will be created for the connection.
- type: string
- iqn:
- description: Target iSCSI Qualified Name.
- type: string
- iscsiInterface:
- description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
- type: string
- lun:
- description: iSCSI Target Lun number.
- format: int32
- type: integer
- portals:
- description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
- items:
- type: string
- type: array
- readOnly:
- description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
- type: boolean
- secretRef:
- description: CHAP Secret for iSCSI target and initiator authentication
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- targetPortal:
- description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
- type: string
- required:
- - iqn
- - lun
- - targetPortal
- type: object
- name:
- description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
- type: string
- nfs:
- description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- properties:
- path:
- description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: string
- readOnly:
- description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: boolean
- server:
- description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: string
- required:
- - path
- - server
- type: object
- persistentVolumeClaim:
- description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- properties:
- claimName:
- description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- type: string
- readOnly:
- description: Will force the ReadOnly setting in VolumeMounts. Default false.
- type: boolean
- required:
- - claimName
- type: object
- photonPersistentDisk:
- description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
- properties:
- fsType:
- description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- pdID:
- description: ID that identifies Photon Controller persistent disk
- type: string
- required:
- - pdID
- type: object
- portworxVolume:
- description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine
- properties:
- fsType:
- description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- readOnly:
- description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
- type: boolean
- volumeID:
- description: VolumeID uniquely identifies a Portworx volume
- type: string
- required:
- - volumeID
- type: object
- projected:
- description: Items for all in one resources secrets, configmaps, and downward API
- properties:
- defaultMode:
- description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- sources:
- description: list of volume projections
- items:
- description: Projection that may be projected along with other supported volume types
- properties:
- configMap:
- description: information about the configMap data to project
- properties:
- items:
- description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
- format: int32
- type: integer
- path:
- description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap or its keys must be defined
- type: boolean
- type: object
- downwardAPI:
- description: information about the downwardAPI data to project
- properties:
- items:
- description: Items is a list of DownwardAPIVolume file
- items:
- description: DownwardAPIVolumeFile represents information to create the file containing the pod field
- properties:
- fieldRef:
- description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.'
- properties:
- apiVersion:
- description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- mode:
- description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
- format: int32
- type: integer
- path:
- description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
- type: string
- resourceFieldRef:
- description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.'
- properties:
- containerName:
- description: 'Container name: required for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of the exposed resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- required:
- - path
- type: object
- type: array
- type: object
- secret:
- description: information about the secret data to project
- properties:
- items:
- description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
- format: int32
- type: integer
- path:
- description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret or its key must be defined
- type: boolean
- type: object
- serviceAccountToken:
- description: information about the serviceAccountToken data to project
- properties:
- audience:
- description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
- type: string
- expirationSeconds:
- description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
- format: int64
- type: integer
- path:
- description: Path is the path relative to the mount point of the file to project the token into.
- type: string
- required:
- - path
- type: object
- type: object
- type: array
- required:
- - sources
- type: object
- quobyte:
- description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime
- properties:
- group:
- description: Group to map volume access to Default is no group
- type: string
- readOnly:
- description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
- type: boolean
- registry:
- description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
- type: string
- tenant:
- description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
- type: string
- user:
- description: User to map volume access to Defaults to serivceaccount user
- type: string
- volume:
- description: Volume is a string that references an already created Quobyte volume by name.
- type: string
- required:
- - registry
- - volume
- type: object
- rbd:
- description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
- properties:
- fsType:
- description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine'
- type: string
- image:
- description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- keyring:
- description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- monitors:
- description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- items:
- type: string
- type: array
- pool:
- description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- readOnly:
- description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: boolean
- secretRef:
- description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- user:
- description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- required:
- - image
- - monitors
- type: object
- scaleIO:
- description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
- type: string
- gateway:
- description: The host address of the ScaleIO API Gateway.
- type: string
- protectionDomain:
- description: The name of the ScaleIO Protection Domain for the configured storage.
- type: string
- readOnly:
- description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- sslEnabled:
- description: Flag to enable/disable SSL communication with Gateway, default false
- type: boolean
- storageMode:
- description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
- type: string
- storagePool:
- description: The ScaleIO Storage Pool associated with the protection domain.
- type: string
- system:
- description: The name of the storage system as configured in ScaleIO.
- type: string
- volumeName:
- description: The name of a volume already created in the ScaleIO system that is associated with this volume source.
