diff --git a/assets/rancher-aks-operator-crd/rancher-aks-operator-crd-101.0.0+up1.0.7-rc1.tgz b/assets/rancher-aks-operator-crd/rancher-aks-operator-crd-101.0.0+up1.0.7-rc1.tgz
new file mode 100644
index 000000000..4c3073937
Binary files /dev/null and b/assets/rancher-aks-operator-crd/rancher-aks-operator-crd-101.0.0+up1.0.7-rc1.tgz differ
diff --git a/assets/rancher-aks-operator/rancher-aks-operator-101.0.0+up1.0.7-rc1.tgz b/assets/rancher-aks-operator/rancher-aks-operator-101.0.0+up1.0.7-rc1.tgz
new file mode 100644
index 000000000..554357e5c
Binary files /dev/null and b/assets/rancher-aks-operator/rancher-aks-operator-101.0.0+up1.0.7-rc1.tgz differ
diff --git a/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-101.0.0+up1.1.5-rc1.tgz b/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-101.0.0+up1.1.5-rc1.tgz
new file mode 100644
index 000000000..9cf61efc0
Binary files /dev/null and b/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-101.0.0+up1.1.5-rc1.tgz differ
diff --git a/assets/rancher-eks-operator/rancher-eks-operator-101.0.0+up1.1.5-rc1.tgz b/assets/rancher-eks-operator/rancher-eks-operator-101.0.0+up1.1.5-rc1.tgz
new file mode 100644
index 000000000..eb31f92a9
Binary files /dev/null and b/assets/rancher-eks-operator/rancher-eks-operator-101.0.0+up1.1.5-rc1.tgz differ
diff --git a/assets/rancher-gke-operator-crd/rancher-gke-operator-crd-101.0.0+up1.1.4.tgz b/assets/rancher-gke-operator-crd/rancher-gke-operator-crd-101.0.0+up1.1.4.tgz
new file mode 100644
index 000000000..ee403fb45
Binary files /dev/null and b/assets/rancher-gke-operator-crd/rancher-gke-operator-crd-101.0.0+up1.1.4.tgz differ
diff --git a/assets/rancher-gke-operator/rancher-gke-operator-101.0.0+up1.1.4.tgz b/assets/rancher-gke-operator/rancher-gke-operator-101.0.0+up1.1.4.tgz
new file mode 100644
index 000000000..c5c8cf932
Binary files /dev/null and b/assets/rancher-gke-operator/rancher-gke-operator-101.0.0+up1.1.4.tgz differ
diff --git a/assets/rancher-vsphere-cpi/rancher-vsphere-cpi-101.0.0+up1.2.2.tgz b/assets/rancher-vsphere-cpi/rancher-vsphere-cpi-101.0.0+up1.2.2.tgz
new file mode 100644
index 000000000..b922c3ac0
Binary files /dev/null and b/assets/rancher-vsphere-cpi/rancher-vsphere-cpi-101.0.0+up1.2.2.tgz differ
diff --git a/assets/rancher-vsphere-csi/rancher-vsphere-csi-101.0.0+up2.5.1-rancher1.tgz b/assets/rancher-vsphere-csi/rancher-vsphere-csi-101.0.0+up2.5.1-rancher1.tgz
new file mode 100644
index 000000000..3422e320d
Binary files /dev/null and b/assets/rancher-vsphere-csi/rancher-vsphere-csi-101.0.0+up2.5.1-rancher1.tgz differ
diff --git a/assets/rancher-windows-gmsa-crd/rancher-windows-gmsa-crd-2.0.0.tgz b/assets/rancher-windows-gmsa-crd/rancher-windows-gmsa-crd-2.0.0.tgz
new file mode 100644
index 000000000..fc0130876
Binary files /dev/null and b/assets/rancher-windows-gmsa-crd/rancher-windows-gmsa-crd-2.0.0.tgz differ
diff --git a/assets/rancher-windows-gmsa/rancher-windows-gmsa-2.0.0.tgz b/assets/rancher-windows-gmsa/rancher-windows-gmsa-2.0.0.tgz
new file mode 100644
index 000000000..056ed2746
Binary files /dev/null and b/assets/rancher-windows-gmsa/rancher-windows-gmsa-2.0.0.tgz differ
diff --git a/assets/rancher-wins-upgrader/rancher-wins-upgrader-101.0.0+up0.0.1.tgz b/assets/rancher-wins-upgrader/rancher-wins-upgrader-101.0.0+up0.0.1.tgz
new file mode 100644
index 000000000..377f36c89
Binary files /dev/null and b/assets/rancher-wins-upgrader/rancher-wins-upgrader-101.0.0+up0.0.1.tgz differ
diff --git a/assets/system-upgrade-controller/system-upgrade-controller-101.0.0+up0.3.3.tgz b/assets/system-upgrade-controller/system-upgrade-controller-101.0.0+up0.3.3.tgz
new file mode 100644
index 000000000..1cf8cf8ae
Binary files /dev/null and b/assets/system-upgrade-controller/system-upgrade-controller-101.0.0+up0.3.3.tgz differ
diff --git a/charts/rancher-aks-operator-crd/101.0.0+up1.0.7-rc1/Chart.yaml b/charts/rancher-aks-operator-crd/101.0.0+up1.0.7-rc1/Chart.yaml
new file mode 100644
index 000000000..11676a072
--- /dev/null
+++ b/charts/rancher-aks-operator-crd/101.0.0+up1.0.7-rc1/Chart.yaml
@@ -0,0 +1,12 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/release-name: rancher-aks-operator-crd
+apiVersion: v2
+appVersion: 1.0.7-rc1
+description: AKS Operator CustomResourceDefinitions
+name: rancher-aks-operator-crd
+version: 101.0.0+up1.0.7-rc1
diff --git a/charts/rancher-aks-operator-crd/101.0.0+up1.0.7-rc1/templates/crds.yaml b/charts/rancher-aks-operator-crd/101.0.0+up1.0.7-rc1/templates/crds.yaml
new file mode 100644
index 000000000..002a459bd
--- /dev/null
+++ b/charts/rancher-aks-operator-crd/101.0.0+up1.0.7-rc1/templates/crds.yaml
@@ -0,0 +1,178 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ helm.sh/resource-policy: keep
+ name: aksclusterconfigs.aks.cattle.io
+spec:
+ group: aks.cattle.io
+ names:
+ kind: AKSClusterConfig
+ plural: aksclusterconfigs
+ shortNames:
+ - akscc
+ singular: aksclusterconfig
+ preserveUnknownFields: false
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ authBaseUrl:
+ nullable: true
+ type: string
+ authorizedIpRanges:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ azureCredentialSecret:
+ nullable: true
+ type: string
+ baseUrl:
+ nullable: true
+ type: string
+ clusterName:
+ nullable: true
+ type: string
+ dnsPrefix:
+ nullable: true
+ type: string
+ dnsServiceIp:
+ nullable: true
+ type: string
+ dockerBridgeCidr:
+ nullable: true
+ type: string
+ httpApplicationRouting:
+ nullable: true
+ type: boolean
+ imported:
+ type: boolean
+ kubernetesVersion:
+ nullable: true
+ type: string
+ linuxAdminUsername:
+ nullable: true
+ type: string
+ loadBalancerSku:
+ nullable: true
+ type: string
+ logAnalyticsWorkspaceGroup:
+ nullable: true
+ type: string
+ logAnalyticsWorkspaceName:
+ nullable: true
+ type: string
+ monitoring:
+ nullable: true
+ type: boolean
+ networkPlugin:
+ nullable: true
+ type: string
+ networkPolicy:
+ nullable: true
+ type: string
+ nodePools:
+ items:
+ properties:
+ availabilityZones:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ count:
+ nullable: true
+ type: integer
+ enableAutoScaling:
+ nullable: true
+ type: boolean
+ maxCount:
+ nullable: true
+ type: integer
+ maxPods:
+ nullable: true
+ type: integer
+ minCount:
+ nullable: true
+ type: integer
+ mode:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ orchestratorVersion:
+ nullable: true
+ type: string
+ osDiskSizeGB:
+ nullable: true
+ type: integer
+ osDiskType:
+ nullable: true
+ type: string
+ osType:
+ nullable: true
+ type: string
+ vmSize:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ podCidr:
+ nullable: true
+ type: string
+ privateCluster:
+ nullable: true
+ type: boolean
+ resourceGroup:
+ nullable: true
+ type: string
+ resourceLocation:
+ nullable: true
+ type: string
+ serviceCidr:
+ nullable: true
+ type: string
+ sshPublicKey:
+ nullable: true
+ type: string
+ subnet:
+ nullable: true
+ type: string
+ tags:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ virtualNetwork:
+ nullable: true
+ type: string
+ virtualNetworkResourceGroup:
+ nullable: true
+ type: string
+ type: object
+ status:
+ properties:
+ failureMessage:
+ nullable: true
+ type: string
+ phase:
+ nullable: true
+ type: string
+ rbacEnabled:
+ nullable: true
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/Chart.yaml b/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/Chart.yaml
new file mode 100644
index 000000000..ea9d64a53
--- /dev/null
+++ b/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/Chart.yaml
@@ -0,0 +1,20 @@
+annotations:
+ catalog.cattle.io/auto-install: rancher-aks-operator-crd=match
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.25.0-0'
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/provides-gvr: aksclusterconfigs.aks.cattle.io/v1
+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+ catalog.cattle.io/release-name: rancher-aks-operator
+ catalog.cattle.io/scope: management
+apiVersion: v2
+appVersion: 1.0.7-rc1
+description: A Helm chart for provisioning AKS clusters
+home: https://github.com/rancher/aks-operator
+name: rancher-aks-operator
+sources:
+- https://github.com/rancher/aks-operator
+version: 101.0.0+up1.0.7-rc1
diff --git a/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/templates/NOTES.txt b/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/templates/NOTES.txt
new file mode 100644
index 000000000..5ba05b482
--- /dev/null
+++ b/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/templates/NOTES.txt
@@ -0,0 +1,4 @@
+You have deployed the Rancher AKS operator
+Version: {{ .Chart.AppVersion }}
+Description: This operator provisions AKS clusters
+from AKSClusterConfig CRs.
diff --git a/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/templates/_helpers.tpl b/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/templates/_helpers.tpl
new file mode 100644
index 000000000..de3b332f6
--- /dev/null
+++ b/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/templates/_helpers.tpl
@@ -0,0 +1,25 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+ value: "linux"
+ effect: "NoSchedule"
+ operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
+
diff --git a/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/templates/clusterrole.yaml b/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/templates/clusterrole.yaml
new file mode 100644
index 000000000..5e2ce9756
--- /dev/null
+++ b/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/templates/clusterrole.yaml
@@ -0,0 +1,15 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: aks-operator
+ namespace: cattle-system
+rules:
+ - apiGroups: ['']
+ resources: ['secrets']
+ verbs: ['get', 'list', 'create', 'watch', 'update']
+ - apiGroups: ['aks.cattle.io']
+ resources: ['aksclusterconfigs']
+ verbs: ['get', 'list', 'update', 'watch']
+ - apiGroups: ['aks.cattle.io']
+ resources: ['aksclusterconfigs/status']
+ verbs: ['update']
diff --git a/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/templates/clusterrolebinding.yaml b/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..7aa7e785a
--- /dev/null
+++ b/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/templates/clusterrolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: aks-operator
+ namespace: cattle-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: aks-operator
+subjects:
+- kind: ServiceAccount
+ name: aks-operator
+ namespace: cattle-system
diff --git a/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/templates/deployment.yaml b/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/templates/deployment.yaml
new file mode 100644
index 000000000..2366d9f30
--- /dev/null
+++ b/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/templates/deployment.yaml
@@ -0,0 +1,58 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: aks-config-operator
+ namespace: cattle-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ ke.cattle.io/operator: aks
+ template:
+ metadata:
+ labels:
+ ke.cattle.io/operator: aks
+ spec:
+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+ serviceAccountName: aks-operator
+ securityContext:
+ fsGroup: 1007
+ runAsUser: 1007
+ containers:
+ - name: aks-operator
+ image: {{ template "system_default_registry" . }}{{ .Values.aksOperator.image.repository }}:{{ .Values.aksOperator.image.tag }}
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: HTTP_PROXY
+ value: {{ .Values.httpProxy }}
+ - name: HTTPS_PROXY
+ value: {{ .Values.httpsProxy }}
+ - name: NO_PROXY
+ value: {{ .Values.noProxy }}
+{{- if .Values.additionalTrustedCAs }}
+ # aks-operator mounts the additional CAs in two places:
+ volumeMounts:
+ # This directory is owned by the aks-operator user so c_rehash works here.
+ - mountPath: /etc/rancher/ssl/ca-additional.pem
+ name: tls-ca-additional-volume
+ subPath: ca-additional.pem
+ readOnly: true
+ # This directory is root-owned so c_rehash doesn't work here,
+ # but the cert is here in case update-ca-certificates is called in the future or by the OS.
+ - mountPath: /etc/pki/trust/anchors/ca-additional.pem
+ name: tls-ca-additional-volume
+ subPath: ca-additional.pem
+ readOnly: true
+ volumes:
+ - name: tls-ca-additional-volume
+ secret:
+ defaultMode: 0400
+ secretName: tls-ca-additional
+ {{- end }}
diff --git a/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/templates/serviceaccount.yaml b/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/templates/serviceaccount.yaml
new file mode 100644
index 000000000..9c40a152f
--- /dev/null
+++ b/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ namespace: cattle-system
+ name: aks-operator
diff --git a/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/values.yaml b/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/values.yaml
new file mode 100644
index 000000000..08d06389b
--- /dev/null
+++ b/charts/rancher-aks-operator/101.0.0+up1.0.7-rc1/values.yaml
@@ -0,0 +1,21 @@
+global:
+ cattle:
+ systemDefaultRegistry: ""
+
+aksOperator:
+ image:
+ repository: rancher/aks-operator
+ tag: v1.0.7-rc1
+
+httpProxy: ""
+httpsProxy: ""
+noProxy: ""
+additionalTrustedCAs: false
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
diff --git a/charts/rancher-eks-operator-crd/101.0.0+up1.1.5-rc1/Chart.yaml b/charts/rancher-eks-operator-crd/101.0.0+up1.1.5-rc1/Chart.yaml
new file mode 100644
index 000000000..959d1b8b0
--- /dev/null
+++ b/charts/rancher-eks-operator-crd/101.0.0+up1.1.5-rc1/Chart.yaml
@@ -0,0 +1,12 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/release-name: rancher-eks-operator-crd
+apiVersion: v2
+appVersion: 1.1.5-rc1
+description: EKS Operator CustomResourceDefinitions
+name: rancher-eks-operator-crd
+version: 101.0.0+up1.1.5-rc1
diff --git a/charts/rancher-eks-operator-crd/101.0.0+up1.1.5-rc1/templates/crds.yaml b/charts/rancher-eks-operator-crd/101.0.0+up1.1.5-rc1/templates/crds.yaml
new file mode 100644
index 000000000..67029195a
--- /dev/null
+++ b/charts/rancher-eks-operator-crd/101.0.0+up1.1.5-rc1/templates/crds.yaml
@@ -0,0 +1,217 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ helm.sh/resource-policy: keep
+ name: eksclusterconfigs.eks.cattle.io
+spec:
+ group: eks.cattle.io
+ names:
+ kind: EKSClusterConfig
+ plural: eksclusterconfigs
+ shortNames:
+ - ekscc
+ singular: eksclusterconfig
+ preserveUnknownFields: false
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ amazonCredentialSecret:
+ nullable: true
+ type: string
+ displayName:
+ nullable: true
+ type: string
+ imported:
+ type: boolean
+ kmsKey:
+ nullable: true
+ type: string
+ kubernetesVersion:
+ nullable: true
+ type: string
+ loggingTypes:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ nodeGroups:
+ items:
+ properties:
+ desiredSize:
+ nullable: true
+ type: integer
+ diskSize:
+ nullable: true
+ type: integer
+ ec2SshKey:
+ nullable: true
+ type: string
+ gpu:
+ nullable: true
+ type: boolean
+ imageId:
+ nullable: true
+ type: string
+ instanceType:
+ nullable: true
+ type: string
+ labels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ launchTemplate:
+ nullable: true
+ properties:
+ id:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ version:
+ nullable: true
+ type: integer
+ type: object
+ maxSize:
+ nullable: true
+ type: integer
+ minSize:
+ nullable: true
+ type: integer
+ nodegroupName:
+ nullable: true
+ type: string
+ requestSpotInstances:
+ nullable: true
+ type: boolean
+ resourceTags:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ spotInstanceTypes:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ subnets:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ tags:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ userData:
+ nullable: true
+ type: string
+ version:
+ nullable: true
+ type: string
+ required:
+ - nodegroupName
+ type: object
+ nullable: true
+ type: array
+ privateAccess:
+ nullable: true
+ type: boolean
+ publicAccess:
+ nullable: true
+ type: boolean
+ publicAccessSources:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ region:
+ nullable: true
+ type: string
+ secretsEncryption:
+ nullable: true
+ type: boolean
+ securityGroups:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ serviceRole:
+ nullable: true
+ type: string
+ subnets:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ tags:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ status:
+ properties:
+ failureMessage:
+ nullable: true
+ type: string
+ managedLaunchTemplateID:
+ nullable: true
+ type: string
+ managedLaunchTemplateVersions:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ networkFieldsSource:
+ nullable: true
+ type: string
+ phase:
+ nullable: true
+ type: string
+ securityGroups:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ subnets:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ templateVersionsToDelete:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ virtualNetwork:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/Chart.yaml b/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/Chart.yaml
new file mode 100644
index 000000000..f61f931b0
--- /dev/null
+++ b/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/Chart.yaml
@@ -0,0 +1,20 @@
+annotations:
+ catalog.cattle.io/auto-install: rancher-eks-operator-crd=match
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.25.0-0'
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/provides-gvr: eksclusterconfigs.eks.cattle.io/v1
+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+ catalog.cattle.io/release-name: rancher-eks-operator
+ catalog.cattle.io/scope: management
+apiVersion: v2
+appVersion: 1.1.5-rc1
+description: A Helm chart for provisioning EKS clusters
+home: https://github.com/rancher/eks-operator
+name: rancher-eks-operator
+sources:
+- https://github.com/rancher/eks-operator
+version: 101.0.0+up1.1.5-rc1
diff --git a/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/templates/NOTES.txt b/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/templates/NOTES.txt
new file mode 100644
index 000000000..23a1b4a8b
--- /dev/null
+++ b/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/templates/NOTES.txt
@@ -0,0 +1,4 @@
+You have deployed the Rancher EKS operator
+Version: {{ .Chart.AppVersion }}
+Description: This operator provisions EKS clusters
+from EKSClusterConfig CRs.
diff --git a/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/templates/_helpers.tpl b/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/templates/_helpers.tpl
new file mode 100644
index 000000000..de3b332f6
--- /dev/null
+++ b/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/templates/_helpers.tpl
@@ -0,0 +1,25 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+ value: "linux"
+ effect: "NoSchedule"
+ operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
+
diff --git a/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/templates/clusterrole.yaml b/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/templates/clusterrole.yaml
new file mode 100644
index 000000000..d0d561b6e
--- /dev/null
+++ b/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/templates/clusterrole.yaml
@@ -0,0 +1,15 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: eks-operator
+ namespace: cattle-system
+rules:
+ - apiGroups: ['']
+ resources: ['secrets']
+ verbs: ['get', 'list', 'create', 'watch']
+ - apiGroups: ['eks.cattle.io']
+ resources: ['eksclusterconfigs']
+ verbs: ['get', 'list', 'update', 'watch']
+ - apiGroups: ['eks.cattle.io']
+ resources: ['eksclusterconfigs/status']
+ verbs: ['update']
diff --git a/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/templates/clusterrolebinding.yaml b/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..2b1846353
--- /dev/null
+++ b/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/templates/clusterrolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: eks-operator
+ namespace: cattle-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: eks-operator
+subjects:
+- kind: ServiceAccount
+ name: eks-operator
+ namespace: cattle-system
diff --git a/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/templates/deployment.yaml b/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/templates/deployment.yaml
new file mode 100644
index 000000000..cde460468
--- /dev/null
+++ b/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/templates/deployment.yaml
@@ -0,0 +1,58 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: eks-config-operator
+ namespace: cattle-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ ke.cattle.io/operator: eks
+ template:
+ metadata:
+ labels:
+ ke.cattle.io/operator: eks
+ spec:
+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+ serviceAccountName: eks-operator
+ securityContext:
+ fsGroup: 1007
+ runAsUser: 1007
+ containers:
+ - name: eks-operator
+ image: {{ template "system_default_registry" . }}{{ .Values.eksOperator.image.repository }}:{{ .Values.eksOperator.image.tag }}
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: HTTP_PROXY
+ value: {{ .Values.httpProxy }}
+ - name: HTTPS_PROXY
+ value: {{ .Values.httpsProxy }}
+ - name: NO_PROXY
+ value: {{ .Values.noProxy }}
+{{- if .Values.additionalTrustedCAs }}
+ # eks-operator mounts the additional CAs in two places:
+ volumeMounts:
+ # This directory is owned by the eks-operator user so c_rehash works here.
+ - mountPath: /etc/rancher/ssl/ca-additional.pem
+ name: tls-ca-additional-volume
+ subPath: ca-additional.pem
+ readOnly: true
+ # This directory is root-owned so c_rehash doesn't work here,
+ # but the cert is here in case update-ca-certificates is called in the future or by the OS.
