Merge pull request #1307 from aiyengar2/update_grafana

Update Grafana to latest that uses Apache license

charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/Chart.yaml

@@ -5,7 +5,7 @@ annotations:
   catalog.rancher.io/namespace: cattle-monitoring-system
   catalog.rancher.io/release-name: rancher-grafana
 apiVersion: v2
-appVersion: 7.4.5
+appVersion: 7.5.8
 description: The leading tool for querying and visualizing time series and metrics.
 home: https://grafana.net
 icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
@@ -25,4 +25,4 @@ name: rancher-grafana
 sources:
 - https://github.com/grafana/grafana
 type: application
-version: 100.0.0+up6.6.4
+version: 100.0.0+up6.11.0

charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/README.md

@@ -63,6 +63,7 @@ This version requires Helm >= 3.1.0.
 | `image.sha`                               | Image sha (optional)                          | `2b56f6106ddc376bb46d974230d530754bf65a640dfbc5245191d72d3b49efc6` |
 | `image.pullPolicy`                        | Image pull policy                             | `IfNotPresent`                                          |
 | `image.pullSecrets`                       | Image pull secrets                            | `{}`                                                    |
+| `service.enabled`                         | Enable grafana service                        | `true`                                                  |
 | `service.type`                            | Kubernetes service type                       | `ClusterIP`                                             |
 | `service.port`                            | Kubernetes port where service is exposed      | `80`                                                    |
 | `service.portName`                        | Name of the port on the service               | `service`                                               |
@@ -82,7 +83,7 @@ This version requires Helm >= 3.1.0.
 | `ingress.path`                            | Ingress accepted path                         | `/`                                                     |
 | `ingress.pathType`                        | Ingress type of path                          | `Prefix`                                                |
 | `ingress.hosts`                           | Ingress accepted hostnames                    | `["chart-example.local"]`                                                    |
-| `ingress.extraPaths`                      | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]`                                                    |
+| `ingress.extraPaths`                      | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]`                                                    |
 | `ingress.tls`                             | Ingress TLS configuration                     | `[]`                                                    |
 | `resources`                               | CPU/Memory resource requests/limits           | `{}`                                                    |
 | `nodeSelector`                            | Node labels for pod assignment                | `{}`                                                    |
@@ -157,13 +158,16 @@ This version requires Helm >= 3.1.0.
 | `sidecar.dashboards.folderAnnotation`     | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil`                                                  |
 | `sidecar.dashboards.defaultFolderName`    | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil`                                |
 | `sidecar.dashboards.searchNamespace`      | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil`                                |
+| `sidecar.dashboards.resource`             | Should the sidecar looks into secrets, configmaps or both. | `both`                               |
 | `sidecar.datasources.enabled`             | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false`       |
 | `sidecar.datasources.label`               | Label that config maps with datasources should have to be added | `grafana_datasource`                               |
-| `sidecar.datasources.labelValue`                | Label value that config maps with datasources should have to be added | `nil`                                |
+| `sidecar.datasources.labelValue`          | Label value that config maps with datasources should have to be added | `nil`                                |
 | `sidecar.datasources.searchNamespace`     | If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil`                               |
+| `sidecar.datasources.resource`            | Should the sidecar looks into secrets, configmaps or both. | `both`                               |
 | `sidecar.notifiers.enabled`               | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false`        |
 | `sidecar.notifiers.label`                 | Label that config maps with notifiers should have to be added | `grafana_notifier`                               |
 | `sidecar.notifiers.searchNamespace`       | If specified, the sidecar will search for notifiers config-maps (or secrets) inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil`                               |
+| `sidecar.notifiers.resource`              | Should the sidecar looks into secrets, configmaps or both. | `both`                               |
 | `smtp.existingSecret`                     | The name of an existing secret containing the SMTP credentials. | `""`                                  |
 | `smtp.userKey`                            | The key in the existing SMTP secret containing the username. | `"user"`                                 |
 | `smtp.passwordKey`                        | The key in the existing SMTP secret containing the password. | `"password"`                             |
@@ -215,6 +219,7 @@ This version requires Helm >= 3.1.0.
 | `imageRenderer.securityContext`            | image-renderer deployment securityContext                                          | `{}`                             |
 | `imageRenderer.hostAliases`                | image-renderer deployment Host Aliases                                             | `[]`                             |
 | `imageRenderer.priorityClassName`          | image-renderer deployment priority class                                           | `''`                             |
+| `imageRenderer.service.enabled`            | Enable the image-renderer service                                                  | `true`                           |
 | `imageRenderer.service.portName`           | image-renderer service port name                                                   | `'http'`                         |
 | `imageRenderer.service.port`               | image-renderer service port used by both service and deployment                    | `8081`                           |
 | `imageRenderer.grafanaSubPath`             | Grafana sub path to use for image renderer callback url                            | `''`                             |
@@ -242,6 +247,9 @@ ingress:
 
 ### Example of extraVolumeMounts
 
+Volume can be type persistentVolumeClaim or hostPath but not both at same time.
+If none existingClaim or hostPath argument is givent then type is emptyDir.
+
 ```yaml
 - extraVolumeMounts:
   - name: plugins
@@ -249,6 +257,10 @@ ingress:
     subPath: configs/grafana/plugins
     existingClaim: existing-grafana-claim
     readOnly: false
+  - name: dashboards
+    mountPath: /var/lib/grafana/dashboards
+    hostPath: /usr/shared/grafana/dashboards
+    readOnly: false
 ```
 
 ## Import dashboards

charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/_helpers.tpl

@@ -143,3 +143,16 @@ Return the appropriate apiVersion for rbac.
 {{- print "rbac.authorization.k8s.io/v1beta1" -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Looks if there's an existing secret and reuse its password. If not it generates
+new password and use it.
+*/}}
+{{- define "grafana.password" -}}
+{{- $secret := (lookup "v1" "Secret" (include "grafana.namespace" .) (include "grafana.fullname" .) ) -}}
+  {{- if $secret -}}
+    {{-  index $secret "data" "admin-password" -}}
+  {{- else -}}
+    {{- (randAlphaNum 40) | b64enc | quote -}}
+  {{- end -}}
+{{- end -}}

charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/_pod.tpl

@@ -100,7 +100,7 @@ initContainers:
       - name: FOLDER
         value: "/etc/grafana/provisioning/datasources"
       - name: RESOURCE
-        value: "both"
+        value: {{ quote .Values.sidecar.datasources.resource }}
       {{- if .Values.sidecar.enableUniqueFilenames }}
       - name: UNIQUE_FILENAMES
         value: "{{ .Values.sidecar.enableUniqueFilenames }}"
@@ -135,7 +135,7 @@ initContainers:
       - name: FOLDER
         value: "/etc/grafana/provisioning/notifiers"
       - name: RESOURCE
-        value: "both"
+        value: {{ quote .Values.sidecar.notifiers.resource }}
       {{- if .Values.sidecar.enableUniqueFilenames }}
       - name: UNIQUE_FILENAMES
         value: "{{ .Values.sidecar.enableUniqueFilenames }}"
@@ -184,7 +184,7 @@ containers:
       - name: FOLDER
         value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}"
       - name: RESOURCE
-        value: "both"
+        value: {{ quote .Values.sidecar.dashboards.resource }}
       {{- if .Values.sidecar.enableUniqueFilenames }}
       - name: UNIQUE_FILENAMES
         value: "{{ .Values.sidecar.enableUniqueFilenames }}"
@@ -317,14 +317,14 @@ containers:
         containerPort: 3000
         protocol: TCP
     env:
-      {{- if not .Values.env.GF_SECURITY_ADMIN_USER }}
+      {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
       - name: GF_SECURITY_ADMIN_USER
         valueFrom:
           secretKeyRef:
             name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }}
             key: {{ .Values.admin.userKey | default "admin-user" }}
       {{- end }}
-      {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) }}
+      {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
       - name: GF_SECURITY_ADMIN_PASSWORD
         valueFrom:
           secretKeyRef:
@@ -356,6 +356,14 @@ containers:
       - name: GF_RENDERING_CALLBACK_URL
         value: http://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }}
       {{ end }}
+      - name: GF_PATHS_DATA
+        value: {{ (get .Values "grafana.ini").paths.data }}
+      - name: GF_PATHS_LOGS
+        value: {{ (get .Values "grafana.ini").paths.logs }}
+      - name: GF_PATHS_PLUGINS
+        value: {{ (get .Values "grafana.ini").paths.plugins }}
+      - name: GF_PATHS_PROVISIONING
+        value: {{ (get .Values "grafana.ini").paths.provisioning }}
     {{- range $key, $value := .Values.envValueFrom }}
       - name: {{ $key | quote }}
         valueFrom:
@@ -483,8 +491,15 @@ volumes:
 {{- end }}
 {{- range .Values.extraVolumeMounts }}
   - name: {{ .name }}
+    {{- if .existingClaim }}
     persistentVolumeClaim:
       claimName: {{ .existingClaim }}
+    {{- else if .hostPath }}
+    hostPath:
+      path: {{ .hostPath }}
+    {{- else }}
+    emptyDir: {}
+    {{- end }}
 {{- end }}
 {{- range .Values.extraEmptyDirMounts }}
   - name: {{ .name }}

charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/configmap.yaml

@@ -19,8 +19,10 @@ data:
     {{- range $elem, $elemVal := $value }}
     {{- if kindIs "invalid" $elemVal }}
     {{ $elem }} =
+    {{- else if kindIs "string" $elemVal }}
+    {{ $elem }} = {{ tpl $elemVal $ }}
     {{- else }}
-    {{ $elem }} = {{ tpl (toYaml $elemVal) $ }}
+    {{ $elem }} = {{ $elemVal }}
     {{- end }}
     {{- end }}
 {{- end }}

charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/deployment.yaml

@@ -14,7 +14,9 @@ metadata:
 {{ toYaml . | indent 4 }}
 {{- end }}
 spec:
+  {{- if not .Values.autoscaling.enabled }}
   replicas: {{ .Values.replicas }}
+  {{- end }}
   revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
   selector:
     matchLabels:
@@ -34,7 +36,7 @@ spec:
         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
         checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
         checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
-{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
+{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
         checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
 {{- end }}
 {{- if .Values.envRenderSecret }}

charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/hpa.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "grafana.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "grafana.name" . }}
+    helm.sh/chart: {{ template "grafana.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "grafana.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+{{ toYaml .Values.autoscaling.metrics | indent 4 }}
+{{- end }}

charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-service.yaml

@@ -1,4 +1,5 @@
 {{ if .Values.imageRenderer.enabled }}
+{{ if .Values.imageRenderer.service.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -26,3 +27,4 @@ spec:
   selector:
     {{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }}
 {{ end }}
+{{ end }}

charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/podsecuritypolicy.yaml

@@ -13,19 +13,8 @@ spec:
   privileged: false
   allowPrivilegeEscalation: false
   requiredDropCapabilities:
-    # Default set from Docker, without DAC_OVERRIDE or CHOWN
+    # Default set from Docker, with DAC_OVERRIDE and CHOWN
-    - FOWNER
+      - ALL
-    - FSETID
-    - KILL
-    - SETGID
-    - SETUID
-    - SETPCAP
-    - NET_BIND_SERVICE
-    - NET_RAW
-    - SYS_CHROOT
-    - MKNOD
-    - AUDIT_WRITE
-    - SETFCAP
   volumes:
     - 'configMap'
     - 'emptyDir'
@@ -38,12 +27,20 @@ spec:
   hostIPC: false
   hostPID: false
   runAsUser:
-    rule: 'RunAsAny'
+    rule: 'MustRunAsNonRoot'
   seLinux:
     rule: 'RunAsAny'
   supplementalGroups:
-    rule: 'RunAsAny'
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
   fsGroup:
-    rule: 'RunAsAny'
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
   readOnlyRootFilesystem: false
 {{- end }}

charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/secret.yaml

@@ -1,4 +1,4 @@
-{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
+{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -6,6 +6,10 @@ metadata:
   namespace: {{ template "grafana.namespace" . }}
   labels:
     {{- include "grafana.labels" . | nindent 4 }}
+{{- with .Values.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
 type: Opaque
 data:
   {{- if and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }}
@@ -13,7 +17,7 @@ data:
   {{- if .Values.adminPassword }}
   admin-password: {{ .Values.adminPassword | b64enc | quote }}
   {{- else }}
-  admin-password: {{ randAlphaNum 40 | b64enc | quote }}
+  admin-password: {{ template "grafana.password" . }}
   {{- end }}
   {{- end }}
   {{- if not .Values.ldap.existingSecret }}

charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/service.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.service.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -47,4 +48,4 @@ spec:
   {{- end }}
   selector:
     {{- include "grafana.selectorLabels" . | nindent 4 }}
-
+{{ end }}

charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/statefulset.yaml

@@ -27,7 +27,7 @@ spec:
         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
         checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
         checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
-  {{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
+  {{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
         checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
 {{- end }}
 {{- with .Values.podAnnotations }}

charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/values.yaml

@@ -38,6 +38,22 @@ serviceAccount:
 
 replicas: 1
 
+## Create HorizontalPodAutoscaler object for deployment type
+#
+autoscaling:
+  enabled: false
+#   minReplicas: 1
+#   maxReplicas: 10
+#   metrics:
+#   - type: Resource
+#     resource:
+#       name: cpu
+#       targetAverageUtilization: 60
+#   - type: Resource
+#     resource:
+#       name: memory
+#       targetAverageUtilization: 60
+
 ## See `kubectl explain poddisruptionbudget.spec` for more
 ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
 podDisruptionBudget: {}
@@ -69,7 +85,7 @@ livenessProbe:
 
 image:
   repository: rancher/mirrored-grafana-grafana
-  tag: 7.4.5
+  tag: 7.5.8
   sha: ""
   pullPolicy: IfNotPresent
 
@@ -119,7 +135,7 @@ extraLabels: {}
 
 downloadDashboardsImage:
   repository: rancher/mirrored-curlimages-curl
-  tag: 7.73.0
+  tag: 7.77.0
   sha: ""
   pullPolicy: IfNotPresent
 
@@ -144,6 +160,7 @@ podPortName: grafana
 ## ref: http://kubernetes.io/docs/user-guide/services/
 ##
 service:
+  enabled: true
   type: ClusterIP
   port: 80
   targetPort: 3000
@@ -420,10 +437,14 @@ extraSecretMounts: []
 ## Additional grafana server volume mounts
 # Defines additional volume mounts.
 extraVolumeMounts: []
-  # - name: extra-volume
+  # - name: extra-volume-0
-  #   mountPath: /mnt/volume
+  #   mountPath: /mnt/volume0
   #   readOnly: true
   #   existingClaim: volume-claim
+  # - name: extra-volume-1
+  #   mountPath: /mnt/volume1
+  #   readOnly: true
+  #   hostPath: /usr/shared/
 
 ## Pass the plugins you want installed as a list.
 ##
@@ -530,7 +551,7 @@ dashboardsConfigMaps: {}
 ##
 grafana.ini:
   paths:
-    data: /var/lib/grafana/data
+    data: /var/lib/grafana/
     logs: /var/log/grafana
     plugins: /var/lib/grafana/plugins
     provisioning: /etc/grafana/provisioning
@@ -601,7 +622,7 @@ smtp:
 sidecar:
   image:
     repository: rancher/mirrored-kiwigrid-k8s-sidecar
-    tag: 1.10.7
+    tag: 1.12.2
     sha: ""
   imagePullPolicy: IfNotPresent
   resources: {}
@@ -629,6 +650,8 @@ sidecar:
     # Otherwise the namespace in which the sidecar is running will be used.
     # It's also possible to specify ALL to search in all namespaces
     searchNamespace: null
+    # search in configmap, secret or both
+    resource: both
     # If specified, the sidecar will look for annotation with this name to create folder and put graph here.
     # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure.
     folderAnnotation: null
@@ -658,10 +681,8 @@ sidecar:
     # Otherwise the namespace in which the sidecar is running will be used.
     # It's also possible to specify ALL to search in all namespaces
     searchNamespace: null
-
+    # search in configmap, secret or both
-    ## The name of a secret in the same kubernetes namespace which contain values to be added to the environment
+    resource: both
-    ## This can be useful for database passwords, etc. Value is templated.
-    envFromSecret: ""
   notifiers:
     enabled: false
     # label that the configmaps with notifiers are marked with
@@ -670,6 +691,8 @@ sidecar:
     # Otherwise the namespace in which the sidecar is running will be used.
     # It's also possible to specify ALL to search in all namespaces
     searchNamespace: null
+    # search in configmap, secret or both
+    resource: both
 
 ## Override the deployment namespace
 ##
@@ -688,7 +711,7 @@ imageRenderer:
     # image-renderer Image repository
     repository: rancher/mirrored-grafana-grafana-image-renderer
     # image-renderer Image tag
-    tag: 2.0.1
+    tag: 3.0.1
     # image-renderer Image sha (optional)
     sha: ""
     # image-renderer ImagePullPolicy
@@ -707,6 +730,8 @@ imageRenderer:
   # image-renderer deployment priority class
   priorityClassName: ''
   service:
+    # Enable the image-renderer service
+    enabled: true
     # image-renderer service port name
     portName: 'http'
     # image-renderer service port used by both service and deployment

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/.helmignore

@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/Chart.yaml

@@ -1,24 +0,0 @@
-annotations:
-  catalog.cattle.io/hidden: "true"
-  catalog.cattle.io/os: linux
-  catalog.rancher.io/certified: rancher
-  catalog.rancher.io/namespace: cattle-monitoring-system
-  catalog.rancher.io/release-name: rancher-kube-state-metrics
-apiVersion: v1
-appVersion: 1.9.8
-description: Install kube-state-metrics to generate and expose cluster-level metrics
-home: https://github.com/kubernetes/kube-state-metrics/
-keywords:
-- metric
-- monitoring
-- prometheus
-- kubernetes
-maintainers:
-- email: tariq.ibrahim@mulesoft.com
-  name: tariq1890
-- email: manuel@rueg.eu
-  name: mrueg
-name: rancher-kube-state-metrics
-sources:
-- https://github.com/kubernetes/kube-state-metrics/
-version: 100.0.0+up2.13.1

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/LICENSE

@@ -1,202 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright The Helm Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/OWNERS

@@ -1,6 +0,0 @@
-approvers:
-- tariq1890
-- mrueg
-reviewers:
-- tariq1890
-- mrueg

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/README.md

@@ -1,66 +0,0 @@
-# kube-state-metrics Helm Chart
-
-Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics).
-
-## Get Repo Info
-
-```console
-helm repo add kube-state-metrics https://kubernetes.github.io/kube-state-metrics
-helm repo update
-```
-
-_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
-
-## Install Chart
-
-```console
-# Helm 3
-$ helm install [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags]
-
-# Helm 2
-$ helm install --name [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags]
-```
-
-_See [configuration](#configuration) below._
-
-_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
-
-## Uninstall Chart
-
-```console
-# Helm 3
-$ helm uninstall [RELEASE_NAME]
-
-# Helm 2
-# helm delete --purge [RELEASE_NAME]
-```
-
-This removes all the Kubernetes components associated with the chart and deletes the release.
-
-_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
-
-## Upgrading Chart
-
-```console
-# Helm 3 or 2
-$ helm upgrade [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags]
-```
-
-_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
-
-### From stable/kube-state-metrics
-
-You can upgrade in-place:
-
-1. [get repo info](#get-repo-info)
-1. [upgrade](#upgrading-chart) your existing release name using the new chart repo
-
-## Configuration
-
-See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:
-
-```console
-helm show values kube-state-metrics/kube-state-metrics
-```
-
-You may also `helm show values` on this chart's [dependencies](#dependencies) for additional options.

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/templates/NOTES.txt

@@ -1,10 +0,0 @@
-kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
-The exposed metrics can be found here:
-https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics
-
-The metrics are exported on the HTTP endpoint /metrics on the listening port.
-In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics
-
-They are served either as plaintext or protobuf depending on the Accept header.
-They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint.
-

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/templates/_helpers.tpl

@@ -1,76 +0,0 @@
-# Rancher
-{{- define "system_default_registry" -}}
-{{- if .Values.global.cattle.systemDefaultRegistry -}}
-{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
-{{- end -}}
-{{- end -}}
-
-# Windows Support
-
-{{/*
-Windows cluster will add default taint for linux nodes,
-add below linux tolerations to workloads could be scheduled to those linux nodes
-*/}}
-
-{{- define "linux-node-tolerations" -}}
-- key: "cattle.io/os"
-  value: "linux"
-  effect: "NoSchedule"
-  operator: "Equal"
-{{- end -}}
-
-{{- define "linux-node-selector" -}}
-{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
-beta.kubernetes.io/os: linux
-{{- else -}}
-kubernetes.io/os: linux
-{{- end -}}
-{{- end -}}
-
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "kube-state-metrics.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "kube-state-metrics.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "kube-state-metrics.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create -}}
-    {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Allow the release namespace to be overridden for multi-namespace deployments in combined charts
-*/}}
-{{- define "kube-state-metrics.namespace" -}}
-  {{- if .Values.namespaceOverride -}}
-    {{- .Values.namespaceOverride -}}
-  {{- else -}}
-    {{- .Release.Namespace -}}
-  {{- end -}}
-{{- end -}}

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/templates/clusterrolebinding.yaml

@@ -1,23 +0,0 @@
-{{- if and .Values.rbac.create .Values.rbac.useClusterRole -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-  name: {{ template "kube-state-metrics.fullname" . }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-{{- if .Values.rbac.useExistingRole }}
-  name: {{ .Values.rbac.useExistingRole }}
-{{- else }}
-  name: {{ template "kube-state-metrics.fullname" . }}
-{{- end }}
-subjects:
-- kind: ServiceAccount
-  name: {{ template "kube-state-metrics.fullname" . }}
-  namespace: {{ template "kube-state-metrics.namespace" . }}
-{{- end -}}