- type: string
- required:
- - gateway
- - secretRef
- - system
- type: object
- secret:
- description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
- properties:
- defaultMode:
- description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
- format: int32
- type: integer
- items:
- description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
- format: int32
- type: integer
- path:
- description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- optional:
- description: Specify whether the Secret or its keys must be defined
- type: boolean
- secretName:
- description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
- type: string
- type: object
- storageos:
- description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- readOnly:
- description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- volumeName:
- description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
- type: string
- volumeNamespace:
- description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
- type: string
- type: object
- vsphereVolume:
- description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
- properties:
- fsType:
- description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- storagePolicyID:
- description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
- type: string
- storagePolicyName:
- description: Storage Policy Based Management (SPBM) profile name.
- type: string
- volumePath:
- description: Path that identifies vSphere volume vmdk
- type: string
- required:
- - volumePath
- type: object
- required:
- - name
- type: object
- type: array
- type: object
- status:
- description: 'Most recent observed status of the ThanosRuler cluster. Read-only. Not included when requesting from the apiserver, only from the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
- properties:
- availableReplicas:
- description: Total number of available pods (ready for at least minReadySeconds) targeted by this ThanosRuler deployment.
- format: int32
- type: integer
- paused:
- description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed.
- type: boolean
- replicas:
- description: Total number of non-terminated pods targeted by this ThanosRuler deployment (their labels match the selector).
- format: int32
- type: integer
- unavailableReplicas:
- description: Total number of unavailable pods targeted by this ThanosRuler deployment.
- format: int32
- type: integer
- updatedReplicas:
- description: Total number of non-terminated pods targeted by this ThanosRuler deployment that have the desired version spec.
- format: int32
- type: integer
- required:
- - availableReplicas
- - paused
- - replicas
- - unavailableReplicas
- - updatedReplicas
- type: object
- required:
- - spec
- type: object
- served: true
- storage: true
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/observation/prometheus-operator/manifests/setup/prometheus-operator-clusterRole.yaml b/observation/prometheus-operator/manifests/setup/prometheus-operator-clusterRole.yaml
deleted file mode 100644
index 5b9d33e..0000000
--- a/observation/prometheus-operator/manifests/setup/prometheus-operator-clusterRole.yaml
+++ /dev/null
@@ -1,92 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/component: controller
- app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 0.49.0
- name: prometheus-operator
-rules:
-- apiGroups:
- - monitoring.coreos.com
- resources:
- - alertmanagers
- - alertmanagers/finalizers
- - alertmanagerconfigs
- - prometheuses
- - prometheuses/finalizers
- - thanosrulers
- - thanosrulers/finalizers
- - servicemonitors
- - podmonitors
- - probes
- - prometheusrules
- verbs:
- - '*'
-- apiGroups:
- - apps
- resources:
- - statefulsets
- verbs:
- - '*'
-- apiGroups:
- - ""
- resources:
- - configmaps
- - secrets
- verbs:
- - '*'
-- apiGroups:
- - ""
- resources:
- - pods
- verbs:
- - list
- - delete
-- apiGroups:
- - ""
- resources:
- - services
- - services/finalizers
- - endpoints
- verbs:
- - get
- - create
- - update
- - delete
-- apiGroups:
- - ""
- resources:
- - nodes
- verbs:
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - namespaces
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - networking.k8s.io
- resources:
- - ingresses
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - authentication.k8s.io
- resources:
- - tokenreviews
- verbs:
- - create
-- apiGroups:
- - authorization.k8s.io
- resources:
- - subjectaccessreviews
- verbs:
- - create
diff --git a/observation/prometheus-operator/manifests/setup/prometheus-operator-clusterRoleBinding.yaml b/observation/prometheus-operator/manifests/setup/prometheus-operator-clusterRoleBinding.yaml
deleted file mode 100644
index 2c2953a..0000000
--- a/observation/prometheus-operator/manifests/setup/prometheus-operator-clusterRoleBinding.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/component: controller