+ - mountPath: /etc/pki/trust/anchors/ca-additional.pem
+ name: tls-ca-additional-volume
+ subPath: ca-additional.pem
+ readOnly: true
+ volumes:
+ - name: tls-ca-additional-volume
+ secret:
+ defaultMode: 0400
+ secretName: tls-ca-additional
+ {{- end }}
diff --git a/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/templates/serviceaccount.yaml b/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/templates/serviceaccount.yaml
new file mode 100644
index 000000000..934de07e0
--- /dev/null
+++ b/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ namespace: cattle-system
+ name: eks-operator
diff --git a/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/values.yaml b/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/values.yaml
new file mode 100644
index 000000000..61d47302a
--- /dev/null
+++ b/charts/rancher-eks-operator/101.0.0+up1.1.5-rc1/values.yaml
@@ -0,0 +1,20 @@
+global:
+ cattle:
+ systemDefaultRegistry: ""
+
+eksOperator:
+ image:
+ repository: rancher/eks-operator
+ tag: v1.1.5-rc1
+
+httpProxy: ""
+httpsProxy: ""
+noProxy: ""
+additionalTrustedCAs: false
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
diff --git a/charts/rancher-gke-operator-crd/101.0.0+up1.1.4/Chart.yaml b/charts/rancher-gke-operator-crd/101.0.0+up1.1.4/Chart.yaml
new file mode 100644
index 000000000..b3a434863
--- /dev/null
+++ b/charts/rancher-gke-operator-crd/101.0.0+up1.1.4/Chart.yaml
@@ -0,0 +1,12 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/release-name: rancher-gke-operator-crd
+apiVersion: v2
+appVersion: 1.1.4
+description: GKE Operator CustomResourceDefinitions
+name: rancher-gke-operator-crd
+version: 101.0.0+up1.1.4
diff --git a/charts/rancher-gke-operator-crd/101.0.0+up1.1.4/templates/crds.yaml b/charts/rancher-gke-operator-crd/101.0.0+up1.1.4/templates/crds.yaml
new file mode 100644
index 000000000..aaa323f36
--- /dev/null
+++ b/charts/rancher-gke-operator-crd/101.0.0+up1.1.4/templates/crds.yaml
@@ -0,0 +1,250 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ helm.sh/resource-policy: keep
+ name: gkeclusterconfigs.gke.cattle.io
+spec:
+ group: gke.cattle.io
+ names:
+ kind: GKEClusterConfig
+ plural: gkeclusterconfigs
+ shortNames:
+ - gkecc
+ singular: gkeclusterconfig
+ preserveUnknownFields: false
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ clusterAddons:
+ nullable: true
+ properties:
+ horizontalPodAutoscaling:
+ type: boolean
+ httpLoadBalancing:
+ type: boolean
+ networkPolicyConfig:
+ type: boolean
+ type: object
+ clusterIpv4Cidr:
+ nullable: true
+ type: string
+ clusterName:
+ nullable: true
+ type: string
+ description:
+ nullable: true
+ type: string
+ enableKubernetesAlpha:
+ nullable: true
+ type: boolean
+ googleCredentialSecret:
+ nullable: true
+ type: string
+ imported:
+ type: boolean
+ ipAllocationPolicy:
+ nullable: true
+ properties:
+ clusterIpv4CidrBlock:
+ nullable: true
+ type: string
+ clusterSecondaryRangeName:
+ nullable: true
+ type: string
+ createSubnetwork:
+ type: boolean
+ nodeIpv4CidrBlock:
+ nullable: true
+ type: string
+ servicesIpv4CidrBlock:
+ nullable: true
+ type: string
+ servicesSecondaryRangeName:
+ nullable: true
+ type: string
+ subnetworkName:
+ nullable: true
+ type: string
+ useIpAliases:
+ type: boolean
+ type: object
+ kubernetesVersion:
+ nullable: true
+ type: string
+ labels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ locations:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ loggingService:
+ nullable: true
+ type: string
+ maintenanceWindow:
+ nullable: true
+ type: string
+ masterAuthorizedNetworks:
+ nullable: true
+ properties:
+ cidrBlocks:
+ items:
+ properties:
+ cidrBlock:
+ nullable: true
+ type: string
+ displayName:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ enabled:
+ type: boolean
+ type: object
+ monitoringService:
+ nullable: true
+ type: string
+ network:
+ nullable: true
+ type: string
+ networkPolicyEnabled:
+ nullable: true
+ type: boolean
+ nodePools:
+ items:
+ properties:
+ autoscaling:
+ nullable: true
+ properties:
+ enabled:
+ type: boolean
+ maxNodeCount:
+ type: integer
+ minNodeCount:
+ type: integer
+ type: object
+ config:
+ nullable: true
+ properties:
+ diskSizeGb:
+ type: integer
+ diskType:
+ nullable: true
+ type: string
+ imageType:
+ nullable: true
+ type: string
+ labels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ localSsdCount:
+ type: integer
+ machineType:
+ nullable: true
+ type: string
+ oauthScopes:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ preemptible:
+ type: boolean
+ tags:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ taints:
+ items:
+ properties:
+ effect:
+ nullable: true
+ type: string
+ key:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ initialNodeCount:
+ nullable: true
+ type: integer
+ management:
+ nullable: true
+ properties:
+ autoRepair:
+ type: boolean
+ autoUpgrade:
+ type: boolean
+ type: object
+ maxPodsConstraint:
+ nullable: true
+ type: integer
+ name:
+ nullable: true
+ type: string
+ version:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ privateClusterConfig:
+ nullable: true
+ properties:
+ enablePrivateEndpoint:
+ type: boolean
+ enablePrivateNodes:
+ type: boolean
+ masterIpv4CidrBlock:
+ nullable: true
+ type: string
+ type: object
+ projectID:
+ nullable: true
+ type: string
+ region:
+ nullable: true
+ type: string
+ subnetwork:
+ nullable: true
+ type: string
+ zone:
+ nullable: true
+ type: string
+ type: object
+ status:
+ properties:
+ failureMessage:
+ nullable: true
+ type: string
+ phase:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/charts/rancher-gke-operator/101.0.0+up1.1.4/Chart.yaml b/charts/rancher-gke-operator/101.0.0+up1.1.4/Chart.yaml
new file mode 100644
index 000000000..fb2b7bd6c
--- /dev/null
+++ b/charts/rancher-gke-operator/101.0.0+up1.1.4/Chart.yaml
@@ -0,0 +1,20 @@
+annotations:
+ catalog.cattle.io/auto-install: rancher-gke-operator-crd=match
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.25.0-0'
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/provides-gvr: gkeclusterconfigs.gke.cattle.io/v1
+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+ catalog.cattle.io/release-name: rancher-gke-operator
+ catalog.cattle.io/scope: management
+apiVersion: v2
+appVersion: 1.1.4
+description: A Helm chart for provisioning GKE clusters
+home: https://github.com/rancher/gke-operator
+name: rancher-gke-operator
+sources:
+- https://github.com/rancher/gke-operator
+version: 101.0.0+up1.1.4
diff --git a/charts/rancher-gke-operator/101.0.0+up1.1.4/templates/NOTES.txt b/charts/rancher-gke-operator/101.0.0+up1.1.4/templates/NOTES.txt
new file mode 100644
index 000000000..238173d1b
--- /dev/null
+++ b/charts/rancher-gke-operator/101.0.0+up1.1.4/templates/NOTES.txt
@@ -0,0 +1,4 @@
+You have deployed the Rancher GKE operator
+Version: {{ .Chart.AppVersion }}
+Description: This operator provisions GKE clusters
+from GKEClusterConfig CRs.
diff --git a/charts/rancher-gke-operator/101.0.0+up1.1.4/templates/_helpers.tpl b/charts/rancher-gke-operator/101.0.0+up1.1.4/templates/_helpers.tpl
new file mode 100644
index 000000000..de3b332f6
--- /dev/null
+++ b/charts/rancher-gke-operator/101.0.0+up1.1.4/templates/_helpers.tpl
@@ -0,0 +1,25 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+ value: "linux"
+ effect: "NoSchedule"
+ operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
+
diff --git a/charts/rancher-gke-operator/101.0.0+up1.1.4/templates/clusterrole.yaml b/charts/rancher-gke-operator/101.0.0+up1.1.4/templates/clusterrole.yaml
new file mode 100644
index 000000000..7c352696e
--- /dev/null
+++ b/charts/rancher-gke-operator/101.0.0+up1.1.4/templates/clusterrole.yaml
@@ -0,0 +1,15 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: gke-operator
+ namespace: cattle-system
+rules:
+ - apiGroups: ['']
+ resources: ['secrets']
+ verbs: ['get', 'list', 'create', 'watch']
+ - apiGroups: ['gke.cattle.io']
+ resources: ['gkeclusterconfigs']
+ verbs: ['get', 'list', 'update', 'watch']
+ - apiGroups: ['gke.cattle.io']
+ resources: ['gkeclusterconfigs/status']
+ verbs: ['update']
diff --git a/charts/rancher-gke-operator/101.0.0+up1.1.4/templates/clusterrolebinding.yaml b/charts/rancher-gke-operator/101.0.0+up1.1.4/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..e2af390c7
--- /dev/null
+++ b/charts/rancher-gke-operator/101.0.0+up1.1.4/templates/clusterrolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: gke-operator
+ namespace: cattle-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: gke-operator
+subjects:
+- kind: ServiceAccount
+ name: gke-operator
+ namespace: cattle-system
diff --git a/charts/rancher-gke-operator/101.0.0+up1.1.4/templates/deployment.yaml b/charts/rancher-gke-operator/101.0.0+up1.1.4/templates/deployment.yaml
new file mode 100644
index 000000000..8f84fbc1a
--- /dev/null
+++ b/charts/rancher-gke-operator/101.0.0+up1.1.4/templates/deployment.yaml
@@ -0,0 +1,58 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: gke-config-operator
+ namespace: cattle-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ ke.cattle.io/operator: gke
+ template:
+ metadata:
+ labels:
+ ke.cattle.io/operator: gke
+ spec:
+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+ serviceAccountName: gke-operator
+ securityContext:
+ fsGroup: 1007
+ runAsUser: 1007
+ containers:
+ - name: rancher-gke-operator
+ image: {{ template "system_default_registry" . }}{{ .Values.gkeOperator.image.repository }}:{{ .Values.gkeOperator.image.tag }}
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: HTTP_PROXY
+ value: {{ .Values.httpProxy }}
+ - name: HTTPS_PROXY
+ value: {{ .Values.httpsProxy }}
+ - name: NO_PROXY
+ value: {{ .Values.noProxy }}
+{{- if .Values.additionalTrustedCAs }}
+ # gke-operator mounts the additional CAs in two places:
+ volumeMounts:
+ # This directory is owned by the gke-operator user so c_rehash works here.
+ - mountPath: /etc/rancher/ssl/ca-additional.pem
+ name: tls-ca-additional-volume
+ subPath: ca-additional.pem
+ readOnly: true
+ # This directory is root-owned so c_rehash doesn't work here,
+ # but the cert is here in case update-ca-certificates is called in the future or by the OS.
+ - mountPath: /etc/pki/trust/anchors/ca-additional.pem
+ name: tls-ca-additional-volume
+ subPath: ca-additional.pem
+ readOnly: true
+ volumes:
+ - name: tls-ca-additional-volume
+ secret:
+ defaultMode: 0400
+ secretName: tls-ca-additional
+ {{- end }}
diff --git a/charts/rancher-gke-operator/101.0.0+up1.1.4/templates/serviceaccount.yaml b/charts/rancher-gke-operator/101.0.0+up1.1.4/templates/serviceaccount.yaml
new file mode 100644
index 000000000..ba52af628
--- /dev/null
+++ b/charts/rancher-gke-operator/101.0.0+up1.1.4/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ namespace: cattle-system
+ name: gke-operator
diff --git a/charts/rancher-gke-operator/101.0.0+up1.1.4/values.yaml b/charts/rancher-gke-operator/101.0.0+up1.1.4/values.yaml
new file mode 100644
index 000000000..f8150c809
--- /dev/null
+++ b/charts/rancher-gke-operator/101.0.0+up1.1.4/values.yaml
@@ -0,0 +1,20 @@
+global:
+ cattle:
+ systemDefaultRegistry: ""
+
+gkeOperator:
+ image:
+ repository: rancher/gke-operator
+ tag: v1.1.4
+
+httpProxy: ""
+httpsProxy: ""
+noProxy: ""
+additionalTrustedCAs: false
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
diff --git a/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/Chart.yaml b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/Chart.yaml
new file mode 100644
index 000000000..5f99b1ff2
--- /dev/null
+++ b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/Chart.yaml
@@ -0,0 +1,22 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/display-name: vSphere CPI
+ catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.25.0-0'
+ catalog.cattle.io/namespace: kube-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+ catalog.cattle.io/release-name: vsphere-cpi
+apiVersion: v1
+appVersion: 1.2.2
+description: vSphere Cloud Provider Interface (CPI)
+icon: https://charts.rancher.io/assets/logos/vsphere-cpi.svg
+keywords:
+- infrastructure
+maintainers:
+- email: jamie.phillips@suse.com
+ name: Rancher
+name: rancher-vsphere-cpi
+sources:
+- https://github.com/kubernetes/cloud-provider-vsphere
+version: 101.0.0+up1.2.2
diff --git a/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/README.md b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/README.md
new file mode 100644
index 000000000..a8a605e16
--- /dev/null
+++ b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/README.md
@@ -0,0 +1,59 @@
+# vSphere Cloud Provider Interface (CPI)
+
+[vSphere Cloud Provider Interface (CPI)](https://github.com/kubernetes/cloud-provider-vsphere) is responsible for running all the platform specific control loops that were previously run in core Kubernetes components like the KCM and the kubelet, but have been moved out-of-tree to allow cloud and infrastructure providers to implement integrations that can be developed, built and released independent of Kubernetes core. The official documentation and tutorials can be found [here](https://vsphere-csi-driver.sigs.k8s.io/driver-deployment/prerequisites.html).
+
+**This chart requires being deployed into the `kube-system` namespace.**
+
+## Prerequisites
+
+- vSphere 6.7 U3+
+- Kubernetes v1.14+
+- A Secret on your Kubernetes cluster that contains vSphere credentials (Refer to `README` or `Detailed Descriptions`)
+
+## Installation
+
+This chart requires a Secret in your Kubernetes cluster that contains the server URL and credentials to connect to the vCenter. You can have the chart generate it for you, or create it yourself and provide the name of the Secret during installation.
+
+Warning: When the option to generate the Secret is enabled, the credentials are visible in the API to authorized users. If you create the Secret yourself they will not be visible.
+
+You can create a Secret in one of the following ways:
+### Option 1: Create a Secret using the Rancher UI
+Go to your cluster's project (Same project you will be installing the chart) > Resources > Secrets > Add Secret.
+```yaml
+# Example of data required in the Secret
+.username:
+.password:
+```
+
+### Option 2: Create a Secret using kubectl
+Replace placeholders with actual values, and execute the following:
+```bash
+cat <
+ namespace:
+data:
+ .username:
+ .password:
+EOF
+```
+
+More information on managing Secrets using kubectl [here](https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/).
+
+## Migration
+
+If using this chart to migrate volumes provisioned by the in-tree provider to the out-of-tree CPI + CSI, you need to taint all nodes with the following:
+```
+node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule
+```
+
+To perform this operation on all nodes in your cluster, the following script has been provided for your convenience:
+```bash
+# Note: Since this script uses kubectl, ensure that you run `export KUBECONFIG=` before running this script
+for node in $(kubectl get nodes | awk '{print $1}' | tail -n +2); do
+ kubectl taint node $node node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule
+done
+```
\ No newline at end of file
diff --git a/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/app-readme.md b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/app-readme.md
new file mode 100644
index 000000000..67329e95b
--- /dev/null
+++ b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/app-readme.md
@@ -0,0 +1,11 @@
+# vSphere Cloud Provider Interface (CPI)
+
+[vSphere Cloud Provider Interface (CPI)](https://github.com/kubernetes/cloud-provider-vsphere) is responsible for running all the platform specific control loops that were previously run in core Kubernetes components like the KCM and the kubelet, but have been moved out-of-tree to allow cloud and infrastructure providers to implement integrations that can be developed, built and released independent of Kubernetes core. The official documentation and tutorials can be found [here](https://vsphere-csi-driver.sigs.k8s.io/driver-deployment/prerequisites.html).
+
+**This chart requires being deployed into the `kube-system` namespace.**
+
+## Prerequisites
+
+- vSphere 6.7 U3+ or vSphere 7.0+
+- Kubernetes v1.19+
+- A Secret on your Kubernetes cluster that contains vSphere credentials (Refer to `README` or `Detailed Descriptions`)
diff --git a/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/questions.yaml b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/questions.yaml
new file mode 100644
index 000000000..99ff81f35
--- /dev/null
+++ b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/questions.yaml
@@ -0,0 +1,42 @@
+questions:
+ - variable: vCenter.host
+ label: vCenter Host
+ description: IP address or FQDN of the vCenter
+ type: string
+ required: true
+ group: Configuration
+
+ - variable: vCenter.datacenters
+ description: Comma-separated list of paths to data centers. E.g ", , ..."