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/templates/deployment.yaml

@@ -1,217 +0,0 @@
-apiVersion: apps/v1
-{{- if .Values.autosharding.enabled }}
-kind: StatefulSet
-{{- else }}
-kind: Deployment
-{{- end }}
-metadata:
-  name: {{ template "kube-state-metrics.fullname" . }}
-  namespace: {{ template "kube-state-metrics.namespace" . }}
-  labels:
-    app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
-    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    app.kubernetes.io/instance: "{{ .Release.Name }}"
-    app.kubernetes.io/managed-by: "{{ .Release.Service }}"
-    app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
-{{- if .Values.customLabels }}
-{{ toYaml .Values.customLabels | indent 4 }}
-{{- end }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
-  replicas: {{ .Values.replicas }}
-{{- if .Values.autosharding.enabled }}
-  serviceName: {{ template "kube-state-metrics.fullname" . }}
-  volumeClaimTemplates: []
-{{- end }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
-        app.kubernetes.io/instance: "{{ .Release.Name }}"
-{{- if .Values.customLabels }}
-{{ toYaml .Values.customLabels | indent 8 }}
-{{- end }}
-{{- if .Values.podAnnotations }}
-      annotations:
-{{ toYaml .Values.podAnnotations | indent 8 }}
-{{- end }}
-    spec:
-      hostNetwork: {{ .Values.hostNetwork }}
-      serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }}
-      {{- if .Values.securityContext.enabled }}
-      securityContext:
-        fsGroup: {{ .Values.securityContext.fsGroup }}
-        runAsGroup: {{ .Values.securityContext.runAsGroup }}
-        runAsUser: {{ .Values.securityContext.runAsUser }}
-        runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }}
-      {{- end }}
-    {{- if .Values.priorityClassName }}
-      priorityClassName: {{ .Values.priorityClassName }}
-    {{- end }}
-      containers:
-      - name: {{ .Chart.Name }}
-{{- if .Values.autosharding.enabled }}
-        env:
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-{{- end }}
-        args:
-{{  if .Values.extraArgs  }}
-        {{- range .Values.extraArgs  }}
-        - {{ . }}
-        {{- end  }}
-{{  end  }}
-{{  if .Values.collectors.certificatesigningrequests  }}
-        - --collectors=certificatesigningrequests
-{{  end  }}
-{{  if .Values.collectors.configmaps  }}
-        - --collectors=configmaps
-{{  end  }}
-{{  if .Values.collectors.cronjobs  }}
-        - --collectors=cronjobs
-{{  end  }}
-{{ if .Values.collectors.daemonsets  }}
-        - --collectors=daemonsets
-{{  end  }}
-{{  if .Values.collectors.deployments  }}
-        - --collectors=deployments
-{{  end  }}
-{{  if .Values.collectors.endpoints  }}
-        - --collectors=endpoints
-{{  end  }}
-{{  if .Values.collectors.horizontalpodautoscalers  }}
-        - --collectors=horizontalpodautoscalers
-{{  end  }}
-{{  if .Values.collectors.ingresses  }}
-        - --collectors=ingresses
-{{  end  }}
-{{  if .Values.collectors.jobs  }}
-        - --collectors=jobs
-{{  end  }}
-{{  if .Values.collectors.limitranges  }}
-        - --collectors=limitranges
-{{  end  }}
-{{  if .Values.collectors.mutatingwebhookconfigurations  }}
-        - --collectors=mutatingwebhookconfigurations
-{{  end  }}
-{{  if .Values.collectors.namespaces  }}
-        - --collectors=namespaces
-{{  end  }}
-{{  if .Values.collectors.networkpolicies  }}
-        - --collectors=networkpolicies
-{{  end  }}
-{{  if .Values.collectors.nodes  }}
-        - --collectors=nodes
-{{  end  }}
-{{  if .Values.collectors.persistentvolumeclaims  }}
-        - --collectors=persistentvolumeclaims
-{{  end  }}
-{{  if .Values.collectors.persistentvolumes  }}
-        - --collectors=persistentvolumes
-{{  end  }}
-{{  if .Values.collectors.poddisruptionbudgets  }}
-        - --collectors=poddisruptionbudgets
-{{  end  }}
-{{  if .Values.collectors.pods  }}
-        - --collectors=pods
-{{  end  }}
-{{  if .Values.collectors.replicasets  }}
-        - --collectors=replicasets
-{{  end  }}
-{{  if .Values.collectors.replicationcontrollers  }}
-        - --collectors=replicationcontrollers
-{{  end  }}
-{{  if .Values.collectors.resourcequotas  }}
-        - --collectors=resourcequotas
-{{  end  }}
-{{  if .Values.collectors.secrets  }}
-        - --collectors=secrets
-{{  end  }}
-{{  if .Values.collectors.services  }}
-        - --collectors=services
-{{  end  }}
-{{  if .Values.collectors.statefulsets  }}
-        - --collectors=statefulsets
-{{  end  }}
-{{  if .Values.collectors.storageclasses  }}
-        - --collectors=storageclasses
-{{  end  }}
-{{  if .Values.collectors.validatingwebhookconfigurations  }}
-        - --collectors=validatingwebhookconfigurations
-{{  end  }}
-{{  if .Values.collectors.verticalpodautoscalers  }}
-        - --collectors=verticalpodautoscalers
-{{  end  }}
-{{  if .Values.collectors.volumeattachments  }}
-        - --collectors=volumeattachments
-{{  end  }}
-{{ if .Values.namespace }}
-        - --namespace={{ .Values.namespace | join "," }}
-{{ end }}
-{{ if .Values.autosharding.enabled }}
-        - --pod=$(POD_NAME)
-        - --pod-namespace=$(POD_NAMESPACE)
-{{ end }}
-{{ if .Values.kubeconfig.enabled }}
-        - --kubeconfig=/opt/k8s/.kube/config
-{{ end }}
-{{ if .Values.selfMonitor.telemetryHost }}
-        - --telemetry-host={{ .Values.selfMonitor.telemetryHost }}
-{{ end }}
-        - --telemetry-port=8081
-{{- if .Values.kubeconfig.enabled }}
-        volumeMounts:
-        - name: kubeconfig
-          mountPath: /opt/k8s/.kube/
-          readOnly: true
-{{- end }}
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-        ports:
-        - containerPort: 8080
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 8080
-          initialDelaySeconds: 5
-          timeoutSeconds: 5
-        readinessProbe:
-          httpGet:
-            path: /
-            port: 8080
-          initialDelaySeconds: 5
-          timeoutSeconds: 5
-{{- if .Values.resources }}
-        resources:
-{{ toYaml .Values.resources | indent 10 }}
-{{- end }}
-{{- if .Values.imagePullSecrets }}
-      imagePullSecrets:
-{{ toYaml .Values.imagePullSecrets | indent 8 }}
-{{- end }}
-{{- if .Values.affinity }}
-      affinity:
-{{ toYaml .Values.affinity | indent 8 }}
-{{- end }}
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-{{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
-{{- end }}
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-{{- if .Values.tolerations }}
-{{ toYaml .Values.tolerations | indent 8 }}
-{{- end }}
-{{- if .Values.kubeconfig.enabled}}
-      volumes:
-        - name: kubeconfig
-          secret:
-            secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig
-{{- end }}

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/templates/kubeconfig-secret.yaml

@@ -1,15 +0,0 @@
-{{- if .Values.kubeconfig.enabled -}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig
-  namespace: {{ template "kube-state-metrics.namespace" . }}
-  labels:
-    app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
-    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    app.kubernetes.io/instance: "{{ .Release.Name }}"
-    app.kubernetes.io/managed-by: "{{ .Release.Service }}"
-type: Opaque
-data:
-  config: '{{ .Values.kubeconfig.secret }}'
-{{- end -}}

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/templates/pdb.yaml

@@ -1,20 +0,0 @@
-{{- if .Values.podDisruptionBudget -}}
-apiVersion: policy/v1beta1
-kind: PodDisruptionBudget
-metadata:
-  name: {{ template "kube-state-metrics.fullname" . }}
-  namespace: {{ template "kube-state-metrics.namespace" . }}
-  labels:
-    app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
-    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    app.kubernetes.io/instance: "{{ .Release.Name }}"
-    app.kubernetes.io/managed-by: "{{ .Release.Service }}"
-{{- if .Values.customLabels }}
-{{ toYaml .Values.customLabels | indent 4 }}
-{{- end }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
-{{ toYaml .Values.podDisruptionBudget | indent 2 }}
-{{- end -}}

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/templates/podsecuritypolicy.yaml

@@ -1,42 +0,0 @@
-{{- if .Values.podSecurityPolicy.enabled }}
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: {{ template "kube-state-metrics.fullname" . }}
-  labels:
-    app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-{{- if .Values.podSecurityPolicy.annotations }}
-  annotations:
-{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
-{{- end }}
-spec:
-  privileged: false
-  volumes:
-    - 'secret'
-{{- if .Values.podSecurityPolicy.additionalVolumes }}
-{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }}
-{{- end }}
-  hostNetwork: false
-  hostIPC: false
-  hostPID: false
-  runAsUser:
-    rule: 'MustRunAsNonRoot'
-  seLinux:
-    rule: 'RunAsAny'
-  supplementalGroups:
-    rule: 'MustRunAs'
-    ranges:
-      # Forbid adding the root group.
-      - min: 1
-        max: 65535
-  fsGroup:
-    rule: 'MustRunAs'
-    ranges:
-      # Forbid adding the root group.
-      - min: 1
-        max: 65535
-  readOnlyRootFilesystem: false
-{{- end }}

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/templates/psp-clusterrole.yaml

@@ -1,22 +0,0 @@
-{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-  name: psp-{{ template "kube-state-metrics.fullname" . }}
-rules:
-{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
-{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
-- apiGroups: ['policy']
-{{- else }}
-- apiGroups: ['extensions']
-{{- end }}
-  resources: ['podsecuritypolicies']
-  verbs:     ['use']
-  resourceNames:
-  - {{ template "kube-state-metrics.fullname" . }}
-{{- end }}

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/templates/psp-clusterrolebinding.yaml

@@ -1,19 +0,0 @@
-{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-  name: psp-{{ template "kube-state-metrics.fullname" . }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp-{{ template "kube-state-metrics.fullname" . }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "kube-state-metrics.fullname" . }}
-    namespace: {{ template "kube-state-metrics.namespace" . }}
-{{- end }}