- app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 0.49.0
- name: prometheus-operator
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: prometheus-operator
-subjects:
-- kind: ServiceAccount
- name: prometheus-operator
- namespace: monitoring
diff --git a/observation/prometheus-operator/manifests/setup/prometheus-operator-deployment.yaml b/observation/prometheus-operator/manifests/setup/prometheus-operator-deployment.yaml
deleted file mode 100644
index a8944ba..0000000
--- a/observation/prometheus-operator/manifests/setup/prometheus-operator-deployment.yaml
+++ /dev/null
@@ -1,72 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/component: controller
- app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 0.49.0
- name: prometheus-operator
- namespace: monitoring
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/component: controller
- app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/part-of: kube-prometheus
- template:
- metadata:
- annotations:
- kubectl.kubernetes.io/default-container: prometheus-operator
- labels:
- app.kubernetes.io/component: controller
- app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 0.49.0
- spec:
- containers:
- - args:
- - --kubelet-service=kube-system/kubelet
- - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.49.0
- image: quay.io/prometheus-operator/prometheus-operator:v0.49.0
- name: prometheus-operator
- ports:
- - containerPort: 8080
- name: http
- resources:
- limits:
- cpu: 200m
- memory: 200Mi
- requests:
- cpu: 100m
- memory: 100Mi
- securityContext:
- allowPrivilegeEscalation: false
- - args:
- - --logtostderr
- - --secure-listen-address=:8443
- - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- - --upstream=http://127.0.0.1:8080/
- image: quay.io/brancz/kube-rbac-proxy:v0.11.0
- name: kube-rbac-proxy
- ports:
- - containerPort: 8443
- name: https
- resources:
- limits:
- cpu: 20m
- memory: 40Mi
- requests:
- cpu: 10m
- memory: 20Mi
- securityContext:
- runAsGroup: 65532
- runAsNonRoot: true
- runAsUser: 65532
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- runAsNonRoot: true
- runAsUser: 65534
- serviceAccountName: prometheus-operator
diff --git a/observation/prometheus-operator/manifests/setup/prometheus-operator-service.yaml b/observation/prometheus-operator/manifests/setup/prometheus-operator-service.yaml
deleted file mode 100644
index 7d6d036..0000000
--- a/observation/prometheus-operator/manifests/setup/prometheus-operator-service.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/component: controller
- app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 0.49.0
- name: prometheus-operator
- namespace: monitoring
-spec:
- clusterIP: None
- ports:
- - name: https
- port: 8443
- targetPort: https
- selector:
- app.kubernetes.io/component: controller
- app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/part-of: kube-prometheus
diff --git a/observation/prometheus-operator/manifests/setup/prometheus-operator-serviceAccount.yaml b/observation/prometheus-operator/manifests/setup/prometheus-operator-serviceAccount.yaml
deleted file mode 100644
index 282aad6..0000000
--- a/observation/prometheus-operator/manifests/setup/prometheus-operator-serviceAccount.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/component: controller
- app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/part-of: kube-prometheus
- app.kubernetes.io/version: 0.49.0
- name: prometheus-operator
- namespace: monitoring
diff --git a/observation/promtail/application.yaml b/observation/promtail/application.yaml
deleted file mode 100644
index 5f1793d..0000000
--- a/observation/promtail/application.yaml
+++ /dev/null
@@ -1,203 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: promtail
- namespace: argocd
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- destination:
- namespace: monitoring
- server: 'https://kubernetes.default.svc'
- source:
- # ref https://github.com/grafana/helm-charts/tree/main/charts/promtail/
- chart: 'promtail'
- repoURL: 'https://grafana.github.io/helm-charts'
- targetRevision: 3.11.0 # application 2.4.2
- helm:
- version: v3
- releaseName: promtail
- values: |
- priorityClassName: daemonset-priority
- serviceMonitor:
- enabled: true
- config:
- lokiAddress: http://loki:3100/loki/api/v1/push
- snippets:
- pipelineStages:
- - docker:
- - match:
- selector: '{app=~"nautible-app-ms-.*"}'
- stages:
- - json:
- expressions:
- level: level
- timestamp: timestamp
- hostName: hostName
- message: message
- mdc: mdc
- - json:
- expressions:
- #can't use charactor [-]
- x_request_id: '"x-request-id"'
- url: url
- http_method: '"http-method"'
- gRPC_method: '"gRPC-method"'
- source: mdc
- - labels:
- level:
- timestamp:
- hostName:
- message:
- mdc:
- url:
- x_request_id:
- http_method:
- gRPC_method:
- - match:
- selector: '{app="nautible-app-ms-customer"}'
- stages:
- - metrics:
- log_error_total:
- type: Counter
- description: error number
- prefix: customer_
- source: level
- config:
- value: ERROR
- action: inc
- log_severe_total:
- type: Counter
- description: error number
- prefix: customer_
- source: level
- config:
- value: SEVERE
- action: inc
- - match:
- selector: '{app="nautible-app-ms-stock"}'
- stages:
- - metrics:
- log_error_total:
- type: Counter
- description: error number
- prefix: stock_
- source: level
- config:
- value: ERROR
- action: inc
- log_severe_total:
- type: Counter
- description: error number
- prefix: stock_
- source: level
- config:
- value: SEVERE
- action: inc
- - match:
- selector: '{app="nautible-app-ms-order"}'
- stages:
- - metrics:
- log_error_total:
- type: Counter
- description: error number
- prefix: order_
- source: level
- config:
- value: ERROR
- action: inc
- log_severe_total:
- type: Counter
- description: error number
- prefix: order_
- source: level
- config:
- value: SEVERE
- action: inc
- - match:
- selector: '{app="nautible-app-ms-product"}'
- stages:
- - metrics:
- log_error_total:
- type: Counter
- description: error number
- prefix: product_
- source: level
- config:
- value: ERROR
- action: inc
- log_severe_total:
- type: Counter
- description: error number
- prefix: product_
- source: level
- config:
- value: SEVERE
- action: inc
- - match:
- selector: '{app="nautible-app-ms-payment"}'
- stages:
- - metrics:
- log_error_total:
- type: Counter
- description: error number
- prefix: payment_
- source: level
- config:
- value: ERROR
- action: inc
- log_severe_total:
- type: Counter
- description: error number
- prefix: payment_
- source: level
- config:
- value: SEVERE
- action: inc
- - match:
- selector: '{app="nautible-app-ms-payment-cache"}'
- stages:
- - metrics:
- log_error_total:
- type: Counter
- description: error number
- prefix: payment_cache_
- source: level
- config:
- value: ERROR
- action: inc
- log_severe_total:
- type: Counter
- description: error number
- prefix: payment_cache_
- source: level
- config:
- value: SEVERE
- action: inc
- - match:
- selector: '{app="nautible-app-ms-delivery"}'
- stages:
- - metrics:
- log_error_total:
- type: Counter
- description: error number
- prefix: delivery_
- source: level
- config:
- value: ERROR
- action: inc
- log_severe_total:
- type: Counter
- description: error number
- prefix: delivery_
- source: level
- config:
- value: SEVERE
- action: inc
- project: default
- syncPolicy:
- automated:
- prune: true
- selfHeal: false
- syncOptions:
- - CreateNamespace=true
diff --git a/observation/rules/application.yaml b/observation/rules/application.yaml
deleted file mode 100644
index 3825f78..0000000
--- a/observation/rules/application.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: rule
- namespace: argocd
-spec:
- destination:
- namespace: monitoring
- server: https://kubernetes.default.svc
- project: default
- source:
- path: observation/rules/base
- repoURL: https://github.com/nautible/nautible-plugin
- targetRevision: HEAD
- syncPolicy:
- automated:
- prune: true
diff --git a/observation/rules/base/kustomization.yaml b/observation/rules/base/kustomization.yaml
deleted file mode 100644
index 3dae1c3..0000000
--- a/observation/rules/base/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- # Workload-level aggregation via recording rules
- # https://istio.io/latest/docs/ops/best-practices/observability/
- - istio-metrics-aggregation.yaml
- - application-down-rule.yaml
- - application-log-rule.yaml
diff --git a/pod-autoscaler/README.md b/pod-autoscaler/README.md
index 06c37e3..a1b9378 100644
--- a/pod-autoscaler/README.md
+++ b/pod-autoscaler/README.md
@@ -2,27 +2,128 @@
## 1. 概要
-イベントドリブン型で動作する(キューなどのバックエンドで非同期動作する)Podのオートスケーラ
+イベントドリブン型で動作する(キューなどのバックエンドで非同期動作する)Podのオートスケーラ。
[KEDA](https://keda.sh/)を導入し、0~Nのスケーリングに対応する。対応するイベントソースは[公式ドキュメント](https://keda.sh/docs/2.6/scalers/)を参照。
## 2. 導入
-```
-$ kubectl apply -f pod-autoscaler/application.yaml
+```bash
+kubectl apply -f pod-autoscaler/application.yaml
```
## 3. 確認
+```bash
+kubectl get deploy -n keda
```
-$ kubectl get deploy -n keda
+
+
NAME READY UP-TO-DATE AVAILABLE AGE
-keda-operator 1/1 1 1 7d23h
-keda-operator-metrics-apiserver 1/1 1 1 7d23h
+keda-admission-webhooks 1/1 1 1 51s
+keda-operator 1/1 1 1 51s
+keda-operator-metrics-apiserver 1/1 1 1 51s
+
+
+## 4. 動作検証
+
+イベントソースにRedisを使用した動作サンプルでKEDAの動作確認を行う。
+
+### 構成
+
+
+examples
+├ setup
+│ ├ redis.yaml
+│ │ └ RedisのDeploymentおよびSerivceリソース
+│ ├ scaledobject.yaml
+│ │ └ オートスケール設定を記載したリソース(KEDAのScaledObjectリソース)
+│ └ receiver.yaml
+│ └ KEDAからイベントを受信して起動するサンプルアプリケーション
+└ producer.yaml
+ └ Redisにイベントを送信するテストジョブ
+
+
+### 動作確認用リソースの導入
+
+```bash
+kubectl apply -f examples/setup/.