+ label: Data Centers
+ type: string
+ required: true
+ group: Configuration
+
+ - variable: vCenter.credentialsSecret.generate
+ label: Generate Credential's Secret
+ description: Generates a secret with the vSphere credentials (If the option to generate it is enabled, credentials will be visible in the API to authorized users)
+ type: boolean
+ default: true
+ required: true
+ group: Configuration
+ show_subquestion_if: true
+ subquestions:
+ - variable: vCenter.username
+ label: Username
+ description: Username for vCenter
+ type: string
+ group: Configuration
+ - variable: vCenter.password
+ label: Password
+ description: Password for vCenter
+ type: password
+ group: Configuration
+
+ - variable: vCenter.credentialsSecret.name
+ label: Credential's Secret Name
+ description: Name of the secret with the vSphere credentials (Will not be visible in the API. More info in the README)
+ default: "vsphere-cpi-creds"
+ type: string
+ group: Configuration
+ show_if: "vCenter.credentialsSecret.generate=false"
diff --git a/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/_helpers.tpl b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/_helpers.tpl
new file mode 100644
index 000000000..a608baf1d
--- /dev/null
+++ b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/_helpers.tpl
@@ -0,0 +1,32 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "applyVersionOverrides" -}}
+{{- $overrides := dict -}}
+{{- range $override := .Values.versionOverrides -}}
+{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}}
+{{- $_ := mergeOverwrite $overrides $override.values -}}
+{{- end -}}
+{{- end -}}
+{{- $_ := mergeOverwrite .Values $overrides -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+ value: "linux"
+ effect: "NoSchedule"
+ operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/configmap.yaml b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/configmap.yaml
new file mode 100644
index 000000000..a482e1f48
--- /dev/null
+++ b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/configmap.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: vsphere-cloud-config
+ labels:
+ vsphere-cpi-infra: config
+ component: {{ .Chart.Name }}-cloud-controller-manager
+ namespace: {{ .Release.Namespace }}
+data:
+ vsphere.conf: |
+ [Global]
+ secret-name = {{ .Values.vCenter.credentialsSecret.name | quote }}
+ secret-namespace = {{ .Release.Namespace | quote }}
+ port = {{ .Values.vCenter.port | quote }}
+ insecure-flag = {{ .Values.vCenter.insecureFlag | quote }}
+
+ [VirtualCenter {{ .Values.vCenter.host | quote }}]
+ datacenters = {{ .Values.vCenter.datacenters | quote }}
diff --git a/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/daemonset.yaml b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/daemonset.yaml
new file mode 100644
index 000000000..808e0c422
--- /dev/null
+++ b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/daemonset.yaml
@@ -0,0 +1,101 @@
+{{- template "applyVersionOverrides" . -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: {{ .Chart.Name }}-cloud-controller-manager
+ labels:
+ component: {{ .Chart.Name }}-cloud-controller-manager
+ tier: control-plane
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ scheduler.alpha.kubernetes.io/critical-pod: ""
+spec:
+ selector:
+ matchLabels:
+ name: {{ .Chart.Name }}-cloud-controller-manager
+ updateStrategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ name: {{ .Chart.Name }}-cloud-controller-manager
+ component: {{ .Chart.Name }}-cloud-controller-manager
+ tier: control-plane
+ spec:
+ {{- if .Values.cloudControllerManager.nodeSelector }}
+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+ {{- with .Values.cloudControllerManager.nodeSelector }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- else }}
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ # RKE node selector label
+ - key: node-role.kubernetes.io/controlplane
+ operator: In
+ values:
+ - "true"
+ - matchExpressions:
+ # RKE2 node selector label
+ - key: node-role.kubernetes.io/control-plane
+ operator: In
+ values:
+ - "true"
+ - matchExpressions:
+ - key: kubernetes.io/os
+ operator: NotIn
+ values:
+ - "windows"
+ {{- end }}
+ {{- if .Values.cloudControllerManager.tolerations }}
+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+ {{- with .Values.cloudControllerManager.tolerations }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- else }}
+ tolerations:
+ - key: node.cloudprovider.kubernetes.io/uninitialized
+ value: "true"
+ effect: NoSchedule
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
+ operator: Exists
+ - key: node.kubernetes.io/not-ready
+ effect: NoSchedule
+ operator: Exists
+ # Rancher specific change: These tolerations are added to account for RKE1 and RKE2 taints
+ - key: node-role.kubernetes.io/controlplane
+ effect: NoSchedule
+ value: "true"
+ - key: node-role.kubernetes.io/control-plane
+ effect: NoSchedule
+ operator: Exists
+ - key: node-role.kubernetes.io/etcd
+ effect: NoExecute
+ operator: Exists
+ {{- end }}
+ securityContext:
+ runAsUser: 1001
+ serviceAccountName: {{ .Chart.Name }}-cloud-controller-manager
+ containers:
+ - name: {{ .Chart.Name }}-cloud-controller-manager
+ image: {{ template "system_default_registry" . }}{{ .Values.cloudControllerManager.repository }}:{{ .Values.cloudControllerManager.tag }}
+ args:
+ - --cloud-provider=vsphere
+ - --v=2
+ - --cloud-config=/etc/cloud/vsphere.conf
+ volumeMounts:
+ - mountPath: /etc/cloud
+ name: vsphere-config-volume
+ readOnly: true
+ resources:
+ requests:
+ cpu: 200m
+ hostNetwork: true
+ volumes:
+ - name: vsphere-config-volume
+ configMap:
+ name: vsphere-cloud-config
diff --git a/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/role-binding.yaml b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/role-binding.yaml
new file mode 100644
index 000000000..096c2d6ba
--- /dev/null
+++ b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/role-binding.yaml
@@ -0,0 +1,43 @@
+{{- if .Values.cloudControllerManager.rbac.enabled -}}
+apiVersion: v1
+kind: List
+metadata: {}
+items:
+- apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+ name: servicecatalog.k8s.io:apiserver-authentication-reader
+ labels:
+ vsphere-cpi-infra: role-binding
+ component: {{ .Chart.Name }}-cloud-controller-manager
+ namespace: {{ .Release.Namespace }}
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: extension-apiserver-authentication-reader
+ subjects:
+ - apiGroup: ""
+ kind: ServiceAccount
+ name: {{ .Chart.Name }}-cloud-controller-manager
+ namespace: {{ .Release.Namespace }}
+ - apiGroup: ""
+ kind: User
+ name: {{ .Chart.Name }}-cloud-controller-manager
+- apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+ name: system:{{ .Chart.Name }}-cloud-controller-manager
+ labels:
+ vsphere-cpi-infra: cluster-role-binding
+ component: {{ .Chart.Name }}-cloud-controller-manager
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: system:{{ .Chart.Name }}-cloud-controller-manager
+ subjects:
+ - kind: ServiceAccount
+ name: {{ .Chart.Name }}-cloud-controller-manager
+ namespace: {{ .Release.Namespace }}
+ - kind: User
+ name: {{ .Chart.Name }}-cloud-controller-manager
+{{- end -}}
diff --git a/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/role.yaml b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/role.yaml
new file mode 100644
index 000000000..f26b834ac
--- /dev/null
+++ b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/role.yaml
@@ -0,0 +1,92 @@
+{{- if .Values.cloudControllerManager.rbac.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: system:{{ .Chart.Name }}-cloud-controller-manager
+ labels:
+ vsphere-cpi-infra: role
+ component: {{ .Chart.Name }}-cloud-controller-manager
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - "*"
+- apiGroups:
+ - ""
+ resources:
+ - nodes/status
+ verbs:
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - services/status
+ verbs:
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - serviceaccounts
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumes
+ verbs:
+ - get
+ - list
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - endpoints
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - "coordination.k8s.io"
+ resources:
+ - leases
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - update
+{{- end -}}
diff --git a/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/secret.yaml b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/secret.yaml
new file mode 100644
index 000000000..1fc8ef899
--- /dev/null
+++ b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/secret.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.vCenter.credentialsSecret.generate -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.vCenter.credentialsSecret.name }}
+ labels:
+ vsphere-cpi-infra: secret
+ component: {{ .Chart.Name }}-cloud-controller-manager
+ namespace: {{ .Release.Namespace }}
+data:
+ {{ .Values.vCenter.host }}.username: {{ .Values.vCenter.username | b64enc | quote }}
+ {{ .Values.vCenter.host }}.password: {{ .Values.vCenter.password | b64enc | quote }}
+{{- end -}}
diff --git a/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/service-account.yaml b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/service-account.yaml
new file mode 100644
index 000000000..8e269556b
--- /dev/null
+++ b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/service-account.yaml
@@ -0,0 +1,10 @@
+{{- if .Values.cloudControllerManager.rbac.enabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-cloud-controller-manager
+ labels:
+ vsphere-cpi-infra: service-account
+ component: {{ .Chart.Name }}-cloud-controller-manager
+ namespace: {{ .Release.Namespace }}
+{{- end -}}
diff --git a/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/service.yaml b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/service.yaml
new file mode 100644
index 000000000..e50d0b5af
--- /dev/null
+++ b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/templates/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ component: {{ .Chart.Name }}-cloud-controller-manager
+ name: {{ .Chart.Name }}-cloud-controller-manager
+ namespace: {{ .Release.Namespace }}
+spec:
+ type: NodePort
+ ports:
+ - port: 43001
+ protocol: TCP
+ targetPort: 43001
+ selector:
+ component: {{ .Chart.Name }}-cloud-controller-manager
diff --git a/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/values.yaml b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/values.yaml
new file mode 100644
index 000000000..fff38258e
--- /dev/null
+++ b/charts/rancher-vsphere-cpi/101.0.0+up1.2.2/values.yaml
@@ -0,0 +1,66 @@
+vCenter:
+ host: ""
+ port: 443
+ insecureFlag: "1"
+ datacenters: ""
+ username: ""
+ password: ""
+ credentialsSecret:
+ name: "vsphere-cpi-creds"
+ generate: true
+
+# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides.
+#
+# For each key in versionOvverides, this chart will check to see if the current Kubernetes cluster's version matches
+# any of the semver constraints provided as keys on the map.
+#
+# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value.
+#
+# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order.
+#
+# Notes:
+# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0
+# - On running a helm install --dry-run, the correct kubeVersion should be chosen.
+versionOverrides:
+ - constraint: ">= 1.23 < 1.25"
+ values:
+ cloudControllerManager:
+ repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager
+ tag: v1.23.0
+ - constraint: "~ 1.22"
+ values:
+ cloudControllerManager:
+ repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager
+ tag: v1.22.6
+ - constraint: "~ 1.21"
+ values:
+ cloudControllerManager:
+ repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager
+ tag: v1.21.3
+ - constraint: "~ 1.20"
+ values:
+ cloudControllerManager:
+ repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager
+ tag: v1.20.1
+ - constraint: "~ 1.19"
+ values:
+ cloudControllerManager:
+ repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager
+ tag: v1.19.0
+ - constraint: "~ 1.18"
+ values:
+ cloudControllerManager:
+ repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager
+ tag: v1.18.0
+
+cloudControllerManager:
+ repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager
+ tag: v1.22.6
+ nodeSelector: {}
+ tolerations: []
+ rbac:
+ enabled: true
+
+global:
+ cattle:
+ systemDefaultRegistry: ""
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/Chart.yaml b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/Chart.yaml
new file mode 100644
index 000000000..bdd4cdd1e
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/Chart.yaml
@@ -0,0 +1,22 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/display-name: vSphere CSI
+ catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.24.0-0'
+ catalog.cattle.io/namespace: kube-system
+ catalog.cattle.io/os: linux,windows
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+ catalog.cattle.io/release-name: vsphere-csi
+apiVersion: v1
+appVersion: 2.5.1-rancher1
+description: vSphere Cloud Storage Interface (CSI)
+icon: https://charts.rancher.io/assets/logos/vsphere-csi.svg
+keywords:
+- infrastructure
+maintainers:
+- email: jamie.phillips@suse.com
+ name: Rancher
+name: rancher-vsphere-csi
+sources:
+- https://github.com/kubernetes-sigs/vsphere-csi-driver
+version: 101.0.0+up2.5.1-rancher1
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/README.md b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/README.md
new file mode 100644
index 000000000..a79fc2c72
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/README.md
@@ -0,0 +1,73 @@
+# vSphere Container Storage Interface (CSI)
+
+[vSphere Container Storage Interface (CSI)](https://github.com/kubernetes-sigs/vsphere-csi-driver/tree/release-2.1/manifests/v2.1.0/vsphere-7.0u1/) is a specification designed to enable persistent storage volume management on Container Orchestrators (COs) such as Kubernetes. The specification allows storage systems to integrate with containerized workloads running on Kubernetes. Using CSI, storage providers, such as VMware, can write and deploy plugins for storage systems in Kubernetes without a need to modify any core Kubernetes code.
+
+CSI allows volume plugins to be installed on Kubernetes clusters as extensions. Once a CSI compatible volume driver is deployed on a Kubernetes cluster, users can use the CSI to provision, attach, mount, and format the volumes exposed by the CSI driver.
+
+The CSI driver for vSphere is `csi.vsphere.vmware.com`.
+
+## Prerequisites
+
+- vSphere 6.7 U3+
+- Kubernetes v1.20+
+- Out-of-tree vSphere Cloud Provider Interface (CPI)
+- A Secret on your Kubernetes cluster that contains vSphere CSI configuration and credentials
+
+## Installation
+
+This chart requires a Secret in your Kubernetes cluster that contains the CSI configuration and credentials to connect to the vCenter. You can have the chart generate it for you, or create it yourself and provide the name of the Secret during installation.
+
+Warning: When the option to generate the Secret is enabled, the credentials are visible in the API to authorized users. If you create the Secret yourself they will not be visible.
+
+You can create a Secret in one of the following ways:
+
+### Option 1: Create a Secret using the Rancher UI
+
+Go to your cluster's project (Same project you will be installing the chart) > Resources > Secrets > Add Secret.
+```yaml
+# Example of data required in the Secret
+# The csi-vsphere.conf key name is required, otherwise the installation will fail
+csi-vsphere.conf: |
+ [Global]
+ cluster-id = ""
+ user = ""
+ password = ""
+ port = ""
+ insecure-flag = ""
+
+ [VirtualCenter ""]
+ datacenters = ", , ..."
+```
+More information on CSI vSphere configuration [here](https://vsphere-csi-driver.sigs.k8s.io/driver-deployment/installation.html#create_k8s_secret).
+
+### Option 2: Create a Secret using kubectl
+
+Replace placeholders with actual values, and execute the following:
+```bash
+# The csi-vsphere.conf key name is required, otherwise the installation will fail
+cat <
+ namespace:
+stringData:
+ csi-vsphere.conf: |
+ [Global]
+ cluster-id = ""
+ user = ""
+ password = ""
+ port = ""
+ insecure-flag = ""
+
+ [VirtualCenter ""]
+ datacenters = ", , ..."
+EOF
+```
+
+More information on managing Secrets using kubectl [here](https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/).
+
+## Migration
+
+The CSI migration feature is only available for vSphere 7.0 U1.
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/app-readme.md b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/app-readme.md
new file mode 100644
index 000000000..bae1876f0
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/app-readme.md
@@ -0,0 +1,14 @@
+# vSphere Container Storage Interface (CSI)
+
+[vSphere Container Storage Interface (CSI)](https://github.com/kubernetes-sigs/vsphere-csi-driver) is a specification designed to enable persistent storage volume management on Container Orchestrators (COs) such as Kubernetes. The specification allows storage systems to integrate with containerized workloads running on Kubernetes. Using CSI, storage providers, such as VMware, can write and deploy plugins for storage systems in Kubernetes without a need to modify any core Kubernetes code.
+
+CSI allows volume plugins to be installed on Kubernetes clusters as extensions. Once a CSI compatible volume driver is deployed on a Kubernetes cluster, users can use the CSI to provision, attach, mount, and format the volumes exposed by the CSI driver.
+
+The CSI driver for vSphere is `csi.vsphere.vmware.com`.
+
+## Prerequisites
+
+- vSphere 6.7 U3+
+- Kubernetes v1.14+
+- Out-of-tree vSphere Cloud Provider Interface (CPI)
+- A Secret on your Kubernetes cluster that contains vSphere CSI configuration and credentials (Refer to `README` or `Detailed Descriptions`)
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/questions.yaml b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/questions.yaml
new file mode 100644
index 000000000..2b80d2c4d
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/questions.yaml
@@ -0,0 +1,141 @@
+questions:
+ - variable: vCenter.configSecret.generate
+ label: Generate CSI vSphere Config Secret
+ description: Generates a Secret that contains a CSI vSphere config and credentials (If the option to generate it is enabled, credentials will be visible in the API to authorized users)
+ type: boolean
+ default: true
+ required: true
+ group: vCenter Configuration
+ show_subquestion_if: true
+ subquestions:
+ - variable: vCenter.host
+ label: vCenter Host
+ description: IP address or FQDN of the vCenter
+ type: string
+
+ - variable: vCenter.datacenters
+ description: Comma-separated list of paths to data centers. E.g ", , ..."
+ label: Data Centers
+ type: string
+
+ - variable: vCenter.username
+ label: Username
+ description: Username for vCenter
+ type: string
+
+ - variable: vCenter.password
+ label: Password
+ description: Password for vCenter
+ type: password
+
+ - variable: vCenter.configSecret.name
+ label: CSI vSphere Config Secret Name
+ description: Name of the Secret that contains a CSI vSphere config and credentials (Will not be visible in the API. More info in the README)
+ type: string
+ group: vCenter Configuration
+ show_if: "vCenter.configSecret.generate=false"
+
+ - variable: csiMigration.enabled
+ label: Enable CSI Migration
+ description: Enable migration of volumes provisioned by in-tree vSphere provider to CSI (Available for vSphere 7.0 U1+ only)
+ type: boolean
+ default: false
+ group: Driver Configuration
+
+ - variable: csiAuthCheck.enabled
+ label: Enable authorization checks on operations involving datastores
+ type: boolean
+ default: false
+ group: Driver Configuration
+
+ - variable: onlineVolumeExtend.enabled
+ label: Enable Online Volume Extend
+ description: Enable expansion of PVCs that are in use by a Pod or mounted in a Node (Available for vSphere 7.0 U2+ only)
+ type: boolean
+ default: false
+ group: Driver Configuration
+
+ - variable: triggerCsiFullsync.enabled
+ label: Enable CSI Full Sync
+ description: Keeps CNS up to date with Kubernetes volume metadata information (such as PVs, PVCs, pods, and so on)
+ type: boolean
+ default: false
+ group: Driver Configuration
+
+ - variable: asyncQueryVolume.enabled
+ label: Enable Async Query Volume
+ description: Improves retrieval of volume information
+ type: boolean
+ default: false
+ group: Driver Configuration
+
+ - variable: improvedCsiIdempotency.enabled
+ label: Enable Improved CSI Idempotency
+ description: Enhances driver to ensure volume operations are idempotent
+ type: boolean
+ default: false
+ group: Driver Configuration
+
+ - variable: improvedVolumeTopology.enabled
+ label: Enable Improved Volume Topology
+ description: Allows using the topology feature without the need to mount vSphere credentials in the CSI node daemonset
+ type: boolean
+ default: false
+ group: Driver Configuration
+
+ - variable: csiWindowsSupport.enabled
+ label: Enable CSI Windows Support
+ description: Enables Windows support.
+ type: boolean
+ default: false
+ group: Driver Configuration
+
+ - variable: csiController.csiResizer.enabled
+ label: Enable CSI Volume Resizer
+ description: This feature is available for vSphere 7.0 U1+ only
+ type: boolean
+ default: false
+ group: Storage
+
+ - variable: storageClass.enabled
+ default: true
+ label: Create Storage Class
+ description: Create a storageClass with the vSphere CSI provisioner
+ type: boolean
+ required: true
+ show_subquestion_if: true
+ group: Storage
+ subquestions:
+ - variable: storageClass.name
+ label: Storage Class Name
+ default: "vsphere-csi-sc"
+ type: string
+
+ - variable: storageClass.isDefault
+ label: Default Storage Class
+ description: Set the Storage Class as the default
+ default: true
+ type: boolean
+
+ - variable: storageClass.allowVolumeExpansion
+ label: Allow Volume Expansion
+ description: Allows resizing the volume by editing the corresponding PVC object (Available for vSphere 7.0+ only)
+ default: false
+ type: boolean
+
+ - variable: storageClass.storagePolicyName
+ label: Storage Policy Name
+ description: Name of the Storage Policy created in vCenter
+ type: string
+
+ - variable: storageClass.datastoreURL
+ label: Data Store URL
+ description: URL of the data store to use for new volumes (If unspecified, any data store that matches the request will be selected).
