fix: Add sorcerer queues
This commit is contained in:
@@ -54,6 +54,23 @@ metadata:
|
||||
argocd.argoproj.io/sync-wave: "2"
|
||||
spec:
|
||||
clusterQueue: cluster-queue
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: prod-queue
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-wave: "2"
|
||||
---
|
||||
apiVersion: kueue.x-k8s.io/v1beta2
|
||||
kind: LocalQueue
|
||||
metadata:
|
||||
name: prod-queue
|
||||
namespace: prod-queue
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-wave: "2"
|
||||
spec:
|
||||
clusterQueue: cluster-queue
|
||||
# ---
|
||||
# apiVersion: kueue.x-k8s.io/v1beta2
|
||||
# kind: WorkloadPriorityClass
|
||||
|
||||
@@ -0,0 +1,117 @@
|
||||
# Cross-namespace RBAC: allow sorcerer ServiceAccounts to manage JobSets in dev-queue
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: beta-sorcerer-dev-queue
|
||||
namespace: dev-queue
|
||||
rules:
|
||||
- apiGroups:
|
||||
- jobset.x-k8s.io
|
||||
resources:
|
||||
- jobsets
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
- pods/log
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: beta-sorcerer-dev-queue
|
||||
namespace: dev-queue
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: beta-sorcerer-dev-queue
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: beta-sorcerer
|
||||
namespace: beta-sorcerer
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: prod-sorcerer-dev-queue
|
||||
namespace: dev-queue
|
||||
rules:
|
||||
- apiGroups:
|
||||
- jobset.x-k8s.io
|
||||
resources:
|
||||
- jobsets
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
- pods/log
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: prod-sorcerer-dev-queue
|
||||
namespace: dev-queue
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: prod-sorcerer-dev-queue
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: prod-sorcerer
|
||||
namespace: prod-sorcerer
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: staging-sorcerer-dev-queue
|
||||
namespace: dev-queue
|
||||
rules:
|
||||
- apiGroups:
|
||||
- jobset.x-k8s.io
|
||||
resources:
|
||||
- jobsets
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
- pods/log
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: staging-sorcerer-dev-queue
|
||||
namespace: dev-queue
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: staging-sorcerer-dev-queue
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: staging-sorcerer
|
||||
namespace: staging-sorcerer
|
||||
Reference in New Issue
Block a user