+```
+
+### デプロイ結果の確認
+
+```bash
+kubectl get scaledobject
+```
+
+
+NAME SCALETARGETKIND SCALETARGETNAME MIN MAX TRIGGERS AUTHENTICATION READY ACTIVE FALLBACK PAUSED AGE
+redis-scaledobject apps/v1.Deployment receiver 0 4 redis True False Unknown Unknown 12s
+
+
+```bash
+kubectl get hpa
```
-## 4. 削除
+
+NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
+keda-hpa-redis-scaledobject Deployment/receiver /10 (avg) 1 4 0 2s
+
+
+```bash
+kubectl get deploy
+```
+
+
+NAME READY UP-TO-DATE AVAILABLE AGE
+receiver 0/0 0 0 14s
+redis 1/1 1 1 14s
+
+
+### Redisにテストデータ登録
+
+```bash
+kubectl apply -f examples/producer.yaml
+```
+
+### receiverの起動確認
+
+```bash
+kubectl get hpa
+```
+
+
+NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
+keda-hpa-redis-scaledobject Deployment/receiver 1/10 (avg) 1 4 1 2m16s
+
+
+```bash
+kubectl get po
+```
+
+
+NAME READY STATUS RESTARTS AGE
+keda-test-job-lq2ld 0/1 Completed 0 9s
+receiver-f7f5c78c5-cf894 1/1 Running 0 2s
+redis-78dbb788cf-ld4ft 1/1 Running 0 110s
+
+
+なお、本サンプルではreceiverに単純な nginx Pod を用いているため、スケールアウトの確認のみでスケールインの確認はできません。スケールインの確認をする場合はreceiverとなるアプリケーション側でキューからイベントデータを取得し、キュー側のデータを削除する処理を実装する必要があります。
+
+## 5. 削除
+
+### サンプルアプリケーションの削除
+
+```bash
+kubectl delete -f examples/setup/.
