[dev-v2.9] Forward ports rancher-csp-adapter 103.0.1+up3.0.1 (#3748)

charts/rancher-csp-adapter/103.0.1+up3.0.1/Chart.yaml

@@ -0,0 +1,17 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Rancher CSP Adapter
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: cattle-csp-adapter-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: rancher-csp-adapter
+  catalog.cattle.io/scope: management
+apiVersion: v2
+appVersion: 3.0.1
+description: Cloud Service Provider Marketplace Adapter for Rancher. Monitors Rancher
+  entitlements against usage.
+name: rancher-csp-adapter
+version: 103.0.1+up3.0.1

charts/rancher-csp-adapter/103.0.1+up3.0.1/templates/_helpers.tpl

@@ -0,0 +1,57 @@
+{{- define "csp-adapter.labels" -}}
+app: rancher-csp-adapter
+{{- end }}
+
+{{- define "csp-adapter.outputConfigMap" -}}
+csp-config
+{{- end }}
+
+{{- define "csp-adapter.outputNotification" -}}
+csp-compliance
+{{- end }}
+
+{{- define "csp-adapter.cacheSecret" -}}
+csp-adapter-cache
+{{- end }}
+
+{{- define "csp-adapter.hostnameSetting" -}}
+server-url
+{{- end }}
+
+{{- define "csp-adapter.versionSetting" -}}
+server-version
+{{- end }}
+
+{{- define "csp-adapter.csp" -}}
+{{- if .Values.aws -}}
+    {{- if .Values.aws.enabled -}}
+aws
+    {{- end -}}
+{{- else -}}
+""
+{{- end -}}
+{{- end }}
+
+{{- define "csp-adapter.awsValuesSet" -}}
+{{- if .Values.aws -}}
+    {{- if and .Values.aws.accountNumber .Values.aws.roleName -}}
+    true
+    {{- else -}}
+    false
+    {{- end -}}
+{{- else -}}
+false
+{{- end -}}
+{{- end }}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+    {{- if eq (include "csp-adapter.csp" .) "aws" -}}
+    {{- "709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/" -}}
+    {{- else -}}
+    {{- "" -}}
+    {{- end -}}
+{{- end -}}
+{{- end -}}

charts/rancher-csp-adapter/103.0.1+up3.0.1/templates/deployment.yaml

@@ -0,0 +1,48 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: cattle-csp-adapter-system
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Chart.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Chart.Name }}
+    spec:
+      containers:
+      - env:
+        - name: CATTLE_DEBUG
+          value: {{ .Values.debug | quote }}
+        - name: CATTLE_DEV_MODE
+          value: {{ .Values.devMode | quote }}
+        - name: K8S_OUTPUT_CONFIGMAP
+          value: '{{ template "csp-adapter.outputConfigMap"  }}'
+        - name: K8S_OUTPUT_NOTIFICATION
+          value: '{{ template "csp-adapter.outputNotification" }}'
+        - name: K8S_CACHE_SECRET
+          value: '{{ template "csp-adapter.cacheSecret"  }}'
+        - name: K8S_HOSTNAME_SETTING
+          value: '{{ template "csp-adapter.hostnameSetting"  }}'
+        - name: K8S_RANCHER_VERSION_SETTING
+          value: '{{ template "csp-adapter.versionSetting"  }}'
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: {{ .Chart.Name }}
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+{{- if .Values.additionalTrustedCAs }}
+        volumeMounts:
+          - mountPath: /etc/ssl/certs/rancher-cert.pem
+            name: tls-ca-volume
+            subPath: ca-additional.pem
+            readOnly: true
+{{- end }}
+      serviceAccountName: {{ .Chart.Name }}
+{{- if .Values.additionalTrustedCAs }}
+      volumes:
+        - name: tls-ca-volume
+          secret:
+            defaultMode: 0444
+            secretName: tls-ca-additional
+{{- end }}

charts/rancher-csp-adapter/103.0.1+up3.0.1/templates/rbac.yaml

@@ -0,0 +1,114 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Chart.Name }}-cluster-role
+rules:
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - ranchermetrics
+  verbs:
+  - get
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - rancherusernotifications
+  resourceNames:
+  - {{ template "csp-adapter.outputNotification" }}
+  verbs:
+  - "*"
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - rancherusernotifications
+  verbs:
+  - create
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - settings
+  resourceNames:
+  - {{ template "csp-adapter.hostnameSetting"  }}
+  - {{ template "csp-adapter.versionSetting"  }}
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apiregistration.k8s.io
+  resources:
+  - apiservices
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Chart.Name }}-crb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Chart.Name }}-cluster-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Chart.Name }}
+    namespace: cattle-csp-adapter-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Chart.Name }}-role
+  namespace: cattle-csp-adapter-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ template "csp-adapter.cacheSecret"  }}
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  resourceNames:
+  - {{ template "csp-adapter.outputConfigMap"  }}
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Chart.Name }}-binding
+  namespace: cattle-csp-adapter-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ .Chart.Name }}-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Chart.Name }}
+    namespace: cattle-csp-adapter-system

charts/rancher-csp-adapter/103.0.1+up3.0.1/templates/serviceAccount.yaml

@@ -0,0 +1,17 @@
+{{- if eq (include "csp-adapter.csp" . ) "aws" -}}
+  {{- if eq (include "csp-adapter.awsValuesSet" .) "true" -}}
+  {{- else -}}
+  {{- fail "If the aws provider is enabled, account number and role name must be provided" -}}
+  {{- end -}}
+{{- else -}}
+{{- fail "One cloud provider must be enabled" -}}
+{{- end -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: cattle-csp-adapter-system
+  {{- if eq (include "csp-adapter.csp" . ) "aws" }}
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.aws.accountNumber }}:role/{{ .Values.aws.roleName }}
+  {{- end }}

charts/rancher-csp-adapter/103.0.1+up3.0.1/values.yaml

@@ -0,0 +1,24 @@
+debug: false
+# used for development only - not supported in production
+devMode: false
+
+image:
+  repository: rancher/rancher-csp-adapter
+  tag: v3.0.1
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+tolerations: []
+
+# if rancher is using a privateCA, this certificate must be provided as a secret in the adapter's namespace - see the
+# readme/docs for more details
+#additionalTrustedCAs: true
+
+# at least one csp must be enabled like below
+aws:
+  enabled: false
+  accountNumber: ""
+  roleName: ""

index.yaml

@@ -9394,6 +9394,27 @@ entries:
     - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-1.0.100.tgz
     version: 1.0.100
   rancher-csp-adapter:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: Rancher CSP Adapter
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: cattle-csp-adapter-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: rancher-csp-adapter
+      catalog.cattle.io/scope: management
+    apiVersion: v2
+    appVersion: 3.0.1
+    created: "2024-04-04T14:40:55.073067-03:00"
+    description: Cloud Service Provider Marketplace Adapter for Rancher. Monitors
+      Rancher entitlements against usage.
+    digest: 728d4d90ba8bd53ada9d0591f29bfba620f0fe2c7044342e5420ce755c1f565f
+    name: rancher-csp-adapter
+    urls:
+    - assets/rancher-csp-adapter/rancher-csp-adapter-103.0.1+up3.0.1.tgz
+    version: 103.0.1+up3.0.1
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/display-name: Rancher CSP Adapter

release.yaml

@@ -165,6 +165,7 @@ sriov-crd:
   - 103.1.0+up0.1.0
 rancher-csp-adapter:
   - 2.0.4
+  - 103.0.1+up3.0.1
 rancher-pushprox:
   - 102.0.2
   - 103.0.1