chore: DENA-828 - bases for k6-operator #356
Conversation
| kind: Kustomization | ||
| resources: | ||
| - upstream/k6.yaml | ||
| - upstream/plz.yaml |
There was a problem hiding this comment.
plz is not a well known acronym, I'd keep the full name of the resource
k6-operator/Makefile
Outdated
| APP_VERSION=0.0.16 | ||
|
|
||
|
|
||
| .PHONY: get-upstream |
There was a problem hiding this comment.
In this repo, we usually call upstream to the files/manifests that we pull unchanged, so I don't like calling it upstream here, since the produced manifests have already been templated by our values
There was a problem hiding this comment.
what would be the preference? gen-manifests or something similar?
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: ClusterRole | ||
| metadata: | ||
| name: k6-operator-manager-role |
There was a problem hiding this comment.
this is quite a powerful role, including reading all secrets, and full control over all the cluster deployments. Ideally we'll have this be a "role" instead of a "clusterrole" and bind it to opt-in namespaces
There was a problem hiding this comment.
this is the ClusterRole that comes out-of-the-box. is the suggestion to move this to the controller package and transform to role and for now deploy to dev-enablement?
are there attributes between ClusterRole and Role transferable? wondering if it is a matter of just location and replacing values for kind and adding .metadata.namespace
There was a problem hiding this comment.
yes to everything xD. I think they should be pretty transferable, iirc the only difference is that clusterrole affects to the whole cluster, while the role only affects the namespace where it's deployed. However sometimes the software verifies that it has superpowers and refuses to run if it doesn't, so it may not work
There was a problem hiding this comment.
For testing behind firewalls we will need this applied and a template deployed wherever we want access to.
instructions are as following
- generate a k6 token via grafana cloud and create a k8s secret
kubectl create secret generic grafana-k6-token -n plz-ns --from-literal=token=<GRAFANA_API_STACK_TOKEN>
- create a PLZ resource definition and apply it in your desired cluster. I am not sure if it needs to be namespace-bound, I guess it depends on the access controls of the system under test
apiVersion: k6.io/v1alpha1
kind: PrivateLoadZone
metadata:
name: my-first-plz
namespace: plz-ns
spec:
token: grafana-k6-token
resources:
limits:
cpu: 256m
memory: 1024Mi
No description provided.