Merge pull request #2309 from PennyScissors/dev-v2.7

Update ui-plugin-operator commit ref

charts/ui-plugin-operator-crd/101.0.1+up0.1.1-rc1/Chart.yaml

@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-ui-plugin-system
+  catalog.cattle.io/release-name: ui-plugin-operator-crd
+apiVersion: v1
+description: Installs the CRDs for ui-plugin-operator.
+name: ui-plugin-operator-crd
+type: application
+version: 101.0.1+up0.1.1-rc1

charts/ui-plugin-operator-crd/101.0.1+up0.1.1-rc1/README.md

@@ -0,0 +1,2 @@
+# ui-plugin-operator-crd
+A Rancher chart that installs the CRDs used by ui-plugin-operator.

charts/ui-plugin-operator-crd/101.0.1+up0.1.1-rc1/templates/crds.yaml

@@ -0,0 +1,61 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: uiplugins.catalog.cattle.io
+spec:
+  group: catalog.cattle.io
+  names:
+    kind: UIPlugin
+    plural: uiplugins
+    singular: uiplugin
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.release.name
+      name: Plugin Name
+      type: string
+    - jsonPath: .status.version
+      name: Version
+      type: string
+    - jsonPath: .status.state
+      name: State
+      type: string
+    name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              plugin:
+                properties:
+                  endpoint:
+                    nullable: true
+                    type: string
+                  metadata:
+                    additionalProperties:
+                      nullable: true
+                      type: string
+                    nullable: true
+                    type: object
+                  name:
+                    nullable: true
+                    type: string
+                  noCache:
+                    type: boolean
+                  version:
+                    nullable: true
+                    type: string
+                type: object
+            type: object
+          status:
+            properties:
+              cacheState:
+                nullable: true
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

charts/ui-plugin-operator/101.0.1+up0.1.1-rc1/Chart.yaml

@@ -0,0 +1,19 @@
+annotations:
+  catalog.cattle.io/auto-install: ui-plugin-operator-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: UI Plugin Operator
+  catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.26.0-0'
+  catalog.cattle.io/namespace: cattle-ui-plugin-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux, windows
+  catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+  catalog.cattle.io/release-name: ui-plugin-operator
+apiVersion: v1
+appVersion: 0.1.0
+description: A UI Plugin Operator Chart for plugin management in Rancher
+keywords:
+- applications
+- infrastructure
+name: ui-plugin-operator
+type: application
+version: 101.0.1+up0.1.1-rc1

charts/ui-plugin-operator/101.0.1+up0.1.1-rc1/templates/_helpers.tpl

@@ -0,0 +1,89 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ui-plugin-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ui-plugin-operator.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ui-plugin-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "ui-plugin-operator.labels" -}}
+helm.sh/chart: {{ include "ui-plugin-operator.chart" . }}
+{{ include "ui-plugin-operator.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ui-plugin-operator.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ui-plugin-operator.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "ui-plugin-operator.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "ui-plugin-operator.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes, 
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+beta.kubernetes.io/os: linux
+{{- else -}}
+kubernetes.io/os: linux
+{{- end -}}
+{{- end -}}

charts/ui-plugin-operator/101.0.1+up0.1.1-rc1/templates/dashboardrole.yaml

@@ -0,0 +1,33 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Chart.Name }}-dashboard
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services/proxy
+  resourceNames:
+  - "http:{{ .Chart.Name }}:{{ .Values.service.port }}"
+  - "https:{{ .Chart.Name }}:{{ .Values.service.port }}"
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Chart.Name }}-dashboard
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ .Chart.Name }}-dashboard
+subjects:
+- kind: Group
+  name: system:authenticated
+  apiGroup: rbac.authorization.k8s.io

charts/ui-plugin-operator/101.0.1+up0.1.1-rc1/templates/deployment.yaml

@@ -0,0 +1,67 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Chart.Name }}
+  labels:
+    {{- include "ui-plugin-operator.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicas }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "ui-plugin-operator.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "ui-plugin-operator.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      serviceAccountName: {{ .Chart.Name }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          args:
+          - {{ template "ui-plugin-operator.name" . }}
+{{- if .Values.debug }}
+          - --debug
+          - --debug-level={{ .Values.debugLevel }}
+{{- end }}
+{{- if .Values.additionalArgs }}
+{{- toYaml .Values.additionalArgs | nindent 10 }}
+{{- end }}
+          # livenessProbe:
+          #   httpGet:
+          #     path: /
+          #     port: http
+          # readinessProbe:
+          #   httpGet:
+          #     path: /
+          #     port: http
+          resources:
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/ui-plugin-operator/101.0.1+up0.1.1-rc1/templates/hardened.yaml

@@ -0,0 +1,123 @@
+{{- $namespaces := dict "_0" .Release.Namespace -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ .Chart.Name }}-patch-sa
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}-patch-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    metadata:
+      name: {{ .Chart.Name }}-patch-sa
+      labels:
+        app: {{ .Chart.Name }}-patch-sa
+    spec:
+      serviceAccountName: {{ .Chart.Name }}-patch-sa
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+      restartPolicy: Never
+      containers:
+      {{- range $_, $ns := $namespaces }}
+      - name: patch-sa-{{ $ns }}
+        image: {{ template "system_default_registry" $ }}{{ $.Values.global.kubectl.repository }}:{{ $.Values.global.kubectl.tag }}
+        imagePullPolicy: {{ $.Values.global.kubectl.pullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", "{{ $ns }}"]
+      {{- end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Chart.Name }}-patch-sa
+  labels:
+    app: {{ .Chart.Name }}-patch-sa
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs: ['get', 'patch']
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicies" }}
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+  - {{ .Chart.Name }}-patch-sa
+{{- end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Chart.Name }}-patch-sa
+  labels:
+    app: {{ .Chart.Name }}-patch-sa
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Chart.Name }}-patch-sa
+subjects:
+- kind: ServiceAccount
+  name: {{ .Chart.Name }}-patch-sa
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}-patch-sa
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}-patch-sa
+---
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicies" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ .Chart.Name }}-patch-sa
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}-patch-sa
+spec:
+  privileged: false
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'MustRunAsNonRoot'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+  volumes:
+    - 'secret'
+{{- end }}
+{{- range $_, $ns := $namespaces }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ $ns }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
+{{- end }}

charts/ui-plugin-operator/101.0.1+up0.1.1-rc1/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Chart.Name }}
+  labels:
+    {{- include "ui-plugin-operator.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: {{ .Values.service.targetPort }}
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "ui-plugin-operator.selectorLabels" . | nindent 4 }}

charts/ui-plugin-operator/101.0.1+up0.1.1-rc1/templates/serviceaccount.yaml

@@ -0,0 +1,101 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+rules:
+- apiGroups: [""]
+  resources: ["configmaps"]
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ .Chart.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ .Chart.Name }}
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+rules:
+- apiGroups: ["catalog.cattle.io"]
+  resources:
+  - uiplugins
+  - uiplugins/status
+  verbs: ["*"]
+- apiGroups: ["coordination.k8s.io"]
+  resources:
+  - leases
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Chart.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ .Chart.Name }}
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+---
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicies" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+spec:
+  privileged: false
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'MustRunAsNonRoot'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+  volumes:
+    - 'secret'
+{{- end }}

charts/ui-plugin-operator/101.0.1+up0.1.1-rc1/values.yaml

@@ -0,0 +1,67 @@
+# Default values for sample.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: rancher/ui-plugin-operator
+  pullPolicy: Always
+  tag: "v0.1.0"
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+service:
+  type: ClusterIP
+  port: 80
+  targetPort: 8080
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+
+replicas: 1
+
+resources: {}
+
+securityContext:
+  runAsNonRoot: true
+  runAsUser: 1000
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+podAnnotations: []
+
+additionalArgs: []
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
+    pullPolicy: IfNotPresent
+  rbac:
+    ## Create RBAC resources for ServiceAccounts and users
+    ##
+    enabled: false
+    # create: true
+    # userRoles:
+    #   ## Create default user ClusterRoles to allow users to interact with Prometheus CRs, ConfigMaps, and Secrets
+    #   create: true
+    #   ## Aggregate default user ClusterRoles into default k8s ClusterRoles
+    #   aggregateToDefaultRoles: true
+
+    # pspEnabled: true
+    # pspAnnotations: {}
+
+debug: false
+debugLevel: 0

index.yaml

@@ -12629,6 +12629,29 @@ entries:
     - assets/system-upgrade-controller/system-upgrade-controller-100.0.0+up0.3.0.tgz
     version: 100.0.0+up0.3.0
   ui-plugin-operator:
+  - annotations:
+      catalog.cattle.io/auto-install: ui-plugin-operator-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: UI Plugin Operator
+      catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.26.0-0'
+      catalog.cattle.io/namespace: cattle-ui-plugin-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux, windows
+      catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+      catalog.cattle.io/release-name: ui-plugin-operator
+    apiVersion: v1
+    appVersion: 0.1.0
+    created: "2023-01-03T15:30:13.668781-08:00"
+    description: A UI Plugin Operator Chart for plugin management in Rancher
+    digest: 9fc0be33c51e057bebc87a8b854acffa7e30189cdf7c7908b60a79804d6ffa93
+    keywords:
+    - applications
+    - infrastructure
+    name: ui-plugin-operator
+    type: application
+    urls:
+    - assets/ui-plugin-operator/ui-plugin-operator-101.0.1+up0.1.1-rc1.tgz
+    version: 101.0.1+up0.1.1-rc1
   - annotations:
       catalog.cattle.io/auto-install: ui-plugin-operator-crd=match
       catalog.cattle.io/certified: rancher
@@ -12653,6 +12676,20 @@ entries:
     - assets/ui-plugin-operator/ui-plugin-operator-101.0.0+up0.1.0.tgz
     version: 101.0.0+up0.1.0
   ui-plugin-operator-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-ui-plugin-system
+      catalog.cattle.io/release-name: ui-plugin-operator-crd
+    apiVersion: v1
+    created: "2023-01-03T15:30:13.669425-08:00"
+    description: Installs the CRDs for ui-plugin-operator.
+    digest: cdded409c1713f633eea59f8c0893c0d7a652eabd2ab72e75ce20e144be12e54
+    name: ui-plugin-operator-crd
+    type: application
+    urls:
+    - assets/ui-plugin-operator-crd/ui-plugin-operator-crd-101.0.1+up0.1.1-rc1.tgz
+    version: 101.0.1+up0.1.1-rc1
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"

packages/ui-plugin-operator/package.yaml

@@ -1,7 +1,7 @@
 url: https://github.com/rancher/ui-plugin-operator.git
 subdirectory: charts/ui-plugin-operator
-commit: ffdc4d4e600d1935dbc00c7c72ee36095977bf87
-version: 101.0.0
+commit: 9b1679988705d5fb241fc75965414436154e6572
+version: 101.0.1
 additionalCharts:
   - workingDir: charts-crd
     crdOptions:

release.yaml

@@ -74,3 +74,8 @@ rancher-gke-operator:
 - 101.0.1+up1.1.5
 rancher-gke-operator-crd:
 - 101.0.1+up1.1.5
+ui-plugin-operator:
+- 101.0.1+up0.1.1-rc1
+ui-plugin-operator-crd:
+- 101.0.1+up0.1.1-rc1
+