Skip to content

Platform CRD

Description

A Platform CRD is there to enrich Punchlines, Applications and Plans. This enables the separation of concern between what an admin, moderator and an end-user can or cannot do.

To reference a platform crd in your punchline, fill the annotations with :

metadata:
  annotations:
    platform.gitlab.thalesdigital.io/platform: <PLATFORM_NAME>`

Information available within the CRD will be used to enrich your punchline.

Notes :

  • The same platform file can be used for multiples tenants.
  • Secret objects referenced in the platform crd should be created beforehand by an administrator or moderator.
  • Each platform instance can only be linked with one service account. Linked service account should be created beforehand by an administrator or moderator

To check the enriched punchline configuration, run :

kubectl apply -f mystormline.yml --dry-run -o yaml

Example

---
apiVersion: platform.gitlab.thalesdigital.io/v1
kind: Platform
metadata:
  name: platform
spec:
  serviceAccount: admin-user
  imagePullPolicy: IfNotPresent
  initContainerImage: ghcr.io/punchplatform/resourcectl:7.0.1-SNAPSHOT
  services:
  - type: dependencies
    # The following url will be used by the above resourcectl initContainer image to download
    #    dependencies from the punch artifacts service.
    url: http://artifacts-service.punch-system:4242
    secretRefs:
    - name: dependencies-basic-auth # cannot be changed
      mountPath: /var/run/platform/secrets/dependencies/basic-auth
    - name: dependencies-tls # cannot be changed
      mountPath: /var/run/platform/secrets/dependencies/tls
  - type: elastic_input
    secretRefs:
    - name: elastic-basic-auth
      mountPath: /var/run/platform/secrets/elastic_input/basic-auth
    - name: elastic-tls
      mountPath: /var/run/platform/secrets/elastic_input/tls
  - type: elastic_batch_input
    secretRefs:
    - name: elastic-basic-auth
      mountPath: /var/run/platform/secrets/elastic_batch_input/basic-auth
    - name: elastic-tls
      mountPath: /var/run/platform/secrets/elastic_batch_input/tls

