diff --git a/components/sandbox/tiers/production/appstudio/kustomization.yaml b/components/sandbox/tiers/production/appstudio/kustomization.yaml index b097223c91c..7700483dc6e 100644 --- a/components/sandbox/tiers/production/appstudio/kustomization.yaml +++ b/components/sandbox/tiers/production/appstudio/kustomization.yaml @@ -12,4 +12,5 @@ resources: - tiertemplate-appstudio-contributor-1817914940-1817914940.yaml - tiertemplate-appstudio-maintainer-293087644-293087644.yaml - tiertemplate-appstudio-tenant-199961605-199961605.yaml +- tiertemplate-appstudio-tenant-2313893948-2313893948.yaml - tiertemplate-appstudio-viewer-4059797645-4059797645.yaml diff --git a/components/sandbox/tiers/production/appstudio/nstemplatetier-appstudio.yaml b/components/sandbox/tiers/production/appstudio/nstemplatetier-appstudio.yaml index fa81fa04c71..0de389e6ca7 100644 --- a/components/sandbox/tiers/production/appstudio/nstemplatetier-appstudio.yaml +++ b/components/sandbox/tiers/production/appstudio/nstemplatetier-appstudio.yaml @@ -11,7 +11,7 @@ spec: clusterResources: templateRef: appstudio-clusterresources-809836689-809836689 namespaces: - - templateRef: appstudio-tenant-199961605-199961605 + - templateRef: appstudio-tenant-2313893948-2313893948 spaceRoles: admin: templateRef: appstudio-admin-1876853981-1876853981 diff --git a/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-tenant-2313893948-2313893948.yaml b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-tenant-2313893948-2313893948.yaml new file mode 100644 index 00000000000..19458b874a5 --- /dev/null +++ b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-tenant-2313893948-2313893948.yaml @@ -0,0 +1,295 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-tenant-2313893948-2313893948 + namespace: toolchain-host-operator +spec: + revision: 2313893948-2313893948 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: v1 + kind: Namespace + metadata: + annotations: + openshift.io/description: ${SPACE_NAME} + openshift.io/display-name: ${SPACE_NAME} + openshift.io/requester: ${SPACE_NAME} + labels: + appstudio.redhat.com/workspace_name: ${SPACE_NAME} + argocd.argoproj.io/managed-by: gitops-service-argocd + name: ${SPACE_NAME}-tenant + name: ${SPACE_NAME}-tenant + - apiVersion: appstudio.redhat.com/v1alpha1 + kind: Environment + metadata: + name: development + namespace: ${SPACE_NAME}-tenant + spec: + deploymentStrategy: AppStudioAutomated + displayName: Development + type: Non-POC + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: compute-deploy + namespace: ${SPACE_NAME}-tenant + spec: + hard: + limits.cpu: "20" + limits.memory: ${MEMORY_LIMIT} + requests.cpu: 1750m + requests.memory: ${MEMORY_REQUEST} + scopes: + - NotTerminating + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: compute-build + namespace: ${SPACE_NAME}-tenant + spec: + hard: + limits.cpu: ${CPU_BUILD_LIMIT} + limits.memory: ${MEMORY_BUILD_LIMIT} + requests.cpu: ${CPU_BUILD_REQUEST} + requests.memory: ${MEMORY_BUILD_REQUEST} + scopes: + - Terminating + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: storage + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/persistentvolumeclaims: ${COUNT_PVC} + limits.ephemeral-storage: 50Gi + requests.ephemeral-storage: 50Gi + requests.storage: ${REQUEST_STORAGE} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: toolchain-crds + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/spacerequests.toolchain.dev.openshift.com: "32" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/applications.appstudio.redhat.com: "512" + count/componentdetectionqueries.appstudio.redhat.com: "512" + count/components.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-build + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/buildpipelineselectors.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-gitops + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/deploymenttargetclaims.appstudio.redhat.com: "32" + count/deploymenttargetclasses.appstudio.redhat.com: "32" + count/deploymenttargets.appstudio.redhat.com: "32" + count/environments.appstudio.redhat.com: "512" + count/promotionruns.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-integration + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/integrationtestscenarios.appstudio.redhat.com: "512" + count/snapshotenvironmentbindings.appstudio.redhat.com: "512" + count/snapshots.appstudio.redhat.com: "1024" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-release + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/internalrequests.appstudio.redhat.com: "512" + count/releaseplanadmissions.appstudio.redhat.com: "512" + count/releaseplans.appstudio.redhat.com: "512" + count/releases.appstudio.redhat.com: "512" + count/releasestrategies.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-enterprisecontract + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/enterprisecontractpolicies.