+ type: string
+
+ - variable: csiNode.prefixPath
+ label: Prefix Path for `/var/lib/kubelet`
+ description: For some operating systems including RancherOS, RKE prefixes `/var/lib/kubelet` with `/opt/rke`. Add the prefix path of the location of /var/lib/kubelet
+ type: string
+ default: ""
+ group: Node Configuration
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/_helpers.tpl b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/_helpers.tpl
new file mode 100644
index 000000000..a608baf1d
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/_helpers.tpl
@@ -0,0 +1,32 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "applyVersionOverrides" -}}
+{{- $overrides := dict -}}
+{{- range $override := .Values.versionOverrides -}}
+{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}}
+{{- $_ := mergeOverwrite $overrides $override.values -}}
+{{- end -}}
+{{- end -}}
+{{- $_ := mergeOverwrite .Values $overrides -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+ value: "linux"
+ effect: "NoSchedule"
+ operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/configmap.yaml b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/configmap.yaml
new file mode 100644
index 000000000..3e39a3623
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/configmap.yaml
@@ -0,0 +1,18 @@
+# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver
+apiVersion: v1
+data:
+ "csi-migration": {{ .Values.csiMigration.enabled | quote }}
+ "csi-auth-check": {{ .Values.csiAuthCheck.enabled | quote }}
+ "online-volume-extend": {{ .Values.onlineVolumeExtend.enabled | quote }}
+ "trigger-csi-fullsync": {{ .Values.triggerCsiFullsync.enabled | quote }}
+ "async-query-volume": {{ .Values.asyncQueryVolume.enabled | quote }}
+ "improved-csi-idempotency": {{ .Values.improvedCsiIdempotency.enabled | quote }}
+ "improved-volume-topology": {{ .Values.improvedVolumeTopology.enabled | quote }}
+ "csi-windows-support": {{ .Values.csiWindowsSupport.enabled | quote }}
+ "use-csinode-id": {{ .Values.useCsinodeId.enabled | quote }}
+ "pv-to-backingdiskobjectid-mapping": {{ .Values.pvToBackingdiskobjectidMapping.enabled | quote }}
+ "cnsmgr-suspend-create-volume": {{ .Values.cnsmgrSuspendCreateVolume.enabled | quote }}
+kind: ConfigMap
+metadata:
+ name: internal-feature-states.csi.vsphere.vmware.com
+ namespace: {{ .Release.Namespace }}
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/controller/deployment.yaml b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/controller/deployment.yaml
new file mode 100644
index 000000000..8912ee35c
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/controller/deployment.yaml
@@ -0,0 +1,220 @@
+{{- template "applyVersionOverrides" . -}}
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ name: vsphere-csi-controller
+ namespace: {{ .Release.Namespace }}
+spec:
+ replicas: 3
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: 1
+ maxSurge: 0
+ selector:
+ matchLabels:
+ app: vsphere-csi-controller
+ template:
+ metadata:
+ labels:
+ app: vsphere-csi-controller
+ role: vsphere-csi
+ spec:
+ serviceAccountName: vsphere-csi-controller
+ {{- if .Values.csiController.nodeSelector }}
+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+ {{- with .Values.csiController.nodeSelector }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- else }}
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ # RKE node selector label
+ - key: node-role.kubernetes.io/controlplane
+ operator: In
+ values:
+ - "true"
+ - matchExpressions:
+ # RKE2 node selector label
+ - key: node-role.kubernetes.io/control-plane
+ operator: In
+ values:
+ - "true"
+ - matchExpressions:
+ # Rancher node selector label
+ - key: kubernetes.io/os
+ operator: NotIn
+ values:
+ - "windows"
+ {{- end }}
+ {{- if .Values.csiController.tolerations }}
+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+ {{- with .Values.csiController.tolerations }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- else }}
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ operator: Exists
+ effect: NoSchedule
+ # Rancher specific change: These tolerations are added to account for RKE1 and RKE2 taints
+ - key: node-role.kubernetes.io/controlplane
+ effect: NoSchedule
+ value: "true"
+ - key: node-role.kubernetes.io/control-plane
+ effect: NoSchedule
+ operator: Exists
+ - key: node-role.kubernetes.io/etcd
+ effect: NoExecute
+ operator: Exists
+ {{- end }}
+ dnsPolicy: "Default"
+ containers:
+ - name: csi-attacher
+ image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiAttacher.repository }}:{{ .Values.csiController.image.csiAttacher.tag }}"
+ args:
+ - "--v=4"
+ - "--timeout=300s"
+ - "--csi-address=$(ADDRESS)"
+ - "--leader-election"
+ - "--kube-api-qps=100"
+ - "--kube-api-burst=100"
+ env:
+ - name: ADDRESS
+ value: /csi/csi.sock
+ volumeMounts:
+ - mountPath: /csi
+ name: socket-dir
+{{- if .Values.csiController.csiResizer.enabled }}
+ - name: csi-resizer
+ image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiResizer.repository }}:{{ .Values.csiController.image.csiResizer.tag }}"
+ args:
+ - "--v=4"
+ - "--timeout=300s"
+ - "--handle-volume-inuse-error=false"
+ - "--csi-address=$(ADDRESS)"
+ - "--kube-api-qps=100"
+ - "--kube-api-burst=100"
+ - "--leader-election"
+ env:
+ - name: ADDRESS
+ value: /csi/csi.sock
+ volumeMounts:
+ - mountPath: /csi
+ name: socket-dir
+{{- end }}
+ - name: vsphere-csi-controller
+ image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.repository }}:{{ .Values.csiController.image.tag }}"
+ args:
+ - "--fss-name=internal-feature-states.csi.vsphere.vmware.com"
+ - "--fss-namespace=$(CSI_NAMESPACE)"
+ - "--use-gocsi=false"
+ imagePullPolicy: "Always"
+ env:
+ - name: CSI_ENDPOINT
+ value: unix:///csi/csi.sock
+ - name: X_CSI_MODE
+ value: "controller"
+ - name: X_CSI_SPEC_DISABLE_LEN_CHECK
+ value: "true"
+ - name: X_CSI_SERIAL_VOL_ACCESS_TIMEOUT
+ value: 3m
+ - name: VSPHERE_CSI_CONFIG
+ value: "/etc/cloud/csi-vsphere.conf"
+ - name: LOGGER_LEVEL
+ value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION
+ - name: INCLUSTER_CLIENT_QPS
+ value: "100"
+ - name: INCLUSTER_CLIENT_BURST
+ value: "100"
+ - name: CSI_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ volumeMounts:
+ - mountPath: /etc/cloud
+ name: vsphere-config-volume
+ readOnly: true
+ - mountPath: /csi
+ name: socket-dir
+ ports:
+ - name: healthz
+ containerPort: 9808
+ protocol: TCP
+ - name: prometheus
+ containerPort: 2112
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ initialDelaySeconds: 10
+ timeoutSeconds: 3
+ periodSeconds: 5
+ failureThreshold: 3
+ - name: liveness-probe
+ image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.livenessProbe.repository }}:{{ .Values.csiController.image.livenessProbe.tag }}"
+ args:
+ - "--v=4"
+ - "--csi-address=/csi/csi.sock"
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /csi
+ - name: vsphere-syncer
+ image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.vsphereSyncer.repository }}:{{ .Values.csiController.image.vsphereSyncer.tag }}"
+ args:
+ - "--leader-election"
+ - "--fss-name=internal-feature-states.csi.vsphere.vmware.com"
+ - "--fss-namespace=$(CSI_NAMESPACE)"
+ imagePullPolicy: "Always"
+ ports:
+ - containerPort: 2113
+ name: prometheus
+ protocol: TCP
+ env:
+ - name: FULL_SYNC_INTERVAL_MINUTES
+ value: "30"
+ - name: VSPHERE_CSI_CONFIG
+ value: "/etc/cloud/csi-vsphere.conf"
+ - name: LOGGER_LEVEL
+ value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION
+ - name: INCLUSTER_CLIENT_QPS
+ value: "100"
+ - name: INCLUSTER_CLIENT_BURST
+ value: "100"
+ - name: CSI_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ volumeMounts:
+ - mountPath: /etc/cloud
+ name: vsphere-config-volume
+ readOnly: true
+ - name: csi-provisioner
+ image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiProvisioner.repository }}:{{ .Values.csiController.image.csiProvisioner.tag }}"
+ args:
+ - "--v=4"
+ - "--timeout=300s"
+ - "--csi-address=$(ADDRESS)"
+ - "--kube-api-qps=100"
+ - "--kube-api-burst=100"
+ - "--leader-election"
+ - "--default-fstype=ext4"
+ # needed only for topology aware setup
+ #- "--feature-gates=Topology=true"
+ #- "--strict-topology"
+ env:
+ - name: ADDRESS
+ value: /csi/csi.sock
+ volumeMounts:
+ - mountPath: /csi
+ name: socket-dir
+ volumes:
+ - name: vsphere-config-volume
+ secret:
+ secretName: {{ .Values.vCenter.configSecret.name }}
+ - name: socket-dir
+ emptyDir: {}
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/controller/role-binding.yaml b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/controller/role-binding.yaml
new file mode 100644
index 000000000..0a30fd71c
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/controller/role-binding.yaml
@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: vsphere-csi-controller-binding
+subjects:
+ - kind: ServiceAccount
+ name: vsphere-csi-controller
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: vsphere-csi-controller-role
+ apiGroup: rbac.authorization.k8s.io
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/controller/role.yaml b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/controller/role.yaml
new file mode 100644
index 000000000..0d869f795
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/controller/role.yaml
@@ -0,0 +1,59 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: vsphere-csi-controller-role
+rules:
+ - apiGroups: [""]
+ resources: ["nodes", "pods", "configmaps"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["persistentvolumeclaims"]
+ verbs: ["get", "list", "watch", "update"]
+ - apiGroups: [""]
+ resources: ["persistentvolumeclaims/status"]
+ verbs: ["patch"]
+ - apiGroups: [""]
+ resources: ["persistentvolumes"]
+ verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["get", "list", "watch", "create", "update", "patch"]
+ - apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ verbs: ["get", "watch", "list", "delete", "update", "create"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["storageclasses", "csinodes"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["volumeattachments"]
+ verbs: ["get", "list", "watch", "patch"]
+ - apiGroups: ["cns.vmware.com"]
+ resources: ["triggercsifullsyncs"]
+ verbs: ["create", "get", "update", "watch", "list"]
+ - apiGroups: ["cns.vmware.com"]
+ resources: ["cnsvspherevolumemigrations"]
+ verbs: ["create", "get", "list", "watch", "update", "delete"]
+ - apiGroups: ["apiextensions.k8s.io"]
+ resources: ["customresourcedefinitions"]
+ verbs: ["get", "create", "update"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["volumeattachments/status"]
+ verbs: ["patch"]
+ - apiGroups: ["cns.vmware.com"]
+ resources: ["cnsvolumeoperationrequests"]
+ verbs: ["create", "get", "list", "update", "delete"]
+ - apiGroups: [ "snapshot.storage.k8s.io" ]
+ resources: [ "volumesnapshots" ]
+ verbs: [ "get", "list" ]
+ - apiGroups: [ "snapshot.storage.k8s.io" ]
+ resources: [ "volumesnapshotclasses" ]
+ verbs: [ "watch", "get", "list" ]
+ - apiGroups: [ "snapshot.storage.k8s.io" ]
+ resources: [ "volumesnapshotcontents" ]
+ verbs: [ "create", "get", "list", "watch", "update", "delete", "patch"]
+ - apiGroups: [ "snapshot.storage.k8s.io" ]
+ resources: [ "volumesnapshotcontents/status" ]
+ verbs: [ "update", "patch" ]
+ - apiGroups: [ "cns.vmware.com" ]
+ resources: [ "csinodetopologies" ]
+ verbs: ["get", "update", "watch", "list"]
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/controller/service-account.yaml b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/controller/service-account.yaml
new file mode 100644
index 000000000..b6dbe5d32
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/controller/service-account.yaml
@@ -0,0 +1,5 @@
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+ name: vsphere-csi-controller
+ namespace: {{ .Release.Namespace }}
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/controller/service.yaml b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/controller/service.yaml
new file mode 100644
index 000000000..c3aa0e433
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/controller/service.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: vsphere-csi-controller
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: vsphere-csi-controller
+spec:
+ ports:
+ - name: ctlr
+ port: 2112
+ targetPort: 2112
+ protocol: TCP
+ - name: syncer
+ port: 2113
+ targetPort: 2113
+ protocol: TCP
+ selector:
+ app: vsphere-csi-controller
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/csi-driver.yaml b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/csi-driver.yaml
new file mode 100644
index 000000000..9b6909e6a
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/csi-driver.yaml
@@ -0,0 +1,8 @@
+# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver
+apiVersion: storage.k8s.io/v1 # For k8s 1.17 use storage.k8s.io/v1beta1
+kind: CSIDriver
+metadata:
+ name: csi.vsphere.vmware.com
+spec:
+ attachRequired: true
+ podInfoOnMount: false
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/node/daemonset.yaml b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/node/daemonset.yaml
new file mode 100644
index 000000000..bf6e0b3a3
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/node/daemonset.yaml
@@ -0,0 +1,178 @@
+{{- template "applyVersionOverrides" . -}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+ name: vsphere-csi-node
+ namespace: {{ .Release.Namespace }}
+spec:
+ selector:
+ matchLabels:
+ app: vsphere-csi-node
+ updateStrategy:
+ type: "RollingUpdate"
+ rollingUpdate:
+ maxUnavailable: 1
+ template:
+ metadata:
+ labels:
+ app: vsphere-csi-node
+ role: vsphere-csi
+ spec:
+ {{- if .Values.csiNode.nodeSelector }}
+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+ {{- with .Values.csiNode.nodeSelector }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- else }}
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ # Rancher node selector label
+ - key: kubernetes.io/os
+ operator: NotIn
+ values:
+ - "windows"
+ {{- end }}
+ {{- if .Values.csiNode.tolerations }}
+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+ {{- with .Values.csiNode.tolerations }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- else }}
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ operator: Exists
+ effect: NoSchedule
+ # Rancher specific change: These tolerations are added to account for RKE1 and RKE2 taints
+ - key: node-role.kubernetes.io/controlplane
+ effect: NoSchedule
+ value: "true"
+ - key: node-role.kubernetes.io/control-plane
+ effect: NoSchedule
+ operator: Exists
+ - key: node-role.kubernetes.io/etcd
+ effect: NoExecute
+ operator: Exists
+ {{- end }}
+ serviceAccountName: vsphere-csi-node
+ hostNetwork: true
+ dnsPolicy: "ClusterFirstWithHostNet"
+ containers:
+ - name: node-driver-registrar
+ image: "{{ template "system_default_registry" . }}{{ .Values.csiNode.image.nodeDriverRegistrar.repository }}:{{ .Values.csiNode.image.nodeDriverRegistrar.tag }}"
+ args:
+ - "--v=5"
+ - "--csi-address=$(ADDRESS)"
+ - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
+ env:
+ - name: ADDRESS
+ value: /csi/csi.sock
+ - name: DRIVER_REG_SOCK_PATH
+ value: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet/plugins/csi.vsphere.vmware.com/csi.sock
+ volumeMounts:
+ - name: plugin-dir
+ mountPath: /csi
+ - name: registration-dir
+ mountPath: /registration
+ livenessProbe:
+ exec:
+ command:
+ - /csi-node-driver-registrar
+ - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.vsphere.vmware.com/csi.sock
+ - --mode=kubelet-registration-probe
+ initialDelaySeconds: 3
+ - name: vsphere-csi-node
+ image: "{{ template "system_default_registry" . }}{{ .Values.csiNode.image.repository }}:{{ .Values.csiNode.image.tag }}"
+ args:
+ - "--fss-name=internal-feature-states.csi.vsphere.vmware.com"
+ - "--fss-namespace=$(CSI_NAMESPACE)"
+ - "--use-gocsi=false"
+ imagePullPolicy: "Always"
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: CSI_ENDPOINT
+ value: unix:///csi/csi.sock
+ - name: MAX_VOLUMES_PER_NODE
+ value: "59" # Maximum number of volumes that controller can publish to the node. If value is not set or zero Kubernetes decide how many volumes can be published by the controller to the node.
+ - name: X_CSI_MODE
+ value: "node"
+ - name: X_CSI_SPEC_REQ_VALIDATION
+ value: "false"
+ - name: X_CSI_SPEC_DISABLE_LEN_CHECK
+ value: "true"
+ - name: LOGGER_LEVEL
+ value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION
+ - name: CSI_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: NODEGETINFO_WATCH_TIMEOUT_MINUTES
+ value: "1"
+ securityContext:
+ privileged: true
+ capabilities:
+ add: ["SYS_ADMIN"]
+ allowPrivilegeEscalation: true
+ volumeMounts:
+ - name: plugin-dir
+ mountPath: /csi
+ - name: pods-mount-dir
+ mountPath: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet
+ # needed so that any mounts setup inside this container are
+ # propagated back to the host machine.
+ mountPropagation: "Bidirectional"
+ - name: device-dir
+ mountPath: /dev
+ - name: blocks-dir
+ mountPath: /sys/block
+ - name: sys-devices-dir
+ mountPath: /sys/devices
+ ports:
+ - name: healthz
+ containerPort: 9808
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ initialDelaySeconds: 10
+ timeoutSeconds: 5
+ periodSeconds: 5
+ failureThreshold: 3
+ - name: liveness-probe
+ image: "{{ template "system_default_registry" . }}{{ .Values.csiNode.image.livenessProbe.repository }}:{{ .Values.csiNode.image.livenessProbe.tag }}"
+ args:
+ - "--v=4"
+ - "--csi-address=/csi/csi.sock"
+ volumeMounts:
+ - name: plugin-dir
+ mountPath: /csi
+ volumes:
+ - name: registration-dir
+ hostPath:
+ path: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet/plugins_registry
+ type: Directory
+ - name: plugin-dir
+ hostPath:
+ path: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet/plugins/csi.vsphere.vmware.com
+ type: DirectoryOrCreate
+ - name: pods-mount-dir
+ hostPath:
+ path: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet
+ type: Directory
+ - name: device-dir
+ hostPath:
+ path: /dev
+ - name: blocks-dir
+ hostPath:
+ path: /sys/block
+ type: Directory
+ - name: sys-devices-dir
+ hostPath:
+ path: /sys/devices
+ type: Directory
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/node/role-binding.yaml b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/node/role-binding.yaml
new file mode 100644
index 000000000..c968ef0a7
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/node/role-binding.yaml
@@ -0,0 +1,28 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: vsphere-csi-node-binding
+ namespace: {{ .Release.Namespace }}
+subjects:
+ - kind: ServiceAccount
+ name: vsphere-csi-node
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: Role
+ name: vsphere-csi-node-role
+ apiGroup: rbac.authorization.k8s.io
+
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: vsphere-csi-node-cluster-role-binding
+subjects:
+ - kind: ServiceAccount
+ name: vsphere-csi-node
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: vsphere-csi-node-cluster-role
+ apiGroup: rbac.authorization.k8s.io
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/node/role.yaml b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/node/role.yaml
new file mode 100644
index 000000000..46645d9c1
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/node/role.yaml
@@ -0,0 +1,21 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: vsphere-csi-node-role
+ namespace: {{ .Release.Namespace }}
+rules:
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["get", "list", "watch"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: vsphere-csi-node-cluster-role
+rules:
+ - apiGroups: ["cns.vmware.com"]
+ resources: ["csinodetopologies"]
+ verbs: ["create", "watch"]
+ - apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["get"]
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/node/service-account.yaml b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/node/service-account.yaml
new file mode 100644
index 000000000..d2d452876
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/node/service-account.yaml
@@ -0,0 +1,5 @@
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+ name: vsphere-csi-node
+ namespace: {{ .Release.Namespace }}
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/node/windows-daemonset.yaml b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/node/windows-daemonset.yaml
new file mode 100644
index 000000000..c78d70483
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/node/windows-daemonset.yaml
@@ -0,0 +1,165 @@
+{{- if .Values.csiWindowsSupport.enabled }}
+{{- template "applyVersionOverrides" . -}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+ name: vsphere-csi-node-windows
+ namespace: {{ .Release.Namespace }}
+spec:
+ selector:
+ matchLabels:
+ app: vsphere-csi-node-windows
+ updateStrategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: 1
+ template:
+ metadata:
+ labels:
+ app: vsphere-csi-node-windows
+ role: vsphere-csi-windows
+ spec:
+ nodeSelector:
+ kubernetes.io/os: windows
+ {{- if .Values.csiNode.tolerations }}
+ tolerations:
+ {{- with .Values.csiNode.tolerations }}
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- else }}
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ operator: Exists
+ effect: NoSchedule
+ # Rancher specific change: These tolerations are added to account for RKE1 and RKE2 taints
+ - key: node-role.kubernetes.io/controlplane
+ effect: NoSchedule
+ value: "true"
+ - key: node-role.kubernetes.io/control-plane
+ effect: NoSchedule
+ operator: Exists
+ - key: node-role.kubernetes.io/etcd
+ effect: NoExecute
+ operator: Exists
+ {{- end }}
+ serviceAccountName: vsphere-csi-node
+ containers:
+ - name: node-driver-registrar
+ image: "{{ template "system_default_registry" . }}{{ .Values.csiNode.image.nodeDriverRegistrar.repository }}:{{ .Values.csiNode.image.nodeDriverRegistrar.tag }}"
+ args:
+ - "--v=5"
+ - "--csi-address=$(ADDRESS)"
+ - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
+ - "--health-port=9809"
+ env:
+ - name: ADDRESS
+ value: 'unix://C:\\csi\\csi.sock'
+ - name: DRIVER_REG_SOCK_PATH
+ value: {{ .Values.csiNode.prefixPath }}'\\var\\lib\\kubelet\\plugins\\csi.vsphere.vmware.com\\csi.sock'
+ volumeMounts:
+ - name: plugin-dir
+ mountPath: /csi
+ - name: registration-dir
+ mountPath: /registration
+ livenessProbe:
+ exec:
+ command:
+ - /csi-node-driver-registrar.exe
+ - --kubelet-registration-path=C:\\var\\lib\\kubelet\\plugins\\csi.vsphere.vmware.com\\csi.sock
+ - --mode=kubelet-registration-probe
+ initialDelaySeconds: 3
+ - name: vsphere-csi-node
+ image: "{{ template "system_default_registry" . }}{{ .Values.csiNode.image.repository }}:{{ .Values.csiNode.image.tag }}"
+ args:
+ - "--fss-name=internal-feature-states.csi.vsphere.vmware.com"
+ - "--fss-namespace=$(CSI_NAMESPACE)"
+ imagePullPolicy: "Always"
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: spec.nodeName
+ - name: CSI_ENDPOINT
+ value: 'unix://C:\\csi\\csi.sock'
+ - name: MAX_VOLUMES_PER_NODE
+ value: "0" # Maximum number of volumes that controller can publish to the node. If value is not set or zero Kubernetes decide how many volumes can be published by the controller to the node.
+ - name: X_CSI_MODE
+ value: node
+ - name: X_CSI_SPEC_REQ_VALIDATION
+ value: 'false'
+ - name: X_CSI_SPEC_DISABLE_LEN_CHECK
+ value: "true"
+ - name: LOGGER_LEVEL
+ value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION
+ - name: X_CSI_LOG_LEVEL
+ value: DEBUG
+ - name: CSI_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: NODEGETINFO_WATCH_TIMEOUT_MINUTES
+ value: "1"
+ volumeMounts:
+ - name: plugin-dir
+ mountPath: 'C:\csi'
+ - name: pods-mount-dir
+ mountPath: 'C:\var\lib\kubelet'
+ - name: csi-proxy-volume-v1
+ mountPath: \\.\pipe\csi-proxy-volume-v1
+ - name: csi-proxy-filesystem-v1
+ mountPath: \\.\pipe\csi-proxy-filesystem-v1
+ - name: csi-proxy-disk-v1
+ mountPath: \\.\pipe\csi-proxy-disk-v1
+ - name: csi-proxy-system-v1alpha1
+ mountPath: \\.\pipe\csi-proxy-system-v1alpha1
+ ports:
+ - name: healthz
+ containerPort: 9808
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ initialDelaySeconds: 10
+ timeoutSeconds: 5
+ periodSeconds: 5
+ failureThreshold: 3
+ - name: liveness-probe
+ image: "{{ template "system_default_registry" . }}{{ .Values.csiNode.image.livenessProbe.repository }}:{{ .Values.csiNode.image.livenessProbe.tag }}"
+ args:
+ - "--v=4"
+ - "--csi-address=/csi/csi.sock"
+ volumeMounts:
+ - name: plugin-dir
+ mountPath: /csi
+ volumes:
+ - name: registration-dir
+ hostPath:
+ path: 'C:\var\lib\kubelet\plugins_registry\'
+ type: Directory
+ - name: plugin-dir
+ hostPath:
+ path: 'C:\var\lib\kubelet\plugins\csi.vsphere.vmware.com\'
+ type: DirectoryOrCreate
+ - name: pods-mount-dir
+ hostPath:
+ path: \var\lib\kubelet
+ type: Directory
+ - name: csi-proxy-disk-v1
+ hostPath:
+ path: \\.\pipe\csi-proxy-disk-v1
+ type: ''
+ - name: csi-proxy-volume-v1
+ hostPath:
+ path: \\.\pipe\csi-proxy-volume-v1
+ type: ''
+ - name: csi-proxy-filesystem-v1
+ hostPath:
+ path: \\.\pipe\csi-proxy-filesystem-v1
+ type: ''
+ - name: csi-proxy-system-v1alpha1
+ hostPath:
+ path: \\.\pipe\csi-proxy-system-v1alpha1
+ type: ''
+{{ end }}
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/secret.yaml b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/secret.yaml
new file mode 100644
index 000000000..2a8c53025
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/secret.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.vCenter.configSecret.generate -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.vCenter.configSecret.name }}
+ namespace: {{ .Release.Namespace }}
+data:
+ csi-vsphere.conf: {{ tpl .Values.vCenter.configSecret.configTemplate . | b64enc | quote }}
+{{- end -}}
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/storageclass.yaml b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/storageclass.yaml
new file mode 100644
index 000000000..30dfbd46a
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/templates/storageclass.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.storageClass.enabled -}}
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: {{ .Values.storageClass.name | quote }}
+ annotations:
+ storageclass.kubernetes.io/is-default-class: {{ .Values.storageClass.isDefault | quote }}
+provisioner: csi.vsphere.vmware.com
+allowVolumeExpansion: {{ .Values.storageClass.allowVolumeExpansion }}
+parameters:
+ {{- if .Values.storageClass.datastoreURL }}
+ datastoreURL: {{ .Values.storageClass.datastoreURL | quote }}
+ {{- end }}
+ {{- if .Values.storageClass.storagePolicyName }}
+ storagepolicyname: {{ .Values.storageClass.storagePolicyName | quote }}
+ {{- end }}
+{{- end -}}
diff --git a/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/values.yaml b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/values.yaml
new file mode 100644
index 000000000..b9f81fefb
--- /dev/null
+++ b/charts/rancher-vsphere-csi/101.0.0+up2.5.1-rancher1/values.yaml
@@ -0,0 +1,176 @@
+vCenter:
+ host: ""
+ port: 443
+ insecureFlag: "1"
+ clusterId: ""
+ datacenters: ""
+ username: ""
+ password: ""
+ configSecret:
+ name: "vsphere-config-secret"
+ generate: true
+ configTemplate: |
+ [Global]
+ cluster-id = {{ required ".Values.vCenter.clusterId must be provided" (default .Values.vCenter.clusterId .Values.global.cattle.clusterId) | quote }}
+ user = {{ .Values.vCenter.username | quote }}
+ password = {{ .Values.vCenter.password | quote }}
+ port = {{ .Values.vCenter.port | quote }}
+ insecure-flag = {{ .Values.vCenter.insecureFlag | quote }}
+
+ [VirtualCenter {{ .Values.vCenter.host | quote }}]
+ datacenters = {{ .Values.vCenter.datacenters | quote }}
+
+csiController:
+ csiResizer:
+ enabled: false
+ image:
+ repository: rancher/mirrored-cloud-provider-vsphere-csi-release-driver
+ tag: v2.5.1
+ csiAttacher:
+ repository: rancher/mirrored-sig-storage-csi-attacher
+ tag: v3.4.0
+ csiResizer:
+ repository: rancher/mirrored-sig-storage-csi-resizer
+ tag: v1.4.0
+ livenessProbe:
+ repository: rancher/mirrored-sig-storage-livenessprobe
+ tag: v2.6.0
+ vsphereSyncer:
+ repository: rancher/mirrored-cloud-provider-vsphere-csi-release-syncer
+ tag: v2.5.1
+ csiProvisioner:
+ repository: rancher/mirrored-sig-storage-csi-provisioner
+ tag: v3.1.0
+ ## Node labels for pod assignment
+ ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector: {}
+ # Uncomment below toleration if you need an aggressive pod eviction in case when
+ # node becomes not-ready or unreachable. Default is 300 seconds if not specified.
