diff --git a/assets/rancher-csp-adapter/rancher-csp-adapter-103.0.1+up3.0.1.tgz b/assets/rancher-csp-adapter/rancher-csp-adapter-103.0.1+up3.0.1.tgz new file mode 100644 index 000000000..16415259f Binary files /dev/null and b/assets/rancher-csp-adapter/rancher-csp-adapter-103.0.1+up3.0.1.tgz differ diff --git a/charts/rancher-csp-adapter/103.0.1+up3.0.1/Chart.yaml b/charts/rancher-csp-adapter/103.0.1+up3.0.1/Chart.yaml new file mode 100644 index 000000000..c6d88ebb0 --- /dev/null +++ b/charts/rancher-csp-adapter/103.0.1+up3.0.1/Chart.yaml @@ -0,0 +1,17 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Rancher CSP Adapter + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0' + catalog.cattle.io/namespace: cattle-csp-adapter-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux + catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0' + catalog.cattle.io/release-name: rancher-csp-adapter + catalog.cattle.io/scope: management +apiVersion: v2 +appVersion: 3.0.1 +description: Cloud Service Provider Marketplace Adapter for Rancher. Monitors Rancher + entitlements against usage. +name: rancher-csp-adapter +version: 103.0.1+up3.0.1 diff --git a/charts/rancher-csp-adapter/103.0.1+up3.0.1/templates/_helpers.tpl b/charts/rancher-csp-adapter/103.0.1+up3.0.1/templates/_helpers.tpl new file mode 100644 index 000000000..e263a0e7c --- /dev/null +++ b/charts/rancher-csp-adapter/103.0.1+up3.0.1/templates/_helpers.tpl @@ -0,0 +1,57 @@ +{{- define "csp-adapter.labels" -}} +app: rancher-csp-adapter +{{- end }} + +{{- define "csp-adapter.outputConfigMap" -}} +csp-config +{{- end }} + +{{- define "csp-adapter.outputNotification" -}} +csp-compliance +{{- end }} + +{{- define "csp-adapter.cacheSecret" -}} +csp-adapter-cache +{{- end }} + +{{- define "csp-adapter.hostnameSetting" -}} +server-url +{{- end }} + +{{- define "csp-adapter.versionSetting" -}} +server-version +{{- end }} + +{{- define "csp-adapter.csp" -}} +{{- if .Values.aws -}} + {{- if .Values.aws.enabled -}} +aws + {{- end -}} +{{- else -}} +"" +{{- end -}} +{{- end }} + +{{- define "csp-adapter.awsValuesSet" -}} +{{- if .Values.aws -}} + {{- if and .Values.aws.accountNumber .Values.aws.roleName -}} + true + {{- else -}} + false + {{- end -}} +{{- else -}} +false +{{- end -}} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} + {{- if eq (include "csp-adapter.csp" .) "aws" -}} + {{- "709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/" -}} + {{- else -}} + {{- "" -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-csp-adapter/103.0.1+up3.0.1/templates/deployment.yaml b/charts/rancher-csp-adapter/103.0.1+up3.0.1/templates/deployment.yaml new file mode 100644 index 000000000..935120f0c --- /dev/null +++ b/charts/rancher-csp-adapter/103.0.1+up3.0.1/templates/deployment.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: cattle-csp-adapter-system +spec: + selector: + matchLabels: + app: {{ .Chart.Name }} + template: + metadata: + labels: + app: {{ .Chart.Name }} + spec: + containers: + - env: + - name: CATTLE_DEBUG + value: {{ .Values.debug | quote }} + - name: CATTLE_DEV_MODE + value: {{ .Values.devMode | quote }} + - name: K8S_OUTPUT_CONFIGMAP + value: '{{ template "csp-adapter.outputConfigMap" }}' + - name: K8S_OUTPUT_NOTIFICATION + value: '{{ template "csp-adapter.outputNotification" }}' + - name: K8S_CACHE_SECRET + value: '{{ template "csp-adapter.cacheSecret" }}' + - name: K8S_HOSTNAME_SETTING + value: '{{ template "csp-adapter.hostnameSetting" }}' + - name: K8S_RANCHER_VERSION_SETTING + value: '{{ template "csp-adapter.versionSetting" }}' + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + name: {{ .Chart.Name }} + imagePullPolicy: "{{ .Values.image.imagePullPolicy }}" +{{- if .Values.additionalTrustedCAs }} + volumeMounts: + - mountPath: /etc/ssl/certs/rancher-cert.pem + name: tls-ca-volume + subPath: ca-additional.pem + readOnly: true +{{- end }} + serviceAccountName: {{ .Chart.Name }} +{{- if .Values.additionalTrustedCAs }} + volumes: + - name: tls-ca-volume + secret: + defaultMode: 0444 + secretName: tls-ca-additional +{{- end }} diff --git a/charts/rancher-csp-adapter/103.0.1+up3.0.1/templates/rbac.yaml b/charts/rancher-csp-adapter/103.0.1+up3.0.1/templates/rbac.yaml new file mode 100644 index 000000000..6d17d8c1b --- /dev/null +++ b/charts/rancher-csp-adapter/103.0.1+up3.0.1/templates/rbac.yaml @@ -0,0 +1,114 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-cluster-role +rules: +- apiGroups: + - management.cattle.io + resources: + - ranchermetrics + verbs: + - get +- apiGroups: + - management.cattle.io + resources: + - rancherusernotifications + resourceNames: + - {{ template "csp-adapter.outputNotification" }} + verbs: + - "*" +- apiGroups: + - management.cattle.io + resources: + - rancherusernotifications + verbs: + - create +- apiGroups: + - management.cattle.io + resources: + - settings + resourceNames: + - {{ template "csp-adapter.hostnameSetting" }} + - {{ template "csp-adapter.versionSetting" }} + verbs: + - get + - list + - watch +- apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-crb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-cluster-role +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }} + namespace: cattle-csp-adapter-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Chart.Name }}-role + namespace: cattle-csp-adapter-system +rules: +- apiGroups: + - "" + resources: + - secrets + resourceNames: + - {{ template "csp-adapter.cacheSecret" }} + verbs: + - "*" +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - {{ template "csp-adapter.outputConfigMap" }} + verbs: + - "*" +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-binding + namespace: cattle-csp-adapter-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ .Chart.Name }}-role +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }} + namespace: cattle-csp-adapter-system diff --git a/charts/rancher-csp-adapter/103.0.1+up3.0.1/templates/serviceAccount.yaml b/charts/rancher-csp-adapter/103.0.1+up3.0.1/templates/serviceAccount.yaml new file mode 100644 index 000000000..fa8f63e7f --- /dev/null +++ b/charts/rancher-csp-adapter/103.0.1+up3.0.1/templates/serviceAccount.yaml @@ -0,0 +1,17 @@ +{{- if eq (include "csp-adapter.csp" . ) "aws" -}} + {{- if eq (include "csp-adapter.awsValuesSet" .) "true" -}} + {{- else -}} + {{- fail "If the aws provider is enabled, account number and role name must be provided" -}} + {{- end -}} +{{- else -}} +{{- fail "One cloud provider must be enabled" -}} +{{- end -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }} + namespace: cattle-csp-adapter-system + {{- if eq (include "csp-adapter.csp" . ) "aws" }} + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.aws.accountNumber }}:role/{{ .Values.aws.roleName }} + {{- end }} diff --git a/charts/rancher-csp-adapter/103.0.1+up3.0.1/values.yaml b/charts/rancher-csp-adapter/103.0.1+up3.0.1/values.yaml new file mode 100644 index 000000000..127465f0a --- /dev/null +++ b/charts/rancher-csp-adapter/103.0.1+up3.0.1/values.yaml @@ -0,0 +1,24 @@ +debug: false +# used for development only - not supported in production +devMode: false + +image: + repository: rancher/rancher-csp-adapter + tag: v3.0.1 + imagePullPolicy: IfNotPresent + +global: + cattle: + systemDefaultRegistry: "" + +tolerations: [] + +# if rancher is using a privateCA, this certificate must be provided as a secret in the adapter's namespace - see the +# readme/docs for more details +#additionalTrustedCAs: true + +# at least one csp must be enabled like below +aws: + enabled: false + accountNumber: "" + roleName: "" diff --git a/index.yaml b/index.yaml index 9affe24d4..28a8a2342 100755 --- a/index.yaml +++ b/index.yaml @@ -9394,6 +9394,27 @@ entries: - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-1.0.100.tgz version: 1.0.100 rancher-csp-adapter: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Rancher CSP Adapter + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0' + catalog.cattle.io/namespace: cattle-csp-adapter-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux + catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0' + catalog.cattle.io/release-name: rancher-csp-adapter + catalog.cattle.io/scope: management + apiVersion: v2 + appVersion: 3.0.1 + created: "2024-04-04T14:40:55.073067-03:00" + description: Cloud Service Provider Marketplace Adapter for Rancher. Monitors + Rancher entitlements against usage. + digest: 728d4d90ba8bd53ada9d0591f29bfba620f0fe2c7044342e5420ce755c1f565f + name: rancher-csp-adapter + urls: + - assets/rancher-csp-adapter/rancher-csp-adapter-103.0.1+up3.0.1.tgz + version: 103.0.1+up3.0.1 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Rancher CSP Adapter diff --git a/release.yaml b/release.yaml index 07fbaa15d..29a693608 100644 --- a/release.yaml +++ b/release.yaml @@ -165,6 +165,7 @@ sriov-crd: - 103.1.0+up0.1.0 rancher-csp-adapter: - 2.0.4 + - 103.0.1+up3.0.1 rancher-pushprox: - 102.0.2 - 103.0.1