: /tmp
+        - name: DEPLOY_NAME
+          value: controlcenter
+        - name: JAVA_OPTS
+          value: -XX:InitialRAMPercentage=50.0 -XX:MaxRAMPercentage=75.0
+        - name: LOAD_PHYSOBJECTS
+          value: "true"
+        - name: NAMESPACE
+          value: abinitio
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        - name: POD_LABEL
+          value: 'abinitio/product: controlcenter, abinitio/deployment: controlcenter'
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_SERVICE
+          value: controlcenter
+        image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/controlcenter:4.4.1.1-1
+        imagePullPolicy: IfNotPresent
+        lifecycle:
+          preStop:
+            exec:
+              command:
+              - /bin/sh
+              - -c
+              - ${CATALINA_HOME}/bin/catalina.sh stop
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /controlcenter/api/abwebinternal/health/k8s/liveness
+            port: 8080
+          initialDelaySeconds: 15
+          periodSeconds: 30
+        name: controlcenter-app
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /controlcenter/api/abwebinternal/health/k8s/readiness
+            port: 8080
+          initialDelaySeconds: 15
+          periodSeconds: 30
+        resources:
+          limits:
+            ephemeral-storage: 2Gi
+            memory: 4Gi
+          requests:
+            cpu: 200m
+            ephemeral-storage: 2Gi
+            memory: 4Gi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          runAsGroup: 1000
+          runAsNonRoot: true
+          runAsUser: 1000
+          seccompProfile:
+            type: RuntimeDefault
+        startupProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /controlcenter/api/abwebinternal/health/k8s/startup
+            port: 8080
+          initialDelaySeconds: 15
+          periodSeconds: 30
+        volumeMounts:
+        - mountPath: /config/controlcenter
+          name: app-external-config
+        - mountPath: /abinitio
+          name: abinitio-local
+        - mountPath: /tmp
+          name: tmp-volume
+        - mountPath: /secrets/aiadmin/password
+          name: aiadmin
+          subPath: password
+        - mountPath: /secrets/ocagent/password
+          name: ocagent
+          subPath: password
+        - mountPath: /secrets/bridge/password
+          name: bridge
+          subPath: password
+        - mountPath: /secrets/eme_join_user/password
+          name: eme-join-user
+          subPath: password
+        - mountPath: /secrets/qi_join_user/password
+          name: qi-join-user
+          subPath: password
+        - mountPath: /secrets/dcs_utility_user/password
+          name: dcs-utility-user
+          subPath: password
+        - mountPath: /secrets/mhub_utility_user/password
+          name: mhub-utility-user
+          subPath: password
+        - mountPath: /secrets/ag_db_importer/password
+          name: ag-db-importer
+          subPath: password
+        - mountPath: /secrets/admin/password
+          name: admin
+          subPath: password
+        - mountPath: /secrets/ag_ui_importer/password
+          name: ag-ui-importer
+          subPath: password
+        - mountPath: /secrets/cafe_join_user/password
+          name: cafe-join-user
+          subPath: password
+        - mountPath: /secrets/cc_join_user/password
+          name: cc-join-user
+          subPath: password
+        - mountPath: /secrets/dcs_join_user/password
+          name: dcs-join-user
+          subPath: password
+        - mountPath: /secrets/ei_join_user/password
+          name: ei-join-user
+          subPath: password
+        - mountPath: /secrets/mhub_join_user/password
+          name: mhub-join-user
+          subPath: password
+        - mountPath: /secrets/qiadmin_join_user/password
+          name: qiadmin-join-user
+          subPath: password
+        - mountPath: /secrets/sd_join_user/password
+          name: sd-join-user
+          subPath: password
+        - mountPath: /secrets/trw_join_user/password
+          name: trw-join-user
+          subPath: password
+        - mountPath: /secrets/mhub_db_importer/password
+          name: mhub-db-importer
+          subPath: password
+        - mountPath: /secrets/mhub_ui_importer/password
+          name: mhub-ui-importer
+          subPath: password
+        - mountPath: /secrets/ag_appserver/password
+          name: ag-appserver
+          subPath: password
+        - mountPath: /secrets/ag_report/password
+          name: ag-report
+          subPath: password
+        - mountPath: /secrets/cc_jdbc/password
+          name: cc-jdbc
+          subPath: password
+        - mountPath: /secrets/dcs_hmac_key/password
+          name: dcs-hmac-key
+          subPath: password
+        - mountPath: /secrets/abinitio/password
+          name: abinitio
+          subPath: password
+        - mountPath: /secrets/mhub_appserver/password
+          name: mhub-appserver
+          subPath: password
+        - mountPath: /secrets/mhub_report/password
+          name: mhub-report
+          subPath: password
+        - mountPath: /secrets/runtime_locator_join_user/password
+          name: runtime-locator-join-user
+          subPath: password
+        - mountPath: /secrets/password_key_file/password
+          name: password-key-file
+          subPath: password
+      hostname: controlcenter
+      initContainers: null
+      securityContext:
+        fsGroup: 1000
+        runAsGroup: 1000
+        runAsNonRoot: true
+        runAsUser: 1000
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: abinitio-sa
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - emptyDir: {}
+        name: abinitio-local
+      - configMap:
+          defaultMode: 511
+          name: controlcenter-external-config
+        name: app-external-config
+      - emptyDir: {}
+        name: tmp-volume
+      - name: aiadmin
+        secret:
+          secretName: aiadmin
+      - name: ocagent
+        secret:
+          secretName: ocagent
+      - name: bridge
+        secret:
+          secretName: bridge
+      - name: eme-join-user
+        secret:
+          secretName: eme-join-user
+      - name: qi-join-user
+        secret:
+          secretName: qi-join-user
+      - name: dcs-utility-user
+        secret:
+          secretName: dcs-utility-user
+      - name: mhub-utility-user
+        secret:
+          secretName: mhub-utility-user
+      - name: ag-db-importer
+        secret:
+          secretName: ag-db-importer
+      - name: admin
+        secret:
+          secretName: admin
+      - name: ag-ui-importer
+        secret:
+          secretName: ag-ui-importer
+      - name: cafe-join-user
+        secret:
+          secretName: cafe-join-user
+      - name: cc-join-user
+        secret:
+          secretName: cc-join-user
+      - name: dcs-join-user
+        secret:
+          secretName: dcs-join-user
+      - name: ei-join-user
+        secret:
+          secretName: ei-join-user
+      - name: mhub-join-user
+        secret:
+          secretName: mhub-join-user
+      - name: qiadmin-join-user
+        secret:
+          secretName: qiadmin-join-user
+      - name: sd-join-user
+        secret:
+          secretName: sd-join-user
+      - name: trw-join-user
+        secret:
+          secretName: trw-join-user
+      - name: mhub-db-importer
+        secret:
+          secretName: mhub-db-importer
+      - name: mhub-ui-importer
+        secret:
+          secretName: mhub-ui-importer
+      - name: ag-appserver
+        secret:
+          secretName: ag-appserver
+      - name: ag-report
+        secret:
+          secretName: ag-report
+      - name: cc-jdbc
+        secret:
+          secretName: cc-jdbc
+      - name: dcs-hmac-key
+        secret:
+          secretName: dcs-hmac-key
+      - name: abinitio
+        secret:
+          secretName: abinitio
+      - name: mhub-appserver
+        secret:
+          secretName: mhub-appserver
+      - name: mhub-report
+        secret:
+          secretName: mhub-report
+      - name: runtime-locator-join-user
+        secret:
+          secretName: runtime-locator-join-user
+      - name: password-key-file
+        secret:
+          secretName: password-key-file