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/templates/role.yaml

@@ -1,192 +0,0 @@
-{{- if and (eq $.Values.rbac.create true) (not .Values.rbac.useExistingRole)  -}}
-{{- if eq .Values.rbac.useClusterRole false }}
-{{-   range (split "," $.Values.namespace) }}
-{{- end }}
-{{- end -}}
----
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if eq .Values.rbac.useClusterRole false }}
-kind: Role
-{{- else }}
-kind: ClusterRole
-{{- end }}
-metadata:
-  labels:
-    app.kubernetes.io/name: {{ template "kube-state-metrics.name" $ }}
-    helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }}
-    app.kubernetes.io/managed-by: {{ $.Release.Service }}
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-  name: {{ template "kube-state-metrics.fullname" $ }}
-{{- if eq .Values.rbac.useClusterRole false }}
-  namespace: {{ . }}
-{{- end }}
-rules:
-{{ if $.Values.collectors.certificatesigningrequests }}
-- apiGroups: ["certificates.k8s.io"]
-  resources:
-  - certificatesigningrequests
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.configmaps }}
-- apiGroups: [""]
-  resources:
-  - configmaps
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.cronjobs }}
-- apiGroups: ["batch"]
-  resources:
-  - cronjobs
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.daemonsets }}
-- apiGroups: ["extensions", "apps"]
-  resources:
-  - daemonsets
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.deployments }}
-- apiGroups: ["extensions", "apps"]
-  resources:
-  - deployments
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.endpoints }}
-- apiGroups: [""]
-  resources:
-  - endpoints
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.horizontalpodautoscalers }}
-- apiGroups: ["autoscaling"]
-  resources:
-  - horizontalpodautoscalers
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.ingresses }}
-- apiGroups: ["extensions", "networking.k8s.io"]
-  resources:
-  - ingresses
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.jobs }}
-- apiGroups: ["batch"]
-  resources:
-  - jobs
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.limitranges }}
-- apiGroups: [""]
-  resources:
-  - limitranges
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.mutatingwebhookconfigurations }}
-- apiGroups: ["admissionregistration.k8s.io"]
-  resources:
-    - mutatingwebhookconfigurations
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.namespaces }}
-- apiGroups: [""]
-  resources:
-  - namespaces
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.networkpolicies }}
-- apiGroups: ["networking.k8s.io"]
-  resources:
-  - networkpolicies
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.nodes }}
-- apiGroups: [""]
-  resources:
-  - nodes
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.persistentvolumeclaims }}
-- apiGroups: [""]
-  resources:
-  - persistentvolumeclaims
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.persistentvolumes }}
-- apiGroups: [""]
-  resources:
-  - persistentvolumes
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.poddisruptionbudgets }}
-- apiGroups: ["policy"]
-  resources:
-    - poddisruptionbudgets
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.pods }}
-- apiGroups: [""]
-  resources:
-  - pods
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.replicasets }}
-- apiGroups: ["extensions", "apps"]
-  resources:
-  - replicasets
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.replicationcontrollers }}
-- apiGroups: [""]
-  resources:
-  - replicationcontrollers
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.resourcequotas }}
-- apiGroups: [""]
-  resources:
-  - resourcequotas
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.secrets }}
-- apiGroups: [""]
-  resources:
-  - secrets
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.services }}
-- apiGroups: [""]
-  resources:
-  - services
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.statefulsets }}
-- apiGroups: ["apps"]
-  resources:
-  - statefulsets
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.storageclasses }}
-- apiGroups: ["storage.k8s.io"]
-  resources:
-    - storageclasses
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.validatingwebhookconfigurations }}
-- apiGroups: ["admissionregistration.k8s.io"]
-  resources:
-    - validatingwebhookconfigurations
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.volumeattachments }}
-- apiGroups: ["storage.k8s.io"]
-  resources:
-    - volumeattachments
-  verbs: ["list", "watch"]
-{{ end -}}
-{{ if $.Values.collectors.verticalpodautoscalers }}
-- apiGroups: ["autoscaling.k8s.io"]
-  resources:
-    - verticalpodautoscalers
-  verbs: ["list", "watch"]
-{{ end -}}
-{{- end -}}

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/templates/rolebinding.yaml

@@ -1,27 +0,0 @@
-{{- if and (eq  .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}}
-{{- range (split "," $.Values.namespace) }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/name: {{ template "kube-state-metrics.name" $ }}
-    helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }}
-    app.kubernetes.io/managed-by: {{ $.Release.Service }}
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-  name: {{ template "kube-state-metrics.fullname" $ }}
-  namespace: {{ . }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-{{- if (not $.Values.rbac.useExistingRole) }}
-  name: {{ template "kube-state-metrics.fullname" $ }}
-{{- else }}
-  name: {{ $.Values.rbac.useExistingRole }}
-{{- end }}
-subjects:
-- kind: ServiceAccount
-  name: {{ template "kube-state-metrics.fullname" $ }}
-  namespace: {{ template "kube-state-metrics.namespace" $ }}
-{{- end -}}
-{{- end -}}

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/templates/service.yaml

@@ -1,42 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "kube-state-metrics.fullname" . }}
-  namespace: {{ template "kube-state-metrics.namespace" . }}
-  labels:
-    app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
-    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    app.kubernetes.io/instance: "{{ .Release.Name }}"
-    app.kubernetes.io/managed-by: "{{ .Release.Service }}"
-{{- if .Values.customLabels }}
-{{ toYaml .Values.customLabels | indent 4 }}
-{{- end }}
-  annotations:
-    {{- if .Values.prometheusScrape }}
-    prometheus.io/scrape: '{{ .Values.prometheusScrape }}'
-    {{- end }}
-    {{- if .Values.service.annotations }}
-    {{- toYaml .Values.service.annotations | nindent 4 }}
-    {{- end }}
-spec:
-  type: "{{ .Values.service.type }}"
-  ports:
-  - name: "http"
-    protocol: TCP
-    port: {{ .Values.service.port }}
-  {{- if .Values.service.nodePort }}
-    nodePort: {{ .Values.service.nodePort }}
-  {{- end }}
-    targetPort: 8080
-  {{ if .Values.selfMonitor.enabled }}
-  - name: "metrics"
-    protocol: TCP
-    port: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
-    targetPort: 8081
-  {{ end }}
-{{- if .Values.service.loadBalancerIP }}
-  loadBalancerIP: "{{ .Values.service.loadBalancerIP }}"
-{{- end }}
-  selector:
-    app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/templates/serviceaccount.yaml

@@ -1,18 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-  name: {{ template "kube-state-metrics.fullname" . }}
-  namespace: {{ template "kube-state-metrics.namespace" . }}
-{{- if .Values.serviceAccount.annotations }}
-  annotations:
-{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
-{{- end }}
-imagePullSecrets:
-{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }}
-{{- end -}}

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/templates/servicemonitor.yaml

@@ -1,34 +0,0 @@
-{{- if .Values.prometheus.monitor.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: {{ template "kube-state-metrics.fullname" . }}
-  namespace: {{ template "kube-state-metrics.namespace" . }}
-  labels:
-    app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
-    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    app.kubernetes.io/instance: "{{ .Release.Name }}"
-    app.kubernetes.io/managed-by: "{{ .Release.Service }}"
-    {{- if .Values.prometheus.monitor.additionalLabels }}
-{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }}
-    {{- end }}
-{{- if .Values.customLabels }}
-{{ toYaml .Values.customLabels | indent 4 }}
-{{- end }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  endpoints:
-    - port: http
-      {{- if .Values.prometheus.monitor.honorLabels }}
-      honorLabels: true
-      {{- end }}
-    {{ if .Values.selfMonitor.enabled }}
-    - port: metrics
-      {{- if .Values.prometheus.monitor.honorLabels }}
-      honorLabels: true
-      {{- end }}
-    {{ end }}
-{{- end }}

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/templates/stsdiscovery-role.yaml

@@ -1,29 +0,0 @@
-{{- if and .Values.autosharding.enabled .Values.rbac.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
-  namespace: {{ template "kube-state-metrics.namespace" . }}
-  labels:
-    app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - get
-- apiGroups:
-  - apps
-  resourceNames:
-  - {{ template "kube-state-metrics.fullname" . }}
-  resources:
-  - statefulsets
-  verbs:
-  - get
-  - list
-  - watch
-{{- end }}

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/templates/stsdiscovery-rolebinding.yaml

@@ -1,20 +0,0 @@
-{{- if and .Values.autosharding.enabled .Values.rbac.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
-  namespace: {{ template "kube-state-metrics.namespace" . }}
-  labels:
-    app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "kube-state-metrics.fullname" . }}
-    namespace: {{ template "kube-state-metrics.namespace" . }}
-{{- end }}

charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up2.13.1/values.yaml

@@ -1,184 +0,0 @@
-global:
-  cattle:
-    systemDefaultRegistry: ""
-
-# Default values for kube-state-metrics.
-prometheusScrape: true
-image:
-  repository: rancher/mirrored-kube-state-metrics-kube-state-metrics
-  tag: v1.9.8
-  pullPolicy: IfNotPresent
-
-imagePullSecrets: []
-# - name: "image-pull-secret"
-
-# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data
-# will be automatically sharded across <.Values.replicas> pods using the built-in
-# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding
-# This is an experimental feature and there are no stability guarantees.
-autosharding:
-  enabled: false
-
-replicas: 1
-
-# List of additional cli arguments to configure kube-state-metrics
-# for example: --enable-gzip-encoding, --log-file, etc.
-# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md
-extraArgs: []
-
-service:
-  port: 8080
-  # Default to clusterIP for backward compatibility
-  type: ClusterIP
-  nodePort: 0
-  loadBalancerIP: ""
-  annotations: {}
-
-customLabels: {}
-
-hostNetwork: false
-
-rbac:
-  # If true, create & use RBAC resources
-  create: true
-
-  # Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here.
-  # useExistingRole: your-existing-role
-
-  # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to)
-  useClusterRole: true
-
-serviceAccount:
-  # Specifies whether a ServiceAccount should be created, require rbac true
-  create: true
-  # The name of the ServiceAccount to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name:
-  # Reference to one or more secrets to be used when pulling images
-  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-  imagePullSecrets: []
-  # ServiceAccount annotations.
-  # Use case: AWS EKS IAM roles for service accounts
-  # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
-  annotations: {}
-
-prometheus:
-  monitor:
-    enabled: false
-    additionalLabels: {}
-    namespace: ""
-    honorLabels: false
-
-## Specify if a Pod Security Policy for kube-state-metrics must be created
-## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
-##
-podSecurityPolicy:
-  enabled: false
-  annotations: {}
-    ## Specify pod annotations
-    ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
-    ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
-    ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
-    ##
-    # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
-    # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
-    # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
-
-  additionalVolumes: []
-
-securityContext:
-  enabled: true
-  runAsNonRoot: true
-  runAsGroup: 65534
-  runAsUser: 65534
-  fsGroup: 65534
-
-## Node labels for pod assignment
-## Ref: https://kubernetes.io/docs/user-guide/node-selection/
-nodeSelector: {}
-
-## Affinity settings for pod assignment
-## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-affinity: {}
-
-## Tolerations for pod assignment
-## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-tolerations: []
-
-# Annotations to be added to the pod
-podAnnotations: {}
-
-## Assign a PriorityClassName to pods if set
-# priorityClassName: ""
-
-# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
-podDisruptionBudget: {}
-
-# Available collectors for kube-state-metrics. By default all available
-# collectors are enabled.
-collectors:
-  certificatesigningrequests: true
-  configmaps: true
-  cronjobs: true
-  daemonsets: true
-  deployments: true
-  endpoints: true
-  horizontalpodautoscalers: true
-  ingresses: true
-  jobs: true
-  limitranges: true
-  mutatingwebhookconfigurations: true
-  namespaces: true
-  networkpolicies: true
-  nodes: true
-  persistentvolumeclaims: true
-  persistentvolumes: true
-  poddisruptionbudgets: true
-  pods: true
-  replicasets: true
-  replicationcontrollers: true
-  resourcequotas: true
-  secrets: true
-  services: true
-  statefulsets: true
-  storageclasses: true
-  validatingwebhookconfigurations: true
-  verticalpodautoscalers: false
-  volumeattachments: true
-
-# Enabling kubeconfig will pass the --kubeconfig argument to the container
-kubeconfig:
-  enabled: false
-  # base64 encoded kube-config file
-  secret:
-
-# Namespace to be enabled for collecting resources. By default all namespaces are collected.
-# namespace: ""
-
-## Override the deployment namespace
-##
-namespaceOverride: ""
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 64Mi
-  # requests:
-  #  cpu: 10m
-  #  memory: 32Mi
-
-## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role.
-## For example: kubeTargetVersionOverride: 1.14.9
-##
-kubeTargetVersionOverride: ""
-
-# Enable self metrics configuration for service and Service Monitor
-# Default values for telemetry configuration can be overriden
-selfMonitor:
-  enabled: false
-  # telemetryHost: 0.0.0.0
-  # telemetryPort: 8081

charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/Chart.yaml

@@ -5,7 +5,7 @@ annotations:
   catalog.rancher.io/namespace: cattle-monitoring-system
   catalog.rancher.io/release-name: rancher-grafana
 apiVersion: v2
-appVersion: 7.4.5
+appVersion: 7.5.8
 description: The leading tool for querying and visualizing time series and metrics.
 home: https://grafana.net
 icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
@@ -25,4 +25,4 @@ name: grafana
 sources:
 - https://github.com/grafana/grafana
 type: application
-version: 6.6.4
+version: 6.11.0

charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/README.md

@@ -63,6 +63,7 @@ This version requires Helm >= 3.1.0.
 | `image.sha`                               | Image sha (optional)                          | `2b56f6106ddc376bb46d974230d530754bf65a640dfbc5245191d72d3b49efc6` |
 | `image.pullPolicy`                        | Image pull policy                             | `IfNotPresent`                                          |
 | `image.pullSecrets`                       | Image pull secrets                            | `{}`                                                    |
+| `service.enabled`                         | Enable grafana service                        | `true`                                                  |
 | `service.type`                            | Kubernetes service type                       | `ClusterIP`                                             |
 | `service.port`                            | Kubernetes port where service is exposed      | `80`                                                    |
 | `service.portName`                        | Name of the port on the service               | `service`                                               |
@@ -82,7 +83,7 @@ This version requires Helm >= 3.1.0.
 | `ingress.path`                            | Ingress accepted path                         | `/`                                                     |
 | `ingress.pathType`                        | Ingress type of path                          | `Prefix`                                                |
 | `ingress.hosts`                           | Ingress accepted hostnames                    | `["chart-example.local"]`                                                    |
-| `ingress.extraPaths`                      | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]`                                                    |
+| `ingress.extraPaths`                      | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]`                                                    |
 | `ingress.tls`                             | Ingress TLS configuration                     | `[]`                                                    |
 | `resources`                               | CPU/Memory resource requests/limits           | `{}`                                                    |
 | `nodeSelector`                            | Node labels for pod assignment                | `{}`                                                    |
@@ -157,13 +158,16 @@ This version requires Helm >= 3.1.0.
 | `sidecar.dashboards.folderAnnotation`     | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil`                                                  |
 | `sidecar.dashboards.defaultFolderName`    | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil`                                |
 | `sidecar.dashboards.searchNamespace`      | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil`                                |
+| `sidecar.dashboards.resource`             | Should the sidecar looks into secrets, configmaps or both. | `both`                               |
 | `sidecar.datasources.enabled`             | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false`       |
 | `sidecar.datasources.label`               | Label that config maps with datasources should have to be added | `grafana_datasource`                               |
-| `sidecar.datasources.labelValue`                | Label value that config maps with datasources should have to be added | `nil`                                |
+| `sidecar.datasources.labelValue`          | Label value that config maps with datasources should have to be added | `nil`                                |
 | `sidecar.datasources.searchNamespace`     | If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil`                               |
+| `sidecar.datasources.resource`            | Should the sidecar looks into secrets, configmaps or both. | `both`                               |
 | `sidecar.notifiers.enabled`               | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false`        |
 | `sidecar.notifiers.label`                 | Label that config maps with notifiers should have to be added | `grafana_notifier`                               |
 | `sidecar.notifiers.searchNamespace`       | If specified, the sidecar will search for notifiers config-maps (or secrets) inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil`                               |
+| `sidecar.notifiers.resource`              | Should the sidecar looks into secrets, configmaps or both. | `both`                               |
 | `smtp.existingSecret`                     | The name of an existing secret containing the SMTP credentials. | `""`                                  |
 | `smtp.userKey`                            | The key in the existing SMTP secret containing the username. | `"user"`                                 |
 | `smtp.passwordKey`                        | The key in the existing SMTP secret containing the password. | `"password"`                             |
@@ -215,6 +219,7 @@ This version requires Helm >= 3.1.0.
 | `imageRenderer.securityContext`            | image-renderer deployment securityContext                                          | `{}`                             |
 | `imageRenderer.hostAliases`                | image-renderer deployment Host Aliases                                             | `[]`                             |
 | `imageRenderer.priorityClassName`          | image-renderer deployment priority class                                           | `''`                             |
+| `imageRenderer.service.enabled`            | Enable the image-renderer service                                                  | `true`                           |
 | `imageRenderer.service.portName`           | image-renderer service port name                                                   | `'http'`                         |
 | `imageRenderer.service.port`               | image-renderer service port used by both service and deployment                    | `8081`                           |
 | `imageRenderer.grafanaSubPath`             | Grafana sub path to use for image renderer callback url                            | `''`                             |
@@ -242,6 +247,9 @@ ingress:
 
 ### Example of extraVolumeMounts
 
+Volume can be type persistentVolumeClaim or hostPath but not both at same time.
+If none existingClaim or hostPath argument is givent then type is emptyDir.
+
 ```yaml
 - extraVolumeMounts:
   - name: plugins
@@ -249,6 +257,10 @@ ingress:
     subPath: configs/grafana/plugins
     existingClaim: existing-grafana-claim
     readOnly: false
+  - name: dashboards
+    mountPath: /var/lib/grafana/dashboards
+    hostPath: /usr/shared/grafana/dashboards
+    readOnly: false
 ```
 
 ## Import dashboards

charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/_helpers.tpl

@@ -143,3 +143,16 @@ Return the appropriate apiVersion for rbac.
 {{- print "rbac.authorization.k8s.io/v1beta1" -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Looks if there's an existing secret and reuse its password. If not it generates
+new password and use it.
+*/}}
+{{- define "grafana.password" -}}
+{{- $secret := (lookup "v1" "Secret" (include "grafana.namespace" .) (include "grafana.fullname" .) ) -}}
+  {{- if $secret -}}
+    {{-  index $secret "data" "admin-password" -}}
+  {{- else -}}
+    {{- (randAlphaNum 40) | b64enc | quote -}}
+  {{- end -}}
+{{- end -}}

charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/_pod.tpl

@@ -100,7 +100,7 @@ initContainers:
       - name: FOLDER
         value: "/etc/grafana/provisioning/datasources"
       - name: RESOURCE
-        value: "both"
+        value: {{ quote .Values.sidecar.datasources.resource }}
       {{- if .Values.sidecar.enableUniqueFilenames }}
       - name: UNIQUE_FILENAMES
         value: "{{ .Values.sidecar.enableUniqueFilenames }}"
@@ -135,7 +135,7 @@ initContainers:
       - name: FOLDER
         value: "/etc/grafana/provisioning/notifiers"
       - name: RESOURCE
-        value: "both"
+        value: {{ quote .Values.sidecar.notifiers.resource }}
       {{- if .Values.sidecar.enableUniqueFilenames }}
       - name: UNIQUE_FILENAMES
         value: "{{ .Values.sidecar.enableUniqueFilenames }}"
@@ -184,7 +184,7 @@ containers:
       - name: FOLDER
         value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}"
       - name: RESOURCE
-        value: "both"
+        value: {{ quote .Values.sidecar.dashboards.resource }}
       {{- if .Values.sidecar.enableUniqueFilenames }}
       - name: UNIQUE_FILENAMES
         value: "{{ .Values.sidecar.enableUniqueFilenames }}"
@@ -317,14 +317,14 @@ containers:
         containerPort: 3000
         protocol: TCP
     env:
-      {{- if not .Values.env.GF_SECURITY_ADMIN_USER }}
+      {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
       - name: GF_SECURITY_ADMIN_USER
         valueFrom:
           secretKeyRef:
             name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }}
             key: {{ .Values.admin.userKey | default "admin-user" }}
       {{- end }}
-      {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) }}
+      {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
       - name: GF_SECURITY_ADMIN_PASSWORD
         valueFrom:
           secretKeyRef:
@@ -356,6 +356,14 @@ containers:
       - name: GF_RENDERING_CALLBACK_URL
         value: http://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }}
       {{ end }}
+      - name: GF_PATHS_DATA
+        value: {{ (get .Values "grafana.ini").paths.data }}
+      - name: GF_PATHS_LOGS
+        value: {{ (get .Values "grafana.ini").paths.logs }}
+      - name: GF_PATHS_PLUGINS
+        value: {{ (get .Values "grafana.ini").paths.plugins }}
+      - name: GF_PATHS_PROVISIONING
+        value: {{ (get .Values "grafana.ini").paths.provisioning }}
     {{- range $key, $value := .Values.envValueFrom }}
       - name: {{ $key | quote }}
         valueFrom:
@@ -483,8 +491,15 @@ volumes:
 {{- end }}
 {{- range .Values.extraVolumeMounts }}
   - name: {{ .name }}
+    {{- if .existingClaim }}
     persistentVolumeClaim:
       claimName: {{ .existingClaim }}
+    {{- else if .hostPath }}
+    hostPath:
+      path: {{ .hostPath }}
+    {{- else }}
+    emptyDir: {}
+    {{- end }}
 {{- end }}
 {{- range .Values.extraEmptyDirMounts }}
   - name: {{ .name }}

charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/configmap.yaml

@@ -19,8 +19,10 @@ data:
     {{- range $elem, $elemVal := $value }}
     {{- if kindIs "invalid" $elemVal }}
     {{ $elem }} =
+    {{- else if kindIs "string" $elemVal }}
+    {{ $elem }} = {{ tpl $elemVal $ }}
     {{- else }}
-    {{ $elem }} = {{ tpl (toYaml $elemVal) $ }}
+    {{ $elem }} = {{ $elemVal }}
     {{- end }}
     {{- end }}
 {{- end }}

charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/deployment.yaml

@@ -14,7 +14,9 @@ metadata:
 {{ toYaml . | indent 4 }}
 {{- end }}
 spec:
+  {{- if not .Values.autoscaling.enabled }}
   replicas: {{ .Values.replicas }}
+  {{- end }}
   revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
   selector:
     matchLabels:
@@ -34,7 +36,7 @@ spec:
         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
         checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
         checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
-{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
+{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
         checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
 {{- end }}
 {{- if .Values.envRenderSecret }}

charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/hpa.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "grafana.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "grafana.name" . }}
+    helm.sh/chart: {{ template "grafana.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "grafana.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+{{ toYaml .Values.autoscaling.metrics | indent 4 }}
+{{- end }}

charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/image-renderer-service.yaml