+```
+
+### KEDAの削除
+
+ArgoCDのコンソール画面よりkedaの削除を行う。
+
+コマンドラインによる削除を行う場合は、Argo CD CLIを使用してApplicationリソースを削除する。
```
-$ kubectl delete -f pod-autoscaler/application.yaml
+argocd app delete argocd/keda
```
diff --git a/pod-autoscaler/application.yaml b/pod-autoscaler/application.yaml
index 85a2f0b..0542379 100644
--- a/pod-autoscaler/application.yaml
+++ b/pod-autoscaler/application.yaml
@@ -11,10 +11,18 @@ spec:
source:
chart: keda
repoURL: 'https://kedacore.github.io/charts'
- targetRevision: 2.11.1
+ targetRevision: 2.13.1
helm:
version: v3
releaseName: keda
+ # parameter https://github.com/kedacore/charts/blob/main/keda/values.yaml
+ parameters:
+ - name: 'operator.replicaCount'
+ value: '1'
+ - name: 'metricsServer.replicaCount'
+ value: '1'
+ - name: 'webhooks.replicaCount'
+ value: '1'
project: default
syncPolicy:
automated:
diff --git a/pod-autoscaler/examples/producer.yaml b/pod-autoscaler/examples/producer.yaml
new file mode 100644
index 0000000..5ea4592
--- /dev/null
+++ b/pod-autoscaler/examples/producer.yaml
@@ -0,0 +1,23 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: keda-test-job
+ namespace: default
+spec:
+ ttlSecondsAfterFinished: 10
+ template:
+ spec:
+ containers:
+ - name: redis
+ image: kedacore/tests-redis-lists:latest
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: REDIS_ADDRESS
+ value: redis:6379
+ - name: LIST_NAME
+ value: default
+ - name: NO_LIST_ITEMS_TO_WRITE
+ value: "1"
+ args: ["write"]
+ restartPolicy: Never
+ backoffLimit: 4
\ No newline at end of file
diff --git a/pod-autoscaler/examples/setup/receiver.yaml b/pod-autoscaler/examples/setup/receiver.yaml
new file mode 100644
index 0000000..909089e
--- /dev/null
+++ b/pod-autoscaler/examples/setup/receiver.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: receiver
+ labels:
+ app: nginx
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: nginx
+ template:
+ metadata:
+ labels:
+ app: nginx
+ spec:
+ containers:
+ - name: nginx
+ image: nginx:alpine
+ ports:
+ - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: receiver
+ labels:
+ app: nginx
+spec:
+ selector:
+ app: nginx
+ ports:
+ - port: 80
+ targetPort: 80
diff --git a/pod-autoscaler/examples/setup/redis.yaml b/pod-autoscaler/examples/setup/redis.yaml
new file mode 100644
index 0000000..f688d7e
--- /dev/null
+++ b/pod-autoscaler/examples/setup/redis.yaml
@@ -0,0 +1,40 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: redis
+ labels:
+ app: redis
+ role: master
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: redis
+ role: master
+ template:
+ metadata:
+ labels:
+ app: redis
+ role: master
+ spec:
+ containers:
+ - name: master
+ image: redis
+ ports:
+ - containerPort: 6379
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: redis
+ labels:
+ app: redis
+ role: master
+spec:
+ selector:
+ app: redis
+ role: master
+ ports:
+ - port: 6379
+ targetPort: 6379
diff --git a/pod-autoscaler/examples/setup/scaledobject.yaml b/pod-autoscaler/examples/setup/scaledobject.yaml
new file mode 100644
index 0000000..02d30f9
--- /dev/null
+++ b/pod-autoscaler/examples/setup/scaledobject.yaml
@@ -0,0 +1,20 @@
+apiVersion: keda.sh/v1alpha1
+kind: ScaledObject
+metadata:
+ name: redis-scaledobject
+ namespace: default
+spec:
+ idleReplicaCount: 0
+ minReplicaCount: 0
+ maxReplicaCount: 4
+ pollingInterval: 3 # Optional. Default: 30 seconds