+ tolerations: []
+ # - key: node.kubernetes.io/not-ready
+ # operator: Exists
+ # effect: NoExecute
+ # tolerationSeconds: 30
+ # - key: node.kubernetes.io/unreachable
+ # operator: Exists
+ # effect: NoExecute
+ # tolerationSeconds: 30
+
+# Internal features
+csiMigration:
+ enabled: false
+csiAuthCheck:
+ enabled: false
+onlineVolumeExtend:
+ enabled: false
+triggerCsiFullsync:
+ enabled: false
+asyncQueryVolume:
+ enabled: false
+improvedCsiIdempotency:
+ enabled: false
+improvedVolumeTopology:
+ enabled: false
+csiWindowsSupport:
+ enabled: false
+useCsinodeId:
+ enabled: true
+pvToBackingdiskobjectidMapping:
+ enabled: false
+cnsmgrSuspendCreateVolume:
+ enabled: false
+
+csiNode:
+ ## Node labels for pod assignment
+ ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector: {}
+ ## List of node taints to tolerate (requires Kubernetes >= 1.6)
+ tolerations: []
+ prefixPath: ""
+ image:
+ repository: rancher/mirrored-cloud-provider-vsphere-csi-release-driver
+ tag: v2.5.1
+ nodeDriverRegistrar:
+ repository: rancher/mirrored-sig-storage-csi-node-driver-registrar
+ tag: v2.5.0
+ livenessProbe:
+ repository: rancher/mirrored-sig-storage-livenessprobe
+ tag: v2.6.0
+
+storageClass:
+ enabled: true
+ allowVolumeExpansion: false
+ name: "vsphere-csi-sc"
+ isDefault: true
+ storagePolicyName: ""
+ datastoreURL: ""
+
+global:
+ cattle:
+ systemDefaultRegistry: ""
+
+versionOverrides:
+ - constraint: ">= 1.21 < 1.24"
+ values:
+ csiController:
+ image:
+ repository: rancher/mirrored-cloud-provider-vsphere-csi-release-driver
+ tag: v2.5.1
+ csiAttacher:
+ repository: rancher/mirrored-sig-storage-csi-attacher
+ tag: v3.4.0
+ csiResizer:
+ repository: rancher/mirrored-sig-storage-csi-resizer
+ tag: v1.4.0
+ livenessProbe:
+ repository: rancher/mirrored-sig-storage-livenessprobe
+ tag: v2.6.0
+ vsphereSyncer:
+ repository: rancher/mirrored-cloud-provider-vsphere-csi-release-syncer
+ tag: v2.5.1
+ csiProvisioner:
+ repository: rancher/mirrored-sig-storage-csi-provisioner
+ tag: v3.1.0
+ csiNode:
+ image:
+ repository: rancher/mirrored-cloud-provider-vsphere-csi-release-driver
+ tag: v2.5.1
+ nodeDriverRegistrar:
+ repository: rancher/mirrored-sig-storage-csi-node-driver-registrar
+ tag: v2.5.0
+ livenessProbe:
+ repository: rancher/mirrored-sig-storage-livenessprobe
+ tag: v2.6.0
+ - constraint: "~ 1.20"
+ values:
+ csiController:
+ image:
+ repository: rancher/mirrored-cloud-provider-vsphere-csi-release-driver
+ tag: v2.4.1
+ csiAttacher:
+ repository: rancher/mirrored-sig-storage-csi-attacher
+ tag: v3.3.0
+ csiResizer:
+ repository: rancher/mirrored-sig-storage-csi-resizer
+ tag: v1.3.0
+ livenessProbe:
+ repository: rancher/mirrored-sig-storage-livenessprobe
+ tag: v2.4.0
+ vsphereSyncer:
+ repository: rancher/mirrored-cloud-provider-vsphere-csi-release-syncer
+ tag: v2.4.1
+ csiProvisioner:
+ repository: rancher/mirrored-sig-storage-csi-provisioner
+ tag: v3.0.0
+ csiNode:
+ image:
+ repository: rancher/mirrored-cloud-provider-vsphere-csi-release-driver
+ tag: v2.4.1
+ nodeDriverRegistrar:
+ repository: rancher/mirrored-sig-storage-csi-node-driver-registrar
+ tag: v2.3.0
+ livenessProbe:
+ repository: rancher/mirrored-sig-storage-livenessprobe
+ tag: v2.4.0
diff --git a/charts/rancher-windows-gmsa-crd/2.0.0/Chart.yaml b/charts/rancher-windows-gmsa-crd/2.0.0/Chart.yaml
new file mode 100644
index 000000000..e95462f00
--- /dev/null
+++ b/charts/rancher-windows-gmsa-crd/2.0.0/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-windows-gmsa-system
+ catalog.cattle.io/release-name: rancher-windows-gmsa-crd
+apiVersion: v1
+description: Installs the CRDs for Windows GMSA.
+name: rancher-windows-gmsa-crd
+type: application
+version: 2.0.0
diff --git a/charts/rancher-windows-gmsa-crd/2.0.0/templates/crds.yaml b/charts/rancher-windows-gmsa-crd/2.0.0/templates/crds.yaml
new file mode 100644
index 000000000..de31c4561
--- /dev/null
+++ b/charts/rancher-windows-gmsa-crd/2.0.0/templates/crds.yaml
@@ -0,0 +1,119 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: gmsacredentialspecs.windows.k8s.io
+ annotations:
+ "api-approved.kubernetes.io": "https://github.com/kubernetes/enhancements/tree/master/keps/sig-windows/689-windows-gmsa"
+spec:
+ group: windows.k8s.io
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: false
+ deprecated: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ credspec:
+ description: GMSA Credential Spec
+ type: object
+ properties:
+ ActiveDirectoryConfig:
+ type: object
+ properties:
+ GroupManagedServiceAccounts:
+ type: array
+ items:
+ type: object
+ properties:
+ Name:
+ type: string
+ Scope:
+ type: string
+ HostAccountConfig:
+ type: object
+ properties:
+ PluginGUID:
+ type: string
+ PluginInput:
+ type: string
+ PortableCcgVersion:
+ type: string
+ CmsPlugins:
+ type: array
+ items:
+ type: string
+ DomainJoinConfig:
+ type: object
+ properties:
+ DnsName:
+ type: string
+ DnsTreeName:
+ type: string
+ Guid:
+ type: string
+ MachineAccountName:
+ type: string
+ NetBiosName:
+ type: string
+ Sid:
+ type: string
+ - name: v1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ credspec:
+ description: GMSA Credential Spec
+ type: object
+ properties:
+ ActiveDirectoryConfig:
+ type: object
+ properties:
+ GroupManagedServiceAccounts:
+ type: array
+ items:
+ type: object
+ properties:
+ Name:
+ type: string
+ Scope:
+ type: string
+ HostAccountConfig:
+ type: object
+ properties:
+ PluginGUID:
+ type: string
+ PluginInput:
+ type: string
+ PortableCcgVersion:
+ type: string
+ CmsPlugins:
+ type: array
+ items:
+ type: string
+ DomainJoinConfig:
+ type: object
+ properties:
+ DnsName:
+ type: string
+ DnsTreeName:
+ type: string
+ Guid:
+ type: string
+ MachineAccountName:
+ type: string
+ NetBiosName:
+ type: string
+ Sid:
+ type: string
+ conversion:
+ strategy: None
+ names:
+ kind: GMSACredentialSpec
+ plural: gmsacredentialspecs
+ scope: Cluster
+
diff --git a/charts/rancher-windows-gmsa/2.0.0/Chart.yaml b/charts/rancher-windows-gmsa/2.0.0/Chart.yaml
new file mode 100644
index 000000000..46730e35b
--- /dev/null
+++ b/charts/rancher-windows-gmsa/2.0.0/Chart.yaml
@@ -0,0 +1,29 @@
+annotations:
+ catalog.cattle.io/auto-install: rancher-windows-gmsa-crd=match
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/display-name: Windows GMSA
+ catalog.cattle.io/experimental: "true"
+ catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.24.0-0'
+ catalog.cattle.io/namespace: cattle-windows-gmsa-system
+ catalog.cattle.io/os: windows
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/provides-gvr: windows.k8s.io.gmsacredentialspecs/v1
+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+ catalog.cattle.io/release-name: rancher-windows-gmsa
+apiVersion: v2
+appVersion: 0.3.0
+description: Windows GMSA Configuration
+icon: https://charts.rancher.io/assets/logos/windows-gmsa.svg
+keywords:
+- Windows
+- Windows GMSA
+- GMSA
+- Active Directory
+maintainers:
+- email: jamie.phillips@suse.com
+ name: Rancher
+name: rancher-windows-gmsa
+sources:
+- https://github.com/kubernetes-sigs/windows-gmsa
+type: application
+version: 2.0.0
diff --git a/charts/rancher-windows-gmsa/2.0.0/app-readme.md b/charts/rancher-windows-gmsa/2.0.0/app-readme.md
new file mode 100644
index 000000000..b6a21b135
--- /dev/null
+++ b/charts/rancher-windows-gmsa/2.0.0/app-readme.md
@@ -0,0 +1,9 @@
+# Windows GMSA Admission Webhook
+
+This chart creates the GMSA CRD, Credential, and Admission Webhook. The official documentation and tutorials can be found [here](https://github.com/kubernetes-sigs/windows-gmsa).
+
+## Prerequisites
+
+- Active Directory that supports Group Managed Service Accounts
+- A Group Managed Service Account
+- Kubernetes v1.21+
diff --git a/charts/rancher-windows-gmsa/2.0.0/questions.yaml b/charts/rancher-windows-gmsa/2.0.0/questions.yaml
new file mode 100644
index 000000000..70f16989e
--- /dev/null
+++ b/charts/rancher-windows-gmsa/2.0.0/questions.yaml
@@ -0,0 +1,53 @@
+questions:
+ - variable: credential.enabled
+ default: true
+ description: Whether to create a GMSA Credential when installing GMSA Webhook
+ label: Whether to create a GMSA Credential
+ type: boolean
+ group: "Credential Spec"
+ show_subquestion_if: true
+ subquestions:
+ - variable: credential.domainJoinConfig.machineAccountName
+ label: GMSA Account Name
+ description: Username of the GMSA account
+ type: string
+ required: true
+ - variable: credential.domainJoinConfig.guid
+ label: GUID
+ description: GUID of the Service Account
+ type: string
+ required: true
+ - variable: credential.domainJoinConfig.sid
+ label: SID
+ description: SID of the GMSA Account
+ type: string
+ required: true
+ - variable: credential.domainJoinConfig.dnsName
+ label: DNS Domain Name
+ description: Name of the domain in DNS
+ type: string
+ required: true
+ - variable: credential.domainJoinConfig.dnsTreeName
+ label: DNS Tree Domain
+ description: Root name of the domain in DNS
+ type: string
+ required: true
+ - variable: credential.domainJoinConfig.netBiosName
+ label: NETBIOS Name
+ description: NETBIOS Name for the domain.
+ type: string
+ required: true
+ - variable: certificates.certManager.enabled
+ default: true
+ description: Use cert-manager to generate certificates for the webhook
+ label: Generate certificate through cert-manager
+ type: boolean
+ group: "Certificates"
+ show_subquestion_if: false
+ subquestions:
+ - variable: certificates.secretName
+ default: webhook-server-cert
+ description: Mount a CA Bundle from an existing Secret in the same namespace as the GMSA webhook. Secret must contain keys for the CA certificate (ca.crt), the TLS certificate (tls.crt), and the TLS private key (tls.key) to be used by the webhook.
+ label: CA Bundle From Existing Secret
+ type: string
+ required: true
diff --git a/charts/rancher-windows-gmsa/2.0.0/templates/_helpers.tpl b/charts/rancher-windows-gmsa/2.0.0/templates/_helpers.tpl
new file mode 100644
index 000000000..61576a7c8
--- /dev/null
+++ b/charts/rancher-windows-gmsa/2.0.0/templates/_helpers.tpl
@@ -0,0 +1,48 @@
+# Rancher
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Create chart name and version as used by the chart label. */}}
+{{- define "gmsa.chartref" -}}
+chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+{{- end }}
+
+{{/* Determine apiVersion for cert-manager */}}
+{{- define "cert-manager.apiversion" -}}
+ {{- $certmanagerVer := split "." .Values.certificates.certManager.version -}}
+ {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }}
+apiVersion: cert-manager.io/v1
+ {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }}
+apiVersion: cert-manager.io/v1beta1
+ {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }}
+apiVersion: cert-manager.io/v1alpha2
+ {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }}
+apiVersion: cert-manager.io/v1alpha1
+ {{- else }}
+apiVersion: cert-manager.io/v1
+ {{- end }}
+{{- end }}
+
+{{- define "certificates.cabundle"}}
+{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.certificates.secretName) -}}
+{{- if lt (len $secret) 1 -}}
+{{- required (printf "CA Bundle secret '%s' in namespace '%s' must exist" .Values.certificates.secretName .Release.Namespace) "" -}}
+{{- else -}}
+{{- if not (hasKey $secret "data") -}}
+{{- required (printf "CA Bundle secret '%s' in namespace '%s' is empty" .Values.certificates.secretName .Release.Namespace) "" -}}
+{{- end -}}
+{{- if or (not (hasKey $secret.data "ca.crt")) (not (hasKey $secret.data "tls.crt")) (not (hasKey $secret.data "tls.key")) -}}
+{{- required (printf "CA Bundle secret '%s' in namespace '%s' must contain ca.crt, tls.key, and tls.cert; found the following keys in the secret: %s" .Values.certificates.secretName .Release.Namespace $secret.data) "" -}}
+{{- end -}}
+{{- end -}}
+{{- get $secret.data "ca.crt" }}
+{{- else -}}
+INSERT_CERTIFICATE_FROM_SECRET
+{{- end -}}
+{{- end }}
+
diff --git a/charts/rancher-windows-gmsa/2.0.0/templates/clusterrole.yaml b/charts/rancher-windows-gmsa/2.0.0/templates/clusterrole.yaml
new file mode 100644
index 000000000..6e7667209
--- /dev/null
+++ b/charts/rancher-windows-gmsa/2.0.0/templates/clusterrole.yaml
@@ -0,0 +1,16 @@
+# the RBAC role that the webhook needs to:
+# * read GMSA custom resources
+# * check authorizations to use GMSA cred specs
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}
+ labels: {{ include "gmsa.chartref" . | nindent 4 }}
+rules:
+ - apiGroups: ["windows.k8s.io"]
+ resources: ["gmsacredentialspecs"]
+ verbs: ["get", "use"]
+ - apiGroups: ["authorization.k8s.io"]
+ resources: ["localsubjectaccessreviews"]
+ verbs: ["create"]
+
diff --git a/charts/rancher-windows-gmsa/2.0.0/templates/clusterrolebinding.yaml b/charts/rancher-windows-gmsa/2.0.0/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..7f477c426
--- /dev/null
+++ b/charts/rancher-windows-gmsa/2.0.0/templates/clusterrolebinding.yaml
@@ -0,0 +1,15 @@
+# bind that role to the webhook's service account
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Release.Name }}
+ labels: {{ include "gmsa.chartref" . | nindent 4 }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Release.Name }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: {{ .Release.Name }}
+ apiGroup: rbac.authorization.k8s.io
+
diff --git a/charts/rancher-windows-gmsa/2.0.0/templates/credentialspec.yaml b/charts/rancher-windows-gmsa/2.0.0/templates/credentialspec.yaml
new file mode 100644
index 000000000..f4ff13efd
--- /dev/null
+++ b/charts/rancher-windows-gmsa/2.0.0/templates/credentialspec.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.credential.enabled -}}
+apiVersion: windows.k8s.io/v1
+kind: GMSACredentialSpec
+metadata:
+ name: {{ .Values.credential.domainJoinConfig.machineAccountName | lower }}
+ labels: {{ include "gmsa.chartref" . | nindent 4 }}
+credspec:
+ ActiveDirectoryConfig:
+ GroupManagedServiceAccounts:
+ - Name: {{ .Values.credential.domainJoinConfig.machineAccountNamename }}
+ Scope: {{ .Values.credential.domainJoinConfig.netBiosName }}
+ - Name: {{ .Values.credential.domainJoinConfig.machineAccountNamename }}
+ Scope: {{ .Values.credential.domainJoinConfig.dnsName }}
+ CmsPlugins:
+ - ActiveDirectory
+ DomainJoinConfig:
+ DnsName: {{ .Values.credential.domainJoinConfig.dnsName }}
+ DnsTreeName: {{ .Values.credential.domainJoinConfig.dnsName }}
+ Guid: {{ .Values.credential.domainJoinConfig.guid }}
+ MachineAccountName: {{ .Values.credential.domainJoinConfig.machineAccountName }}
+ NetBiosName: {{ .Values.credential.domainJoinConfig.netBiosName }}
+ Sid: {{ .Values.credential.domainJoinConfig.sid }}
+{{- end -}}
+
diff --git a/charts/rancher-windows-gmsa/2.0.0/templates/deployment.yaml b/charts/rancher-windows-gmsa/2.0.0/templates/deployment.yaml
new file mode 100644
index 000000000..9dc4d7fb5
--- /dev/null
+++ b/charts/rancher-windows-gmsa/2.0.0/templates/deployment.yaml
@@ -0,0 +1,68 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ annotations:
+ seccomp.security.alpha.kubernetes.io/pod: runtime/default
+ name: {{ .Release.Name }}
+ namespace: {{ .Release.Namespace }}
+ labels: {{ include "gmsa.chartref" . | nindent 4 }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ .Release.Name }}
+ spec:
+ {{- if .Values.podSecurityContext }}
+ securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ .Release.Name }}
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: kubernetes.io/os
+ operator: In
+ values:
+ - linux
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: {{ .Release.Name }}
+ image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+ imagePullPolicy: {{ .Values.image.imagePullPolicy }}
+ readinessProbe:
+ httpGet:
+ scheme: HTTPS
+ path: /health
+ port: 443
+ ports:
+ - containerPort: 443
+ {{- if .Values.securityContext }}
+ securityContext: {{ toYaml .Values.securityContext | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: tls
+ mountPath: "/etc/ssl/rancher-windows-gmsa-webhook"
+ readOnly: true
+ env:
+ - name: TLS_KEY
+ value: /etc/ssl/rancher-windows-gmsa-webhook/tls.key
+ - name: TLS_CRT
+ value: /etc/ssl/rancher-windows-gmsa-webhook/tls.crt
+ volumes:
+ - name: tls
+ secret:
+ secretName: {{ .Values.certificates.secretName }}
+ items:
+ - key: tls.key
+ path: tls.key
+ - key: tls.crt
+ path: tls.crt
+
diff --git a/charts/rancher-windows-gmsa/2.0.0/templates/issuer.yaml b/charts/rancher-windows-gmsa/2.0.0/templates/issuer.yaml
new file mode 100644
index 000000000..d100da93b
--- /dev/null
+++ b/charts/rancher-windows-gmsa/2.0.0/templates/issuer.yaml
@@ -0,0 +1,26 @@
+{{- if .Values.certificates.certManager.enabled -}}
+{{ template "cert-manager.apiversion" . }}
+kind: Certificate
+metadata:
+ name: {{ .Release.Name }}
+ namespace: {{ .Release.Namespace }}
+ labels: {{ include "gmsa.chartref" . | nindent 4 }}
+spec:
+ dnsNames:
+ - {{ .Release.Name }}.{{ .Release.Namespace }}.svc
+ - {{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: {{ .Release.Name }}
+ secretName: {{ .Values.certificates.secretName }}
+---
+{{ template "cert-manager.apiversion" . }}
+kind: Issuer