@@ -1,4 +1,5 @@
 {{ if .Values.imageRenderer.enabled }}
+{{ if .Values.imageRenderer.service.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -26,3 +27,4 @@ spec:
   selector:
     {{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }}
 {{ end }}
+{{ end }}

charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/podsecuritypolicy.yaml

@@ -13,19 +13,8 @@ spec:
   privileged: false
   allowPrivilegeEscalation: false
   requiredDropCapabilities:
-    # Default set from Docker, without DAC_OVERRIDE or CHOWN
+    # Default set from Docker, with DAC_OVERRIDE and CHOWN
-    - FOWNER
+      - ALL
-    - FSETID
-    - KILL
-    - SETGID
-    - SETUID
-    - SETPCAP
-    - NET_BIND_SERVICE
-    - NET_RAW
-    - SYS_CHROOT
-    - MKNOD
-    - AUDIT_WRITE
-    - SETFCAP
   volumes:
     - 'configMap'
     - 'emptyDir'
@@ -38,12 +27,20 @@ spec:
   hostIPC: false
   hostPID: false
   runAsUser:
-    rule: 'RunAsAny'
+    rule: 'MustRunAsNonRoot'
   seLinux:
     rule: 'RunAsAny'
   supplementalGroups:
-    rule: 'RunAsAny'
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
   fsGroup:
-    rule: 'RunAsAny'
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
   readOnlyRootFilesystem: false
 {{- end }}

charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/secret.yaml

@@ -1,4 +1,4 @@
-{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
+{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -6,6 +6,10 @@ metadata:
   namespace: {{ template "grafana.namespace" . }}
   labels:
     {{- include "grafana.labels" . | nindent 4 }}
+{{- with .Values.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
 type: Opaque
 data:
   {{- if and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }}
@@ -13,7 +17,7 @@ data:
   {{- if .Values.adminPassword }}
   admin-password: {{ .Values.adminPassword | b64enc | quote }}
   {{- else }}
-  admin-password: {{ randAlphaNum 40 | b64enc | quote }}
+  admin-password: {{ template "grafana.password" . }}
   {{- end }}
   {{- end }}
   {{- if not .Values.ldap.existingSecret }}

charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/service.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.service.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -47,4 +48,4 @@ spec:
   {{- end }}
   selector:
     {{- include "grafana.selectorLabels" . | nindent 4 }}
-
+{{ end }}

charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/statefulset.yaml

@@ -27,7 +27,7 @@ spec:
         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
         checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
         checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
-  {{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
+  {{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
         checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
 {{- end }}
 {{- with .Values.podAnnotations }}

charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/values.yaml

@@ -38,6 +38,22 @@ serviceAccount:
 
 replicas: 1
 
+## Create HorizontalPodAutoscaler object for deployment type
+#
+autoscaling:
+  enabled: false
+#   minReplicas: 1
+#   maxReplicas: 10
+#   metrics:
+#   - type: Resource
+#     resource:
+#       name: cpu
+#       targetAverageUtilization: 60
+#   - type: Resource
+#     resource:
+#       name: memory
+#       targetAverageUtilization: 60
+
 ## See `kubectl explain poddisruptionbudget.spec` for more
 ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
 podDisruptionBudget: {}
@@ -69,7 +85,7 @@ livenessProbe:
 
 image:
   repository: rancher/mirrored-grafana-grafana
-  tag: 7.4.5
+  tag: 7.5.8
   sha: ""
   pullPolicy: IfNotPresent
 
@@ -119,7 +135,7 @@ extraLabels: {}
 
 downloadDashboardsImage:
   repository: rancher/mirrored-curlimages-curl
-  tag: 7.73.0
+  tag: 7.77.0
   sha: ""
   pullPolicy: IfNotPresent
 
@@ -144,6 +160,7 @@ podPortName: grafana
 ## ref: http://kubernetes.io/docs/user-guide/services/
 ##
 service:
+  enabled: true
   type: ClusterIP
   port: 80
   targetPort: 3000
@@ -420,10 +437,14 @@ extraSecretMounts: []
 ## Additional grafana server volume mounts
 # Defines additional volume mounts.
 extraVolumeMounts: []
-  # - name: extra-volume
+  # - name: extra-volume-0
-  #   mountPath: /mnt/volume
+  #   mountPath: /mnt/volume0
   #   readOnly: true
   #   existingClaim: volume-claim
+  # - name: extra-volume-1
+  #   mountPath: /mnt/volume1
+  #   readOnly: true
+  #   hostPath: /usr/shared/
 
 ## Pass the plugins you want installed as a list.
 ##
@@ -530,7 +551,7 @@ dashboardsConfigMaps: {}
 ##
 grafana.ini:
   paths:
-    data: /var/lib/grafana/data
+    data: /var/lib/grafana/
     logs: /var/log/grafana
     plugins: /var/lib/grafana/plugins
     provisioning: /etc/grafana/provisioning
@@ -601,7 +622,7 @@ smtp:
 sidecar:
   image:
     repository: rancher/mirrored-kiwigrid-k8s-sidecar
-    tag: 1.10.7
+    tag: 1.12.2
     sha: ""
   imagePullPolicy: IfNotPresent
   resources: {}
@@ -629,6 +650,8 @@ sidecar:
     # Otherwise the namespace in which the sidecar is running will be used.
     # It's also possible to specify ALL to search in all namespaces
     searchNamespace: null
+    # search in configmap, secret or both
+    resource: both
     # If specified, the sidecar will look for annotation with this name to create folder and put graph here.
     # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure.
     folderAnnotation: null
@@ -658,10 +681,8 @@ sidecar:
     # Otherwise the namespace in which the sidecar is running will be used.
     # It's also possible to specify ALL to search in all namespaces
     searchNamespace: null
-
+    # search in configmap, secret or both
-    ## The name of a secret in the same kubernetes namespace which contain values to be added to the environment
+    resource: both
-    ## This can be useful for database passwords, etc. Value is templated.
-    envFromSecret: ""
   notifiers:
     enabled: false
     # label that the configmaps with notifiers are marked with
@@ -670,6 +691,8 @@ sidecar:
     # Otherwise the namespace in which the sidecar is running will be used.
     # It's also possible to specify ALL to search in all namespaces
     searchNamespace: null
+    # search in configmap, secret or both
+    resource: both
 
 ## Override the deployment namespace
 ##
@@ -688,7 +711,7 @@ imageRenderer:
     # image-renderer Image repository
     repository: rancher/mirrored-grafana-grafana-image-renderer
     # image-renderer Image tag
-    tag: 2.0.1
+    tag: 3.0.1
     # image-renderer Image sha (optional)
     sha: ""
     # image-renderer ImagePullPolicy
@@ -707,6 +730,8 @@ imageRenderer:
   # image-renderer deployment priority class
   priorityClassName: ''
   service:
+    # Enable the image-renderer service
+    enabled: true
     # image-renderer service port name
     portName: 'http'
     # image-renderer service port used by both service and deployment

charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.16.2/.helmignore

@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj

charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.16.2/Chart.yaml

@@ -1,23 +0,0 @@
-annotations:
-  catalog.cattle.io/hidden: "true"
-  catalog.cattle.io/os: linux
-  catalog.rancher.io/certified: rancher
-  catalog.rancher.io/namespace: cattle-monitoring-system
-  catalog.rancher.io/release-name: rancher-node-exporter
-apiVersion: v1
-appVersion: 1.1.2
-description: A Helm chart for prometheus node-exporter
-home: https://github.com/prometheus/node_exporter/
-keywords:
-- node-exporter
-- prometheus
-- exporter
-maintainers:
-- email: gianrubio@gmail.com
-  name: gianrubio
-- name: vsliouniaev
-- name: bismarck
-name: rancher-node-exporter
-sources:
-- https://github.com/prometheus/node_exporter/
-version: 100.0.0+up1.16.2

charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.16.2/OWNERS

@@ -1,6 +0,0 @@
-approvers:
-- gianrubio
-- vsliouniaev
-reviewers:
-- gianrubio
-- vsliouniaev

charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.16.2/README.md

@@ -1,63 +0,0 @@
-# Prometheus Node Exporter
-
-Prometheus exporter for hardware and OS metrics exposed by *NIX kernels, written in Go with pluggable metric collectors.
-
-This chart bootstraps a prometheus [Node Exporter](http://github.com/prometheus/node_exporter) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Get Repo Info
-
-```console
-helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
-helm repo update
-```
-
-_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
-
-## Install Chart
-
-```console
-# Helm 3
-$ helm install [RELEASE_NAME] prometheus-community/prometheus-node-exporter
-
-# Helm 2
-$ helm install --name [RELEASE_NAME] prometheus-community/prometheus-node-exporter
-```
-
-_See [configuration](#configuration) below._
-
-_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
-
-## Uninstall Chart
-
-```console
-# Helm 3
-$ helm uninstall [RELEASE_NAME]
-
-# Helm 2
-# helm delete --purge [RELEASE_NAME]
-```
-
-This removes all the Kubernetes components associated with the chart and deletes the release.
-
-_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
-
-## Upgrading Chart
-
-```console
-# Helm 3 or 2
-$ helm upgrade [RELEASE_NAME] [CHART] --install
-```
-
-_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
-
-## Configuring
-
-See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
-
-```console
-# Helm 2
-$ helm inspect values prometheus-community/prometheus-node-exporter
-
-# Helm 3
-$ helm show values prometheus-community/prometheus-node-exporter
-```

charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.16.2/ci/port-values.yaml

@@ -1,3 +0,0 @@
-service:
-  targetPort: 9102
-  port: 9102

charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.16.2/templates/NOTES.txt

@@ -1,15 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ template "prometheus-node-exporter.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus-node-exporter.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ template "prometheus-node-exporter.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ template "prometheus-node-exporter.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ template "prometheus-node-exporter.namespace" . }} {{ template "prometheus-node-exporter.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ template "prometheus-node-exporter.namespace" . }} -l "app={{ template "prometheus-node-exporter.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:9100 to use your application"
-  kubectl port-forward --namespace {{ template "prometheus-node-exporter.namespace" . }} $POD_NAME 9100
-{{- end }}

charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.16.2/templates/_helpers.tpl

@@ -1,95 +0,0 @@
-# Rancher
-{{- define "system_default_registry" -}}
-{{- if .Values.global.cattle.systemDefaultRegistry -}}
-{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
-{{- end -}}
-{{- end -}}
-
-# Windows Support
-
-{{/*
-Windows cluster will add default taint for linux nodes,
-add below linux tolerations to workloads could be scheduled to those linux nodes
-*/}}
-
-{{- define "linux-node-tolerations" -}}
-- key: "cattle.io/os"
-  value: "linux"
-  effect: "NoSchedule"
-  operator: "Equal"
-{{- end -}}
-
-{{- define "linux-node-selector" -}}
-{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
-beta.kubernetes.io/os: linux
-{{- else -}}
-kubernetes.io/os: linux
-{{- end -}}
-{{- end -}}
-
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "prometheus-node-exporter.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "prometheus-node-exporter.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/* Generate basic labels */}}
-{{- define "prometheus-node-exporter.labels" }}
-app: {{ template "prometheus-node-exporter.name" . }}
-heritage: {{.Release.Service }}
-release: {{.Release.Name }}
-chart: {{ template "prometheus-node-exporter.chart" . }}
-{{- if .Values.podLabels}}
-{{ toYaml .Values.podLabels }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "prometheus-node-exporter.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "prometheus-node-exporter.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create -}}
-    {{ default (include "prometheus-node-exporter.fullname" .) .Values.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Allow the release namespace to be overridden for multi-namespace deployments in combined charts
-*/}}
-{{- define "prometheus-node-exporter.namespace" -}}
-  {{- if .Values.namespaceOverride -}}
-    {{- .Values.namespaceOverride -}}
-  {{- else -}}
-    {{- .Release.Namespace -}}
-  {{- end -}}
-{{- end -}}

charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.16.2/templates/daemonset.yaml