+ cooldownPeriod: 5 # Optional. Default: 300 seconds
+ scaleTargetRef:
+ name: receiver
+ triggers:
+ - type: redis
+ metadata:
+ # KEDAのOperatorからアクセスされるので、Service名を指定する
+ address: redis.default.svc.cluster.local:6379
+ listName: default
+ listLength: "10"
diff --git a/secrets/README.md b/secrets/README.md
index 5b987a5..a78658c 100644
--- a/secrets/README.md
+++ b/secrets/README.md
@@ -1,43 +1,69 @@
# Secrets
-クラウドの機密情報管理サービス(AWS:SecretsManager / Azure:KeyVault / GoogleCloud:SecretManager)で管理している機密情報にKubernetesからアクセスする仕組みを提供する。
+クラウドの機密情報管理サービス(AWS: AWS Secrets Manager / Azure: Azure Key Vault / GoogleCloud: SecretManager)で管理している機密情報にKubernetesからアクセスする仕組みを提供する。
## 1. 概要
Kubernetesで機密情報を扱うための仕組みとしてSecretリソースがあるが、Secretのマニフェストは値をbase64エンコーディングして格納するだけで暗号化の仕組みはない。そのため、マニフェストをGit等で管理する場合Git上に機密情報が登録されるためリスクが高い。
-そのため、Secretの管理機構としてexternal-secret-operatorを利用し、機密情報の実体をクラウド上の機密情報管理サービスで安全に管理した上で、KubernetesのSecretリソースを動的に作成する仕組みを導入する。
+そこで、Secretの管理機構としてExternal Secretsを利用し、機密情報の実体をクラウド上の機密情報管理サービスで安全に管理した上で、KubernetesのSecretリソースを動的に作成する仕組みを導入する。
-external-secret-operatorの構成図等は[公式ドキュメント](https://external-secrets.io/)を参照。
+External Secretsの構成図等は[公式ドキュメント](https://external-secrets.io/)を参照。
-## 2. 導入
+## 2. external-secrets-operatorの導入
-### external-secrets-operatorの導入
+External Secretsを利用するための公式オペレーターを導入する。
```bash
kubectl apply -f secrets/application.yaml
```
-### SecretStoreをデプロイ
+## 3. シークレットのデプロイ
-機密情報を格納しているサービスへのアクセス情報をデプロイする。ExternalSecretsはこのSecretStoreからアクセス情報を取得して機密情報にアクセスし、Secretリソースを作成する流れになる。全namespaceから共通で利用する場合はClusterSecretStoreリソース、namespaceごとにアクセスできるキーを絞る場合はSecretStoreリソースを利用する。なお、namespece単位のSecretStoreの場合はアクセスできる機密情報をSecretStoreごとに制限する。
+[リファレンスアプリケーション](https://github.com/nautible/docs/blob/main/referenceapp-architecture/README.md)で利用するシークレットのデプロイを例に導入手順を記載する。
-サンプルではnamedspace単位のSecretStoreをデプロイする。
+なお、本手順ではSecretをnautible-app-msネームスペースにデプロイする。実行時にnautible-app-msネームスペースがまだない場合、先にネームスペースを作成する。
-#### AWS(SecretsManager)
+```bash
+kubectl create ns nautible-app-ms
+```
-SecretStoreを作成する。
+### AWS(AWS Secrets Manager)
-```bash
-ACCOUNT_ID= && eval "echo \"$(cat )\"" | kubectl apply -f -
+#### IAMの作成
+
+KubernetesからAWS Secrets Managerへアクセスするためのロール及びポリシーを作成する。
+
+ロール及びポリシーの作成はTerraformで実施する。デプロイ手順は[nautible-infra/aws/app-ms](https://github.com/nautible/nautible-infra/tree/main/aws/app-ms)を参照
+
+#### ServiceAccount、SecretStoreのデプロイ
-# 例
+[リファレンスアプリケーション](https://github.com/nautible/docs/blob/main/referenceapp-architecture/README.md)用のServiceAccount、SecretStoreをデプロイする。
+
+- ServiceAccount
+ - 上記で作成したIAMロールをKubernetes上のリソースで利用するためのServiceAccount
+- SecretStore
+ - AWS Secrets Managerへアクセスするリソース。ServiceAccountを紐づけて利用する。全namespaceから共通で利用する場合はClusterSecretStoreリソース、namespaceごとにアクセスできるキーを絞る場合はSecretStoreリソースとなる。アクセスできるシークレットの範囲はServiceAccountに紐づけているIAMロールのポリシーで制御する。
+
+※ 定義はapp-ms/overlays/aws/secretstore.yamlを参照。
+
+```bash
ACCOUNT_ID= && eval "echo \"$(cat app-ms/overlays/aws/secretstore.yaml)\"" | kubectl apply -f -
```
-なお、紐づくロールについてはnautible-infraプロジェクトのaws/app-ms/modules/common/main.tf内にあるapp_secret_access_role及びapp_secret_access_role_policyを参照。(事前にこのロール及びポリシーをTerraformで作成しておく)
+#### ExternalSecretのデプロイ
+
+AWS Secrets Managerの値をKubernetesのSecretリソースにマッピングするExternalSecretをデプロイする。
-#### Azure(AzureKeyVault)