rendered/manifests/k3s-dev/abinitio-platform/controlcenter/rbac.authorization.k8s.io_v1_role_controlcenter-scheduler-role.yaml

@@ -0,0 +1,94 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: controlcenter-scheduler
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: controlcenter-scheduler
+    app.kubernetes.io/part-of: AbInitio
+    app.kubernetes.io/version: 4.4.1
+    helm.sh/chart: controlcenter-scheduler-2.4.3-a
+  name: controlcenter-scheduler-role
+  namespace: abinitio
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods/log
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - pods/exec
+  verbs:
+  - get
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - limitranges
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - cloud.abinitio.com
+  resources:
+  - cooperatingsystemruntimes
+  verbs:
+  - get
+  - create
+  - delete
+  - patch
+  - list
+- apiGroups:
+  - cloud.abinitio.com
+  resources:
+  - cooperatingsystemruntimepools
+  verbs:
+  - get
+  - create
+  - delete
+  - patch
+  - list
+- apiGroups:
+  - cloud.abinitio.com
+  resources:
+  - cooperatingsystemruntimetemplates
+  verbs:
+  - get
+  - create
+  - delete
+  - patch
+  - list
+- apiGroups:
+  - cloud.abinitio.com
+  resources:
+  - cooperatingsystemruntimeclaims
+  verbs:
+  - get
+  - create
+  - delete
+  - patch
+  - list

rendered/manifests/k3s-dev/abinitio-platform/controlcenter/rbac.authorization.k8s.io_v1_rolebinding_controlcenter-scheduler-role-rb.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: controlcenter-scheduler-role-rb
+  namespace: abinitio
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: controlcenter-scheduler-role
+subjects:
+- kind: ServiceAccount
+  name: controlcenter-scheduler-sa
+  namespace: abinitio