+metadata:
+ name: {{ .Release.Name }}
+ namespace: {{ .Release.Namespace }}
+ labels: {{ include "gmsa.chartref" . | nindent 4 }}
+spec:
+ selfSigned: {}
+{{- end -}}
+
diff --git a/charts/rancher-windows-gmsa/2.0.0/templates/mutatingwebhook.yaml b/charts/rancher-windows-gmsa/2.0.0/templates/mutatingwebhook.yaml
new file mode 100644
index 000000000..321394565
--- /dev/null
+++ b/charts/rancher-windows-gmsa/2.0.0/templates/mutatingwebhook.yaml
@@ -0,0 +1,34 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ name: {{ .Release.Name }}
+ {{- if .Values.certificates.certManager.enabled }}
+ annotations:
+ cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Release.Name }}
+ {{- end }}
+ labels: {{ include "gmsa.chartref" . | nindent 4 }}
+webhooks:
+ - name: admission-webhook.windows-gmsa.sigs.k8s.io
+ clientConfig:
+ service:
+ name: {{ .Release.Name }}
+ namespace: {{.Release.Namespace}}
+ path: "/mutate"
+ {{- if not (.Values.certificates.certManager.enabled) }}
+ caBundle: {{ template "certificates.cabundle" . }}
+ {{- end }}
+ rules:
+ - operations: ["CREATE"]
+ apiGroups: [""]
+ apiVersions: ["*"]
+ resources: ["pods"]
+ failurePolicy: Fail
+ admissionReviewVersions: ["v1", "v1beta1"]
+ sideEffects: None
+ # don't run on ${NAMESPACE}
+ namespaceSelector:
+ matchExpressions:
+ - key: gmsa-webhook
+ operator: NotIn
+ values: [disabled]
+
diff --git a/charts/rancher-windows-gmsa/2.0.0/templates/networkpolicy.yaml b/charts/rancher-windows-gmsa/2.0.0/templates/networkpolicy.yaml
new file mode 100644
index 000000000..4d60f0915
--- /dev/null
+++ b/charts/rancher-windows-gmsa/2.0.0/templates/networkpolicy.yaml
@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: default-allow-all
+ namespace: {{ .Release.Namespace }}
+ labels: {{ include "gmsa.chartref" . | nindent 4 }}
+spec:
+ podSelector: {}
+ ingress:
+ - {}
+ egress:
+ - {}
+ policyTypes:
+ - Ingress
+ - Egress
+
diff --git a/charts/rancher-windows-gmsa/2.0.0/templates/service.yaml b/charts/rancher-windows-gmsa/2.0.0/templates/service.yaml
new file mode 100644
index 000000000..768f3f25d
--- /dev/null
+++ b/charts/rancher-windows-gmsa/2.0.0/templates/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Release.Name }}
+ namespace: {{ .Release.Namespace }}
+ labels: {{ include "gmsa.chartref" . | nindent 4 }}
+spec:
+ ports:
+ - port: 443
+ targetPort: 443
+ selector:
+ app: {{ .Release.Name }}
+
diff --git a/charts/rancher-windows-gmsa/2.0.0/templates/serviceaccount.yaml b/charts/rancher-windows-gmsa/2.0.0/templates/serviceaccount.yaml
new file mode 100644
index 000000000..d4bfa87c0
--- /dev/null
+++ b/charts/rancher-windows-gmsa/2.0.0/templates/serviceaccount.yaml
@@ -0,0 +1,8 @@
+# the service account for the webhook
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Release.Name }}
+ namespace: {{ .Release.Namespace }}
+ labels: {{ include "gmsa.chartref" . | nindent 4 }}
+
diff --git a/charts/rancher-windows-gmsa/2.0.0/templates/validate-install-crd.yaml b/charts/rancher-windows-gmsa/2.0.0/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..3f1ad6df7
--- /dev/null
+++ b/charts/rancher-windows-gmsa/2.0.0/templates/validate-install-crd.yaml
@@ -0,0 +1,14 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "windows.k8s.io/v1alpha1/GMSACredentialSpec" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# {{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-windows-gmsa/2.0.0/templates/validatingwebhook.yaml b/charts/rancher-windows-gmsa/2.0.0/templates/validatingwebhook.yaml
new file mode 100644
index 000000000..e13c5b33b
--- /dev/null
+++ b/charts/rancher-windows-gmsa/2.0.0/templates/validatingwebhook.yaml
@@ -0,0 +1,34 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ name: {{ .Release.Name }}
+ {{- if .Values.certificates.certManager.enabled }}
+ annotations:
+ cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Release.Name }}
+ {{- end }}
+ labels: {{ include "gmsa.chartref" . | nindent 4 }}
+webhooks:
+ - name: admission-webhook.windows-gmsa.sigs.k8s.io
+ clientConfig:
+ service:
+ name: {{ .Release.Name }}
+ namespace: {{ .Release.Namespace }}
+ path: "/validate"
+ {{- if not (.Values.certificates.certManager.enabled) }}
+ caBundle: {{ template "certificates.cabundle" . }}
+ {{- end }}
+ rules:
+ - operations: ["CREATE", "UPDATE"]
+ apiGroups: [""]
+ apiVersions: ["*"]
+ resources: ["pods"]
+ failurePolicy: Fail
+ admissionReviewVersions: ["v1", "v1beta1"]
+ sideEffects: None
+ # don't run on ${NAMESPACE}
+ namespaceSelector:
+ matchExpressions:
+ - key: gmsa-webhook
+ operator: NotIn
+ values: [disabled]
+
diff --git a/charts/rancher-windows-gmsa/2.0.0/values.yaml b/charts/rancher-windows-gmsa/2.0.0/values.yaml
new file mode 100644
index 000000000..f7ea06ba0
--- /dev/null
+++ b/charts/rancher-windows-gmsa/2.0.0/values.yaml
@@ -0,0 +1,42 @@
+certificates:
+ certManager:
+ # Enable cert manager integration. Cert manager should be already installed at the k8s cluster
+ enabled: true
+ version: ""
+ # If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt and tls.key) as k8s secretName in the namespace
+ secretName: gmsa-server-cert
+
+credential:
+ enabled: true
+ domainJoinConfig:
+ dnsName: "" #DNS Domain Name
+ dnsTreeName: "" #DNS Domain Name Root
+ guid: "" #GUID
+ machineAccountName: "" #Username of the GMSA account
+ netBiosName: "" #NETBIOS Domain Name
+ sid: "" #SID of GMSA
+
+image:
+ repository: rancher/mirrored-sigwindowstools-k8s-gmsa-webhook
+ tag: v0.3.0
+ imagePullPolicy: IfNotPresent
+
+global:
+ cattle:
+ systemDefaultRegistry: ""
+ kubectl:
+ repository: rancher/kubectl
+ tag: v1.22.6
+ pullPolicy: IfNotPresent
+
+## SecurityContext holds pod-level security attributes and common container settings.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+podSecurityContext:
+ runAsNonRoot: false
+ # Currently, required to run as root due to port binding within the container.
+ runAsUser: 0
+securityContext: {}
+
+tolerations: []
+
diff --git a/charts/rancher-wins-upgrader/101.0.0+up0.0.1/.helmignore b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/.helmignore
new file mode 100644
index 000000000..0e8a0eb36
--- /dev/null
+++ b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/rancher-wins-upgrader/101.0.0+up0.0.1/Chart.yaml b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/Chart.yaml
new file mode 100644
index 000000000..f91a95d8c
--- /dev/null
+++ b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/Chart.yaml
@@ -0,0 +1,18 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.22.0-0'
+ catalog.cattle.io/namespace: cattle-wins-system
+ catalog.cattle.io/os: windows
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+ catalog.cattle.io/release-name: rancher-wins-upgrader
+apiVersion: v2
+appVersion: 0.1.1
+description: Manages upgrading the wins server version and configuration across all
+ of your Windows nodes
+maintainers:
+- email: arvind.iyengar@suse.com
+ name: aiyengar2
+name: rancher-wins-upgrader
+type: application
+version: 101.0.0+up0.0.1
diff --git a/charts/rancher-wins-upgrader/101.0.0+up0.0.1/README.md b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/README.md
new file mode 100644
index 000000000..1789824f7
--- /dev/null
+++ b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/README.md
@@ -0,0 +1,41 @@
+# Rancher Wins Upgrader
+
+A Rancher chart that handles keeping the wins server version and config across some (or all) of the Windows nodes on a Kubernetes cluster in sync. It does this by running a simple script to replace the contents of the `\etc\rancher\wins` directory with the newly specified config and wins image via one or more DaemonSets. Once executed, the script will simply sleep forever.
+
+## How does this work?
+
+A DaemonSet of initContainers copies the provided config (stored in a ConfigMap) into `\etc\rancher\wins\config` and runs `wins cli prc run --path {path-to-wins} --args {up}`, where `.\wins up[grade]` is a Go program that runs a simple Powershell script that forces an upgrade of the binary used by the `rancher-wins` service across all of your Windows hosts.
+
+TLDR: we use wins (cli) to pass wins (upgrade) to wins (server) in order to update wins (server) on the host on demand.
+
+## Cluster / Node Requirements
+
+This Helm chart is intended to be used on a Windows cluster that meets the following two requirements:
+- A Windows Service called `rancher-wins` is currently running on each Windows host (e.g. `.\wins srv app run --register; Start-Service -Name rancher-wins` or `.\wins up` has been run on the host) that is running a wins server version of v0.1.0+.
+- The wins config used by each Windows host's `rancher-wins` Service has `{{ .Values.prefixPath }}etc\rancher\wins\wins-upgrade.exe` within `whiteList.processPath` so that the new wins version can be delivered onto the host
+
+If the cluster you are installing this chart on is a custom cluster that was created via RKE1 with Windows Support enabled, your nodes should already meet the first requirement; this should have been added as part of [the bootstrapping process for adding the Windows node onto your RKE1 cluster](https://github.com/rancher/rancher/blob/master/package/windows/bootstrap.ps1).
+
+However, depending on the bootstrap.ps1 version that was used when you spun up your Windows cluster, it is possible that the second requirement is not met yet.
+
+If the second requirement is not met, there are two options to reconcile:
+
+### Manual Update
+
+This is the recommended approach for updating your Windows hosts, but it requires the user to log onto every Windows host to upgrade the wins config. After logging onto each host, you will need to do manually update the wins config.
+
+By default, the wins config is located in `c:\etc\rancher\wins\config`, but you could use the following powershell command to identify the command line arguments passed into the `rancher-wins` service (`--config` corresponds to the config path on the host):
+```powershell
+(Get-CimInstance Win32_Service -Filter 'Name = "rancher-wins"').PathName
+```
+
+Once complete, restart the service:
+```powershell
+Restart-Service -Name "rancher-wins" | Stop-Service
+```
+
+### Masquerading (Use at your own risk. Here be dragons...)
+
+This option is *only* meant as a hack to allow users who are currently operating on Windows clusters that have not whitelisted `{{ .Values.prefixPath }}etc\rancher\wins\wins-upgrade.exe`. If you plan to use this option, please ensure that you immediately upgrade this chart with `masquerade.enabled=false` and perform another `helm upgrade` to avoid any unintentional consequences (e.g. failure to install the original process that you meant to whitelist on the host).
+
+If `masquerade.enabled=True`, this chart will have the wins client execute `wins-upgrade.exe` payload under the `masquerade.as` path provided, effectively tricking the `wins server` into running the binary although it has not been whitelisted. This relies on the fact that the wins server does not / cannot do any verification on the binary passed into wins since it does track a list of valid checksums on the binaries provided to it.
\ No newline at end of file
diff --git a/charts/rancher-wins-upgrader/101.0.0+up0.0.1/app-readme.md b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/app-readme.md
new file mode 100644
index 000000000..6981c4453
--- /dev/null
+++ b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/app-readme.md
@@ -0,0 +1,19 @@
+# Rancher Wins Upgrader
+
+A Rancher chart that handles keeping the wins server version and config across some (or all) of the Windows nodes on a Kubernetes cluster in sync. It does this by running a simple script to replace the contents of the `\etc\rancher\wins` directory with the newly specified config and wins image via one or more DaemonSets. Once executed, the script will simply sleep forever.
+
+## How does this work?
+
+A DaemonSet of initContainers copies the provided config (stored in a ConfigMap) into `\etc\rancher\wins\config` and runs `wins cli prc run --path {path-to-wins} --args {up}`, where `.\wins up[grade]` is a Go program that runs a simple Powershell script that forces an upgrade of the binary used by the `rancher-wins` service across all of your Windows hosts.
+
+TLDR: we use wins (cli) to pass wins (upgrade) to wins (server) in order to update wins (server) on the host on demand.
+
+## Cluster / Node Requirements
+
+This Helm chart is intended to be used on a Windows cluster that meets the following two requirements:
+- A Windows Service called `rancher-wins` is currently running on each Windows host (e.g. `.\wins srv app run --register; Start-Service -Name rancher-wins` or `.\wins up` has been run on the host) that is running a wins server version of v0.1.0+.
+- The wins config used by each Windows host's `rancher-wins` Service has `{{ .Values.prefixPath }}etc\rancher\wins\wins-upgrade.exe` within `whiteList.processPath` so that the new wins version can be delivered onto the host
+
+If the cluster you are installing this chart on is a custom cluster that was created via RKE1 with Windows Support enabled after wins v0.1.0+ was released (i.e. Rancher 2.5.7+), your nodes should already meet the first requirement; this should have been added as part of [the bootstrapping process for adding the Windows node onto your RKE1 cluster](https://github.com/rancher/rancher/blob/master/package/windows/bootstrap.ps1).
+
+If not, please see the README.md for more information on how you can use this chart.
\ No newline at end of file
diff --git a/charts/rancher-wins-upgrader/101.0.0+up0.0.1/scripts/noop.ps1 b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/scripts/noop.ps1
new file mode 100644
index 000000000..d584f0521
--- /dev/null
+++ b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/scripts/noop.ps1
@@ -0,0 +1,4 @@
+$ErrorActionPreference = 'Stop'
+
+# Sleep forever, since a DaemonSet's restartPolicy must be Always
+while(1) { Start-Sleep -s 3600 }
\ No newline at end of file
diff --git a/charts/rancher-wins-upgrader/101.0.0+up0.0.1/scripts/upgrade.ps1 b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/scripts/upgrade.ps1
new file mode 100644
index 000000000..7d0c19a63
--- /dev/null
+++ b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/scripts/upgrade.ps1
@@ -0,0 +1,72 @@
+$ErrorActionPreference = 'Stop'
+
+function Create-Directory
+{
+ param (
+ [parameter(Mandatory = $false, ValueFromPipeline = $true)] [string]$Path
+ )
+
+ if (Test-Path -Path $Path) {
+ if (-not (Test-Path -Path $Path -PathType Container)) {
+ # clean the same path file
+ Remove-Item -Recurse -Force -Path $Path -ErrorAction Ignore | Out-Null
+ }
+
+ return
+ }
+
+ New-Item -Force -ItemType Directory -Path $Path | Out-Null
+}
+
+function Transfer-File
+{
+ param (
+ [parameter(Mandatory = $true)] [string]$Src,
+ [parameter(Mandatory = $true)] [string]$Dst
+ )
+
+ if (Test-Path -PathType leaf -Path $Dst) {
+ $dstHasher = Get-FileHash -Path $Dst
+ $srcHasher = Get-FileHash -Path $Src
+ if ($dstHasher.Hash -eq $srcHasher.Hash) {
+ return
+ }
+ }
+
+ $null = Copy-Item -Force -Path $Src -Destination $Dst
+}
+
+$prefixPath = 'c:\'
+if ($env:CATTLE_PREFIX_PATH) {
+ $prefixPath = $env:CATTLE_PREFIX_PATH
+}
+$winsUpgradePath = $('{0}etc\rancher\wins\wins-upgrade.exe' -f $prefixPath)
+if ($env:WINS_UPGRADE_PATH) {
+ $winsUpgradePath = $env:WINS_UPGRADE_PATH
+}
+
+
+$winsUpgradeDir = Split-Path -Path $winsUpgradePath
+$winsUpgradeFilename = Split-Path -Path $winsUpgradePath -Leaf
+
+Create-Directory -Path $winsUpgradeDir
+Transfer-File -Src "c:\Windows\wins.exe" -Dst $winsUpgradePath
+
+Create-Directory -Path "c:\host\etc\rancher\wins"
+Transfer-File -Src $winsUpgradePath -Dst "c:\host\etc\rancher\wins\$winsUpgradeFilename"
+Transfer-File -Src "c:\scripts\config" -Dst "c:\host\etc\rancher\wins\config"
+
+$winsOut = wins.exe cli prc run --path=$winsUpgradePath --args="up --wins-args=`'--config=$winsUpgradeDir\config`'"
+
+Write-Host $winsOut
+
+if ($winsOut -match ".* rpc error: code = Unavailable desc = transport is closing") {
+ Write-Host "Successfully upgraded"
+ exit 0
+} elseif ($LastExitCode -ne 0) {
+ Write-Host "Returned exit $LastExitCode"
+ exit $LastExitCode
+} else {
+ Write-Host "Returned exit 0, but did not receive expected output from .\wins up"
+ exit 1
+}
\ No newline at end of file
diff --git a/charts/rancher-wins-upgrader/101.0.0+up0.0.1/templates/_helpers.tpl b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/templates/_helpers.tpl
new file mode 100644
index 000000000..9f44d6183
--- /dev/null
+++ b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/templates/_helpers.tpl
@@ -0,0 +1,63 @@
+# Rancher
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- end -}}
+{{- end -}}
+
+# General
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+The components in this chart create additional resources that expand the longest created name strings.
+The longest name that gets created adds and extra 37 characters, so truncation should be 63-35=26.
+*/}}
+{{- define "winsUpgrader.name" -}}
+wins-upgrader
+{{- end -}}
+
+{{- define "winsUpgrader.namespace" -}}
+{{- default .Release.Namespace .Values.namespaceOverride -}}
+{{- end -}}
+
+{{- define "winsUpgrader.labels" -}}
+k8s-app: {{ template "winsUpgrader.name" . }}
+release: {{ .Release.Name }}
+provider: kubernetes
+{{- end -}}
+
+{{- define "winsUpgrader.validatePathPrefix" -}}
+{{- if .Values.global.cattle.rkeWindowsPathPrefix -}}
+{{- $prefixPath := (.Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\") -}}
+{{- if (not (hasSuffix "\\" $prefixPath)) -}}
+{{- fail (printf ".Values.global.cattle.rkeWindowsPathPrefix must end in '/' or '\\', found %s" $prefixPath) -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "winsUpgrader.winsHostPath" -}}
+{{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "\\\\" "\\" | replace "\\" "/" }}etc/rancher/wins
+{{- end -}}
+
+{{- define "winsUpgrader.winsMasqueradePath" -}}
+{{ tpl .Values.masquerade.as . | required "Must provide name for .Values.masquerade.as if enabled" | replace "\\\\" "\\" | replace "\\" "/" }}
+{{- end -}}
+
+{{- define "winsUpgrader.winsMasqueradeHostPath" -}}
+{{ include "winsUpgrader.winsMasqueradePath" . | dir }}
+{{- end -}}
+
+{{- define "winsUpgrader.nodeSelector" -}}
+{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+beta.kubernetes.io/os: windows
+{{- else -}}
+kubernetes.io/os: windows
+{{- end -}}
+{{- end -}}
+
+{{- define "winsUpgrader.tolerations" -}}
+- operator: Exists
+{{- end -}}
diff --git a/charts/rancher-wins-upgrader/101.0.0+up0.0.1/templates/configmap.yaml b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/templates/configmap.yaml
new file mode 100644
index 000000000..cc0b615f1
--- /dev/null
+++ b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/templates/configmap.yaml
@@ -0,0 +1,17 @@
+{{ include "winsUpgrader.validatePathPrefix" . }}
+{{- range .Values.winsConfigs }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "winsUpgrader.name" $ }}-{{ .name }}
+ namespace: {{ template "winsUpgrader.namespace" $ }}
+ labels: {{ include "winsUpgrader.labels" $ | nindent 4 }}
+data:
+ config: |-
+{{ tpl .config $ | indent 4 }}
+ upgrade.ps1: |-
+{{ $.Files.Get "scripts/upgrade.ps1" | indent 4 }}
+ noop.ps1: |-
+{{ $.Files.Get "scripts/noop.ps1" | indent 4 }}
+---
+{{- end }}
diff --git a/charts/rancher-wins-upgrader/101.0.0+up0.0.1/templates/daemonset.yaml b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/templates/daemonset.yaml
new file mode 100644
index 000000000..e6df52a31
--- /dev/null
+++ b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/templates/daemonset.yaml
@@ -0,0 +1,72 @@
+{{- range .Values.winsConfigs }}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: {{ template "winsUpgrader.name" $ }}-{{ required "Must provide name for .Values.winsConfigs[].name" .name }}
+ namespace: {{ template "winsUpgrader.namespace" $ }}
+ labels: {{ include "winsUpgrader.labels" $ | nindent 4 }}
+spec:
+ selector:
+ matchLabels: {{ include "winsUpgrader.labels" $ | nindent 6 }}
+ template:
+ metadata:
+ labels: {{ include "winsUpgrader.labels" $ | nindent 8 }}
+ spec:
+ nodeSelector: {{ include "winsUpgrader.nodeSelector" $ | nindent 8 }}
+{{- if .nodeSelector }}
+{{ toYaml .nodeSelector | indent 8 }}
+{{- end }}
+{{- if .tolerations }}
+ tolerations: {{ .tolerations | toYaml | nindent 8 }}
+{{- else }}
+ tolerations: {{ include "winsUpgrader.tolerations" $ | nindent 8 }}
+{{- end }}
+ serviceAccountName: {{ template "winsUpgrader.name" $ }}
+ containers:
+ - name: noop
+ image: {{ template "system_default_registry" $ }}{{ required "Must provide name for .Values.winsConfigs[].image.repository" .image.repository }}:{{ required "Must provide name for .Values.winsConfigs[].tag" .image.tag }}
+ command: ["pwsh", "-f", "c:/scripts/noop.ps1"]
+ volumeMounts:
+ - name: upgrade-scripts
+ mountPath: c:/scripts
+ initContainers:
+ - name: wins-upgrader
+ image: {{ template "system_default_registry" $ }}{{ .image.repository }}:{{ .image.tag }}
+ command: ["pwsh", "-f", "c:/scripts/upgrade.ps1"]
+ volumeMounts:
+ - name: wins-pipe
+ mountPath: \\.\pipe\rancher_wins
+ - name: wins
+ mountPath: c:/host/etc/rancher/wins
+ - name: upgrade-scripts
+ mountPath: c:/scripts
+ env:
+ - name: HELM_REVISION_NUMBER
+ value: {{ $.Release.Revision | quote }}
+ - name: CATTLE_PREFIX_PATH
+ value: {{ default "c:\\" $.Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}
+{{- if $.Values.masquerade.enabled }}
+ - name: WINS_UPGRADE_PATH
+ value: {{ include "winsUpgrader.winsMasqueradePath" $ }}
+{{- end }}
+ volumes:
+ - name: wins-pipe
+ hostPath:
+ path: \\.\pipe\rancher_wins
+ - name: wins
+ hostPath:
+{{- if $.Values.masquerade.enabled }}
+ path: {{ include "winsUpgrader.winsMasqueradeHostPath" $ }}
+ type: DirectoryOrCreate
+{{- else }}
+ path: {{ include "winsUpgrader.winsHostPath" $ }}
+ type: DirectoryOrCreate
+{{- end }}
+ - name: upgrade-scripts
+ configMap:
+ name: {{ template "winsUpgrader.name" $ }}-{{ .name }}
+---
+{{- end }}
+{{- if not .Values.winsConfigs }}
+{{- fail "Cannot install chart unless at least one config is provided in .Values.winsConfigs" }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/rancher-wins-upgrader/101.0.0+up0.0.1/templates/rbac.yaml b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/templates/rbac.yaml
new file mode 100644
index 000000000..d2a36c6a7
--- /dev/null
+++ b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/templates/rbac.yaml
@@ -0,0 +1,70 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "winsUpgrader.name" . }}
+ namespace: {{ template "winsUpgrader.namespace" . }}
+ labels: {{ include "winsUpgrader.labels" . | nindent 4 }}
+rules:
+- apiGroups: ['policy']
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames: [{{ include "winsUpgrader.name" . | quote }}]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "winsUpgrader.name" . }}
+ namespace: {{ template "winsUpgrader.namespace" . }}
+ labels: {{ include "winsUpgrader.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "winsUpgrader.name" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ template "winsUpgrader.name" . }}
+ namespace: {{ template "winsUpgrader.namespace" $ }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "winsUpgrader.name" . }}
+ namespace: {{ template "winsUpgrader.namespace" . }}
+ labels: {{ include "winsUpgrader.labels" . | nindent 4 }}
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "winsUpgrader.name" . }}
+ namespace: {{ template "winsUpgrader.namespace" . }}
+ labels: {{ include "winsUpgrader.labels" . | nindent 4 }}
+spec:
+ privileged: false
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ rule: 'RunAsAny'
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 0
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 0
+ max: 65535
+ readOnlyRootFilesystem: false
+ volumes:
+ - 'secret'
+ - 'hostPath'
+ allowedHostPaths:
+ - pathPrefix: \\.\pipe\rancher_wins
+{{- if .Values.masquerade.enabled }}
+ - pathPrefix: {{ include "winsUpgrader.winsMasqueradeHostPath" . }}
+{{- else }}
+ - pathPrefix: {{ include "winsUpgrader.winsHostPath" . }}
+{{- end }}
diff --git a/charts/rancher-wins-upgrader/101.0.0+up0.0.1/values.yaml b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/values.yaml
new file mode 100644
index 000000000..8ff315ec6
--- /dev/null
+++ b/charts/rancher-wins-upgrader/101.0.0+up0.0.1/values.yaml
@@ -0,0 +1,60 @@
+# Default values for rancher-windows-exporter.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# Configuration
+
+global:
+ cattle:
+ systemDefaultRegistry: ""
+ rkeWindowsPathPrefix: "c:\\"
+
+## One or more configurations for the wins server to be applied across all of the nodes based on the nodeSelector and tolerations provided
+##
+winsConfigs:
+- name: default
+ image:
+ # TODO(aiyengar2): replace with an image that just contains wins
+ repository: rancher/wins
+ tag: v0.1.1
+ os: "windows"
+ config: |
+ debug: false
+ listen: rancher_wins
+ proxy: rancher_wins_proxy
+ whiteList:
+ processPaths:
+ - {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\rancher\wins\wins-upgrade.exe
+ - {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\windows-exporter\windows-exporter.exe
+ - {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\wmi-exporter\wmi-exporter.exe
+ - {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\kubernetes\bin\kube-proxy.exe
+ - {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\kubernetes\bin\kubelet.exe
+ - {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\nginx\nginx.exe
+ - {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}opt\bin\flanneld.exe
+ proxyPorts:
+ - 9796
+ upgrade:
+ mode: watching
+ watchingPath: {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\rancher\wins\wins.exe
+ # By default, `kubernetes.io/os: windows` or `beta.kubernetes.io/os: windows` will be included
+ nodeSelector: {}
+ # If provided, these tolerations will be used. Otherwise, it defaults to `[ {operator: Exists} ]`
+ tolerations: []
+
+## Masquerade is *only* meant as a hack to allow users who are currently operating on Windows clusters that do
+## not support wins upgrades (e.g. those which have not whitelisted {{ .Values.prefixPath }}etc\rancher\wins\wins-upgrade.exe)
+## to be able to masquerade the payload for this installer under another whitelisted process's name.
+##
+## Please read the README.md before trying to enable this option and, if applied, ensure that you immediately upgrade
+## this chart with masquerade.enabled=false to avoid any unintentional consequences (e.g. failure to install the original
+## process that you meant to whitelist on the host)
+##
+## TLDR: Use at your own risk. Here be dragons...
+##
+masquerade:
+ enabled: false
+ # Why wmi_exporter?
+ # wmi_exporter is the only default whitelisted process that may or may not be run on the host, since
+ # it is only ever deployed if the Windows cluster is also using Prometheus-based Windows monitoring (e.g. Rancher Monitoring V1)
+ # All of the other default whitelisted processes are required for the Kubernetes cluster to operate
+ as: '{{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\wmi-exporter\wmi-exporter.exe'
diff --git a/charts/system-upgrade-controller/101.0.0+up0.3.3/Chart.yaml b/charts/system-upgrade-controller/101.0.0+up0.3.3/Chart.yaml
new file mode 100644
index 000000000..d66ca4f8e
--- /dev/null
+++ b/charts/system-upgrade-controller/101.0.0+up0.3.3/Chart.yaml
@@ -0,0 +1,18 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.25.0-0'
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+ catalog.cattle.io/release-name: system-upgrade-controller
+apiVersion: v1
+appVersion: v0.9.1
+description: General purpose controller to make system level updates to nodes
+home: https://github.com/rancher/system-charts/blob/dev-v2.6/charts/rancher-k3s-upgrader
+kubeVersion: '>= 1.16.0-0'
+name: system-upgrade-controller
+sources:
+- https://github.com/rancher/system-charts/blob/dev-v2.6/charts/rancher-k3s-upgrader
+version: 101.0.0+up0.3.3
diff --git a/charts/system-upgrade-controller/101.0.0+up0.3.3/templates/_helpers.tpl b/charts/system-upgrade-controller/101.0.0+up0.3.3/templates/_helpers.tpl
new file mode 100644
index 000000000..67a534eb7
--- /dev/null
+++ b/charts/system-upgrade-controller/101.0.0+up0.3.3/templates/_helpers.tpl
@@ -0,0 +1,9 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/system-upgrade-controller/101.0.0+up0.3.3/templates/clusterrolebinding.yaml b/charts/system-upgrade-controller/101.0.0+up0.3.3/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..f2a09949d
--- /dev/null
+++ b/charts/system-upgrade-controller/101.0.0+up0.3.3/templates/clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: system-upgrade-controller
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+ - kind: ServiceAccount
+ name: system-upgrade-controller
+ namespace: cattle-system
diff --git a/charts/system-upgrade-controller/101.0.0+up0.3.3/templates/configmap.yaml b/charts/system-upgrade-controller/101.0.0+up0.3.3/templates/configmap.yaml
new file mode 100644
index 000000000..7619c3974
--- /dev/null
+++ b/charts/system-upgrade-controller/101.0.0+up0.3.3/templates/configmap.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: system-upgrade-controller-config
+ namespace: cattle-system
+data:
+ SYSTEM_UPGRADE_CONTROLLER_DEBUG: {{ .Values.systemUpgradeControllerDebug | default "false" | quote }}
+ SYSTEM_UPGRADE_CONTROLLER_THREADS: {{ .Values.systemUpgradeControllerThreads | default "2" | quote }}
+ SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: {{ .Values.systemUpgradeJobActiveDeadlineSeconds | default "900" | quote }}
+ SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: {{ .Values.systemUpgradeJobBackoffLimit | default "99" | quote }}
+ SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: {{ .Values.systemUpgradeJobImagePullPolicy | default "IfNotPresent" | quote }}
+ SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: {{ template "system_default_registry" . }}{{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }}
+ SYSTEM_UPGRADE_JOB_PRIVILEGED: {{ .Values.systemUpgradeJobPrivileged | default "true" | quote }}
+ SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: {{ .Values.systemUpgradeJobTTLSecondsAfterFinish | default "900" | quote }}
+ SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: {{ .Values.systemUpgradePlanRollingInterval | default "15m" | quote }}
+
diff --git a/charts/system-upgrade-controller/101.0.0+up0.3.3/templates/deployment.yaml b/charts/system-upgrade-controller/101.0.0+up0.3.3/templates/deployment.yaml
new file mode 100644
index 000000000..cfc27992e
--- /dev/null
+++ b/charts/system-upgrade-controller/101.0.0+up0.3.3/templates/deployment.yaml
@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: system-upgrade-controller
+ namespace: cattle-system
+spec:
+ selector:
+ matchLabels:
+ upgrade.cattle.io/controller: system-upgrade-controller
+ template:
+ metadata:
+ labels:
+ upgrade.cattle.io/controller: system-upgrade-controller # necessary to avoid drain
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: "kubernetes.io/os"
+ operator: NotIn
+ values:
+ - windows
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - preference:
+ matchExpressions:
+ - key: node-role.kubernetes.io/control-plane
+ operator: In
+ values:
+ - "true"
+ weight: 100
+ - preference:
+ matchExpressions:
+ - key: node-role.kubernetes.io/master
+ operator: In
+ values:
+ - "true"
+ weight: 100
+ tolerations:
+ - operator: Exists
+ serviceAccountName: system-upgrade-controller
+ containers:
+ - name: system-upgrade-controller
+ image: {{ template "system_default_registry" . }}{{ .Values.systemUpgradeController.image.repository }}:{{ .Values.systemUpgradeController.image.tag }}
+ imagePullPolicy: IfNotPresent
+ envFrom:
+ - configMapRef:
+ name: system-upgrade-controller-config
+ env:
+ - name: SYSTEM_UPGRADE_CONTROLLER_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.labels['upgrade.cattle.io/controller']
+ - name: SYSTEM_UPGRADE_CONTROLLER_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ volumeMounts:
+ - name: etc-ssl
+ mountPath: /etc/ssl
+ - name: tmp
+ mountPath: /tmp
+ volumes:
+ - name: etc-ssl
+ hostPath:
+ path: /etc/ssl
+ type: Directory
+ - name: tmp
+ emptyDir: {}
diff --git a/charts/system-upgrade-controller/101.0.0+up0.3.3/templates/psp.yaml b/charts/system-upgrade-controller/101.0.0+up0.3.3/templates/psp.yaml
new file mode 100644
index 000000000..be27b4026
--- /dev/null
+++ b/charts/system-upgrade-controller/101.0.0+up0.3.3/templates/psp.yaml
@@ -0,0 +1,49 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: system-upgrade-controller
+spec:
+ allowPrivilegeEscalation: true
+ allowedCapabilities:
+ - CAP_SYS_BOOT
+ hostNetwork: true
+ hostPID: true
+ hostIPC: true
+ privileged: true
+ runAsUser:
+ rule: RunAsAny
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ rule: RunAsAny
+ fsGroup:
+ rule: RunAsAny
+ volumes:
+ - "*"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: system-upgrade-controller-psp
+rules:
+ - apiGroups:
+ - policy
+ resourceNames:
+ - system-upgrade-controller
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: system-upgrade-controller-psp
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: system-upgrade-controller-psp
+subjects:
+ - kind: Group
+ apiGroup: rbac.authorization.k8s.io
+ name: system:serviceaccounts:cattle-system
diff --git a/charts/system-upgrade-controller/101.0.0+up0.3.3/templates/serviceaccount.yaml b/charts/system-upgrade-controller/101.0.0+up0.3.3/templates/serviceaccount.yaml
new file mode 100644
index 000000000..b6cdcf48b
--- /dev/null
+++ b/charts/system-upgrade-controller/101.0.0+up0.3.3/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: system-upgrade-controller
+ namespace: cattle-system
diff --git a/charts/system-upgrade-controller/101.0.0+up0.3.3/values.yaml b/charts/system-upgrade-controller/101.0.0+up0.3.3/values.yaml
new file mode 100644
index 000000000..0147d6839
--- /dev/null
+++ b/charts/system-upgrade-controller/101.0.0+up0.3.3/values.yaml
@@ -0,0 +1,13 @@
+global:
+ cattle:
+ systemDefaultRegistry: ""
+
+systemUpgradeController:
+ image:
+ repository: rancher/system-upgrade-controller
+ tag: v0.9.1
+
+kubectl:
+ image:
+ repository: rancher/kubectl
+ tag: v1.20.15
diff --git a/index.yaml b/index.yaml
index 9688c1f9d..d5193a44f 100755
--- a/index.yaml
+++ b/index.yaml
@@ -2160,6 +2160,30 @@ entries:
- assets/prometheus-federator/prometheus-federator-0.1.0.tgz
version: 0.1.0
rancher-aks-operator:
+ - annotations:
+ catalog.cattle.io/auto-install: rancher-aks-operator-crd=match
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.25.0-0'
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/provides-gvr: aksclusterconfigs.aks.cattle.io/v1
+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+ catalog.cattle.io/release-name: rancher-aks-operator
+ catalog.cattle.io/scope: management
+ apiVersion: v2
+ appVersion: 1.0.7-rc1
+ created: "2022-09-26T13:02:06.60400661+05:30"
+ description: A Helm chart for provisioning AKS clusters
+ digest: 344cf9004ed1131120333707b7a33fb0b7b8ed9570df9ab5c929f105bdd8d35b
+ home: https://github.com/rancher/aks-operator
+ name: rancher-aks-operator
+ sources:
+ - https://github.com/rancher/aks-operator
+ urls:
+ - assets/rancher-aks-operator/rancher-aks-operator-101.0.0+up1.0.7-rc1.tgz
+ version: 101.0.0+up1.0.7-rc1
- annotations:
catalog.cattle.io/auto-install: rancher-aks-operator-crd=match
catalog.cattle.io/certified: rancher
@@ -2302,6 +2326,22 @@ entries:
- assets/rancher-aks-operator/rancher-aks-operator-100.0.0+up1.0.1.tgz
version: 100.0.0+up1.0.1
rancher-aks-operator-crd:
+ - annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/release-name: rancher-aks-operator-crd
+ apiVersion: v2
+ appVersion: 1.0.7-rc1
+ created: "2022-09-26T13:02:08.418957876+05:30"
+ description: AKS Operator CustomResourceDefinitions
+ digest: 60cb399fd24efe9b9a59e20c33d4975455b4d14b25d180ad430c994c0232e8d5
+ name: rancher-aks-operator-crd
+ urls:
+ - assets/rancher-aks-operator-crd/rancher-aks-operator-crd-101.0.0+up1.0.7-rc1.tgz
+ version: 101.0.0+up1.0.7-rc1
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: "true"
@@ -3808,6 +3848,30 @@ entries:
- assets/rancher-csp-adapter/rancher-csp-adapter-1.0.0.tgz
version: 1.0.0
rancher-eks-operator:
+ - annotations:
+ catalog.cattle.io/auto-install: rancher-eks-operator-crd=match
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.25.0-0'
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/provides-gvr: eksclusterconfigs.eks.cattle.io/v1
+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+ catalog.cattle.io/release-name: rancher-eks-operator
+ catalog.cattle.io/scope: management
+ apiVersion: v2
+ appVersion: 1.1.5-rc1
+ created: "2022-09-26T13:32:26.097592383+05:30"
+ description: A Helm chart for provisioning EKS clusters
+ digest: 18b7c7d1c342befff7b6c8076aaace27e100197a50f43dbaa2f61b5630513f2e
+ home: https://github.com/rancher/eks-operator
+ name: rancher-eks-operator
+ sources:
+ - https://github.com/rancher/eks-operator
+ urls:
+ - assets/rancher-eks-operator/rancher-eks-operator-101.0.0+up1.1.5-rc1.tgz
+ version: 101.0.0+up1.1.5-rc1
- annotations:
catalog.cattle.io/auto-install: rancher-eks-operator-crd=match
catalog.cattle.io/certified: rancher
@@ -3903,6 +3967,22 @@ entries:
- assets/rancher-eks-operator/rancher-eks-operator-100.0.0+up1.1.1.tgz
version: 100.0.0+up1.1.1
rancher-eks-operator-crd:
+ - annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/release-name: rancher-eks-operator-crd
+ apiVersion: v2
+ appVersion: 1.1.5-rc1
+ created: "2022-09-26T13:32:27.880554069+05:30"
+ description: EKS Operator CustomResourceDefinitions
+ digest: 87d59e9d3bb9c3f7fce011bab45ee2ae35f45ddd6aef886b38768a2184f3d830
+ name: rancher-eks-operator-crd
+ urls:
+ - assets/rancher-eks-operator-crd/rancher-eks-operator-crd-101.0.0+up1.1.5-rc1.tgz
+ version: 101.0.0+up1.1.5-rc1
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: "true"
@@ -4576,6 +4656,30 @@ entries:
- assets/rancher-gatekeeper-crd/rancher-gatekeeper-crd-3.1.100.tgz
version: 3.1.100
rancher-gke-operator:
+ - annotations:
+ catalog.cattle.io/auto-install: rancher-gke-operator-crd=match
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.25.0-0'
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/provides-gvr: gkeclusterconfigs.gke.cattle.io/v1
+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+ catalog.cattle.io/release-name: rancher-gke-operator
+ catalog.cattle.io/scope: management
+ apiVersion: v2
+ appVersion: 1.1.4
+ created: "2022-09-26T15:44:13.145800693+05:30"
+ description: A Helm chart for provisioning GKE clusters
+ digest: 2de3bc276966a420b74a58a83983fb39ef41f3ec9b1ce3f98b9f769769905c32
+ home: https://github.com/rancher/gke-operator
+ name: rancher-gke-operator
+ sources:
+ - https://github.com/rancher/gke-operator
+ urls:
+ - assets/rancher-gke-operator/rancher-gke-operator-101.0.0+up1.1.4.tgz
+ version: 101.0.0+up1.1.4
- annotations:
catalog.cattle.io/auto-install: rancher-gke-operator-crd=match
catalog.cattle.io/certified: rancher
@@ -4671,6 +4775,22 @@ entries:
- assets/rancher-gke-operator/rancher-gke-operator-100.0.0+up1.1.1.tgz
version: 100.0.0+up1.1.1
rancher-gke-operator-crd:
+ - annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/release-name: rancher-gke-operator-crd
+ apiVersion: v2
+ appVersion: 1.1.4
+ created: "2022-09-26T15:44:14.79735961+05:30"
+ description: GKE Operator CustomResourceDefinitions
+ digest: acf7d7aff4d000487962f5c0546ee9436dd76e20fa45d5228a18dd8861d830b4
+ name: rancher-gke-operator-crd
+ urls:
+ - assets/rancher-gke-operator-crd/rancher-gke-operator-crd-101.0.0+up1.1.4.tgz
+ version: 101.0.0+up1.1.4
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: "true"
@@ -9056,6 +9176,32 @@ entries:
- assets/rancher-tracing/rancher-tracing-1.20.001.tgz
version: 1.20.001
rancher-vsphere-cpi:
+ - annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/display-name: vSphere CPI
+ catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.25.0-0'
+ catalog.cattle.io/namespace: kube-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+ catalog.cattle.io/release-name: vsphere-cpi
+ apiVersion: v1
+ appVersion: 1.2.2
+ created: "2022-09-26T18:52:38.661040366+05:30"
+ description: vSphere Cloud Provider Interface (CPI)
+ digest: bc8ba35c07bf45a4ea6689cb4f5d05678934986710be2c7d3535554234908f4c
+ icon: https://charts.rancher.io/assets/logos/vsphere-cpi.svg
+ keywords:
+ - infrastructure
+ maintainers:
+ - email: jamie.phillips@suse.com
+ name: Rancher
+ name: rancher-vsphere-cpi
+ sources:
+ - https://github.com/kubernetes/cloud-provider-vsphere
+ urls:
+ - assets/rancher-vsphere-cpi/rancher-vsphere-cpi-101.0.0+up1.2.2.tgz
+ version: 101.0.0+up1.2.2
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: vSphere CPI
@@ -9260,6 +9406,32 @@ entries:
- assets/rancher-vsphere-cpi/rancher-vsphere-cpi-1.0.000.tgz
version: 1.0.000
rancher-vsphere-csi:
+ - annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/display-name: vSphere CSI
+ catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.24.0-0'
+ catalog.cattle.io/namespace: kube-system
+ catalog.cattle.io/os: linux,windows
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+ catalog.cattle.io/release-name: vsphere-csi
+ apiVersion: v1
+ appVersion: 2.5.1-rancher1
+ created: "2022-09-26T18:30:56.567987638+05:30"
+ description: vSphere Cloud Storage Interface (CSI)
+ digest: 5835e1af050f68f3492f50546d454cae973f28e1ebbb47b5a67ac22cc711b36d
+ icon: https://charts.rancher.io/assets/logos/vsphere-csi.svg
+ keywords:
+ - infrastructure
+ maintainers:
+ - email: jamie.phillips@suse.com
+ name: Rancher
+ name: rancher-vsphere-csi
+ sources:
+ - https://github.com/kubernetes-sigs/vsphere-csi-driver
+ urls:
+ - assets/rancher-vsphere-csi/rancher-vsphere-csi-101.0.0+up2.5.1-rancher1.tgz
+ version: 101.0.0+up2.5.1-rancher1
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: vSphere CSI
@@ -9853,6 +10025,39 @@ entries:
- assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000.tgz
version: 0.1.000
rancher-windows-gmsa:
+ - annotations:
+ catalog.cattle.io/auto-install: rancher-windows-gmsa-crd=match
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/display-name: Windows GMSA
+ catalog.cattle.io/experimental: "true"
+ catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.24.0-0'
+ catalog.cattle.io/namespace: cattle-windows-gmsa-system
+ catalog.cattle.io/os: windows
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/provides-gvr: windows.k8s.io.gmsacredentialspecs/v1
+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+ catalog.cattle.io/release-name: rancher-windows-gmsa
+ apiVersion: v2
+ appVersion: 0.3.0
+ created: "2022-09-26T16:24:43.952186869+05:30"
+ description: Windows GMSA Configuration
+ digest: a244c64385be695e3149d55f707b124f95377fd564b369fca364b1896310706c
+ icon: https://charts.rancher.io/assets/logos/windows-gmsa.svg
+ keywords:
+ - Windows
+ - Windows GMSA
+ - GMSA
+ - Active Directory
+ maintainers:
+ - email: jamie.phillips@suse.com
+ name: Rancher
+ name: rancher-windows-gmsa
+ sources:
+ - https://github.com/kubernetes-sigs/windows-gmsa
+ type: application
+ urls:
+ - assets/rancher-windows-gmsa/rancher-windows-gmsa-2.0.0.tgz
+ version: 2.0.0
- annotations:
catalog.cattle.io/auto-install: rancher-windows-gmsa-crd=match
catalog.cattle.io/certified: rancher
@@ -9887,6 +10092,20 @@ entries:
- assets/rancher-windows-gmsa/rancher-windows-gmsa-1.0.0.tgz
version: 1.0.0
rancher-windows-gmsa-crd:
+ - annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-windows-gmsa-system
+ catalog.cattle.io/release-name: rancher-windows-gmsa-crd
+ apiVersion: v1
+ created: "2022-09-26T16:24:43.952477917+05:30"
+ description: Installs the CRDs for Windows GMSA.
+ digest: 6724e8d4275fcc6fde7bae81779fb487de37676a5d9951fde61d9391ad832c78
+ name: rancher-windows-gmsa-crd
+ type: application
+ urls:
+ - assets/rancher-windows-gmsa-crd/rancher-windows-gmsa-crd-2.0.0.tgz
+ version: 2.0.0
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: "true"
@@ -9902,6 +10121,28 @@ entries:
- assets/rancher-windows-gmsa-crd/rancher-windows-gmsa-crd-1.0.0.tgz
version: 1.0.0
rancher-wins-upgrader:
+ - annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.22.0-0'
+ catalog.cattle.io/namespace: cattle-wins-system
+ catalog.cattle.io/os: windows
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+ catalog.cattle.io/release-name: rancher-wins-upgrader
+ apiVersion: v2
+ appVersion: 0.1.1
+ created: "2022-09-26T17:16:20.143967885+05:30"
+ description: Manages upgrading the wins server version and configuration across
+ all of your Windows nodes
+ digest: 38772a5a03fc707ab9a8b1de306e23ad8f8502ca7aee6b32255c835d8d85b79c
+ maintainers:
+ - email: arvind.iyengar@suse.com
+ name: aiyengar2
+ name: rancher-wins-upgrader
+ type: application
+ urls:
+ - assets/rancher-wins-upgrader/rancher-wins-upgrader-101.0.0+up0.0.1.tgz
+ version: 101.0.0+up0.0.1
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.22.0-0'
@@ -10198,6 +10439,28 @@ entries:
- assets/sriov-crd/sriov-crd-100.0.0+up0.1.0.tgz
version: 100.0.0+up0.1.0
system-upgrade-controller:
+ - annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.25.0-0'
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+ catalog.cattle.io/release-name: system-upgrade-controller
+ apiVersion: v1
+ appVersion: v0.9.1
+ created: "2022-09-26T12:33:09.565965329+05:30"
+ description: General purpose controller to make system level updates to nodes
+ digest: 0c82b327d0836bd18e2e2a95eb144b6fb0ff9a28dd572ed7ee1fcf71b9562311
+ home: https://github.com/rancher/system-charts/blob/dev-v2.6/charts/rancher-k3s-upgrader
+ kubeVersion: '>= 1.16.0-0'
+ name: system-upgrade-controller
+ sources:
+ - https://github.com/rancher/system-charts/blob/dev-v2.6/charts/rancher-k3s-upgrader
+ urls:
+ - assets/system-upgrade-controller/system-upgrade-controller-101.0.0+up0.3.3.tgz
+ version: 101.0.0+up0.3.3
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: "true"
diff --git a/packages/rancher-aks-operator/rancher-aks-operator-crd/package.yaml b/packages/rancher-aks-operator/rancher-aks-operator-crd/package.yaml
index 9568437d5..16ba27679 100644
--- a/packages/rancher-aks-operator/rancher-aks-operator-crd/package.yaml
+++ b/packages/rancher-aks-operator/rancher-aks-operator-crd/package.yaml
@@ -1,3 +1,2 @@
url: https://github.com/rancher/aks-operator/releases/download/v1.0.7-rc1/rancher-aks-operator-crd-1.0.7-rc1.tgz
version: 101.0.0
-doNotRelease: true
diff --git a/packages/rancher-aks-operator/rancher-aks-operator/generated-changes/patch/Chart.yaml.patch b/packages/rancher-aks-operator/rancher-aks-operator/generated-changes/patch/Chart.yaml.patch
index 64d400f4e..59fecc4a4 100644
--- a/packages/rancher-aks-operator/rancher-aks-operator/generated-changes/patch/Chart.yaml.patch
+++ b/packages/rancher-aks-operator/rancher-aks-operator/generated-changes/patch/Chart.yaml.patch
@@ -11,7 +11,7 @@
catalog.cattle.io/permits-os: linux,windows
catalog.cattle.io/provides-gvr: aksclusterconfigs.aks.cattle.io/v1
- catalog.cattle.io/rancher-version: '>= 2.6.0-alpha'
-+ catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0'
++ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
catalog.cattle.io/release-name: rancher-aks-operator
catalog.cattle.io/scope: management
apiVersion: v2
diff --git a/packages/rancher-aks-operator/rancher-aks-operator/package.yaml b/packages/rancher-aks-operator/rancher-aks-operator/package.yaml
index c254e2fac..a1cc5b17b 100644
--- a/packages/rancher-aks-operator/rancher-aks-operator/package.yaml
+++ b/packages/rancher-aks-operator/rancher-aks-operator/package.yaml
@@ -1,3 +1,2 @@
url: https://github.com/rancher/aks-operator/releases/download/v1.0.7-rc1/rancher-aks-operator-1.0.7-rc1.tgz
version: 101.0.0
-doNotRelease: true
diff --git a/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml b/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml
index a6b3232c0..8ed4a075c 100644
--- a/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml
+++ b/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml
@@ -1,3 +1,2 @@
url: https://github.com/rancher/eks-operator/releases/download/v1.1.5-rc1/rancher-eks-operator-crd-1.1.5-rc1.tgz
version: 101.0.0
-doNotRelease: true
diff --git a/packages/rancher-eks-operator/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch b/packages/rancher-eks-operator/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch
index 69c132607..6a9da0133 100644
--- a/packages/rancher-eks-operator/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch
+++ b/packages/rancher-eks-operator/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch
@@ -11,7 +11,7 @@
catalog.cattle.io/permits-os: linux,windows
catalog.cattle.io/provides-gvr: eksclusterconfigs.eks.cattle.io/v1
- catalog.cattle.io/rancher-version: '>= 2.6.0-alpha'
-+ catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0'
++ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
catalog.cattle.io/release-name: rancher-eks-operator
catalog.cattle.io/scope: management
apiVersion: v2
diff --git a/packages/rancher-eks-operator/rancher-eks-operator/package.yaml b/packages/rancher-eks-operator/rancher-eks-operator/package.yaml
index 8cae80001..ac1171be6 100644
--- a/packages/rancher-eks-operator/rancher-eks-operator/package.yaml
+++ b/packages/rancher-eks-operator/rancher-eks-operator/package.yaml
@@ -1,3 +1,2 @@
url: https://github.com/rancher/eks-operator/releases/download/v1.1.5-rc1/rancher-eks-operator-1.1.5-rc1.tgz
version: 101.0.0
-doNotRelease: true
diff --git a/packages/rancher-gke-operator/rancher-gke-operator-crd/package.yaml b/packages/rancher-gke-operator/rancher-gke-operator-crd/package.yaml
index 8bc204575..f9a991c93 100644
--- a/packages/rancher-gke-operator/rancher-gke-operator-crd/package.yaml
+++ b/packages/rancher-gke-operator/rancher-gke-operator-crd/package.yaml
@@ -1,3 +1,2 @@
url: https://github.com/rancher/gke-operator/releases/download/v1.1.4/rancher-gke-operator-crd-1.1.4.tgz
version: 101.0.0
-doNotRelease: true
diff --git a/packages/rancher-gke-operator/rancher-gke-operator/generated-changes/patch/Chart.yaml.patch b/packages/rancher-gke-operator/rancher-gke-operator/generated-changes/patch/Chart.yaml.patch
index 93204f82d..8e83a43bb 100644
--- a/packages/rancher-gke-operator/rancher-gke-operator/generated-changes/patch/Chart.yaml.patch
+++ b/packages/rancher-gke-operator/rancher-gke-operator/generated-changes/patch/Chart.yaml.patch
@@ -11,7 +11,7 @@
catalog.cattle.io/permits-os: linux,windows
catalog.cattle.io/provides-gvr: gkeclusterconfigs.gke.cattle.io/v1
- catalog.cattle.io/rancher-version: '>= 2.6.0-alpha'
-+ catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0'
++ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
catalog.cattle.io/release-name: rancher-gke-operator
catalog.cattle.io/scope: management
apiVersion: v2
diff --git a/packages/rancher-gke-operator/rancher-gke-operator/package.yaml b/packages/rancher-gke-operator/rancher-gke-operator/package.yaml
index 5f8c66220..ed184d97e 100644
--- a/packages/rancher-gke-operator/rancher-gke-operator/package.yaml
+++ b/packages/rancher-gke-operator/rancher-gke-operator/package.yaml
@@ -1,3 +1,2 @@
url: https://github.com/rancher/gke-operator/releases/download/v1.1.4/rancher-gke-operator-1.1.4.tgz
version: 101.0.0
-doNotRelease: true
diff --git a/packages/rancher-vsphere/rancher-vsphere-cpi/generated-changes/patch/Chart.yaml.patch b/packages/rancher-vsphere/rancher-vsphere-cpi/generated-changes/patch/Chart.yaml.patch
index 5b5c24923..38668d2db 100644
--- a/packages/rancher-vsphere/rancher-vsphere-cpi/generated-changes/patch/Chart.yaml.patch
+++ b/packages/rancher-vsphere/rancher-vsphere-cpi/generated-changes/patch/Chart.yaml.patch
@@ -5,7 +5,7 @@
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux,windows
- catalog.cattle.io/rancher-version: '>= 2.6.0-0 <= 2.6.100-0'
-+ catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0'
++ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
catalog.cattle.io/release-name: vsphere-cpi
apiVersion: v1
appVersion: 1.2.2
diff --git a/packages/rancher-vsphere/rancher-vsphere-cpi/package.yaml b/packages/rancher-vsphere/rancher-vsphere-cpi/package.yaml
index dfd98b05d..678fbc139 100644
--- a/packages/rancher-vsphere/rancher-vsphere-cpi/package.yaml
+++ b/packages/rancher-vsphere/rancher-vsphere-cpi/package.yaml
@@ -2,4 +2,3 @@ url: https://github.com/rancher/vsphere-charts.git
subdirectory: charts/rancher-vsphere-cpi
commit: 90ec6814d1b14a91a7f30318ed6c5f7022dabc53
version: 101.0.0
-doNotRelease: true
diff --git a/packages/rancher-vsphere/rancher-vsphere-csi/generated-changes/patch/Chart.yaml.patch b/packages/rancher-vsphere/rancher-vsphere-csi/generated-changes/patch/Chart.yaml.patch
index b9e90f545..04e43cb52 100644
--- a/packages/rancher-vsphere/rancher-vsphere-csi/generated-changes/patch/Chart.yaml.patch
+++ b/packages/rancher-vsphere/rancher-vsphere-csi/generated-changes/patch/Chart.yaml.patch
@@ -5,7 +5,7 @@
catalog.cattle.io/os: linux,windows
catalog.cattle.io/permits-os: linux,windows
- catalog.cattle.io/rancher-version: '>= 2.6.0-0 <= 2.6.100-0'
-+ catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0'
++ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
catalog.cattle.io/release-name: vsphere-csi
apiVersion: v1
appVersion: 2.5.1-rancher1
diff --git a/packages/rancher-vsphere/rancher-vsphere-csi/package.yaml b/packages/rancher-vsphere/rancher-vsphere-csi/package.yaml
index ce6fb718d..464b9e078 100644
--- a/packages/rancher-vsphere/rancher-vsphere-csi/package.yaml
+++ b/packages/rancher-vsphere/rancher-vsphere-csi/package.yaml
@@ -2,4 +2,3 @@ url: https://github.com/rancher/vsphere-charts.git
subdirectory: charts/rancher-vsphere-csi
commit: 3b3c63349abd6e8f4c501a9532f000a6e331d071
version: 101.0.0
-doNotRelease: true
diff --git a/packages/rancher-windows-gmsa/charts/Chart.yaml b/packages/rancher-windows-gmsa/charts/Chart.yaml
index de880ecf7..2150870c0 100644
--- a/packages/rancher-windows-gmsa/charts/Chart.yaml
+++ b/packages/rancher-windows-gmsa/charts/Chart.yaml
@@ -8,7 +8,7 @@ annotations:
catalog.cattle.io/os: windows
catalog.cattle.io/permits-os: linux,windows
catalog.cattle.io/provides-gvr: windows.k8s.io.gmsacredentialspecs/v1
- catalog.cattle.io/rancher-version: '>= 2.6.4-0 < 2.7.0-0'
+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
catalog.cattle.io/release-name: rancher-windows-gmsa
apiVersion: v2
appVersion: 0.3.0
diff --git a/packages/rancher-windows-gmsa/package.yaml b/packages/rancher-windows-gmsa/package.yaml
index 71427bfbe..c0448cb7c 100644
--- a/packages/rancher-windows-gmsa/package.yaml
+++ b/packages/rancher-windows-gmsa/package.yaml
@@ -1,6 +1,5 @@
url: local
version: 2.0.0
-doNotRelease: true
additionalCharts:
- workingDir: charts-crd
crdOptions:
diff --git a/packages/rancher-wins-upgrader/generated-changes/patch/Chart.yaml.patch b/packages/rancher-wins-upgrader/generated-changes/patch/Chart.yaml.patch
index ff6a7b64a..860279fc8 100644
--- a/packages/rancher-wins-upgrader/generated-changes/patch/Chart.yaml.patch
+++ b/packages/rancher-wins-upgrader/generated-changes/patch/Chart.yaml.patch
@@ -9,7 +9,7 @@
catalog.cattle.io/os: windows
catalog.cattle.io/permits-os: linux,windows
- catalog.cattle.io/rancher-version: '>= 2.6.0-0 <= 2.6.100-0'
-+ catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0'
++ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
catalog.cattle.io/release-name: rancher-wins-upgrader
apiVersion: v2
appVersion: 0.1.1
diff --git a/packages/rancher-wins-upgrader/package.yaml b/packages/rancher-wins-upgrader/package.yaml
index bf69b3edc..38cbda836 100644
--- a/packages/rancher-wins-upgrader/package.yaml
+++ b/packages/rancher-wins-upgrader/package.yaml
@@ -2,4 +2,3 @@ url: https://github.com/rancher/wins.git
subdirectory: charts/rancher-wins-upgrader
commit: 4d46d8dd81cd741a51313923d459f28beea56800
version: 101.0.0
-doNotRelease: true
diff --git a/packages/system-upgrade-controller/generated-changes/patch/Chart.yaml.patch b/packages/system-upgrade-controller/generated-changes/patch/Chart.yaml.patch
index 74c8a3c6c..5dfd72f29 100644
--- a/packages/system-upgrade-controller/generated-changes/patch/Chart.yaml.patch
+++ b/packages/system-upgrade-controller/generated-changes/patch/Chart.yaml.patch
@@ -8,7 +8,7 @@
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
-+ catalog.cattle.io/rancher-version: '>= 2.6.3-0 < 2.7.0-0'
++ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+ catalog.cattle.io/release-name: system-upgrade-controller
apiVersion: v1
appVersion: v0.9.1
diff --git a/packages/system-upgrade-controller/package.yaml b/packages/system-upgrade-controller/package.yaml
index 81066b4e8..38a3ccddf 100644
--- a/packages/system-upgrade-controller/package.yaml
+++ b/packages/system-upgrade-controller/package.yaml
@@ -2,4 +2,3 @@ url: https://github.com/rancher/system-charts.git
subdirectory: charts/rancher-k3s-upgrader/0.3.3
commit: bf2caf17913204448e92d0cc781c7b76bb2401b2
version: 101.0.0
-doNotRelease: true
diff --git a/release.yaml b/release.yaml
index b662f481c..119e92818 100644
--- a/release.yaml
+++ b/release.yaml
@@ -40,3 +40,27 @@ fleet-agent:
- 101.0.0+up0.5.0-rc2
fleet-crd:
- 101.0.0+up0.5.0-rc2
+system-upgrade-controller:
+- 101.0.0+up0.3.3
+rancher-aks-operator:
+- 101.0.0+up1.0.7-rc1
+rancher-aks-operator-crd:
+- 101.0.0+up1.0.7-rc1
+rancher-eks-operator:
+- 101.0.0+up1.1.5-rc1
+rancher-eks-operator-crd:
+- 101.0.0+up1.1.5-rc1
+rancher-gke-operator:
+- 101.0.0+up1.1.4
+rancher-gke-operator-crd:
+- 101.0.0+up1.1.4
+rancher-vsphere-cpi:
+- 101.0.0+up1.2.2
+rancher-vsphere-csi:
+- 101.0.0+up2.5.1-rancher1
+rancher-windows-gmsa:
+- 2.0.0
+rancher-windows-gmsa-crd:
+- 2.0.0
+rancher-wins-upgrader:
+- 101.0.0+up0.0.1