+[リファレンスアプリケーション](https://github.com/nautible/docs/blob/main/referenceapp-architecture/README.md)では、必要なシークレットをkustomizeファイルで定義してArgoCDで管理する方式をとっているため、application.yamlをデプロイする。
+
+```bash
+kubectl apply -f app-ms/overlays/aws/secret-parameter/application.yaml
+```
+
+### Azure(Azure Key Vault)
+
+#### Azure Key Vaultへ接続するためのSecretの作成
external-secrets-operatorからAzure Key vaultへ接続するためのk8s secretおよびSecretStoreを作成する。CLIENTIDにはAzureコンソール>AzureAD>アプリのアプリケーション (クライアント) IDの値を設定。CLIENTSECRETにはAzureコンソール>AzureAD>アプリの登録>証明書とシークレットでクライアントシークレットを登録して値を設定する。
@@ -45,42 +71,91 @@ external-secrets-operatorからAzure Key vaultへ接続するためのk8s secret
kubectl create secret generic external-secrets-azure-credentials -n nautible-app-ms --from-literal=clientid=$CLIENTID --from-literal=clientsecret=$CLIENTSECRET
```
-SecretStoreを作成する。
+#### SecretStoreのデプロイ
+
+[リファレンスアプリケーション](https://github.com/nautible/docs/blob/main/referenceapp-architecture/README.md)用のSecretStoreをデプロイする。
TENANT_IDにはAzureコンソール>AzureAD>テナントIDの値を設定、APP_MS_VAULT_URLにはAzureコンソール>キー コンテナー>nautibledevappms>コンテナーのURIの値を設定する。
+※ 定義はapp-ms/overlays/azure/secretstore.yamlを参照。
+
```bash
-TENANT_ID=<テナントID> && APP_MS_VAULT_URL= && eval "echo \"$(cat )\"" | kubectl apply -f -
+TENANT_ID=<テナントID> && APP_MS_VAULT_URL= && eval "echo \"$(cat app-ms/overlays/azure/secretstore.yaml)\"" | kubectl apply -f -
+```
+
+#### ExternalSecretのデプロイ
+
+Azure Key Vaultの値をKubernetesのSecretリソースにマッピングするExternalSecretをデプロイする。
-# 例
-TENANT_ID=<テナントID> && APP_MS_VAULT_URL= && eval "echo \"$(cat app-ms/overlays/aws/secretstore.yaml)\"" | kubectl apply -f -
+リファレンスアプリケーションでは、必要なシークレットをkustomizeファイルで定義してArgoCDで管理する方式をとっているため、application.yamlをデプロイする。
+
+```bash
+kubectl apply -f app-ms/overlays/azure/secret-parameter/application.yaml
```
-## 3. 確認
+## 4. 確認
-### external-secrets-operatorの導入確認(AWSでの確認例)
+### external-secrets-operatorの導入確認
```bash
kubectl get deploy -n external-secrets
+```
+
NAME READY UP-TO-DATE AVAILABLE AGE
external-secrets-operator 1/1 1 1 3d1h
external-secrets-operator-cert-controller 1/1 1 1 3d1h
external-secrets-operator-webhook 1/1 1 1 3d1h
+
+
+### Secretの確認
+
+```bash
+kubectl get secret -n nautible-app-ms
```
-## 4. 削除
+
+NAME TYPE DATA AGE
+secret-nautible-app-ms-order Opaque 1 7m4s
+secret-nautible-app-ms-product-db Opaque 2 7m4s
+
-### SecretStoreの削除
+## 5. 削除
+
+### ExternalSecretの削除
+
+注)Secretを利用しているアプリケーションがないことを確認の上削除すること。
+
+ArgoCDのコンソール画面よりsecret-app-msの削除を行う。
+
+コマンドラインによる削除を行う場合は、Argo CD CLIを使用してApplicationリソースを削除する。
```bash
-kubectl delete -f
+argocd app delete argocd/secret-app-ms
+```
+
-# 例
+### SecretStoreの削除
+
+#### AWS
+
+```bash
kubectl delete -f app-ms/overlays/aws/secretstore.yaml
```
+#### Azure
+
+```bash
+kubectl delete -f app-ms/overlays/azure/secretstore.yaml
+```
+
### external-secrets-operatorの削除
-ArgoCDのコンソールよりexternal-secrets-operatorを削除
+ArgoCDのコンソール画面よりexternal-secrets-operatorの削除を行う。
+
+コマンドラインによる削除を行う場合は、Argo CD CLIを使用してApplicationリソースを削除する。
+
+```bash
+argocd app delete argocd/external-secrets-operator
+```
diff --git a/secrets/application.yaml b/secrets/application.yaml
index 683dd7a..c43f4e5 100644
--- a/secrets/application.yaml
+++ b/secrets/application.yaml
@@ -12,7 +12,7 @@ spec:
# refs https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
chart: 'external-secrets'
repoURL: 'https://charts.external-secrets.io/'
- targetRevision: 0.9.1
+ targetRevision: 0.9.11
project: default
syncPolicy:
automated: