rancher-provisioning-capi make charts

Signed-off-by: Chris Kim <oats87g@gmail.com>
pull/3193/head
Chris Kim 2023-09-06 14:54:56 -07:00 committed by Lucas Machado
parent 1f0130ba41
commit 0c2c876bd7
16 changed files with 713 additions and 0 deletions

View File

@ -0,0 +1,22 @@
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Provisioning CAPI Controller Manager
catalog.cattle.io/hidden: "true"
catalog.cattle.io/kube-version: '>=1.23.0-0'
catalog.cattle.io/namespace: cattle-provisioning-capi-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux,windows
catalog.cattle.io/provides-gvr: apps.deployment/v1
catalog.cattle.io/rancher-version: '>= 2.7.0-0'
catalog.cattle.io/release-name: rancher-provisioning-capi
apiVersion: v1
appVersion: 1.4.4
description: capi-controller-manager compatible with Rancher Provisioning
home: https://github.com/rancher/provisioning/blob/main/charts/capi/
maintainers:
- email: chris.kim@suse.com
name: Chris Kim
name: rancher-provisioning-capi
sources:
- https://github.com/rancher/provisioning/blob/main/charts/capi/
version: 103.0.0+up0.0.1

View File

@ -0,0 +1,2 @@
{{ $.Chart.Name }} has been installed. Check its status by running:
kubectl --namespace {{ .Release.Namespace }} get pods"

View File

@ -0,0 +1,18 @@
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}
{{- define "linux-node-tolerations" -}}
- key: "cattle.io/os"
value: "linux"
effect: "NoSchedule"
operator: "Equal"
{{- end -}}
{{- define "linux-node-selector" -}}
kubernetes.io/os: linux
{{- end -}}

View File

@ -0,0 +1,11 @@
aggregationRule:
clusterRoleSelectors:
- matchLabels:
cluster.x-k8s.io/aggregate-to-manager: "true"
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
cluster.x-k8s.io/provider: cluster-api
name: capi-aggregated-manager-role
rules: []

View File

@ -0,0 +1,323 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
cluster.x-k8s.io/aggregate-to-manager: "true"
cluster.x-k8s.io/provider: cluster-api
name: capi-manager-role
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- addons.cluster.x-k8s.io
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- addons.cluster.x-k8s.io
resources:
- clusterresourcesets/finalizers
- clusterresourcesets/status
verbs:
- get
- patch
- update
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- bootstrap.cluster.x-k8s.io
- controlplane.cluster.x-k8s.io
- infrastructure.cluster.x-k8s.io
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- bootstrap.cluster.x-k8s.io
- infrastructure.cluster.x-k8s.io
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusterclasses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusterclasses
- clusterclasses/status
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/finalizers
- clusters/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinedeployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinedeployments
- machinedeployments/finalizers
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinedeployments
- machinedeployments/finalizers
- machinedeployments/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinehealthchecks
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinehealthchecks
- machinehealthchecks/finalizers
- machinehealthchecks/status
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinepools
- machinepools/finalizers
- machinepools/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines
- machines/finalizers
- machines/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines
- machines/status
verbs:
- delete
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinesets
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinesets
- machinesets/finalizers
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinesets
- machinesets/finalizers
- machinesets/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- ipam.cluster.x-k8s.io
resources:
- ipaddressclaims
verbs:
- get
- list
- watch
- apiGroups:
- runtime.cluster.x-k8s.io
resources:
- extensionconfigs
- extensionconfigs/status
verbs:
- get
- list
- patch
- update
- watch

View File

@ -0,0 +1,21 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: provisioning-rke-cattle-io
labels:
cluster.x-k8s.io/aggregate-to-manager: "true"
rules:
- apiGroups: ["rke.cattle.io"]
resources: ["*"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: provisioning-rke-machine-cattle-io
labels:
cluster.x-k8s.io/aggregate-to-manager: "true"
rules:
- apiGroups: ["rke-machine.cattle.io"]
resources: ["*"]
verbs: ["*"]

View File

@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: cluster-api
name: capi-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: capi-aggregated-manager-role
subjects:
- kind: ServiceAccount
name: capi-manager
namespace: "{{ .Release.Namespace }}"

View File

@ -0,0 +1,106 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cluster.x-k8s.io/provider: cluster-api
control-plane: controller-manager
name: capi-controller-manager
namespace: "{{ .Release.Namespace }}"
spec:
replicas: 1
selector:
matchLabels:
cluster.x-k8s.io/provider: cluster-api
control-plane: controller-manager
template:
metadata:
labels:
cluster.x-k8s.io/provider: cluster-api
control-plane: controller-manager
spec:
containers:
- command:
- /manager
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
{{- if .Values.extraEnv }}
{{ toYaml .Values.extraEnv | indent 12 }}
{{- end }}
imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
runAsGroup: 65532
runAsUser: 65532
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
args:
- --leader-elect
{{ toYaml .Values.args | indent 12 }}
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccountName: capi-manager
terminationGracePeriodSeconds: 10
volumes:
- name: cert
secret:
secretName: capi-webhook-service-cert
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
{{- if .Values.tolerations }}
{{ toYaml .Values.tolerations | indent 6 }}
{{- else }}
- effect: NoSchedule
key: node-role.kubernetes.io/controlplane
value: "true"
- effect: NoSchedule
key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
- effect: NoSchedule
key: "node-role.kubernetes.io/master"
operator: "Exists"
- effect: "NoExecute"
key: "node-role.kubernetes.io/etcd"
operator: "Exists"
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: "{{.Values.priorityClassName}}"
{{- end }}

View File

@ -0,0 +1,81 @@
apiVersion: batch/v1
kind: Job
metadata:
name: rancher-provisioning-capi-patch-sa
namespace: {{ .Release.Namespace }}
labels:
app: rancher-provisioning-capi-patch-sa
annotations:
"helm.sh/hook": post-install, post-upgrade
"helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
spec:
template:
metadata:
name: rancher-provisioning-capi-patch-sa
labels:
app: rancher-provisioning-capi-patch-sa
spec:
serviceAccountName: rancher-provisioning-capi-patch-sa
securityContext:
runAsNonRoot: true
runAsUser: 1000
restartPolicy: Never
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
containers:
- name: patch-sa-{{ .Release.Namespace }}
image: {{ template "system_default_registry" $ }}{{ $.Values.global.kubectl.repository }}:{{ $.Values.global.kubectl.tag }}
imagePullPolicy: {{ $.Values.global.kubectl.pullPolicy }}
command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
args: ["-n", "{{ .Release.Namespace }}"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: rancher-provisioning-capi-patch-sa
labels:
app: rancher-provisioning-capi-patch-sa
rules:
- apiGroups:
- ""
resources:
- serviceaccounts
verbs: ['get', 'patch']
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: rancher-provisioning-capi-patch-sa
labels:
app: rancher-provisioning-capi-patch-sa
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rancher-provisioning-capi-patch-sa
subjects:
- kind: ServiceAccount
name: rancher-provisioning-capi-patch-sa
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: rancher-provisioning-capi-patch-sa
namespace: {{ .Release.Namespace }}
labels:
app: rancher-provisioning-capi-patch-sa
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-allow-all
namespace: {{ .Release.Namespace }}
spec:
podSelector: {}
ingress:
- {}
egress:
- {}
policyTypes:
- Ingress
- Egress

View File

@ -0,0 +1,26 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
cluster.x-k8s.io/provider: cluster-api
name: capi-leader-election-role
namespace: "{{ .Release.Namespace }}"
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete

View File

@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: cluster-api
name: capi-leader-election-rolebinding
namespace: "{{ .Release.Namespace }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: capi-leader-election-role
subjects:
- kind: ServiceAccount
name: capi-manager
namespace: "{{ .Release.Namespace }}"

View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
labels:
cluster.x-k8s.io/provider: cluster-api
name: capi-webhook-service
namespace: "{{ .Release.Namespace }}"
annotations:
need-a-cert.cattle.io/secret-name: capi-webhook-service-cert
spec:
ports:
- port: 443
targetPort: webhook-server
selector:
cluster.x-k8s.io/provider: cluster-api

View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: cluster-api
name: capi-manager
namespace: "{{ .Release.Namespace }}"

View File

@ -0,0 +1,25 @@
image:
repository: rancher/mirrored-cluster-api-controller
tag: v1.4.4
imagePullPolicy: IfNotPresent
global:
cattle:
systemDefaultRegistry: ""
kubectl:
repository: rancher/kubectl
tag: v1.20.2
pullPolicy: IfNotPresent
# tolerations for the capi-controller-manager deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ for more info
tolerations: []
nodeSelector: {}
## PriorityClassName assigned to deployment.
priorityClassName: ""
extraEnv: []
args:
- "--metrics-bind-addr=localhost:8080"
- "--feature-gates=MachinePool=false,ClusterResourceSet=false,ClusterTopology=false,RuntimeSDK=false,LazyRestmapper=false"

View File

@ -13310,6 +13310,33 @@ entries:
urls:
- assets/rancher-prometheus-adapter/rancher-prometheus-adapter-2.12.101.tgz
version: 2.12.101
rancher-provisioning-capi:
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Provisioning CAPI Controller Manager
catalog.cattle.io/hidden: "true"
catalog.cattle.io/kube-version: '>=1.23.0-0'
catalog.cattle.io/namespace: cattle-provisioning-capi-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux,windows
catalog.cattle.io/provides-gvr: apps.deployment/v1
catalog.cattle.io/rancher-version: '>= 2.7.0-0'
catalog.cattle.io/release-name: rancher-provisioning-capi
apiVersion: v1
appVersion: 1.4.4
created: "2023-09-06T14:54:17.66821-07:00"
description: capi-controller-manager compatible with Rancher Provisioning
digest: 1f195a10d86eb0041b33056a16fe25b8aaa253757937dd6e7a1885f0370e6f22
home: https://github.com/rancher/provisioning/blob/main/charts/capi/
maintainers:
- email: chris.kim@suse.com
name: Chris Kim
name: rancher-provisioning-capi
sources:
- https://github.com/rancher/provisioning/blob/main/charts/capi/
urls:
- assets/rancher-provisioning-capi/rancher-provisioning-capi-103.0.0+up0.0.1.tgz
version: 103.0.0+up0.0.1
rancher-pushprox:
- annotations:
catalog.cattle.io/hidden: "true"