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-spi + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/spiaccesschecks.appstudio.redhat.com: "512" + count/spiaccesstokenbindings.appstudio.redhat.com: "512" + count/spiaccesstokendataupdates.appstudio.redhat.com: "512" + count/spiaccesstokens.appstudio.redhat.com: "512" + count/spifilecontentrequests.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: LimitRange + metadata: + name: resource-limits + namespace: ${SPACE_NAME}-tenant + spec: + limits: + - default: + cpu: 2000m + memory: 2Gi + defaultRequest: + cpu: 100m + memory: 256Mi + type: Container + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-same-namespace + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - podSelector: {} + podSelector: {} + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-ingress + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: ingress + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-monitoring + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: monitoring + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-codeready-workspaces-operator + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: codeready-workspaces + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-olm-namespaces + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + openshift.io/scc: anyuid + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-console-namespaces + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: console + podSelector: {} + policyTypes: + - Ingress + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: appstudio-pipeline + namespace: ${SPACE_NAME}-tenant + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-pipelines-runner-rolebinding + namespace: ${SPACE_NAME}-tenant + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: appstudio-pipelines-runner + subjects: + - kind: ServiceAccount + name: appstudio-pipeline + namespace: ${SPACE_NAME}-tenant + - apiVersion: v1 + data: {} + kind: ConfigMap + metadata: + labels: + config.openshift.io/inject-trusted-cabundle: "true" + name: trusted-ca + namespace: ${SPACE_NAME}-tenant + parameters: + - name: SPACE_NAME + required: true + - name: MEMORY_LIMIT + value: 32Gi + - name: MEMORY_REQUEST + value: 32Gi + - name: CPU_BUILD_LIMIT + value: "120" + - name: CPU_BUILD_REQUEST + value: "60" + - name: MEMORY_BUILD_LIMIT + value: 128Gi + - name: MEMORY_BUILD_REQUEST + value: 64Gi + - name: COUNT_PVC + value: "90" + - name: REQUEST_STORAGE + value: 200Gi + tierName: appstudio + type: tenant diff --git a/components/sandbox/tiers/production/appstudiolarge/kustomization.yaml b/components/sandbox/tiers/production/appstudiolarge/kustomization.yaml index 381f5d086b4..181e42a4cb0 100644 --- a/components/sandbox/tiers/production/appstudiolarge/kustomization.yaml +++ b/components/sandbox/tiers/production/appstudiolarge/kustomization.yaml @@ -12,4 +12,5 @@ resources: - tiertemplate-appstudiolarge-contributor-1884308846-1817914940.yaml - tiertemplate-appstudiolarge-maintainer-1884308846-293087644.yaml - tiertemplate-appstudiolarge-tenant-1884308846-199961605.yaml +- tiertemplate-appstudiolarge-tenant-1884308846-2313893948.yaml - tiertemplate-appstudiolarge-viewer-1884308846-4059797645.yaml diff --git a/components/sandbox/tiers/production/appstudiolarge/nstemplatetier-appstudiolarge.yaml b/components/sandbox/tiers/production/appstudiolarge/nstemplatetier-appstudiolarge.yaml index 76f3bd7818a..c4fc34a1b09 100644 --- a/components/sandbox/tiers/production/appstudiolarge/nstemplatetier-appstudiolarge.yaml +++ b/components/sandbox/tiers/production/appstudiolarge/nstemplatetier-appstudiolarge.yaml @@ -11,7 +11,7 @@ spec: clusterResources: templateRef: appstudiolarge-clusterresources-1884308846-809836689 namespaces: - - templateRef: appstudiolarge-tenant-1884308846-199961605 + - templateRef: appstudiolarge-tenant-1884308846-2313893948 spaceRoles: admin: templateRef: appstudiolarge-admin-1884308846-1876853981 diff --git a/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-tenant-1884308846-2313893948.yaml b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-tenant-1884308846-2313893948.yaml new file mode 100644 index 00000000000..d8d482250c9 --- /dev/null +++ b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-tenant-1884308846-2313893948.yaml @@ -0,0 +1,295 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-tenant-1884308846-2313893948 + namespace: toolchain-host-operator +spec: + revision: 1884308846-2313893948 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: v1 + kind: Namespace + metadata: + annotations: + openshift.io/description: ${SPACE_NAME} + openshift.io/display-name: ${SPACE_NAME} + openshift.io/requester: ${SPACE_NAME} + labels: + appstudio.redhat.com/workspace_name: ${SPACE_NAME} + argocd.argoproj.io/managed-by: gitops-service-argocd + name: ${SPACE_NAME}-tenant + name: ${SPACE_NAME}-tenant + - apiVersion: appstudio.redhat.com/v1alpha1 + kind: Environment + metadata: + name: development + namespace: ${SPACE_NAME}-tenant + spec: + deploymentStrategy: AppStudioAutomated + displayName: Development + type: Non-POC + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: compute-deploy + namespace: ${SPACE_NAME}-tenant + spec: + hard: + limits.cpu: "20" + limits.memory: ${MEMORY_LIMIT} + requests.cpu: 1750m + requests.memory: ${MEMORY_REQUEST} + scopes: + - NotTerminating + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: compute-build + namespace: ${SPACE_NAME}-tenant + spec: + hard: + limits.cpu: ${CPU_BUILD_LIMIT} + limits.memory: ${MEMORY_BUILD_LIMIT} + requests.cpu: ${CPU_BUILD_REQUEST} + requests.memory: ${MEMORY_BUILD_REQUEST} + scopes: + - Terminating + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: storage + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/persistentvolumeclaims: ${COUNT_PVC} + limits.ephemeral-storage: 50Gi + requests.ephemeral-storage: 50Gi + requests.storage: ${REQUEST_STORAGE} + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: toolchain-crds + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/spacerequests.toolchain.dev.openshift.com: "32" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/applications.appstudio.redhat.com: "512" + count/componentdetectionqueries.appstudio.redhat.com: "512" + count/components.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-build + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/buildpipelineselectors.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-gitops + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/deploymenttargetclaims.appstudio.redhat.com: "32" + count/deploymenttargetclasses.appstudio.redhat.com: "32" + count/deploymenttargets.appstudio.redhat.com: "32" + count/environments.appstudio.redhat.com: "512" + count/promotionruns.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-integration + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/integrationtestscenarios.appstudio.redhat.com: "512" + count/snapshotenvironmentbindings.appstudio.redhat.com: "512" + count/snapshots.appstudio.redhat.com: "1024" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-release + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/internalrequests.appstudio.redhat.com: "512" + count/releaseplanadmissions.appstudio.redhat.com: "512" + count/releaseplans.appstudio.redhat.com: "512" + count/releases.appstudio.redhat.com: "512" + count/releasestrategies.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-enterprisecontract + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/enterprisecontractpolicies.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: ResourceQuota + metadata: + name: appstudio-crds-spi + namespace: ${SPACE_NAME}-tenant + spec: + hard: + count/spiaccesschecks.appstudio.redhat.com: "512" + count/spiaccesstokenbindings.appstudio.redhat.com: "512" + count/spiaccesstokendataupdates.appstudio.redhat.com: "512" + count/spiaccesstokens.appstudio.redhat.com: "512" + count/spifilecontentrequests.appstudio.redhat.com: "512" + - apiVersion: v1 + kind: LimitRange + metadata: + name: resource-limits + namespace: ${SPACE_NAME}-tenant + spec: + limits: + - default: + cpu: 2000m + memory: 2Gi + defaultRequest: + cpu: 100m + memory: 256Mi + type: Container + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-same-namespace + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - podSelector: {} + podSelector: {} + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-ingress + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: ingress + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-openshift-monitoring + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: monitoring + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-codeready-workspaces-operator + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: codeready-workspaces + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-olm-namespaces + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + openshift.io/scc: anyuid + podSelector: {} + policyTypes: + - Ingress + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-from-console-namespaces + namespace: ${SPACE_NAME}-tenant + spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: console + podSelector: {} + policyTypes: + - Ingress + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: appstudio-pipeline + namespace: ${SPACE_NAME}-tenant + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-pipelines-runner-rolebinding + namespace: ${SPACE_NAME}-tenant + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: appstudio-pipelines-runner + subjects: + - kind: ServiceAccount + name: appstudio-pipeline + namespace: ${SPACE_NAME}-tenant + - apiVersion: v1 + data: {} + kind: ConfigMap + metadata: + labels: + config.openshift.io/inject-trusted-cabundle: "true" + name: trusted-ca + namespace: ${SPACE_NAME}-tenant + parameters: + - name: SPACE_NAME + required: true + - name: MEMORY_LIMIT + value: 32Gi + - name: MEMORY_REQUEST + value: 32Gi + - name: CPU_BUILD_LIMIT + value: "480" + - name: CPU_BUILD_REQUEST + value: "240" + - name: MEMORY_BUILD_LIMIT + value: 512Gi + - name: MEMORY_BUILD_REQUEST + value: 256Gi + - name: COUNT_PVC + value: "180" + - name: REQUEST_STORAGE + value: 400Gi + tierName: appstudiolarge + type: tenant