Related secrets that must be also applied

---
apiVersion: v1
kind: Secret
metadata:
  name: dependencies-basic-auth
type: kubernetes.io/basic-auth
stringData:
  username: admin
  password: t0p-Secret
---
apiVersion: v1
kind: Secret
metadata:
  name: dependencies-tls
type: kubernetes.io/tls
data:
  tls.crt: |
    MIIDITCCAgmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwptaW5p
    a3ViZUNBMB4XDTIxMDYyNDE4MTIyMVoXDTIyMDYyNTE4MTIyMVowMTEXMBUGA1UE
    ChMOc3lzdGVtOm1hc3RlcnMxFjAUBgNVBAMTDW1pbmlrdWJlLXVzZXIwggEiMA0G
    CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSNDcaoRCmu000XNvV5kM2Go3ZJg5P
    C6cPZgxRjqViT4XeJ25heyPDuaDEGXrGrGtEhKS8IdIT0ZgwcMMRUedmbhRxY4qN
    3X3zjo/0R2tteDE9NVmlKh7m7lKd/x6OQ3uMJRFnW9QyzfRYVam0iHAgK/s+WzMS
    fk7ve8MFQ+XwvYpU+1vKc/f+2lGCxnMe/hm56+hN9xq2ZczKpqYoi19JNY7F5Q49
    2tZWfl1BgvpoqSokbgK9YDOHYTZwhbARovcR7OPxHDVW2o3+NLItbulMOR/f5cnf
    Rk9815n+SIs56q/GIqObz6flHbHs7ylKkm/mUyee4L1wFoykq01n+kcbAgMBAAGj
    YDBeMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
    AwIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQeD4iHsfo1jWFac3KE13x7/iCi
    pzANBgkqhkiG9w0BAQsFAAOCAQEAXg4tQN2A68WdP2/QCsLvDRo5bCIoq/jFpgK2
    bMQsrzuTVj/pgSYhjkUDKiyf+l0hatQvpgijmI52QX4SF63OphLx1o8h1Rk9ZxQK
    or7Uahaq+1hxE0aoDpWe6m4Wi3FsoLb/dEm0JfDQrhTg6nPg+Q60cH4jDf2rpxOE
    /WD7p6coTBUuJF4G+uE5dC898QLtaYlbN21UDXSpu+cU6zqe9zK4qkWcSzoSMrKX
    k8ZBKl7dnIaBrwVXRbfQIHtR7fDfYJCw3XEjEBse1ijvBtxGBin9aSy42ynNx6Kt
    KkD647Q9I8xWKVYaDEvNrVBDPg8uQ5zonJ4wMcQhlHY55180jg==
  tls.key: |
    MIIEpQIBAAKCAQEA0jQ3GqEQprtNNFzb1eZDNhqN2SYOTwunD2YMUY6lYk+F3idu
    YXsjw7mgxBl6xqxrRISkvCHSE9GYMHDDEVHnZm4UcWOKjd19846P9EdrbXgxPTVZ
    pSoe5u5Snf8ejkN7jCURZ1vUMs30WFWptIhwICv7PlszEn5O73vDBUPl8L2KVPtb
    ynP3/tpRgsZzHv4ZuevoTfcatmXMyqamKItfSTWOxeUOPdrWVn5dQYL6aKkqJG4C
    vWAzh2E2cIWwEaL3Eezj8Rw1VtqN/jSyLW7pTDkf3+XJ30ZPfNeZ/kiLOeqvxiKj
    m8+n5R2x7O8pSpJv5lMnnuC9cBaMpKtNZ/pHGwIDAQABAoIBAQCAU0IkrplkwEm0
    os/OOIFloTZhj7sChKGbY/g3Pfc3GkcmRTo8pplB3qwHq2ppqU7fCH8tHxSJ5tWb
    FOvxQegbfy5ZvqQSUVqX+rtlLMinjs24iT5N93XgEzQ6okm8HfRprSN/zu6viU4X
    M0ykGvsgmNkLy09VheiYiRyYtUfF/ERU4VojtDUakLKfDrjVOpkF1Ytz0Yl3V0pT
    jnaHlEHlwrzF1YgVQb4+8Nd4C/wa94ZQJwGDItDLKh1OZ5XGGIR+mIeNp6xfCbKX
    izX6Gti9o/JBY0wAGHEg/aNn+eBCCg4fbye9eMk9v7OFH1C8XM+NWnUY88mH0B8N
    BaEsZOBBAoGBAPn7NmGlwjpyRiu1HY27LYaMp88o4OBRaKzCzi1VBI+OWLWeDvfP
    zEK/TqaNco9VEaiYf/jXCVPc1AbG7zLOm5leHFwZWvsEcjKmuB/2cQJNrR0c8oIC
    ZS+u3KCQr9uvzk0PzoVEkwQG2tws+0qEJWJ2cuQmIj0LxYv6gBUnu5GhAoGBANdD
    1K96aeEiCz/QqJIHnxzIEBA0KXKTGtEKmSuj4mDRMi0RrrllbSgl4U87o+xdu/uB
    VpL4BDew+47vBpWkc441i5Qr8G+syXApPtdFv33jcdJ4LfqG/RqMcqM98c2odrGf
    XmgCgPc87z4REXbnJrAlG9m4U88QkWEfQhSeAlc7AoGBANI7XwTILoyQxkrDytMD
    c8oQSKCENHryfCGuw06EjY1dnWVARD5M1+/ai/6uPoYkePFdL2LLFeEdeoMoksob
    z+gvqZIbENTCbHgElhzrWScixFATpC+KbCap3Ip8pCkRtWJBxOF3RlzAlxdMDRoi
    AH7KNt2A5JKKb9zFEyq3e5uBAoGBAMX84EBpUbq8aiZOjsyI8AIzy/prT3fO7wo3
    OjvWJt8vaXvkWJSyQdx8QqdyTkmWyNAA3JSeQprKUATduWum7pVskC0+4IyGGlvr
    w52RzBdIOyb+XCOhRmfFp6aW0bB68nhaASWer+k2BUFLx4lZ/s5hwyTTkVnQfjYa
    3tdBoRuDAoGAWr1fewNlrsMj5rIKl/2K7/yhkrM4xhDB5l5vgpFlampmZzjSUqml
    VBc7i/T3XlrRc3AAT/BiQIHDWVHxBvGcrb+f+n1G8pOtw6xGvsg2eUWzw0rD8f16
    vuxoZ3xfnFZzqMMoS0F3lM3huAUslLLQSn9kYAXYD5Sale5bdOZnrpw=

---
apiVersion: v1
kind: Secret
metadata:
  name: elastic-basic-auth
type: kubernetes.io/basic-auth
stringData:
  username: admin
  password: t0p-Secret
---
apiVersion: v1
kind: Secret
metadata:
  name: elastic-tls
type: kubernetes.io/tls
data:
  tls.crt: |
    MIIDITCCAgmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwptaW5p
    a3ViZUNBMB4XDTIxMDYyNDE4MTIyMVoXDTIyMDYyNTE4MTIyMVowMTEXMBUGA1UE
    ChMOc3lzdGVtOm1hc3RlcnMxFjAUBgNVBAMTDW1pbmlrdWJlLXVzZXIwggEiMA0G
    CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSNDcaoRCmu000XNvV5kM2Go3ZJg5P
    C6cPZgxRjqViT4XeJ25heyPDuaDEGXrGrGtEhKS8IdIT0ZgwcMMRUedmbhRxY4qN
    3X3zjo/0R2tteDE9NVmlKh7m7lKd/x6OQ3uMJRFnW9QyzfRYVam0iHAgK/s+WzMS
    fk7ve8MFQ+XwvYpU+1vKc/f+2lGCxnMe/hm56+hN9xq2ZczKpqYoi19JNY7F5Q49
    2tZWfl1BgvpoqSokbgK9YDOHYTZwhbARovcR7OPxHDVW2o3+NLItbulMOR/f5cnf
    Rk9815n+SIs56q/GIqObz6flHbHs7ylKkm/mUyee4L1wFoykq01n+kcbAgMBAAGj
    YDBeMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
    AwIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQeD4iHsfo1jWFac3KE13x7/iCi
    pzANBgkqhkiG9w0BAQsFAAOCAQEAXg4tQN2A68WdP2/QCsLvDRo5bCIoq/jFpgK2
    bMQsrzuTVj/pgSYhjkUDKiyf+l0hatQvpgijmI52QX4SF63OphLx1o8h1Rk9ZxQK
    or7Uahaq+1hxE0aoDpWe6m4Wi3FsoLb/dEm0JfDQrhTg6nPg+Q60cH4jDf2rpxOE
    /WD7p6coTBUuJF4G+uE5dC898QLtaYlbN21UDXSpu+cU6zqe9zK4qkWcSzoSMrKX
    k8ZBKl7dnIaBrwVXRbfQIHtR7fDfYJCw3XEjEBse1ijvBtxGBin9aSy42ynNx6Kt
    KkD647Q9I8xWKVYaDEvNrVBDPg8uQ5zonJ4wMcQhlHY55180jg==
  tls.key: |
    MIIEpQIBAAKCAQEA0jQ3GqEQprtNNFzb1eZDNhqN2SYOTwunD2YMUY6lYk+F3idu
    YXsjw7mgxBl6xqxrRISkvCHSE9GYMHDDEVHnZm4UcWOKjd19846P9EdrbXgxPTVZ
    pSoe5u5Snf8ejkN7jCURZ1vUMs30WFWptIhwICv7PlszEn5O73vDBUPl8L2KVPtb
    ynP3/tpRgsZzHv4ZuevoTfcatmXMyqamKItfSTWOxeUOPdrWVn5dQYL6aKkqJG4C
    vWAzh2E2cIWwEaL3Eezj8Rw1VtqN/jSyLW7pTDkf3+XJ30ZPfNeZ/kiLOeqvxiKj
    m8+n5R2x7O8pSpJv5lMnnuC9cBaMpKtNZ/pHGwIDAQABAoIBAQCAU0IkrplkwEm0
    os/OOIFloTZhj7sChKGbY/g3Pfc3GkcmRTo8pplB3qwHq2ppqU7fCH8tHxSJ5tWb
    FOvxQegbfy5ZvqQSUVqX+rtlLMinjs24iT5N93XgEzQ6okm8HfRprSN/zu6viU4X
    M0ykGvsgmNkLy09VheiYiRyYtUfF/ERU4VojtDUakLKfDrjVOpkF1Ytz0Yl3V0pT
    jnaHlEHlwrzF1YgVQb4+8Nd4C/wa94ZQJwGDItDLKh1OZ5XGGIR+mIeNp6xfCbKX
    izX6Gti9o/JBY0wAGHEg/aNn+eBCCg4fbye9eMk9v7OFH1C8XM+NWnUY88mH0B8N
    BaEsZOBBAoGBAPn7NmGlwjpyRiu1HY27LYaMp88o4OBRaKzCzi1VBI+OWLWeDvfP
    zEK/TqaNco9VEaiYf/jXCVPc1AbG7zLOm5leHFwZWvsEcjKmuB/2cQJNrR0c8oIC
    ZS+u3KCQr9uvzk0PzoVEkwQG2tws+0qEJWJ2cuQmIj0LxYv6gBUnu5GhAoGBANdD
    1K96aeEiCz/QqJIHnxzIEBA0KXKTGtEKmSuj4mDRMi0RrrllbSgl4U87o+xdu/uB
    VpL4BDew+47vBpWkc441i5Qr8G+syXApPtdFv33jcdJ4LfqG/RqMcqM98c2odrGf
    XmgCgPc87z4REXbnJrAlG9m4U88QkWEfQhSeAlc7AoGBANI7XwTILoyQxkrDytMD
    c8oQSKCENHryfCGuw06EjY1dnWVARD5M1+/ai/6uPoYkePFdL2LLFeEdeoMoksob
    z+gvqZIbENTCbHgElhzrWScixFATpC+KbCap3Ip8pCkRtWJBxOF3RlzAlxdMDRoi
    AH7KNt2A5JKKb9zFEyq3e5uBAoGBAMX84EBpUbq8aiZOjsyI8AIzy/prT3fO7wo3
    OjvWJt8vaXvkWJSyQdx8QqdyTkmWyNAA3JSeQprKUATduWum7pVskC0+4IyGGlvr
    w52RzBdIOyb+XCOhRmfFp6aW0bB68nhaASWer+k2BUFLx4lZ/s5hwyTTkVnQfjYa
    3tdBoRuDAoGAWr1fewNlrsMj5rIKl/2K7/yhkrM4xhDB5l5vgpFlampmZzjSUqml
    VBc7i/T3XlrRc3AAT/BiQIHDWVHxBvGcrb+f+n1G8pOtw6xGvsg2eUWzw0rD8f16
    vuxoZ3xfnFZzqMMoS0F3lM3huAUslLLQSn9kYAXYD5Sale5bdOZnrpw=