@@ -1,183 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: {{ template "prometheus-node-exporter.fullname" . }}
-  namespace: {{ template "prometheus-node-exporter.namespace" . }}
-  labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
-spec:
-  selector:
-    matchLabels:
-      app: {{ template "prometheus-node-exporter.name" . }}
-      release: {{ .Release.Name }}
-  {{- if .Values.updateStrategy }}
-  updateStrategy:
-{{ toYaml .Values.updateStrategy | indent 4 }}
-  {{- end }}
-  template:
-    metadata:
-      labels: {{ include "prometheus-node-exporter.labels" . | indent 8 }}
-      {{- if .Values.podAnnotations }}
-      annotations:
-      {{- toYaml .Values.podAnnotations | nindent 8 }}
-      {{- end }}
-    spec:
-      serviceAccountName: {{ template "prometheus-node-exporter.serviceAccountName" . }}
-{{- if .Values.securityContext }}
-      securityContext:
-{{ toYaml .Values.securityContext | indent 8 }}
-{{- end }}
-{{- if .Values.priorityClassName }}
-      priorityClassName: {{ .Values.priorityClassName }}
-{{- end }}
-      containers:
-        - name: node-exporter
-          image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          args:
-            - --path.procfs=/host/proc
-            - --path.sysfs=/host/sys
-            {{- if .Values.hostRootFsMount }}
-            - --path.rootfs=/host/root
-            {{- end }}
-            - --web.listen-address=$(HOST_IP):{{ .Values.service.port }}
-{{- if .Values.extraArgs }}
-{{ toYaml .Values.extraArgs | indent 12 }}
-{{- end }}
-          {{- with .Values.containerSecurityContext }}
-          securityContext: {{ toYaml . | nindent 12 }}
-          {{- end }}
-          env:
-          - name: HOST_IP
-            {{- if .Values.service.listenOnAllInterfaces }}
-            value: 0.0.0.0
-            {{- else }}
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: status.hostIP
-            {{- end }}
-          ports:
-            - name: metrics
-              containerPort: {{ .Values.service.port }}
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /
-              port: {{ .Values.service.port }}
-          readinessProbe:
-            httpGet:
-              path: /
-              port: {{ .Values.service.port }}
-          resources:
-{{ toYaml .Values.resources | indent 12 }}
-          volumeMounts:
-            - name: proc
-              mountPath: /host/proc
-              readOnly:  true
-            - name: sys
-              mountPath: /host/sys
-              readOnly: true
-            {{- if .Values.hostRootFsMount }}
-            - name: root
-              mountPath: /host/root
-              mountPropagation: HostToContainer
-              readOnly: true
-            {{- end }}
-            {{- if .Values.extraHostVolumeMounts }}
-            {{- range $_, $mount := .Values.extraHostVolumeMounts }}
-            - name: {{ $mount.name }}
-              mountPath: {{ $mount.mountPath }}
-              readOnly: {{ $mount.readOnly }}
-            {{- if $mount.mountPropagation }}
-              mountPropagation: {{ $mount.mountPropagation }}
-            {{- end }}
-            {{- end }}
-            {{- end }}
-            {{- if .Values.sidecarVolumeMount }}
-            {{- range $_, $mount := .Values.sidecarVolumeMount }}
-            - name: {{ $mount.name }}
-              mountPath: {{ $mount.mountPath }}
-              readOnly: true
-            {{- end }}
-            {{- end }}
-            {{- if .Values.configmaps }}
-            {{- range $_, $mount := .Values.configmaps }}
-            - name: {{ $mount.name }}
-              mountPath: {{ $mount.mountPath }}
-            {{- end }}
-            {{- if .Values.secrets }}
-            {{- range $_, $mount := .Values.secrets }}
-            - name: {{ .name }}
-              mountPath: {{ .mountPath }}
-            {{- end }}
-            {{- end }}
-            {{- end }}
-{{- if .Values.sidecars }}
-{{ toYaml .Values.sidecars | indent 8 }}
-          {{- if .Values.sidecarVolumeMount }}
-          volumeMounts:
-            {{- range $_, $mount := .Values.sidecarVolumeMount }}
-            - name: {{ $mount.name }}
-              mountPath: {{ $mount.mountPath }}
-              readOnly: {{ $mount.readOnly }}
-            {{- end }}
-          {{- end }}
-{{- end }}
-      hostNetwork: {{ .Values.hostNetwork }}
-      hostPID: true
-{{- if .Values.affinity }}
-      affinity:
-{{ toYaml .Values.affinity | indent 8 }}
-{{- end }}
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-{{- with .Values.dnsConfig }}
-      dnsConfig:
-{{ toYaml . | indent 8 }}
-{{- end }}
-{{- if .Values.nodeSelector }}
-{{- toYaml .Values.Selector | nindent 8 }}
-{{- end }}
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-{{- if .Values.tolerations }}
-{{- toYaml .Values.tolerations | nindent 8 }}
-{{- end }}
-      volumes:
-        - name: proc
-          hostPath:
-            path: /proc
-        - name: sys
-          hostPath:
-            path: /sys
-        {{- if .Values.hostRootFsMount }}
-        - name: root
-          hostPath:
-            path: /
-        {{- end }}
-        {{- if .Values.extraHostVolumeMounts }}
-        {{- range $_, $mount := .Values.extraHostVolumeMounts }}
-        - name: {{ $mount.name }}
-          hostPath:
-            path: {{ $mount.hostPath }}
-        {{- end }}
-        {{- end }}
-        {{- if .Values.sidecarVolumeMount }}
-        {{- range $_, $mount := .Values.sidecarVolumeMount }}
-        - name: {{ $mount.name }}
-          emptyDir:
-            medium: Memory
-        {{- end }}
-        {{- end }}
-        {{- if .Values.configmaps }}
-        {{- range $_, $mount := .Values.configmaps }}
-        - name: {{ $mount.name }}
-          configMap:
-            name: {{ $mount.name }}
-        {{- end }}
-        {{- end }}
-        {{- if .Values.secrets }}
-        {{- range $_, $mount := .Values.secrets }}
-        - name: {{ $mount.name }}
-          secret:
-            secretName: {{ $mount.name }}
-        {{- end }}
-        {{- end }}

charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.16.2/templates/endpoints.yaml

@@ -1,18 +0,0 @@
-{{- if .Values.endpoints }}
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: {{ template "prometheus-node-exporter.fullname" . }}
-  namespace: {{ template "prometheus-node-exporter.namespace" . }}
-  labels:
-{{ include "prometheus-node-exporter.labels" . | indent 4 }}
-subsets:
-  - addresses:
-      {{- range .Values.endpoints }}
-      - ip: {{ . }}
-      {{- end }}
-    ports:
-      - name: metrics
-        port: 9100
-        protocol: TCP
-{{- end }}

charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.16.2/templates/monitor.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.prometheus.monitor.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: {{ template "prometheus-node-exporter.fullname" . }}
-  namespace: {{ template "prometheus-node-exporter.namespace" . }}
-  labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
-  {{- if .Values.prometheus.monitor.additionalLabels }}
-{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }}
-  {{- end }}
-spec:
-  selector:
-    matchLabels:
-      app: {{ template "prometheus-node-exporter.name" . }}
-      release: {{ .Release.Name }}
-  endpoints:
-    - port: metrics
-      scheme: {{ $.Values.prometheus.monitor.scheme }}
-      {{- if $.Values.prometheus.monitor.bearerTokenFile }}
-      bearerTokenFile: {{ $.Values.prometheus.monitor.bearerTokenFile }}
-      {{- end }}
-      {{- if $.Values.prometheus.monitor.tlsConfig }}
-      tlsConfig: {{ toYaml $.Values.prometheus.monitor.tlsConfig | nindent 8 }}
-      {{- end }}
-      {{- if .Values.prometheus.monitor.scrapeTimeout }}
-      scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }}
-      {{- end }}
-{{- if .Values.prometheus.monitor.relabelings }}
-      relabelings:
-{{ toYaml .Values.prometheus.monitor.relabelings | indent 6 }}
-{{- end }}
-{{- end }}

charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.16.2/templates/psp-clusterrole.yaml

@@ -1,15 +0,0 @@
-{{- if .Values.rbac.create }}
-{{- if .Values.rbac.pspEnabled }}
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: psp-{{ template "prometheus-node-exporter.fullname" . }}
-  labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
-rules:
-- apiGroups: ['extensions']
-  resources: ['podsecuritypolicies']
-  verbs:     ['use']
-  resourceNames:
-  - {{ template "prometheus-node-exporter.fullname" . }}
-{{- end }}
-{{- end }}

charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.16.2/templates/psp-clusterrolebinding.yaml

@@ -1,17 +0,0 @@
-{{- if .Values.rbac.create }}
-{{- if .Values.rbac.pspEnabled }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: psp-{{ template "prometheus-node-exporter.fullname" . }}
-  labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp-{{ template "prometheus-node-exporter.fullname" . }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "prometheus-node-exporter.fullname" . }}
-    namespace: {{ template "prometheus-node-exporter.namespace" . }}
-{{- end }}
-{{- end }}

charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.16.2/templates/psp.yaml

@@ -1,52 +0,0 @@
-{{- if .Values.rbac.create }}
-{{- if .Values.rbac.pspEnabled }}
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: {{ template "prometheus-node-exporter.fullname" . }}
-  namespace: {{ template "prometheus-node-exporter.namespace" . }}
-  labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
-spec:
-  privileged: false
-  # Required to prevent escalations to root.
-  # allowPrivilegeEscalation: false
-  # This is redundant with non-root + disallow privilege escalation,
-  # but we can provide it for defense in depth.
-  #requiredDropCapabilities:
-  #  - ALL
-  # Allow core volume types.
-  volumes:
-    - 'configMap'
-    - 'emptyDir'
-    - 'projected'
-    - 'secret'
-    - 'downwardAPI'
-    - 'persistentVolumeClaim'
-    - 'hostPath'
-  hostNetwork: true
-  hostIPC: false
-  hostPID: true
-  hostPorts:
-    - min: 0
-      max: 65535
-  runAsUser:
-    # Permits the container to run with root privileges as well.
-    rule: 'RunAsAny'
-  seLinux:
-    # This policy assumes the nodes are using AppArmor rather than SELinux.
-    rule: 'RunAsAny'
-  supplementalGroups:
-    rule: 'MustRunAs'
-    ranges:
-      # Forbid adding the root group.
-      - min: 0
-        max: 65535
-  fsGroup:
-    rule: 'MustRunAs'
-    ranges:
-      # Forbid adding the root group.
-      - min: 0
-        max: 65535
-  readOnlyRootFilesystem: false
-{{- end }}
-{{- end }}

charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.16.2/templates/service.yaml

@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "prometheus-node-exporter.fullname" . }}
-  namespace: {{ template "prometheus-node-exporter.namespace" . }}
-{{- if .Values.service.annotations }}
-  annotations:
-{{ toYaml .Values.service.annotations | indent 4 }}
-{{- end }}
-  labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-    {{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }}
-      nodePort: {{ .Values.service.nodePort }}
-    {{- end }}
-      targetPort: {{ .Values.service.targetPort }}
-      protocol: TCP
-      name: metrics
-  selector:
-    app: {{ template "prometheus-node-exporter.name" . }}
-    release: {{ .Release.Name }}

charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.16.2/templates/serviceaccount.yaml

@@ -1,18 +0,0 @@
-{{- if .Values.rbac.create -}}
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "prometheus-node-exporter.serviceAccountName" . }}
-  namespace: {{ template "prometheus-node-exporter.namespace" . }}
-  labels:
-    app: {{ template "prometheus-node-exporter.name" . }}
-    chart: {{ template "prometheus-node-exporter.chart" . }}
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-  annotations:
-{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
-imagePullSecrets:
-{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }}
-{{- end -}}
-{{- end -}}

charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.16.2/values.yaml

@@ -1,177 +0,0 @@
-# Default values for prometheus-node-exporter.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-global:
-  cattle:
-    systemDefaultRegistry: ""
-
-image:
-  repository: rancher/mirrored-prometheus-node-exporter
-  tag: v1.1.2
-  pullPolicy: IfNotPresent
-
-service:
-  type: ClusterIP
-  port: 9100
-  targetPort: 9100
-  nodePort:
-  listenOnAllInterfaces: true
-  annotations:
-    prometheus.io/scrape: "true"
-
-prometheus:
-  monitor:
-    enabled: false
-    additionalLabels: {}
-    namespace: ""
-    scheme: http
-    bearerTokenFile:
-    tlsConfig: {}
-
-    relabelings: []
-    scrapeTimeout: 10s
-
-## Customize the updateStrategy if set
-updateStrategy:
-  type: RollingUpdate
-  rollingUpdate:
-    maxUnavailable: 1
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 200m
-  #   memory: 50Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 30Mi
-
-serviceAccount:
-  # Specifies whether a ServiceAccount should be created
-  create: true
-  # The name of the ServiceAccount to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name:
-  annotations: {}
-  imagePullSecrets: []
-
-securityContext:
-  fsGroup: 65534
-  runAsGroup: 65534
-  runAsNonRoot: true
-  runAsUser: 65534
-
-containerSecurityContext: {}
-  # capabilities:
-  #   add:
-  #   - SYS_TIME
-
-rbac:
-  ## If true, create & use RBAC resources
-  ##
-  create: true
-  ## If true, create & use Pod Security Policy resources
-  ## https://kubernetes.io/docs/concepts/policy/pod-security-policy/
-  pspEnabled: true
-
-# for deployments that have node_exporter deployed outside of the cluster, list
-# their addresses here
-endpoints: []
-
-# Expose the service to the host network
-hostNetwork: true
-
-## If true, node-exporter pods mounts host / at /host/root
-##
-hostRootFsMount: true
-
-## Assign a group of affinity scheduling rules
-##
-affinity: {}
-#   nodeAffinity:
-#     requiredDuringSchedulingIgnoredDuringExecution:
-#       nodeSelectorTerms:
-#         - matchFields:
-#             - key: metadata.name
-#               operator: In
-#               values:
-#                 - target-host-name
-
-# Annotations to be added to node exporter pods
-podAnnotations:
-  # Fix for very slow GKE cluster upgrades
-  cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
-
-# Extra labels to be added to node exporter pods
-podLabels: {}
-
-# Custom DNS configuration to be added to prometheus-node-exporter pods
-dnsConfig: {}
-# nameservers:
-#   - 1.2.3.4
-# searches:
-#   - ns1.svc.cluster-domain.example
-#   - my.dns.search.suffix
-# options:
-#   - name: ndots
-#     value: "2"
-#   - name: edns0
-
-## Assign a nodeSelector if operating a hybrid cluster
-##
-nodeSelector: {}
-#   beta.kubernetes.io/arch: amd64
-#   beta.kubernetes.io/os: linux
-
-tolerations:
-  - effect: NoSchedule
-    operator: Exists
-  - effect: NoExecute
-    operator: Exists
-
-## Assign a PriorityClassName to pods if set
-# priorityClassName: ""
-
-## Additional container arguments
-##
-extraArgs: []
-#   - --collector.diskstats.ignored-devices=^(ram|loop|fd|(h|s|v)d[a-z]|nvme\\d+n\\d+p)\\d+$
-#   - --collector.textfile.directory=/run/prometheus
-
-## Additional mounts from the host
-##
-extraHostVolumeMounts: []
-#  - name: <mountName>
-#    hostPath: <hostPath>
-#    mountPath: <mountPath>
-#    readOnly: true|false
-#    mountPropagation: None|HostToContainer|Bidirectional
-
-## Additional configmaps to be mounted.
-##
-configmaps: []
-# - name: <configMapName>
-#   mountPath: <mountPath>
-secrets: []
-# - name: <secretName>
-#   mountPath: <mountPatch>
-## Override the deployment namespace
-##
-namespaceOverride: ""
-
-## Additional containers for export metrics to text file
-##
-sidecars: []
-##  - name: nvidia-dcgm-exporter
-##    image: nvidia/dcgm-exporter:1.4.3
-
-## Volume for sidecar containers
-##
-sidecarVolumeMount: []
-##  - name: collector-textfiles
-##    mountPath: /run/prometheus
-##    readOnly: false

charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.12.1/.helmignore

@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj

charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.12.1/Chart.yaml

@@ -1,26 +0,0 @@
-annotations:
-  catalog.cattle.io/hidden: "true"
-  catalog.cattle.io/os: linux
-  catalog.rancher.io/certified: rancher
-  catalog.rancher.io/namespace: cattle-monitoring-system
-  catalog.rancher.io/release-name: rancher-prometheus-adapter
-apiVersion: v1
-appVersion: v0.8.3
-description: A Helm chart for k8s prometheus adapter
-home: https://github.com/DirectXMan12/k8s-prometheus-adapter
-keywords:
-- hpa
-- metrics
-- prometheus
-- adapter
-maintainers:
-- email: mattias.gees@jetstack.io
-  name: mattiasgees
-- name: steven-sheehy
-- email: hfernandez@mesosphere.com
-  name: hectorj2f
-name: rancher-prometheus-adapter
-sources:
-- https://github.com/kubernetes/charts
-- https://github.com/DirectXMan12/k8s-prometheus-adapter
-version: 100.0.0+up2.12.1

charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.12.1/README.md

@@ -1,147 +0,0 @@
-# Prometheus Adapter
-
-Installs the [Prometheus Adapter](https://github.com/DirectXMan12/k8s-prometheus-adapter) for the Custom Metrics API. Custom metrics are used in Kubernetes by [Horizontal Pod Autoscalers](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) to scale workloads based upon your own metric pulled from an external metrics provider like Prometheus. This chart complements the [metrics-server](https://github.com/helm/charts/tree/master/stable/metrics-server) chart that provides resource only metrics.
-
-## Prerequisites
-
-Kubernetes 1.14+
-
-## Get Repo Info
-
-```console
-helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
-helm repo update
-```
-
-_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
-
-## Install Chart
-
-```console
-# Helm 3
-$ helm install [RELEASE_NAME] prometheus-community/prometheus-adapter
-
-# Helm 2
-$ helm install --name [RELEASE_NAME] prometheus-community/prometheus-adapter
-```
-
-_See [configuration](#configuration) below._
-
-_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
-
-## Uninstall Chart
-
-```console
-# Helm 3
-$ helm uninstall [RELEASE_NAME]
-
-# Helm 2
-# helm delete --purge [RELEASE_NAME]
-```
-
-This removes all the Kubernetes components associated with the chart and deletes the release.
-
-_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
-
-## Upgrading Chart
-
-```console
-# Helm 3 or 2
-$ helm upgrade [RELEASE_NAME] [CHART] --install
-```
-
-_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
-
-## Configuration
-
-See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
-
-```console
-# Helm 2
-$ helm inspect values prometheus-community/prometheus-adapter
-
-# Helm 3
-$ helm show values prometheus-community/prometheus-adapter
-```
-
-### Prometheus Service Endpoint
-
-To use the chart, ensure the `prometheus.url` and `prometheus.port` are configured with the correct Prometheus service endpoint. If Prometheus is exposed under HTTPS the host's CA Bundle must be exposed to the container using `extraVolumes` and `extraVolumeMounts`.
-
-### Adapter Rules
-
-Additionally, the chart comes with a set of default rules out of the box but they may pull in too many metrics or not map them correctly for your needs. Therefore, it is recommended to populate `rules.custom` with a list of rules (see the [config document](https://github.com/DirectXMan12/k8s-prometheus-adapter/blob/master/docs/config.md) for the proper format).
-
-### Horizontal Pod Autoscaler Metrics
-
-Finally, to configure your Horizontal Pod Autoscaler to use the custom metric, see the custom metrics section of the [HPA walkthrough](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics).
-
-The Prometheus Adapter can serve three different [metrics APIs](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-metrics-apis):
-
-### Custom Metrics
-
-Enabling this option will cause custom metrics to be served at `/apis/custom.metrics.k8s.io/v1beta1`. Enabled by default when `rules.default` is true, but can be customized by populating `rules.custom`:
-
-```yaml
-rules:
-  custom:
-  - seriesQuery: '{__name__=~"^some_metric_count$"}'
-    resources:
-      template: <<.Resource>>
-    name:
-      matches: ""
-      as: "my_custom_metric"
-    metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>)
-```
-
-### External Metrics
-
-Enabling this option will cause external metrics to be served at `/apis/external.metrics.k8s.io/v1beta1`. Can be enabled by populating `rules.external`:
-
-```yaml
-rules:
-  external:
-  - seriesQuery: '{__name__=~"^some_metric_count$"}'
-    resources:
-      template: <<.Resource>>
-    name:
-      matches: ""
-      as: "my_external_metric"
-    metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>)
-```
-
-### Resource Metrics
-
-Enabling this option will cause resource metrics to be served at `/apis/metrics.k8s.io/v1beta1`. Resource metrics will allow pod CPU and Memory metrics to be used in [Horizontal Pod Autoscalers](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) as well as the `kubectl top` command. Can be enabled by populating `rules.resource`:
-
-```yaml
-rules:
-  resource:
-    cpu:
-      containerQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>}[3m])) by (<<.GroupBy>>)
-      nodeQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>, id='/'}[3m])) by (<<.GroupBy>>)
-      resources:
-        overrides:
-          instance:
-            resource: node
-          namespace:
-            resource: namespace
-          pod:
-            resource: pod
-      containerLabel: container
-    memory:
-      containerQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>}) by (<<.GroupBy>>)
-      nodeQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,id='/'}) by (<<.GroupBy>>)
-      resources:
-        overrides:
-          instance:
-            resource: node
-          namespace:
-            resource: namespace
-          pod:
-            resource: pod
-      containerLabel: container
-    window: 3m
-```
-
-**NOTE:** Setting a value for `rules.resource` will also deploy the resource metrics API service, providing the same functionality as [metrics-server](https://github.com/helm/charts/tree/master/stable/metrics-server). As such it is not possible to deploy them both in the same cluster.

charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.12.1/ci/external-rules-values.yaml

@@ -1,9 +0,0 @@
-rules:
-  external:
-  - seriesQuery: '{__name__=~"^some_metric_count$"}'
-    resources:
-      template: <<.Resource>>
-    name:
-      matches: ""
-      as: "my_custom_metric"
-    metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>)